Quote:
Originally Posted by JasonACT
I finally worked out where the EEPROM was in the MKII FDIM (U1303 - the one that says "08B 2" which is a 24C08 automotive spec. 1KB chip running from 5v down to 2.5v... I had to pull it with my hot air station, I couldn't read it while it was on the board, even with all the tricks I know. Once I had its contents though, I worked out how to read it via OBD2... But you can only write back "most of it". There's some parts it won't let you write (the DTC area I think).
While trying all the code pathways in the disassembled firmware, I realised one of them had cleared the entire EEPROM, zeroed except for 0xFF at the start of every 16 byte row.
Next boot, it loaded up defaults for everything (VINs were left as 0xFF strings along with a couple of other things). Firmware strings were "low series" values.
It might not be such a good idea to let someone hack your bus over the Internet!
|
If the Mk2 is running QNX, would it replacing the boot image be simply enabling ssh access or similar and simply replacing the file with a image of correction dimension and filename(case sensitive due to linux) and then bobs your uncle. I think you already make use of remote access for your RPI? I assume root access is probably needed.