Open kippdipp opened 5 months ago
bri3d
commented
4 months ago The best way to figure out what's going on would be to look at an ODX. It will contain the SA2 Seed/Key and the update payload. It might be the same as DQ381 entirely (same seed/key and joke AES key/IV) or it could differ.
kippdipp
commented
4 months ago Here’s the FRF for the 1006 software version on my AL551: https://race-tun.com/vag-sgo-frf/audi/fl4h1927158ad1006.frf/fl-4h1927158ad-1006.frfori/
looks like the memory layout is different than DQ381
aarons3
commented
4 months ago I compared a common 0GC300012A_14XX file to what was uploaded...
SA2 bytefields are identical
DQ381 uses ENCRYPT-COMPRESS-METHOD "AA"
That AL551 file uses "22"
kippdipp
commented
4 months ago I compared a common 0GC300012A_14XX file to what was uploaded...
SA2 bytefields are identical
DQ381 uses ENCRYPT-COMPRESS-METHOD "AA"
That AL551 file uses "22"
How big of a change does this require? I'm not familiar with compress methods
ConnorHowell
commented
4 months ago I compared a common 0GC300012A_14XX file to what was uploaded... SA2 bytefields are identical DQ381 uses ENCRYPT-COMPRESS-METHOD "AA" That AL551 file uses "22"
How big of a change does this require? I'm not familiar with compress methods
A bench dump would be needed to reverse engineer whatever encryption/compression methods are used for the flash when flashing the TCU.
averagejoe8
commented
3 months ago New to GitHub so don’t know if there’s another place for comments / requests like this.. For “kicks and giggles” I connected my D4 Audi A8 4.2FSI 8HP55, Audi calls this transmission AL551, to VW_Flash since it uses same controller as DQ380/381 (Renesas SH72519/SH72549). Get info appears to be working and I have an A2L+Hex for this transmission I could share. What would it take to get VW_Flash working on the AL551?
Side note, CCP is enabled so I was able to use the upload command to dump 0x180000 -0x200000 and 0x600000-0x680000 without seed/key command. My main goal is to edit the ASW but I couldn’t dump any of the ASW addresses to sadly.
It will be nice if You can share hex+a2l for this TCU.
kippdipp
commented
2 months ago I compared a common 0GC300012A_14XX file to what was uploaded... SA2 bytefields are identical DQ381 uses ENCRYPT-COMPRESS-METHOD "AA" That AL551 file uses "22"
How big of a change does this require? I'm not familiar with compress methods
A bench dump would be needed to reverse engineer whatever encryption/compression methods are used for the flash when flashing the TCU.
Here's bench dump from my transmission. R5F72519R_bhid0301_1034420214_eeprom-20240413-150127.zip
New to GitHub so don’t know if there’s another place for comments / requests like this.. For “kicks and giggles” I connected my D4 Audi A8 4.2FSI 8HP55, Audi calls this transmission AL551, to VW_Flash since it uses same controller as DQ380/381 (Renesas SH72519/SH72549). Get info appears to be working and I have an A2L+Hex for the AL551 Hybrid which is similar to this transmission I could share. What would it take to get VW_Flash working on the AL551?
Side note, CCP is enabled so I was able to use the upload command to dump 0x180000 -0x200000 and 0x600000-0x680000 without seed/key command. My main goal is to edit the ASW but I couldn’t dump any of the ASW addresses to sadly.