Announcement

Collapse
No announcement yet.

MSS6x Flasher - Now released!

Collapse
This is a sticky topic.
X
X
Collapse
 
  • Page of 32
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 19 29 32 template Next
  • terra
    replied
    Originally posted by hansbrix View Post

    I agree all the more reason why we need to figure this out though. What are you guys using to view the bin? I'm assuming you're not using a conventional hex editor? Still new to the BMW/ Siemens stuff, but really want to learn more. I have winOLS installed but my experience with calibration work is on GM PCMs using the HP tuners, which is basically a complete IDE for editing the cal.
    Honestly I haven't been messing with actual tuning yet. Right now my main goal has been to analyze the read/write routines and the various security mechanisms on the DME. To that end, a lot of my work has been disassembling the DME software, mostly the second stage boot code, in things like IDA and Ghidra. Also generally logged what all the commands flying around during a WinKFP flash were and things like that.

    My next personal goal is to disable the BDM lock on the DME so that 1) we can recover these things if we mess up while OBD flashing (not very likely when limiting yourself to tune modifications, but once you start making program modifications the chance of error increases), and 2) so that we can clone DMEs in the case one needs to be replaced for hardware failure
    • Likes 1

    Leave a comment:

  • hansbrix
    replied
    Originally posted by terra View Post
    Yeah I dunno. They don't seem like assholes like Gintani, but I just have a very hard time believing that you can essentially plug everything in and just have it work without having to do any software manipulation on either the DME, EGS, or both.
    I agree all the more reason why we need to figure this out though. What are you guys using to view the bin? I'm assuming you're not using a conventional hex editor? Still new to the BMW/ Siemens stuff, but really want to learn more. I have winOLS installed but my experience with calibration work is on GM PCMs using the HP tuners, which is basically a complete IDE for editing the cal.

    Leave a comment:

  • patsbimmer1
    replied
    Joined just to follow this thread! Can't wait to try it in my '11 e90 m3!

    Leave a comment:

  • terra
    replied
    Yeah I dunno. They don't seem like assholes like Gintani, but I just have a very hard time believing that you can essentially plug everything in and just have it work without having to do any software manipulation on either the DME, EGS, or both.
    • Likes 2

    Leave a comment:

  • Martyn
    replied
    I’ve been through and compared the latest euro and latest US cars DME software and like Terra says the differences are very minor.

    Leave a comment:

  • terra
    replied
    Don't even need to flash, I can extract the relevant stuff from the WinKFP files themselves. I wouldn't think there'd be a huge difference though.

    On the other hand, perhaps there's a reason the Euro version has a much higher software number (520E) vs US (160E)

    Leave a comment:

  • hansbrix
    replied
    So given the new news on the m5board, I was wonder what you guys think about how can we figure out if the code to control the DCT/DKG is indeed there? Couldn’t we just use WinKFP to flash a MSS65 DME with a euro calibration then evaluate the difference in the code? I have a bimmergeeks cable coming but I have a few running M5s I could play with. I just have never flashed or updated modules yet on the M5 since I’m been busy fixing the myriad of mechanical stuff. I’m gonna try installing ISTA/P also since I think that plus an ICOM is require to update the I level of the car. But for the DME only, is it that I can use WinKFP with the appropriate datens to flash the DME. I suppose if someone already has the full bin of a euro DME we can just use terra’s nifty tool here? We’d have to edit the VIN and other stuff though right?

    Leave a comment:

  • terra
    replied
    So at some point I accidentally introduced a bug that skipped over the signature check when flashing a tune to the MSS60. Fixed version is uploaded now, I recommend all testers redownload.

    Leave a comment:

  • terra
    replied
    The one-stop electronics is probably one of the easier ones to modify. It already has AVR ISP header on board, so you don't need to do any soldering. Just plug in the programmer and program the chip

    Leave a comment:

  • tdott
    replied
    Just to confirm that the Frieling iflash adapter that comes with most after market tunes, will not work with Ediabas (inpa/ncs/ista/etc) software, therefore doesn't work with this flasher.
    I've read conflicting info on that before, but tested it myself with no success.

    I'm buying a bimmergeek cable vs modifying my old one-stop-electronic cable I've had for years.
    Last edited by tdott; 04-17-2020, 10:40 AM.

    Leave a comment:

  • terra
    replied
    Sorry for the delay. Got so many PMs that I missed a couple. Responded to you

    Leave a comment:

  • Dash1
    replied
    pm'ed you terra

    Leave a comment:

  • terra
    replied
    Originally posted by hansbrix View Post
    Quick question in how big a full read bin should be for a MSS65. My full read was 5.00 MB (5,242,880 bytes). Does this seem correct? I ask because a few months back I was looking at doing some tuning and found a bin that someone uploaded, I think it was a BDM read. That one was 1.00 MB (1,048,576 bytes). What accounts for the stark difference and what should be the correct size of a full bin?
    5MB is correct. It's structured like so

    Injection (left) Internal flash - 512KB
    Injection (left) External flash - 2MB
    Ignition (right) Internal flash - 512KB
    Ignition (right) External Flash - 2MB

    The tune is stored in the last 64K of each internal flash. Program code is spread between the internal and external flashes. Most of the external flash is empty, but is still necessary to make a full backup and to generate an RSA patch.

    The bin you found was likely a dump of both internal flashes.

    Leave a comment:

  • hansbrix
    replied
    Quick question in how big a full read bin should be for a MSS65. My full read was 5.00 MB (5,242,880 bytes). Does this seem correct? I ask because a few months back I was looking at doing some tuning and found a bin that someone uploaded, I think it was a BDM read. That one was 1.00 MB (1,048,576 bytes). What accounts for the stark difference and what should be the correct size of a full bin?

    Leave a comment:

  • terra
    replied
    Another update:
    Cosmetic stuff:
    • Added an app icon. Definitely subject to change, just wanted to try
    • Added a little note that the application is provided by free by this forum, and a have a link to this thread for the latest version (of course for the time being you need to contact me to download a copy)
    • Changed some text notifications

    Functional changes:
    • Sped up full reads by skipping over areas that should be blank. Should bring the total read time down to approximately 45 minutes
    • The long read option is still available in the advanced menu
    • If the read file size is smaller than expected (i.e one of the read requests failed), the application won't save those dumps

    Leave a comment:

Previous 1 19 29 32 template Next
Working...
X