16
Omega Electrical and Audio Help / Re: Remote key coding
« on: 14 May 2012, 16:27:57 »
So I connected the diagnostics again.
Basically the first row of characters in the dump is exactly what is shown in the diagnostics as ECU ID, except it's read 2 bytes at a time, and the high and low byte are swapped.
So we can pretty much rule out any of that being the code, it goes like ES,2442,6916,1200,4700.
Also, it can not address individual bytes, rather it has to always read two bytes at a time, as it is a 16 bit memory.
So if we assume it is an integer and the integer is between 1000 and 9999, and it is stored exactly the same as the string data (the high byte and low byte are swapped), then looking through the dump, we get the following possible numbers:
3855, 2560, 5140, 2590, 1124, 1310, 2077, 4313, 7423, 4096, 4401
I wish I had an emulator for that 93LC chip. I could just see where it stores it's countdown timer and bruteforce it.
Ah well.
Basically the first row of characters in the dump is exactly what is shown in the diagnostics as ECU ID, except it's read 2 bytes at a time, and the high and low byte are swapped.
So we can pretty much rule out any of that being the code, it goes like ES,2442,6916,1200,4700.
Also, it can not address individual bytes, rather it has to always read two bytes at a time, as it is a 16 bit memory.
So if we assume it is an integer and the integer is between 1000 and 9999, and it is stored exactly the same as the string data (the high byte and low byte are swapped), then looking through the dump, we get the following possible numbers:
3855, 2560, 5140, 2590, 1124, 1310, 2077, 4313, 7423, 4096, 4401
I wish I had an emulator for that 93LC chip. I could just see where it stores it's countdown timer and bruteforce it.
Ah well.