Welcome, Guest. Please login or register.
Did you miss your activation email?
April 24, 2014, 02:27:49 PM
Home Help Search Login Register
News: Added OBDLink MX forum board.

ScanTool.net Forum  |  ECU Hacking  |  GM  |  Topic: Hardare and info needed on getting bin from gm v6 « previous next »
Pages: [1] 2 Go Down Print
Author Topic: Hardare and info needed on getting bin from gm v6  (Read 6410 times)
planethax
Newbie
*
Posts: 41


View Profile
« on: December 31, 2009, 01:36:37 PM »

I have been trying for month to find this info everyone talks about. Getting the seed & Key from GM V6 Ecm,

Is it still out there?

I have an editor that will modify the Ecm tables for 97-05 GM V6's (3100/3400/3.4dohc/3800 etc)
But what I need is to find out what hardware I need to get into Ecm, get the seed, input key and the retrieve the bin (edit it in my editor) then reflash.

What Hardware is needed?
Logged
planethax
Newbie
*
Posts: 41


View Profile
« Reply #1 on: January 01, 2010, 09:39:05 AM »

Hmmmm a few views but no replies.

Maybe start with smaller steps?

How would I go about making a "sniffer" for the OBD2 connector and J1850 Vpw?

Lets say I use my Tech2 to reprogram the Pcm, what can I put on the dataline to record all data sent to and from Ecu?
Logged
planethax
Newbie
*
Posts: 41


View Profile
« Reply #2 on: January 03, 2010, 11:09:31 AM »

Ok, maybe something simpler,
What does the ECM (command? ) look for to send out the SEED and then look for key?
Logged
Jason Smith
Engineer
ScanTool.net Staff
Veteran
*
Posts: 1655



View Profile WWW
« Reply #3 on: January 04, 2010, 01:26:44 PM »

Quote
Hmmmm a few views but no replies.

Maybe start with smaller steps?

How would I go about making a "sniffer" for the OBD2 connector and J1850 Vpw?

Lets say I use my Tech2 to reprogram the Pcm, what can I put on the dataline to record all data sent to and from Ecu?

You could hook up a scan tool to the bus though the DLC connector and put the scan tool in monitoring mode.  To do this, connect the scan tool to the vehicle.  Use a hyper-terminal and enter in the following commands:

ATZ
ATSP2 (J1850 VPW protocol)
ATH1 (turn on headers - optional)
ATMA (monitor all data on the bus)

Regards,

Jason
Logged

Flyer
ScanTool.net Staff
Sr. Member
*
Posts: 308



View Profile
« Reply #4 on: January 04, 2010, 05:36:41 PM »

You can use the following cable: http://www.scantool.net/accessories/cable-j1962m-to-2-j1962f-y-cable-1ft.html.

Of course, you would also need an ElmScan 5 Compact, or OBDLink scan tool.
« Last Edit: January 04, 2010, 05:39:53 PM by Flyer » Logged
Scandaddy
Full Member
***
Posts: 108


View Profile
« Reply #5 on: January 09, 2010, 03:12:05 PM »

Do you know what the seed and key look like?
Logged
planethax
Newbie
*
Posts: 41


View Profile
« Reply #6 on: January 10, 2010, 01:00:46 AM »

Example

27 01; give me the seed
67 01 63 ac; here is your seed
27 02 1e 7c; try this key
67 02 34; Success or
67 02 36; incorrect
Logged
Jason Smith
Engineer
ScanTool.net Staff
Veteran
*
Posts: 1655



View Profile WWW
« Reply #7 on: January 11, 2010, 02:44:07 PM »

Hi,

You may be able to use HyperTerminal or STN Term to send the commands.

Regards,

Jason
« Last Edit: January 18, 2010, 10:36:30 PM by Flyer » Logged

planethax
Newbie
*
Posts: 41


View Profile
« Reply #8 on: January 20, 2010, 10:35:46 PM »

Teminal program can not be used as the seed request and key try must be within a second, can type it fast enough.

My program is now currently running, will know in a few days if I am successful.

Next will be dumping the bin file from PCM.

Hi,

You may be able to use HyperTerminal or STN Term to send the commands.

Regards,

Jason
Logged
planethax
Newbie
*
Posts: 41


View Profile
« Reply #9 on: January 21, 2010, 09:13:11 AM »

You can use the following cable: http://www.scantool.net/accessories/cable-j1962m-to-2-j1962f-y-cable-1ft.html.

Of course, you would also need an ElmScan 5 Compact, or OBDLink scan tool.

Price of the cable is reasonable, but the shipping is too much for me, Guess I can make one with bits I have here.
Logged
planethax
Newbie
*
Posts: 41


View Profile
« Reply #10 on: January 28, 2010, 09:20:22 AM »

LMAO well after a few days, seems my key wasn't found.
Hmmmm, Well I did mess with it a few times, better try again.
NOPE, no key.

Finally finished coding for the Traps of 33/35/34/36/37 etc, and realized I had an extra whit space I was not accounting for lol,

Everything got trapped in the Wrong key section, DOOH!!!!!

Ok, well I think I have it sorted now, also running faster as only waiting 10 seconds after a 36.

Also, having it dump current info like key tried, time running and the list of keys tried into a text file,
so if there is a crash (have had 2 after 9 hours of running) progress will not be lost, the most that will be lost is maybe a dozen or so keys tried.

Once I have it find my key and test it, I will upload program here for anyone who wants it.
Logged
chri0029
Newbie
*
Posts: 6


View Profile
« Reply #11 on: January 29, 2010, 08:26:45 AM »

Planethax,

  Please let me know what you figure out.  I want to do the same thing with my '04 GM 3.4L and am basically around the same stage as you (needing to get the hardware to retrieve the bin to modify).
Logged
planethax
Newbie
*
Posts: 41


View Profile
« Reply #12 on: January 30, 2010, 06:53:22 PM »

I currently have been able to retrieve the Seed, get the Key and get the OSID and VIN.

Working out some bugs and the next step dumping the Bin from PCm.
Logged
FastFieros
Newbie
*
Posts: 8


My motto here...


View Profile
« Reply #13 on: January 31, 2010, 02:15:17 PM »

dumping the BIN from the PCM requires it to be in supervisor mode. you have to have a bootloader that controls the flow of data from the PCM, and back to it when you upload. you cannot get to supervisor mode without the key being sent. The transfer of data is not done in 10.4Kbs, it switches to 4x @ 41.6, but all this is accomplished with the bootloader.
Logged
planethax
Newbie
*
Posts: 41


View Profile
« Reply #14 on: February 02, 2010, 04:53:21 PM »

Supervisor mode, is that when you have voltage on pin to allow dumping/writing?

I am working on bootloader now.

There are quite a few out there with the 256 Algos, but are Tight lipped about them unfortunately. (direct any secrets to my pm box or email lol)

Many started out like me, asking questions and working with others, but as soon as money seemed to come in they get quiet lol.

Also, I am cleaning up the code a bit before I upload, but I do have the Seed/Key brute done along with OSID and Vin reporting.



* PflashUP1.jpg (118.56 KB, 375x669 - viewed 285 times.)
Logged
Pages: [1] 2 Go Up Print 
ScanTool.net Forum  |  ECU Hacking  |  GM  |  Topic: Hardare and info needed on getting bin from gm v6 « previous next »
Jump to:  


Login with username, password and session length

Powered by MySQL Powered by PHP Powered by SMF 1.1.8 | SMF © 2006-2008, Simple Machines LLC Valid XHTML 1.0! Valid CSS!