Hey all. Just got done attempting this with an 06 M5. Short version: semi-bricked at RSA bypass, un-bricked in WinKFP with some headaches/sweating.

Used the Bimmergeeks pro cable (with the switch) and a Deutronic DBL430 set at 13.6V.

Before getting the cable, I successfully did a full read with my old K+DCAN cable (had an adapter instead of a switch bridging pins 7+8). I backed up the ~5MB binary file and tune.
Created copies of the binary, loaded into the binary modification tool, it recognized. Purchased a single-VIN license, created some modified binaries to test it out.

The bimmergeeks cable arrived, and I started with an attempt to read the ISN. It failed (as expected), and recommended the RSA bypass. I attempted the slow version (since I have no experience outside of diagnostics and coding).
Failed after erasing the ECU: "Failed to set flash address @ 0x450000" (image attached).

The ECU would still identify in WinKFP, and attempt to flash. However, the flash was failing to take last night. Partway though the process, it would cycle out of flash mode and abort. Usually citing a security access error when trying to switch programming mode. Checked in ISTA+ afterward, and it would load the module tree and list the DME as blue (ECU with aborted flash).

Tried the Bimmergeeks cable this morning, with the toggle switch in the other positon. The flash took, so I foolishly decided that was the problem.

Tried the RSA bypass (slow) again, and got the same error (failed to set flash address). That's the image below (I didn't take a screen shot last night, but I believe it failed at exactly the same point).

Tried WinKFP again, and I could NOT get it to take the flash. It would keep getting error 211, usually citing a security access problem prior to aborting the flash, at varying percentages (never failing at the same point).

Finally ran it with my old K+DCAN cable today, and it flashed successfully. The car is back where it started now, un-bricked and running.

I haven't tried the MSS6x flasher with the old K+DCAN cable, as I'm not sure if it has the proper EDIABAS firmware. (I paid a premium for it in ~2011 or 2012, it's listed as INPA compatible on the label). While my car is old enough to (probably) not be subject to the bug, I wasn't ready to take the risk ("not thoroughly tested" was enough to convince me to shell out for a 2nd cable).

Have I stupidly failed to properly set something up for the RSA bypass? Or is it possible I just got a spotty interface cable?

Thanks again terra! For now, just updated ecu software to 241E. Verified the before and after using your application. Will take a full read later on.

terra Hi✌️
thank You very Much 🙏

If your car was built before September 2009 it shouldn't matter. If it was built after that, communications will work in one position and won't work in the other position. So pick the one it works with.

Or if you have a multimeter, check the continuity between pins 7 and 8. You'll want the position where there is no continuity.

Sorry for my english 😅

The limiter brings up a good point tho. Is there a way to make the soft limiter a hard limiter? Hate the way it just retards timing / closes throttle as redline approaches. Much rather have fuel cutoff.

this is primary a R&D thread... i don't think it has to be beneficial just to justify doing testing or trying things out.
That being said e92 m3 has a soft limiter. It is easier to see if this soft limiter by setting a higher rpm vs one thats too close to stock.
That way its easier to see if the changes i make to other mappings is fixes the issue or not.

What hardware are you running that 8600rpm is beneficial?

Confirmed. Flashed back to stock and was able to read full and tune. Flashed tune again and got the same 'something went wrong' error.

I also want to mention that I lifted the temperature RPM limiter as well to 8600. So thats not the issue.

I'm doing a full bin pull and see what addresses are actually being written by the Tune button. Maybe its something else.

On the mapping side of things:
I see a few tables with 8300 8300 8300.

And also some like 8300 7800 7600 7400 7200 7000. I'm suspecting that its coming from a standing limiter when front wheel speed sensor shows 0.

Probably looking for a 8x1 table similar to the 8x1 RPM PER Gear Table. Since N+7 gears for DCT.

UPDATE: yeah all the calibrations got written correctly. wonder if im missing something for dyno limiter.

No, RPM limit tables are within the calibration (0da) data. There must be some other problem. Maybe Martyn can comment

I did see a few places where there seemed to be a hard coded rpm limit, but it also seemed like said limit was at 9k RPM

So I went to the dyno today but it seems like the RPM is redlines at 8300. Even though I modified it to 8600. I checked with ECUWorx tool to see if I did it correctly in tunerpro and it shows up as 8600rpm.

Is this because the RPM limiter is outside of the tune parameters and lives in the Program portion of it?