MSS6x Flasher - Now released!

Martyn replied

04-16-2020, 10:06 AM
Originally posted by 6ixSPD View Post

Will this allow me to do a complete read of my existing ECU and modify that file? I have a tune on on my car which has disabled cold start and it would be nice to re-enable it and make some other changes without losing the benefits of the tune that is current installed. Assuming the hex address locations will be known (I don't have this information and would love to find it) for where such changes need to be made.

I have the BL KCAN cable as well.

I've tested the full read from MSS6x Flasher with my software and it works fine.

E60/E61 M5 & E63/E64 M6 (MSS65) Binary Modification Tool Released - ECUWorx

https://www.ecuworx.co.uk/2020/04/12/e60-e61-m5-e63-e64-m6-mss65-binary-modification-tool-released/

ECUWorx are pleased to annouce that the first release of the E6x M5 / M6 Binary Modification Tool is complete. The tool allows modification of files read from the vehicles ECU (MSS65). The tool allows modification of the following options: – Stage 1 & Stage 2 performance tune from 22RPD– VMax limit removal– Cold start delete– SAP removal (DTC Suppression for removed hardware)– Primary cat removal DTC suppression– Valet Mode with 3000 RPM limiter– Rev limit per gear recalibration– P500S power mode in P400– AlphaN enablement– Overrun burble / pops– Transmission Swap– Rev limit based on engine temp recalibration– Rev

1 Photo
Likes 2
Leave a comment:
terra replied

04-16-2020, 10:00 AM
Originally posted by 6ixSPD View Post

Will this allow me to do a complete read of my existing ECU and modify that file? I have a tune on on my car which has disabled cold start and it would be nice to re-enable it and make some other changes without losing the benefits of the tune that is current installed. Assuming the hex address locations will be known (I don't have this information and would love to find it) for where such changes need to be made.

I have the BL KCAN cable as well.

Yes it should enable you to do that assuming your tuner didn't implement any sort of read lock. I don't think there's a public xdf or a2l. MartynT's application should be good for making simpler modifications like that.
Likes 1
Leave a comment:
6ixSPD replied

04-16-2020, 09:37 AM
Will this allow me to do a complete read of my existing ECU and modify that file? I have a tune on on my car which has disabled cold start and it would be nice to re-enable it and make some other changes without losing the benefits of the tune that is current installed. Assuming the hex address locations will be known (I don't have this information and would love to find it) for where such changes need to be made.

I have the BL KCAN cable as well.
Leave a comment:
Martyn replied

04-16-2020, 12:34 AM
Originally posted by terra View Post

ECU wouldn't accept a job. Gateway module probably would, but I do feel like communicating with multiple modules during a flash process is a good way to introduce writing errors.

Understood! Perhaps just a check of 'STAT_PHY_UKL15_WERT' via 'status_ukl15' prior to starting a full flash might be a good idea? If voltage < 12.5 perhaps throw a pop up or something?

*Edit* status_ukl15 doesn't exist in MSS6x.prg so ignore me

Last edited by Martyn; 04-16-2020, 02:17 AM.
Leave a comment:
terra replied

04-16-2020, 12:25 AM
ECU wouldn't accept a job. Gateway module probably would, but I do feel like communicating with multiple modules during a flash process is a good way to introduce writing errors.
Leave a comment:
Martyn replied

04-16-2020, 12:20 AM
Awesome!

I was going to suggest adding a voltage status of KL15 but I'm guessing the ECU won't accept job requests whilsts its in flashing mode or busy with a current job.

I'll have a think regarding the name.
Leave a comment:
terra replied

04-15-2020, 11:35 PM
Another update

-Changed up the layout a bit.
-Eliminated the full binary checkbox, there is now a separate button to read a full program
-Read RAM and Read ISN / SK are now under the "Advanced Menu" -- shift+click no longer does anything
-Added current byte being read/written to the status text
-Added a status message noting if a read has been completed
-Progress bar is now colored #009ADA

Thus far the application feels pretty safe. Even when a flash does fail due to disconnected power or so, the DMEs are staying alive. So I'm feeling comfortable for a wider release soon.

Anyone have thoughts on a different name for the application? Also anyone have any ideas about a logo, icon, etc? Something that emphasizes the relationship to this forum would be preferable.
Leave a comment:
hansbrix replied

04-15-2020, 06:17 PM
Sent terra a PM with the same info. I was able to successfully do a full and partial read of my MSS65 in my 2008 M5 SMG. I'm doing it in the car, I don't have a bench setup. The full read took about 2.5 hours. I have a K+DAN cable from one-stop electronics that I bought almost 2 years ago. I don't know how to flash the cable itself. (http://www.one-stop-electronics.com/...&product_id=16). I didn't try writing since I have no updated tune or file to write.
Leave a comment:
terra replied

04-15-2020, 01:58 PM
Another update:
Added patch to allow reading protected memory segments
This will be applied any time an RSA delete or Full Write is done

Added ISN reading to the MSS65
It will prompt you to do an RSA Bypass if it can't be read

MSS60 SK read will now attempt to read it directly before dumping RAM and searching for it. Should be a little faster if you've already patched an RSA delete

Changed name/directory structure a bit
Leave a comment:
terra replied

04-15-2020, 09:21 AM
Originally posted by Martyn View Post

Great work!

I'm sure a while back I read on the M5Board that Jim Colley had identified and defeated the second processor lock, it might be worth reaching out to him to see if he can point you in the right direction.

Sent him a PM - looks like he hasn't logged in for a couple months though, so we'll see.
Leave a comment:
Martyn replied

04-15-2020, 01:10 AM
Great work!

I'm sure a while back I read on the M5Board that Jim Colley had identified and defeated the second processor lock, it might be worth reaching out to him to see if he can point you in the right direction.
Leave a comment:
terra replied

04-15-2020, 01:06 AM
Figured out what to change in the program to read the SK from the true location. Same patch should work to read the ISN from the MSS65 as well. I'll update the app later today. But basically at this point we can make a full backup entirely over OBDII. Now if we can figure out how to reenable BDM on the MSS60, that means cloning these things and recovering from bricks will no longer be a problem.
Leave a comment:
terra replied

04-14-2020, 06:56 PM
Updated the app again. Fixed some of the sanity checks, and implemented a check to make sure the external flash looks reasonably correct.

Added a popup warning before flashing the RSA delete. I elected not to implement a slow mode, because people with the right cable should not need a slow mode at all, and people with the wrong cable should not be flashing at all. May revisit that decision

Think I'm getting closer to general release in any case.
Leave a comment:
Obioban replied

04-14-2020, 04:14 PM
Originally posted by terra View Post

Hmm, yeah that's probably the best way to go about it. I'll work on patching that in. Or maybe a warning popup in general would be good enough. If people still don't listen at that point, it's not really on me.

Default to slow, have a toggle with warning to enable fast, and I think you’re in the clear.
Leave a comment:
terra replied

04-14-2020, 04:08 PM
Originally posted by heinzboehmer View Post

Why don't you have the slower way be the default and include a hidden option to enable the faster way? You could also include a warning message explaining the risks of using the faster method.

Hmm, yeah that's probably the best way to go about it. I'll work on patching that in. Or maybe a warning popup in general would be good enough. If people still don't listen at that point, it's not really on me.
Leave a comment:

Announcement

MSS6x Flasher - Now released!

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: