-
The procedure used to lock a PCM is very simple, as is the seed/key algorithm.
The PCM has a combination of one seed and one key stored in flash memory. When a programming device requests read/write access to the flash chip, the PCM first sends a seed to the device. The software must calculate the key and send it to the PCM.
If the key matches what the PCM has then grants access to the flash contents.
A tuning software can change the stored seed/key to another unknown value which can only be calculated by the same cable. It uses a different algorithm so no other programming device will be able to generate the correct key, thus preventing read/write access to the flash memory. Not even the dealer can unlock a tunerlocked PCM
-
this is how it looks unlocking pcm
sent: 6C 10 F0 27 01
recieved: 6C F0 10 67 01 33 A2
sent: 6C 10 F0 27 02 73 38
recieved: 6C F0 10 67 02 34
when you recieve 67 02 34 the pcm is unlocked, 34 means unlock
If you recieve something else key is wrong
If the key is wrong there is 10 sec delay before you can try again.
you will know this when you send 27 01 you will get refuse message and not get the seed.
You should always do seed request first, before you can try the key.
it should be easy to compile a brute force script,
-
Sounds easy when you know what your doing! Im pretty new to this side of things, have relied on someone else's software to do it for me. What software are you using to communicate with pcm?
-
you can try avt hex terminal if you have avt cable
for elm327 there is small program called stnterm.exe
this is how it looks using the avt term
Request:
05 6C 10 F0 27 01
Answer:
01 60 08 00 6C F0 10 67 01 33 A2
Request:
07 6C 10 F0 27 02 73 38
Answer:
01 60 07 00 6C F0 10 67 02 34
for now i didn`t figure it out how to make this process automated
if you can find someone who can write small program will be great
-
Brute force or just find someone with the tables that exist in the wild.
-
Brute force would be my prefered method. I have been trying to write some code to do it but my lack of experiance in this department is the limiting factor. Tables that exist in the wild? Not following, care to explain?
-
Still working on this if anyone has anything to add.