pcmhacking.net

I wrote a basic (very crude) script that will run in Windows 7 or above, just point it at your com port, and change paths as needed and it should work. This is a rough draft of the tool but it did unlock my module fwiw. I should have time to add some other features, but wanted to share since it may help others.

Enjoy!

Cool, nice litte brute forcer. Thanks for sharing!

Thanks antus, I owe you and many others on the site a big thanks for the inspiration/knowledge to keep exploring and learning. Fun stuff!
Working on a mode $35 routine to explore some memory next. One hurdle at a time

What PCM are you working on?

I have a few on the bench, one from a 03 J-body (Cavalier?) with '747' last 3 of the pn. a Delphi box.

Odd ball's that have been unlocked: Korean Delphi MR140, and a model MT-34 - small Delphi boxes. Were OE in 04-08 T body (Aveo) and other GM/Opel/Daewoo platforms. I was going to post about them but not sure where they belong yet, (or if anyone even cares? lol) they are used all over the place. 32-bit flavored controllers, use K-line (KWP2000) protocol, 1mb of memory, still being produced by erae - the company that was Delphi Korea. So nothing too fun.

Here is some code to add that will fetch the VIN and stick it into a variable. These newer eOBD boxes just use plain old Mode$09 02 to get the VIN, so ez pz.

# Scripted version =====Get VIN=========
$ecuPort.open()
$ecuPort.writeline("0902" + [char]13) # Vin request
start-sleep -m 200
$input = $port.ReadExisting() # -split(" ")

# Parse the array for only the VIN then convert to ASCII
$vin = $input.split(" ")[6,10,11,12,13,17,18,19,20,24,25,26,27,31,32,33,34] |
ForEach-Object { [Convert]::ToInt32($_,16) } |
ForEach-Object { [Convert]::ToChar($_) } |
ForEach-Object { $_ }

$vin -join ""

$vin can be used to name log files and such, - for example.

For giggles, here are some photos of the Korean Delphi boxes on the chopping block.
http://www.aveoforum.com/forum/f82/ecm- ... 4-a-14372/

Just in the rare random event anyone else is working on them as well.

Anything you want to post, please do. Theres pics of a couple of daewoo ecms based on the delcos through this thread already http://pcmhacking.net/forums/viewtopic.php?f=17&t=579

Thanks antus. Will do.
Gosh what with the new DMCA class 21 'exemption' - maybe now instead of GM/John Deere brow beating us owners for repairing what they won't, maybe they can open up the CTS library so well spoken of in GMW3110 for us all to just have for our personal reference, life would be a whole lot easier for those of us trying to get stuff done. (rant off!)

What happens if it isn't a static response key and it changes based upon a seed? This may not unlock it for weeks as the number of combinations is pretty high.