We'll see (erasing eeproms). Before I get too far along I wanted to share a picture of the reman pin. But my lawyer (who also happens to be my wife) has advised me to proceed with caution. So you're not going to get lead right to the pot o' gold.
Spoiler alert, it's a deceptive aspect you won't be able to find with passive forensics.
reman-pin.jpg
I'll give one more hint - it is floating, but it's not floating at 12 volts.
Here's what I've learned. While mode 5 is active 02 requests stop working, and mode 5 seems to timeout after about 1 second. Mode 6 requests inside that timeframe (and outside it) give no reply. I've tried uploading nop commands as well as plain ascii to the $00 scratchpad area and to the last few digits of the (ram) VIN with no apparent success.
I feel like I've only conquered 5% of the problem and it was completely non-trivial. I'm open to any suggestions, especially protocol focused interrogation. I have no interest in profiting from this endeavor, but I will stop at nothing until I can minimally change a few bytes of ram.
Reply With Quote
Bookmarks