Open tusker-tools opened 2 years ago
morawekj
commented
1 year ago The Chip is original NXP and seems to be the PCF7961, but I found no exact datasheet until now. The resonant circut is critical and may be the chinese manufactor do not the right tuning betwen coil and capacitor C6. I think BMW original Keys use exact the same chip, so it is just a tolerance problem. The frequency resistor is just cosmetic, just tell wich frequency is pre programmed.
morawekj
commented
1 year ago I have buy 2 Versions of the chinese Key Copy, what looks inside absolut identical.
No Problem at all to read them, may be a Problem with your Reader, waht for hardware do you use?
morawekj
commented
1 year ago I made some more research on Iprog Programmers with the printed coils, and the results are very Bad. The printed Coil have only 70 uH, bad Q and 65 Ohms series resistens. The coil from the renault reader are lot better and have 1.2 mH. Even we experimentet with small glass Transponders, with the renault reader, no Problem, with chinese iprog reader coil, no sucess. My opinoion, don't use Iprog readers, go to the scrap Yard and get a renault reader.
tusker-tools
commented
1 year ago Thanks a lot @morawekj for your investigations. Below some comments on your posts:
The Chip is original NXP and seems to be the PCF7961, but I found no exact datasheet until now. The resonant circut is critical and may be the chinese manufactor do not the right tuning betwen coil and capacitor C6. I think BMW original Keys use exact the same chip, so it is just a tolerance problem. The frequency resistor is just cosmetic, just tell wich frequency is pre programmed.
I was already able to solve the unstable communication problem I encountered with 26A0700 transponder. The improvements recently done in hitaguino apparently did the magic. Sorry that I did not update this issue. I will test again soon and report the status here.
Your assumption that "BMW original keys use exact the same chip" is not correct (at least for CAS2 CAS3 keys). They actually use PCF7945, PCF7953, PCF7944.
I have buy 2 Versions of the chinese Key Copy, what looks inside absolut identical. No Problem at all to read them, may be a Problem with your Reader, waht for hardware do you use?
Either the new hitaguino did the fix or the hardware you used has a better quality. I personally used a chinese Hitag2 v3.1 hardware. Together with the old hitaguino version reading was very unstable.
I made some more research on Iprog Programmers with the printed coils, and the results are very Bad. The printed Coil have only 70 uH, bad Q and 65 Ohms series resistens. The coil from the renault reader are lot better and have 1.2 mH. Even we experimentet with small glass Transponders, with the renault reader, no Problem, with chinese iprog reader coil, no sucess. My opinoion, don't use Iprog readers, go to the scrap Yard and get a renault reader.
Thanks for documenting that finding. It might be very helpful for other users. But please post tings like that in a separate issue the next time, as it has little to do with the original topic.
Punisher1234567890
commented
2 months ago Good day. Tell me how to find out the password from the chip pcf7941. How can I read eeprom? Is it possible to unlock it?
tusker-tools
commented
2 months ago @Punisher1234567890 , pls. open a new issue for that. Your question about PCF7941 has nothing to do with this issue
Problem: On chinese CAS3 keys (IDE shows PCF7945 signature, transponder chip marking 26A0700, picture below), communication is very unstable. For example reading Block 2 takes various tries for reading the whole VIN correctly. Often there are wrong bytes or even complete wrong pages in between. Same phenomena I observed already when reading key's ID. I have also a second, identical key, which shows same behavior. With original keys my reader HW works just fine.
Key:
Observations:
Necessary actions:
Although it seems not too imprortant to support this particular poor quality chinese key, it could be worth to analyze the reason for the wrong readings. Knowing the reson, we could maybe introduce measures (e.g. change ABIC configuration) that improves the robustness of the RF communication. This might be a benefit for other keys as well.
Next step: