Hi All
I need to recalibrate a volvo s60 odometer to 198000Km, but no mater what i have done the
Km's jumps back to 299990Km .
I attach dumps of DIM, CEM and PDM,DDM modules.

I think the patch of DIM flash for synchro block is not OK.

I ask for a good known synchro block DIM flash dump or any other advice.

I patched the DIM as follows

PAGE E2:xxx 26 04 to: A7 A7 (NOP's)

PAGE FD: 20E4(60E4) 30 E6 0D to: 06 57 00

PATCH Add at FD: 1700 (5700)

FF FF FF .. to:
8D 23 70 27 25 8D 25 30 27 20 8D 25 A8 27 1B 8D
23 F8 27 16 8D 25 B8 27 11 8D 24 00 27 0C 8D 24
A0 27 07 8D 24 40 27 02 20 06 87 C7 6A 45 6C 46
30 E6 0D 06 60 E7 A7 A7

In HCS12 assembly:
cpy #$2370
beq loc_572A
cpy #$2530
beq loc_572A
cpy #$25A8
beq loc_572A
cpy #$23F8
beq loc_572A
cpy #$25B8
beq loc_572A
cpy #$2400
beq loc_572A
cpy #$24A0
beq loc_572A
cpy #$2440
beq loc_572A
bra loc_5730

loc_572A:
clra
clrb
staa 5,y
std 6,y
loc_5730:
pulx
ldab $D,x
jmp loc_60E7 ; (jump back to patched point

i had similar problems with xc60, i tried smok,dp4,dashcoder and always jumped back, then tried digiprog 4.94 and didn’t jump back, worth a try if you got one

clon digiprog !.........Nice dash eeprom killer obd2 away !So....try and play with luck .

yes was last resort like i said tried all my orig tools first

Thanks for your answer, but I am not interesed to use any xxx tool , but i am very determined to resolve this problem.
In meantime i have unpacked the Themida packed smok program to see what they do.
Here are my findings:

Smok steps (all numbers in Hex):
1. Read by obd the DIM flash pages E2 and FD.
2. Pach on page E2 the firmware CRC ckeck routine to allways return true.
3. Search in page FD for CAN receive interrupt handler routine.
4. Save the patch point and modify the original instructions to jump to a new routine (something like one in my first post)
5. Search in page FD for pattern: 00 00 07 28 20 00. This pattern seems to be related to firmware version. in my DIM dump this exact
pattern does not exists but 00 00 07 28 20 40
6. If the pattern in step 5 was found, search for patterns:
00 00 04 C0
00 00 04 55
00 00 03 32
00 00 03 15
00 00 03 2A
00 00 03 30
00 00 01 58

if patterns are found replace the added patch ID's with values found at patternAddr +6

7. Find unused flash location to place the patch an modify the routines acordingly.
8. Write the pathed flash to DIM

More questions:
I found in CEM a bunch of locations where KM's are stored, I know how to corectly calculate the checksums,
but i am not very confortable with R32 assembly

CEM km locations:

68,88:
A0,C0: inv
1AA,1CA:
1EC,20C:
26E,28E:
2B0,2D0:
2F2,312:
374,394:
1428,1448,1468,1488,14A8,14C8:
19A8,19E8,1A28,1A68,1AA8,1AE8:

Here a part of CEM E2Prom dump
19A0:

00 00 7E D2 D4 C2 80 75 04 93 D6 32 FF FF 06 EF,
09 07 09 00 00 00 00 00 00 00 0E 57 AA AA 98 57,
00 09 00 00 0B 89 01 00 00 00 00 00 00 00 00 00,
00 00 00 00 00 00 00 00 00 00 00 00 00 00 D8 FE,

00 00 7E D3 D4 C2 80 79 04 93 D6 32 45 FF 06 EF,
09 07 09 00 00 00 00 00 00 00 CC DE AA AA 98 57,
04 09 1F 00 04 89 01 00 00 00 00 00 00 00 00 00,
00 00 00 00 00 00 00 00 00 00 00 00 00 00 A2 EE,

00 00 7E CE D4 BE A3 7A 04 93 D5 31 FF FF 02 FF,
09 03 0A 00 00 00 00 00 00 00 0C 3F AA AA 98 57,
00 09 1F 00 05 89 01 00 00 00 00 00 00 00 00 00,
00 00 00 00 00 00 00 00 00 00 00 00 00 00 3E A0,

00 00 7E CF D4 BE A6 97 04 93 D5 2F 4D 4C 02 FF,
09 03 0A 00 00 00 00 00 00 00 DB E4 AA AA 98 57,
00 09 00 00 06 89 01 00 00 00 00 00 00 00 00 00,
00 00 00 00 00 00 00 00 00 00 00 00 00 00 1D 44,

00 00 7E D0 D4 BE B1 72 04 93 D6 31 48 4C 02 FF,
09 03 09 00 00 00 00 00 00 00 74 82 AA AA 98 57,
02 09 00 00 07 89 01 00 00 00 00 00 00 00 00 00,
00 00 00 00 00 00 00 00 00 00 00 00 00 00 AB C8,

00 00 7E D1 D4 C2 6A 8B 04 93 D6 31 FF FF 02 FF,
09 03 09 00 00 00 00 00 00 00 4A FF AA AA 98 57

In this CEM km is: 04 93 D6 (299990)
I don't know how but i am almost sure the 7E D2 D4 C2 80 75 values are Km related,
maybe someone get the calculus