utorok 15. októbra 2013

how-to recover code from audi beta autoreverz CC AUZ1Z5

location of eeprom where safe code is stored:

 remote it and extend legs that it can be used in breadboard
After this connect it to arduino as described here.

eeprom pin | arduino pin
       1          |       GND
       2          |       GND
       3          |       GND
       4          |       GND
       5          |        D7
       6          |        D4
       7          |       GND
       8          |        D2

Download and compile  host program, upload EEPROM sketch (add #define __PROG_TYPES_COMPAT__ to first lines of code to avoid errors in anrduino 1.0) to arduino and dump eeprom content:

ardpicprog -p /dev/ttyUSB0 -d 24lc01 -o out.hex

Find eeprom dump with know safe code for exact model of radio. I found my here with code 7273. We must compare this two, so we need make bin from hex dump of out eeprom. I used hex2bin, you need to compile it, just type make no need to install it.

Downloads/Hex2bin-1.0.10/hex2bin out.hex

after this i look in bin file with know safe code. I was grep-ing 7273, hex forms of this witout luck, then I realiaze there is 2737 ....

hexdump Downloads/ABETACC.BIN
0000000 32a3 e1a8 02ad 2220 122d 422c 4220 0ef0
0000010 02ab e12b 0222 2220 f1a7 422c 0000 1e30
0000020 02ab e12b 0222 2220 f1a7 422c 0000 0000
0000030 0a70 37c0 7737 2737 f4b4 0025 c898 00f8
0000040 0000 ffff ffff ffff ffff ffff ffff ffff
0000050 ffff ffff ffff ffff ffff ffff ffff ffff
*
0000080

i looked in my dump converted to binary format:

hexdump out.bin
0000000 2226 42a5 12a3 32ac 0220 e1ac 2229 0e10
0000010 322d 22a6 32a8 f1ae 222c 22a6 f124 1ef0
0000020 02ab e12b 0222 2220 f1a7 422c 0000 0000
0000030 0a70 37b0 7737 6093 25e4 0065 f8c8 0039
0000040 0000                                  
0000042



and theres my code ... 0639:


 Look it's working! :D

Žiadne komentáre:

Zverejnenie komentára