E38In-Tech wrote:Oh booo, that sucks, sorry. What ecm was that one?
GM E38 E67 E40 Kernel/Bootloader Development Extravaganza
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
I'm sure you have spares
I received my BGA and PQFP flash chips and a couple of those proto boards for the PQFP for sometime.
I hate it when the car fooks up something perfect
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
What makes it ironic, is I was literally going to the car to dump its flash and then pump it into another ecu to test out the cloning in my own car for the slave change ect.
So.. looks like Ill need to first fit and flash a replacement ecu. Throw the old one on the bench to find its key cause thats something random now.
So.. looks like Ill need to first fit and flash a replacement ecu. Throw the old one on the bench to find its key cause thats something random now.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
-
- Posts: 582
- Joined: Thu Feb 13, 2020 11:32 pm
- cars: Mainly GM trucks, a Cruze and an Equinox for dailys..
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Curious what it was giving you for a seed?? If it was 0000 I am assuming you've already tried just pushing the kernel??Tazzi wrote:What makes it ironic, is I was literally going to the car to dump its flash and then pump it into another ecu to test out the cloning in my own car for the slave change ect.
So.. looks like Ill need to first fit and flash a replacement ecu. Throw the old one on the bench to find its key cause thats something random now.
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Tried 0000 and FFFF.ironduke wrote:Curious what it was giving you for a seed?? If it was 0000 I am assuming you've already tried just pushing the kernel??Tazzi wrote:What makes it ironic, is I was literally going to the car to dump its flash and then pump it into another ecu to test out the cloning in my own car for the slave change ect.
So.. looks like Ill need to first fit and flash a replacement ecu. Throw the old one on the bench to find its key cause thats something random now.
Seed is 88EE.. so I also tried using the seed as the key... but no luck
Ill rip it out tomorrow and replace it. It can be a work in progress tomorrow.
I watched a REALLY cool video today in regards to satellite hacking, can see it here: https://www.youtube.com/watch?v=lhbSD1Jba0Q
It gave me the thought of encrypting to loader though basic operations which surprisingly worked first go.. figured I may run into a watchdog freaking out but works just fine
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Updated first post with first release (1.0.7400.1501).
It does require a license. I need to pop some more up on the server tomorrow morning, but feel free to pm or message below for one and Ill shoot one through
It does require a license. I need to pop some more up on the server tomorrow morning, but feel free to pm or message below for one and Ill shoot one through
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
-
- Posts: 81
- Joined: Sun May 11, 2014 6:36 pm
- cars: Z06
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Try Key same as seedTazzi wrote:Tried 0000 and FFFF.ironduke wrote:Curious what it was giving you for a seed?? If it was 0000 I am assuming you've already tried just pushing the kernel??Tazzi wrote:What makes it ironic, is I was literally going to the car to dump its flash and then pump it into another ecu to test out the cloning in my own car for the slave change ect.
So.. looks like Ill need to first fit and flash a replacement ecu. Throw the old one on the bench to find its key cause thats something random now.
Seed is 88EE.. so I also tried using the seed as the key... but no luck
Ill rip it out tomorrow and replace it. It can be a work in progress tomorrow.
I watched a REALLY cool video today in regards to satellite hacking, can see it here: https://www.youtube.com/watch?v=lhbSD1Jba0Q
It gave me the thought of encrypting to loader though basic operations which surprisingly worked first go.. figured I may run into a watchdog freaking out but works just fine
What happened was that whole area was written with the same word. It should work. key $88EE
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
The automotive industry is way behind what can be done to secure the car stuff, their creeping up on it. As for the video, what STB uses a 6802 or variant? The popular stuff was using a 68xx variant back in the 90's then moved to a tms370 at end of 90's, st7, st19 etc. Glitching basically makes the cpu see clear bits as it's running through code and if you hit it right while a jump is getting prepared, now a cd6780(example) becomes cd0080 and if your "load" is sitting there it gets executed. A branch, stack, etc. wherever the glitch "lands" during process.Tazzi wrote: I watched a REALLY cool video today in regards to satellite hacking, can see it here: https://www.youtube.com/watch?v=lhbSD1Jba0Q
It gave me the thought of encrypting to loader though basic operations which surprisingly worked first go.. figured I may run into a watchdog freaking out but works just fine
Last edited by In-Tech on Sun Apr 05, 2020 7:45 pm, edited 1 time in total.
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Just patching the code since I made a late modification to the licensing which doesnt work with the current released version. Also fixed the version numbering so it will be 1.0.Y.X. Where X is the automated build number and Y will be the increase in version. New release shortly.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Re: GM E38 E67 Kernel/Bootloader Development Extravaganza
Just fyi, it doesn't install on winXP 32. https://www.envyouscustoms.com/computer-requirements/