Turns out the pin code isnt simple stored in the main tables.
May need a seed/key before another table is available or other actions can be performed.
So the only way to get a radio's pin (from a different car) is to use holden with the original cars VIN number... which is saved into the radio. Or if the radios original car is available, can look the pin up via the bcm security tables. Unfortunately the pin is not automatically updated to the bcm as soon as the radio is plugged in, seems it only does once a valid pincode is entered.
Or can use the blaupunkt radio specialist guy on the web which can grab the cars radio pin for $5 using the serial number ontop of the radio.
Also with a bit of messing around using both the sedan and utes radio configs, that changing the code index changes a few different components thus it writes new info that matches that of the ute or sedan depending which index is chosen eg 7 ot 9. So Id say the code index is more of a choice of preconfigured settings.
Iv also been amused by this youtube vid.. I mentioned it before:
http://www.youtube.com/watch?feature=pl ... EOu_YCPF60
Iv noticed that the bloke does alot of radio modifications and has played with the stock radio a fair bit. So I figured it has been parroting frames back to the cluster to get it to show messages,volume,radio station ect.
When the radio is connected and on radio station.. it continuously broadcasts: B9, 58, 2, 9, 0, E4,
If volume is increased it sends this: B9, 5C, 2, 9, 0, 0, 93,
6,
C, 3B,
So the volume was 12 (0C) and it was the 6th(06) action done since car was on.
If volume increased to 14: B9, 5C, 2, 9, 0, 0, 93,
8,
E, 37,
Changing stations produced this: B9, 61, 2, 9, 0, 0,
A2, 3C, 32, 31, 30, 34, 35, 0, 1,
(think that was fm 104.5 which is in green). And the radio station is A2... changing to A1 changes to CD and A0 changes it to Tape (displays little logo's for all of them!).
Changing to cd fired off: B9, 5D, 2, 9, 0, 0, 9F, 41, 1,
3, FB, Which I figure mean change to CD.. last used was track 3
but it changed the reoccuring frame to B9, 58, 2, 1, 0, EC,
Changing track to 4 sent: B9, 5D, 2, 1, 0, 0, 9F, 42, 1,
4, 1,
then track 5: B9, 5D, 2, 1, 0, 0, 9F, 43, 1,
5, FF,
then track 6: B9, 5D, 2, 1, 0, 0, 9F, 44, 1,
6, FD,
So sending any of the above frames through the car displays the corresponding values on the clusters lcd sceen..
So with that in mind.. when looking at the youtube vid.. he has:
"VY IPOD KIT
NOW PLAYING PLAYING..
MADONNA - LIKE A"
This is 11 characters on top, 22 middle and 16 bottom (assuming spaces between dash)
Making a total of 49 bytes.. so the message sent off to the cluster must be greater then 49bytes.. so fairly large.
Im guessing random stabs in the dark at frames to send wont work.. and im assuming that its a single frame sent.
The tech2 also picks up the "MDF screen display" which I think means the cluster since thats the only message broacasted.. Guess sending different responses back to that may work? Until it picks up somthing it likes?
I think Byte 7 is the "option" byte since changing that changes it from affecting volume, station,tape.
Anyone else got any ideas or see any sort of method in the madness?
