Quote:
Originally Posted by maximafag
Devils Advocate: The information that would let someone wind back an odometer for nefarious purposes, especially given the current climate.
Don't post that bit.
|
Are you absolutely sure?
The IPC, like most modules, boots in mode 1 (or 0x81 in some modules like the
ICC).
I've been tinkering with mode 2 (the security key for this mode is request 1 [key-response-2] with secret key DoWZy) up until two days ago. This mode turns off most of the IPC and I know think this is firmware update mode. So I wasn't able to write any data using "those" commands.
There's also mode 3, which I didn't find at first, being in mode 2 didn't help - as I hadn't returned to mode 1 before continuing to search. Rookie mistake. You enter security mode with request 3 [key-response-4] and secret key DRVFl (of course I'm making this up, there are 65K of them to choose from, so I just pick the one which looks the best out of the alpha-only key search I coded up)...
Ah, I can now write data (though the list is pretty short, looking at the decompiled firmware). One of the functions allows you to write (up to 3 times, unless you can re-program it again using an Arduino!) a new ODO value (as long as it's greater than the current one):
My cars have never had so many KMs!
So, playing with a new EEPROM (it's a full size chip, from Jaycar, with a socket [this will never fit back in the case now] so I can easily switch back and forth from the IPC and the Arduino I'm using to read/write) I've worked out the algorithm, worked out the "extra protection" and...
I can now set it to anything I want between the min-max values.
DO NOT PRESS LIKE ON THIS POST - If I see lots of likes, I'm likely to spill the beans on ALL of this!