from PyEcom import * from config import * from ctypes import * import time, struct if __name__ == "__main__": ecom = PyEcom('Debug\\ecomcat_api') ecom.open_device(1, 37440) #ecom.open_device(1,0) ecom.send_iso_tp_data(0x781, [0x30, 0x01, 0x00, 0x01]) time.sleep(3) ecom.send_iso_tp_data(0x781, [0x30, 0x01, 0x00, 0x02]) #read one message (should contain payload of: 0x08) #sff = pointer(SFFMessage()) #ecom.mydll.DbgLineToSFF("IDH: 03, IDL: 44, Len: 08, Data: FF 7F 00 00 00 08 00 D5", sff) #ret = ecom.send_iso_tp_data(0x781, [0x3E]) #ecom.mydll.write_messages_from_file(ecom.handle, "input.dat") #ecom.send_iso_tp_data(0x781, [0x30, 0x01, 0x00, 0x01]) #ret = ecom.mydll.read_message_by_wid(ecom.handle, 0x039C) #ecom.mydll.write_messages_from_file(ecom.handle, "car-startup-trim.dat") #ret = ecom.mydll.read_message_by_wid(ecom.handle, 0x039C) #ecom.mydll.write_messages_from_file(ecom.handle, "car-startup-trim.dat")
from PyEcom import * from config import * import time, struct, sys if __name__ == "__main__": #print "[*] Starting diagnostics check..." ecom = PyEcom('Debug\\ecomcat_api') ecom.open_device(1,35916) ECU = 0x7E0 #do security access ret = ecom.security_access(ECU) if ret == False: print "[!] [0x%04X] Security Access: FAILURE" % (ECU) sys.exit(1) print "[*] [0x%04X] Security Access: Success" % (ECU) #Unsure but this happens 3x in the capture before diag programming mode #I think this may have to do w/ tellin other ECUs the one being reprogrammed #is going offline for a while and DO NOT set DTC codes for i in range(0, 3): ret = ecom.send_iso_tp_data(0x720, [0xA0, 0x27]) #Grequires the to be in half-on state (power on, engine off) #Failure to be in the required mode will result in diagnostic session failing ret = ecom.diagnostic_session(ECU, [0x10, 0x02]) if ret == False: print "[!] [0x%04X] Programming Mode: Failure" % (ECU) sys.exit(1)
from PyEcom import * from config import * from ctypes import * import time, struct if __name__ == "__main__": ecom = PyEcom('Debug\\ecomcat_api') ecom.open_device(1,37440) LOOPER = 0 SETSPEED = 62 SFFLINE = "IDH: 07, IDL: C0, Len: 08, Data: 04 30 01 00 02 00 00 00" SFFArray = SFFMessage * 1 SFFS = SFFArray() ecom.mydll.DbgLineToSFF(SFFLINE, pointer(SFFS[0])) #if(SETSPEED < 200): # SETSPEED = SETSPEED * 161 #SFFS[0].data[0] = (SETSPEED >> 8) & 0xFF; #SFFS[0].data[1] = SETSPEED & 0xFF; #ecom.mydll.FixChecksum(pointer(SFFS[0])) while(1): ecom.send_iso_tp_data(0x7C0, [0x30, 0x01, 0x00, 0x08])
from PyEcom import * from config import * import time, struct, sys if __name__ == "__main__": ecom = PyEcom('Debug\\ecomcat_api') ecom.open_device(0, 1) ECU = 0x7E0 #Is CPU? ret = ecom.send_iso_tp_data(ECU, [0x09, 0x00]) #Get Calibration IDs ret = ecom.send_iso_tp_data(ECU, [0x09, 0x04]) #???? ret = ecom.send_iso_tp_data(ECU, [0x13, 0x80]) #Get VIN ret = ecom.send_iso_tp_data(ECU, [0x09, 0x04]) ret = ecom.security_access(ECU) if ret: print "[*] [0x%04X] Security Access: Success" % (ECU) #Unsure but this happens 3x in the capture before diag programming mode #I think this may have to do w/ tellin other ECUs the one being reprogrammed #is going offline for a while and DO NOT set DTC codes for i in range(0, 3):
ecu_b2 = EcuBlock(0xF7000100, 0xFF001000, None) blocks = [] blocks.append(ecu_b1) blocks.append(ecu_b2) #val = ecom.toyota_targetdata_to_dword("424433493A4B4B4D") #ECM Calibration 34715200 #T-0052-11.cuw 03_TargetData=424433493A4B4B4D #target_data = 0xBC1F6FEF target_data = nbo_int_to_bytearr(0xBC1F6FEF) if __name__ == "__main__": #print "[*] Starting diagnostics check..." ecom = PyEcom('Debug\\ecomcat_api') ecom.open_device(0,1) #Set this to False if flashing fails and the script needs re-run PREAMBLE = False #flash binary f = open("toyota_ecm.bin", "rb") #START PREAMBLE if PREAMBLE == True: #ret = ecom.send_iso_tp_data(0x7E1, [0x09, 0x00]) #Supported PIDs (Bit Encoded) ret = ecom.send_iso_tp_data(ECU, [0x09, 0x00])
from PyEcom import * from config import * from ctypes import * import time, struct if __name__ == "__main__": ecom = PyEcom('Debug\\ecomcat_api') ecom.open_device(1,37436) #f = open("can2-startup-min-drivers.dat", "r") f = open("can2-passenger.dat", "r") sff_lines = f.readlines() num_of_sffs = len(sff_lines) SFFArray = SFFMessage * num_of_sffs sffs = SFFArray() for i in range(0, num_of_sffs): ecom.mydll.DbgLineToSFF(sff_lines[i], pointer(sffs[i])) print "Starting to send msgs" #ecom.mydll.write_messages_from_file(ecom.handle, "input.dat") #ecom.send_iso_tp_data(0x781, [0x30, 0x01, 0x00, 0x01]) while(1): ## for i in range(0, 30): ## ecom.mydll.write_message(ecom.handle, sff_0024_F9) ## ## for i in range(0, 4): ## ecom.mydll.write_message(ecom.handle, sff_0344)
from PyEcom import * from config import * from ctypes import * import time, struct if __name__ == "__main__": ecom = PyEcom('Debug\\ecomcat_api') ecom.open_device(1,37436) #SFFLINE = "IDH: 00, IDL: 37, Len: 07, Data: C2 13 52 03 AC 00 14" #SFFLINE = "IDH: 00, IDL: 37, Len: 07, Data: C8 FE 58 13 E4 00 53" SFFLINE = "IDH: 00, IDL: 37, Len: 07, Data: C6 13 18 0E ED 00 2A" SFFArray = SFFMessage * 1 SFFS = SFFArray() ecom.mydll.DbgLineToSFF(SFFLINE, pointer(SFFS[0])) ecom.mydll.FixChecksum(pointer(SFFS[0])) while(1): ecom.mydll.write_message(ecom.handle, pointer(SFFS[0])) #time.sleep(.0003) NOCHECK = 1 while(1): #read_by_wid = ecom.mydll.read_message_by_wid_with_timeout #read_by_wid.restype = POINTER(SFFMessage) #sff_resp = ecom.mydll.read_message_by_wid_with_timeout(ecom.handle, 0x0037, 1000)