from PyEcom import *
from config import *
from ctypes import *
import time, struct
if __name__ == "__main__":
ecom = PyEcom('Debug\\ecomcat_api')
ecom.open_device(1, 37440)
#ecom.open_device(1,0)
ecom.send_iso_tp_data(0x781, [0x30, 0x01, 0x00, 0x01])
time.sleep(3)
ecom.send_iso_tp_data(0x781, [0x30, 0x01, 0x00, 0x02])
#read one message (should contain payload of: 0x08)
#sff = pointer(SFFMessage())
#ecom.mydll.DbgLineToSFF("IDH: 03, IDL: 44, Len: 08, Data: FF 7F 00 00 00 08 00 D5", sff)
#ret = ecom.send_iso_tp_data(0x781, [0x3E])
#ecom.mydll.write_messages_from_file(ecom.handle, "input.dat")
#ecom.send_iso_tp_data(0x781, [0x30, 0x01, 0x00, 0x01])
#ret = ecom.mydll.read_message_by_wid(ecom.handle, 0x039C)
#ecom.mydll.write_messages_from_file(ecom.handle, "car-startup-trim.dat")
#ret = ecom.mydll.read_message_by_wid(ecom.handle, 0x039C)
#ecom.mydll.write_messages_from_file(ecom.handle, "car-startup-trim.dat")
from PyEcom import *
from config import *
import time, struct, sys
if __name__ == "__main__":
#print "[*] Starting diagnostics check..."
ecom = PyEcom('Debug\\ecomcat_api')
ecom.open_device(1,35916)
ECU = 0x7E0
#do security access
ret = ecom.security_access(ECU)
if ret == False:
print "[!] [0x%04X] Security Access: FAILURE" % (ECU)
sys.exit(1)
print "[*] [0x%04X] Security Access: Success" % (ECU)
#Unsure but this happens 3x in the capture before diag programming mode
#I think this may have to do w/ tellin other ECUs the one being reprogrammed
#is going offline for a while and DO NOT set DTC codes
for i in range(0, 3):
ret = ecom.send_iso_tp_data(0x720, [0xA0, 0x27])
#Grequires the to be in half-on state (power on, engine off)
#Failure to be in the required mode will result in diagnostic session failing
ret = ecom.diagnostic_session(ECU, [0x10, 0x02])
if ret == False:
print "[!] [0x%04X] Programming Mode: Failure" % (ECU)
sys.exit(1)
from PyEcom import *
from config import *
from ctypes import *
import time, struct
if __name__ == "__main__":
ecom = PyEcom('Debug\\ecomcat_api')
ecom.open_device(1,37440)
LOOPER = 0
SETSPEED = 62
SFFLINE = "IDH: 07, IDL: C0, Len: 08, Data: 04 30 01 00 02 00 00 00"
SFFArray = SFFMessage * 1
SFFS = SFFArray()
ecom.mydll.DbgLineToSFF(SFFLINE, pointer(SFFS[0]))
#if(SETSPEED < 200):
# SETSPEED = SETSPEED * 161
#SFFS[0].data[0] = (SETSPEED >> 8) & 0xFF;
#SFFS[0].data[1] = SETSPEED & 0xFF;
#ecom.mydll.FixChecksum(pointer(SFFS[0]))
while(1):
ecom.send_iso_tp_data(0x7C0, [0x30, 0x01, 0x00, 0x08])
from PyEcom import *
from config import *
import time, struct, sys
if __name__ == "__main__":
ecom = PyEcom('Debug\\ecomcat_api')
ecom.open_device(0, 1)
ECU = 0x7E0
#Is CPU?
ret = ecom.send_iso_tp_data(ECU, [0x09, 0x00])
#Get Calibration IDs
ret = ecom.send_iso_tp_data(ECU, [0x09, 0x04])
#????
ret = ecom.send_iso_tp_data(ECU, [0x13, 0x80])
#Get VIN
ret = ecom.send_iso_tp_data(ECU, [0x09, 0x04])
ret = ecom.security_access(ECU)
if ret:
print "[*] [0x%04X] Security Access: Success" % (ECU)
#Unsure but this happens 3x in the capture before diag programming mode
#I think this may have to do w/ tellin other ECUs the one being reprogrammed
#is going offline for a while and DO NOT set DTC codes
for i in range(0, 3):
ecu_b2 = EcuBlock(0xF7000100, 0xFF001000, None)
blocks = []
blocks.append(ecu_b1)
blocks.append(ecu_b2)
#val = ecom.toyota_targetdata_to_dword("424433493A4B4B4D")
#ECM Calibration 34715200
#T-0052-11.cuw 03_TargetData=424433493A4B4B4D
#target_data = 0xBC1F6FEF
target_data = nbo_int_to_bytearr(0xBC1F6FEF)
if __name__ == "__main__":
#print "[*] Starting diagnostics check..."
ecom = PyEcom('Debug\\ecomcat_api')
ecom.open_device(0,1)
#Set this to False if flashing fails and the script needs re-run
PREAMBLE = False
#flash binary
f = open("toyota_ecm.bin", "rb")
#START PREAMBLE
if PREAMBLE == True:
#ret = ecom.send_iso_tp_data(0x7E1, [0x09, 0x00])
#Supported PIDs (Bit Encoded)
ret = ecom.send_iso_tp_data(ECU, [0x09, 0x00])
from PyEcom import *
from config import *
from ctypes import *
import time, struct
if __name__ == "__main__":
ecom = PyEcom('Debug\\ecomcat_api')
ecom.open_device(1,37436)
#f = open("can2-startup-min-drivers.dat", "r")
f = open("can2-passenger.dat", "r")
sff_lines = f.readlines()
num_of_sffs = len(sff_lines)
SFFArray = SFFMessage * num_of_sffs
sffs = SFFArray()
for i in range(0, num_of_sffs):
ecom.mydll.DbgLineToSFF(sff_lines[i], pointer(sffs[i]))
print "Starting to send msgs"
#ecom.mydll.write_messages_from_file(ecom.handle, "input.dat")
#ecom.send_iso_tp_data(0x781, [0x30, 0x01, 0x00, 0x01])
while(1):
## for i in range(0, 30):
## ecom.mydll.write_message(ecom.handle, sff_0024_F9)
##
## for i in range(0, 4):
## ecom.mydll.write_message(ecom.handle, sff_0344)
from PyEcom import *
from config import *
from ctypes import *
import time, struct
if __name__ == "__main__":
ecom = PyEcom('Debug\\ecomcat_api')
ecom.open_device(1,37436)
#SFFLINE = "IDH: 00, IDL: 37, Len: 07, Data: C2 13 52 03 AC 00 14"
#SFFLINE = "IDH: 00, IDL: 37, Len: 07, Data: C8 FE 58 13 E4 00 53"
SFFLINE = "IDH: 00, IDL: 37, Len: 07, Data: C6 13 18 0E ED 00 2A"
SFFArray = SFFMessage * 1
SFFS = SFFArray()
ecom.mydll.DbgLineToSFF(SFFLINE, pointer(SFFS[0]))
ecom.mydll.FixChecksum(pointer(SFFS[0]))
while(1):
ecom.mydll.write_message(ecom.handle, pointer(SFFS[0]))
#time.sleep(.0003)
NOCHECK = 1
while(1):
#read_by_wid = ecom.mydll.read_message_by_wid_with_timeout
#read_by_wid.restype = POINTER(SFFMessage)
#sff_resp = ecom.mydll.read_message_by_wid_with_timeout(ecom.handle, 0x0037, 1000)
