GS7 program code disassembly project

[Jake@MHD]

In the meantime, there’s a way to create BINs from the files in the standard toolset. It’s been attempted unsuccessfully by @bradsm87...
ill post up shortly with some further detail see if any of it helps

I wrote a simple exe to take care of this and spit out a bin file, as I wanted to poke around in IDA when I was bored. It's not the entire picture though, as the 0da + 0pa is still missing the boot loader segment of the code, which is pretty much always necessary to at least SEE when trying to find an exploit. We need a full dump straight from the chip.

@Olza my initial suspicion was the processor is a Infineon TC1766 (the instruction set and various ram sizes matched as well). Do you agree? It was not visually identifiable on the PCB because the chip has no cap on it.

 

[amg6975]

I have a valve body as you know and I can send it wherever. I’m home looking after our baby for the next few months... hopefully that means more spare time

Can you get to the control board? If so, can you get some good pictures of it, part markings, etc. I can start to see if I can work out a way to get a flash dump. Alternatively you can send it to me and I can start trying to hack it from the hardware side while Olza works on the disassembly. I can't promise it'll actually be successful though, so I think just some pictures would be a great place to start for me.

 

[doublespaces]

Can you get to the control board? If so, can you get some good pictures of it, part markings, etc. I can start to see if I can work out a way to get a flash dump. Alternatively you can send it to me and I can start trying to hack it from the hardware side while Olza works on the disassembly. I can't promise it'll actually be successful though, so I think just some pictures would be a great place to start for me.

 

[amg6975]

Oh my. I don't think I've ever seen a fully DCA/additive board like that. That is something.

 

[JohnDaviz]

On the middle picture there is a QR Code on the top right side. Normally you can read those with your normal qr code reader. Within that QR Code is all information the customer requires from the supplier. Mostly production date, shift, etc etc etc.. but there is more

 

[RSL]

Cautiously optimistic this may finally gain some traction, so to speak

 

[doublespaces]

I was given these instructions last year by someone but I've never had one in my hands.

 

[aus335iguy]

On the middle picture there is a QR Code on the top right side. Normally you can read those with your normal qr code reader. Within that QR Code is all information the customer requires from the supplier. Mostly production date, shift, etc etc etc.. but there is more

Some of these pics may be of the unit I have.
we ran the qr code before and all we got was a number

I was given these instructions last year by someone but I've never had one in my hands.
View attachment 35013

I measured the input resistance and got varied results. Found out later that one of the surface components was loose

 

[doublespaces]

Some of these pics may be of the unit I have.
we ran the wrong code before and all we got was a number


I measured the input resistance and got varied results. Found out later that one of the surface components was loose

Yeah, you sent me this pic, it was the one I wanted you to measure

 

[aus335iguy]

That’s the loose diode that needs resoldering.
which thread did I post the rest of the pictures in ?

 

[aus335iguy]

Mechatronics TCU close up pics

Tried to take som good close up shots on my mechatronics TCU, buts its a little hard with all the wires in the way...

bmw.spoolstreet.com

 

[aus335iguy]

I can’t for the life of me find the resistance measurements I took.
I’ll have to try it again. Lunchtime today I’ll seperate as much of the valvebody from the TCU and I’ll send it

 

[aus335iguy]

@Olza we are cheering you on from a distance! Hope it’s travelling well? Do you have anything to share ?

 

[amg6975]

I don't think the resistance of the input terminals will tell you much of anything. The component you're poking with the pen is a capacitor, not a diode. Diodes are the white squares with the bonded wire coming off the top.

 

[aus335iguy]

Didn't get any time to try and do anything today. See how I go tomorrow.
Any other updates ?

 

[aus335iguy]

Sorry all. I haven’t had time to devote to anything much during the day though the weekend is looking promising

 

[azshantris]

I just had all but the diff (incoming Monday) delivered for the m3 gts mod and now there might be a breakthrough coming? Dangit
I'm not "super" electronically inclined but if there's anything I can do to help before or after the flash I'm certainly willing! 2011 135i DCT
Also have basic OBD cable and tools on windows and some basic coding skills.

 

[aus335iguy]

I just had all but the diff (incoming Monday) delivered for the m3 gts mod and now there might be a breakthrough coming? Dangit
I'm not "super" electronically inclined but if there's anything I can do to help before or after the flash I'm certainly willing! 2011 135i DCT
Also have basic OBD cable and tools on windows and some basic coding skills.

I wouldn’t worry, this could be a while

 

[doublespaces]

I just had all but the diff (incoming Monday) delivered for the m3 gts mod and now there might be a breakthrough coming? Dangit
I'm not "super" electronically inclined but if there's anything I can do to help before or after the flash I'm certainly willing! 2011 135i DCT
Also have basic OBD cable and tools on windows and some basic coding skills.

Ya never know with this kind of stuff. Could be next year or two or never before anything is truly available (Lets hope not)

 

[Seb335i]

2009 N54 DKG 335i I can be a beta tester if you need one