A SWaP code could be pull out from parts by setting adaptation and by measuring value.
You do not really need to analysis the log.
I tried to pull out it from gateway of a donor's car after a function recovery on it.
Then I write to my car immediately
I got "[VO]_activation_not_ok_wrong_individualization_feature " when applied "Release SWaP code" in basic setting.
After some observation, I think the 5 bytes VCRN section contained in SWaP code is the key to identify the "individuality".
And I found the VCRN is not time related. It is always same whether how much time you do recovery. Only time stamp and bloody signature changed.
I think the only way make this work would be
1. Get private key from VW, make up correct SWaP code. (This is almost impossible)
or
2. Hack the firmware of parts. Put your public key or bypass check.
Actually, I hacked the MIB2High unit then I can activate any SWaP on it by ODIS-E.
But this is useless for me because there is more simple way to write required SWaP.
So I decide to hack the firmware of ACC (This is my final target)
Any one know how to decompress the bin file in frf? (I converted it to ODX and grabe the bin)
Also want to know how to flash it...
Последний раз редактировалось jvkk; 31.05.2019 в 19:51..
|