Slightly unrelated but kinda is related too.
I had to program another key to my bench setup, and decided refresh my memory on the commands for key programming.
What I have found interesting, is it is a MUST to know the immobilizer code to be able to program a new key. After the 10min delay, you can send a command to request learning new keys and then follow required procedure from there for each additional key.
What intrigues me, is the immo code cannot be read from the BCM through normal requests. So it makes me wonder how some aftermarket tools are doing it?
My only thought is a custom kernel to dump the memory, get the immo and then finally use to write keys? I mean, the level of complexity seems quite extreme. Typically these places have bought the diagnostic information and just copying it into their tool.
Same goes for security linking another ECM. The ECMs original immo code and also new immo codes must be known to be able to reset and write the new one. This basically restricts ones access to using SPS to do it.
The next issue is if the VIN of the module has been changed and immo has not, SPS is unable to then code keys or even change the immo
So.. heres the kicker! What does the dealership have to say about modules like that??? Replace it....
How does one then get a Immo?
On pre-Global A, you can call a dealership and request the information.
But on Global A and newer, its not on their vehicle security information lookups.
So wheres that leave us?
Brute... fucking... force.
Just like seed/key, you can attempt immos every x amount of time until its accepted. It takes alot of time, and then still has the timeout delay, but is better then replacing a perfectly good module.
I know for our Holdens here, if you dont do a prepare for removal first before trying to write a different vehicle cal/vin, your basically shit out of luck when it comes to security linking