Announcement

Collapse
No announcement yet.

MSS6x Flasher - Now released!

Collapse
This is a sticky topic.
X
X
Collapse
 
  • Page of 31
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 5 15 25 31 template Next
    #211
    I am having issues doing a read on my M6 (MSS65)
    I have a custom tune on it that was flashed from an encrypted binary via a Freiling IFlash cable. I figure that the flashing software for that decrypts the binary before flashing it otherwise the DME wouldn't function. Problem is I cannot read it back to do some changes with the ECUWorx app because the read always fails. Is this common? I am using the MSS6x Flasher to read via a Ediabas flashed cable, also tried with a regular K+DCan cable.

    Comment

      #212
      Yes it's very common, you'll either need to flash your stock file back with the Frieling cable, or write back to stock with WinKFP before you'll be able to read with MSS6x Flasher.

      Comment

        #213
        Originally posted by mbwilding View Post
        I am having issues doing a read on my M6 (MSS65)
        I have a custom tune on it that was flashed from an encrypted binary via a Freiling IFlash cable. I figure that the flashing software for that decrypts the binary before flashing it otherwise the DME wouldn't function. Problem is I cannot read it back to do some changes with the ECUWorx app because the read always fails. Is this common? I am using the MSS6x Flasher to read via a Ediabas flashed cable, also tried with a regular K+DCan cable.
        With a BDM, I think You can read Your file
        Last edited by MSSAddict; 10-23-2020, 08:06 PM.

        Comment

          #214
          Originally posted by FritzP View Post

          I have used this pinout for bench-connection with good success: see attached picture.
          You will need to set your cable to D-CAN.
          Just tried this without success on an ebay dme.

          MSS Flasher -> INPA Cable ( Pin 6 to -> DME X02-14, Pin 14 -> DME X02-1, both 12v connected, GND connected )

          Maybe I am missing something to wakeup the dme ( some kind of ignition signal )?

          Comment

            #215
            Originally posted by dmlf View Post

            Just tried this without success on an ebay dme.

            MSS Flasher -> INPA Cable ( Pin 6 to -> DME X02-14, Pin 14 -> DME X02-1, both 12v connected, GND connected )

            Maybe I am missing something to wakeup the dme ( some kind of ignition signal )?
            MSS60/65 is identic
            Attached Files

            Comment

              #216
              Thx, it works, my on/off switch was dead !
              • Likes 1

              Comment

                #217
                Originally posted by terra View Post
                [*]If successful, the key is displayed in the application and a file with the SK is saved (file will include the appropriate header to be pasted in directly at 0x7948 of the injection dump)
                I don't understand why the SK would be at this position, I saw that you where able to dump the UC3FMCR which was 43 FF 00 FF, which means PROTECT = FF so the only protection would be through SBPROTECT + SBEN .
                But in the datasheet the first two blocks layout is 16K (SB[0] + 48K ; 48K +16K SB[1] ), so 0x7948 would be inside the remainer of BLOCK[0] right ?
                which should not protected

                I am lost

                Comment

                  #218
                  The obd read protection has nothing to do with the UC3FMCR register. The read code is simply set to return 0xFF when reading certain addresses.

                  Comment

                    #219
                    Ah right ! So it may be patchable I guess... Would be fun

                    Comment

                      #220
                      Originally posted by terra View Post
                      You could make a full backup, flash to stock with WinKFP, and then flash your backup back.
                      Ended up using the binary modification tool to edit my DME file after backing up the DME using MSS6x flasher. Will be taking M5 to get smog tested this weekend...

                      Comment

                        #221
                        I've given up on hopes for an EWS/CAS delete
                        You don't need, but isn't freely officially released atm . Is possible in file.

                        Comment

                          #222
                          Originally posted by Lambda1 View Post
                          You don't need, but isn't freely officially released atm . Is possible in file.
                          For MSS60 ?

                          Comment

                            #223
                            Originally posted by dmlf View Post

                            For MSS60 ?
                            I mean really, on any dme that has program write capabilities, EWS delete is possible. You just have to figure out what instructions to bypass.

                            Comment

                              #224
                              Possible for MSS60 and MSS65 also with options for Swap like also Limiter at 5500rpm with lost abs signal, with full power and no CAN-bus problems. No Emulator, in file.

                              Comment

                                #225
                                Uploaded everything to github: https://github.com/terraphantm/MSS6x-Flasher

                                Please be gentle with your criticism. I'm a doctor, not a programmer, this is mostly cobbled together with what I was able to teach myself :P
                                • Likes 4

                                Comment

                                Previous 1 5 15 25 31 template Next
                                Working...
                                X