Welcome to the Australian Ford Forums forum.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and inserts advertising. By joining our free community you will have access to post topics, communicate privately with other members, respond to polls, upload content and access many other special features without post based advertising banners. Registration is simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Please Note: All new registrations go through a manual approval queue to keep spammers out. This is checked twice each day so there will be a delay before your registration is activated.

Go Back   Australian Ford Forums > General Topics > The Pub

The Pub For General Automotive Related Talk

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 17-06-2021, 07:42 PM   #11
JasonACT
Away on leave
 
Join Date: Apr 2019
Location: ACT
Posts: 1,735
Tech Writer: Recognition for the technical writers of AFF - Issue reason: Outstanding work on the FG ICC issues. Technical Contributor: For members who share their technical expertise. - Issue reason: The insane amount of work he has put into the Falcon FG ICC is unbelievable. He has shared everything he has done and made a great deal of it available to us all. He has definitely helped a great deal of us with no personal gains to himself. 
Default Re: FORD technical service bulletin : ICC touch screen display

I thought I knew, but how wrong was I?

While probing the read by ID function (65K reads) in the Cluster, even before entering any special security mode, I got quite a few results. Some binary bits and bytes. 2 VINs, mine from the reprogrammed EEPROM, and the original. And some looked like Ford part numbers. I plugged the 4 part numbers I saw into the Ford "calibration files" download web-page and [just] one gave me a result.

I've now got the Cluster "vbf executable" firmware!

It has a text header, says Volvo along with quite a few other things. I removed the header (making the final binary file size what the text in the header said it should be) and after checking what was left, to cut a slightly longer story short, noticed the last 2 bytes in the file were some sort of checksum. Had to remove those, then add back 2 bytes up front to match the correct file size again.

I had installed "Ghidra" and "Java 11" - made a new project, imported the binary file, selected options to say V850 code and it loads at 0x15000 (location is mentioned in the original vbf header) and it de-compiles nicely!

I can see the seed-key function (value 0xC541A9, part of the algorithm, is a dead give-away there). I can see the read-by-ID routine too. Some of those readable IDs (out of 65K) have a 3rd byte sub-function though, so, oh - I don't have all the data I can possibly read yet. I was going to read the values out of my car tonight, but I'll hang off now until I can get them all.

I do feel like I've just time-travelled about 3 months into the future though

(Incidentally, I plugged the ICC part numbers I also got previously in, but got NOTHING back at all!)
JasonACT is offline   Reply With Quote Multi-Quote with this Post
4 users like this post:
 


Forum Jump


All times are GMT +11. The time now is 08:37 PM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Other than what is legally copyrighted by the respective owners, this site is copyright www.fordforums.com.au
Positive SSL