GS7 program code disassembly project

[808AWD325xi]

I checked out A7848443.0da and see that it's signed with a 1024-bit RSA private key:

8003FE00:             AF 0D FF 08 87 C7 14 86 C1 94 5A B3  #    /....G..A.Z3
8003FE10: 17 E6 AC 9E E9 DA 0A 7D 2F F2 90 62 69 F5 4D 25  #.f,.iZ.}/r.biuM%
8003FE20: 10 E1 F4 B1 72 29 1D 38 8E D4 96 1C D3 01 B0 20  #.at1r).8.T..S.0
8003FE30: F5 80 0B 70 15 30 93 7B 27 3E A1 C0 85 F3 4D ED  #u..p.0.{'>[email protected]
8003FE40: F1 35 4E C4 64 5E DF FF A0 A6 A7 7F CE BB 02 18  #q5NDd^_. &'.N;..
8003FE50: B5 FF 45 E2 DF 0B E0 4B E6 66 F9 FB 72 90 4B 4F  #5.Eb_.`Kffy{r.KO
8003FE60: 0A 34 0C ED 47 1F 05 4F B3 DC 15 2B 29 26 8F A8  #.4.mG..O3\.+)&.(
8003FE70: 6C 47 14 9F B2 3D 6F 5E 74 84 DA 38 5C 3E 48 09  #lG..2=o^t.Z8\>H.
8003FE80: 8F 94 B9 97                                      #..9.

How did you guys bypass the signature verification?

 

[carabuser]

I checked out A7848443.0da and see that it's signed with a 1024-bit RSA private key:

8003FE00:             AF 0D FF 08 87 C7 14 86 C1 94 5A B3  #    /....G..A.Z3
8003FE10: 17 E6 AC 9E E9 DA 0A 7D 2F F2 90 62 69 F5 4D 25  #.f,.iZ.}/r.biuM%
8003FE20: 10 E1 F4 B1 72 29 1D 38 8E D4 96 1C D3 01 B0 20  #.at1r).8.T..S.0
8003FE30: F5 80 0B 70 15 30 93 7B 27 3E A1 C0 85 F3 4D ED  #u..p.0.{'>[email protected]
8003FE40: F1 35 4E C4 64 5E DF FF A0 A6 A7 7F CE BB 02 18  #q5NDd^_. &'.N;..
8003FE50: B5 FF 45 E2 DF 0B E0 4B E6 66 F9 FB 72 90 4B 4F  #5.Eb_.`Kffy{r.KO
8003FE60: 0A 34 0C ED 47 1F 05 4F B3 DC 15 2B 29 26 8F A8  #.4.mG..O3\.+)&.(
8003FE70: 6C 47 14 9F B2 3D 6F 5E 74 84 DA 38 5C 3E 48 09  #lG..2=o^t.Z8\>H.
8003FE80: 8F 94 B9 97                                      #..9.

How did you guys bypass the signature verification?

You can just skip it. The signature check is actually requested by the tester as part of the write procedure.

 

[808AWD325xi]

You can just skip it. The signature check is actually requested by the tester as part of the write procedure.

I thought you were using WinKFP to flash the TCU with modified 0pa and 0da files. What tool are you using for flashing?

 

[carabuser]

I thought you were using WinKFP to flash the TCU with modified 0pa and 0da files. What tool are you using for flashing?

Yes you can use winkfp but you need to patch the files to remove the check.

I'll make an app to do it when i have a spare weekend. Ediabaslib makes it quite easy to build a program.

 

[808AWD325xi]

Yes you can use winkfp but you need to patch the files to remove the check.

I'll make an app to do it when i have a spare weekend. Ediabaslib makes it quite easy to build a program.

Got it. Thanks!

 

[Olza]

 

[bernardo774]

Hello!
have someone the PDF with Functional Description for DCT Gen1?

Alec help me to the GWS conversion, all working fine escept one litle issue, some times when i left the gas pedal in 3.000 or 4.000 rpm, i got some delay and rpm oscilation, looks like the clutch desengage to change the next gear but have some 400-500 rpm oscilation. Just happen when i left the gas pedal. With pedal pressed, the gearbox change the gears fine.

This not occurs every time or with WOT.

In D mode and 20-30% pedal, all working fine.
M mode no problens, like the tork puntch, the tires doesnt like

 

[JohnDaviz]

some times when i left the gas pedal in 3.000 or 4.000 rpm, i got some delay and rpm oscilation, looks like the clutch desengage to change the next gear but have some 400-500 rpm oscilation. Just happen when i left the gas pedal. With pedal pressed, the gearbox change the gears fine.

This not occurs every time or with WOT.

I have the same thing happening sometimes. I have only a GTS tune on stock non M hardware.

 

[Kennybrown]

Topic starter is here?

 

[TOR COILS]

Hi, how are things going so far?

 

[aus335iguy]

I remember reading somewhere that there’s code in the DCT and linked to DSC that detects throttle closure mid corner and disengages the clutches so the car is not unsettled mid corner

 

[Olza]

Hi, how are things going so far?

Enough far.

I remember reading somewhere that there’s code in the DCT and linked to DSC that detects throttle closure mid corner and disengages the clutches so the car is not unsettled mid corner

Yeah I saw something in tables. Will look for it.

 

[TOR COILS]

Enough far.

Yeah I saw something in tables. Will look for it.

Do you have xdf for sale? I really need gts tune to change the rpm of shifts in LC mode，

 

[Olza]

Do you have xdf for sale? I really need gts tune to change the rpm of shifts in LC mode，

yes i have. project partially frozen because im on 8HP Gen 2, Gen3

 

[Olza]

I remember reading somewhere that there’s code in the DCT and linked to DSC that detects throttle closure mid corner and disengages the clutches so the car is not unsettled mid corner

At first sight i can see only SPC (DRM_SHIFT - during shift stage) corrections for clutch torque offset. That table (spc_m_clu_tq_moi_ofs_mult_a_quer) uses Vehicle Speed kmh and Lateral acceleration m_s^2:

Interesting thing is, 335/Z4 have 1.00 factor here (so no modification of torque offset). M3/GTS has it.

DCT Gen2:

Let me see whats going on during Curves. Thats more interesting

 

[aauzzy]

Wow amazing post!!

 

[JohnDaviz]

At first sight i can see only SPC (DRM_SHIFT - during shift stage) corrections for clutch torque offset. That table (spc_m_clu_tq_moi_ofs_mult_a_quer) uses Vehicle Speed kmh and Lateral acceleration m_s^2:
View attachment 106977
Interesting thing is, 335/Z4 have 1.00 factor here (so no modification of torque offset). M3/GTS has it.

DCT Gen2:
View attachment 106978

Let me see whats going on during Curves. Thats more interesting

What does this table do?