openecu.org

[SilverBack]

On a bench programming setup, you could let it run for a few days with a special program to try all 65536 combinations of init codes.

Looking at the log when I connect, it looks like it sends a byte(0x01), then gets a response, then sends another byte(0x00), then gets another response. If this is the case, couldn't you just brute force the first byte until you get a response. Then using the found first byte, brute force the second byte.

255 combos on the first + 255 combos on the second = 512 total tries possible

Maybe I'm over simplifying it.?

Surly, you need the whole init to be correct to get a response hence 65536…?

But the idea to code an option into the app to run through all 65536…?

If the ECU does not need to be reset during init attempts, I could leave it in the car running and logging the response. If the sequence can be paused (saved) and restarted from the last attempted init it can simply be done in runs until completed or a positive response received?

It sounds too simple. What are we missing?

[AutoXer]

On a bench programming setup, you could let it run for a few days with a special program to try all 65536 combinations of init codes.

Looking at the log when I connect, it looks like it sends a byte(0x01), then gets a response, then sends another byte(0x00), then gets another response. If this is the case, couldn't you just brute force the first byte until you get a response. Then using the found first byte, brute force the second byte.

255 combos on the first + 255 combos on the second = 512 total tries possible

Maybe I'm over simplifying it.?

Surly, you need the whole init to be correct to get a response hence 65536…?

But the idea to code an option into the app to run through all 65536…?

If the ECU does not need to be reset during init attempts, I could leave it in the car running and logging the response. If the sequence can be paused (saved) and restarted from the last attempted init it can simply be done in runs until completed or a positive response received?

It sounds too simple. What are we missing?

Looking at the software last night it appears that the init sequence is a word(16 bits) instead of a byte(8 bits). So, I was wrong. Sorry for the misinformation.

I'd be willing to do a share of the brute forcing. Give us a way to try different init sequences and let us have at it. Colby, I'd send you my ECU if you weren't on the other side of the country. The Evo is my daily driver.

[MalibuJack]

its 256 * 256

Renders the possible codes as 65536..

Colby, PM me about this if you can, but I need a version of the cable that allows bench flashing (power supply, port, etc..)

[AutoXer]

Colby, PM me about this if you can, but I need a version of the cable that allows bench flashing (power supply, port, etc..)

Jack, Did you ever get anywhere with this? I'm still anxiously awaiting a fix.

[unchi]

i have this same issue
on an 05 MR USDM

[aidank]

hi
this is my first post guys my friend has this mr320fq uk car.
can i tune this with open port which i bought a good while back and havent even tried it yet.??
any help greatfully appreciated. what power can i get remaping this anyhow..?

[S54fan]

Yes. I tuned an VIII MR FQ320 recently with that had a Walbro, decat pipe and modified airbox lid on it and it did about 384 BHP IIRC on Shell V-power.

Note this FQ model already comes with intake and intercooler pipes, downpipe and catback. The MR model has nicer cams and 10.5T turbine housing.