jlvaldez wrote:For my curiosity, can you explain how the hell you came up with this algorithm for the seed/key pair? I'm legitimately lost as to how it's possible to look at 5 pairs and come up with.... that....
It is my day job after all
I generate every possible combination and identify the pattern from there.
Same with I generate 5byte seed/keys for the newer modules I program on the bench (BCM, radios, Clusters ect). Although since its 5bytes... every combo.. is rather large.. so that one is online based like most tuning companies do.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Put the full kernel on a quick simple diet, lost ~630 bytes, maybe it will fit now, I think I can squeeze another 5 or 6 hundred bytes out if I work at it.
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
No, its a very close relation of the P01. Looks the same, talks the same protocol, runs almost exactly the same code, just seems to have a very slight difference in the amount of ram, or how the ram is used so far. It wont run the 8kb pcmhammer kernel, but it does run the same kernel I used to read P01 and P59 in ls1flash-free which I recently noticed I added support for in 2013, and had since forgotten about that. viewtopic.php?f=42&t=3111&p=33505
... haha seeing the PCM has a similar code that’s what confused me as to why it was similar to p01/p59 as architecture seems so different looking at them
Sooooooooo, since we're on the subject. Has anyone had any communication with the Allison trans controller? I'll rip one apart in the next few days but probing appears to have a 29f800 1mb chip which is almost unreasonable for an early 2000 stuff, maybe it was GM specific for allison. At first glance at the outside, it looks like a tcm side of early LT1 stuff. Still trying to suck a .bin out of the software side... I'll probably have that shortly without pulling it apart. It does appear to react to outside influence on the boot mode tactic of the LT1 stuff though.
jlvaldez wrote:For my curiosity, can you explain how the hell you came up with this algorithm for the seed/key pair? I'm legitimately lost as to how it's possible to look at 5 pairs and come up with.... that....
It is my day job after all
I generate every possible combination and identify the pattern from there.
Same with I generate 5byte seed/keys for the newer modules I program on the bench (BCM, radios, Clusters ect). Although since its 5bytes... every combo.. is rather large.. so that one is online based like most tuning companies do.
I don't have much to contribute, but LB7 ECM's are 01, then 02-04 are the same(03 and 04 use the same OS), and 04.5-05 was the LLY(LB7 stopped when 04 production ended). I did more than my fair share of LB7 tuning with efilive. 01 has always been the bastard child with all the flashing quirks that is famous for getting messed up flashing with a tech 2 because 01 used a unique flashing routine. 01 ECM's are also famous for the change engine oil counter getting corrupted. Most everybody changes them to an 02 OS. 01 and some early 02 OS's had some scaling differences, there was an 02 only OS that had some more scaling changes, then you have the final 02 OS(6006) & 044(03/04 OS) that all share the better scaling.
I have an 03 setting on the bench that I would love to be able to try and force flash a clean .bin onto because it got corrupted flashing it with a tech2(notice a pattern here with the factory flash routine corrupting them) instead of spending $285 plus the shipping both ways to socal to have the flash chip removed, bench flashed, and then re-installed. I know efilive said they had to come up with there own flash routine just for the e54, but they still regularly get corrupted for no reason. LLY's have always given me the most trouble getting a completed flash into.
