I killed my Vagtacho 3.01 clone cable. I ordered a new one which is diferent from my old one in many ways. This new one isn't recognized by the software of the old one. The software which comes with the new one is a little bit strage. There is a loader application which loads the vagtacho and Opel tool. Both of them seems to be cracked and when i connect my killed 3.01 cable, this software detects it.

I dont't know if it is working too becaus i haven't a compatible car to test it at the moment.

I uploaded the software for you guys:
RapidShare: 1-CLICK Web hosting - Easy Filehosting (http://rapidshare.com/files/401915327/vagtacho_opeldt.zip.html)

It seems that they managed to completely crack the vagtacho application. The both applications are embedded as resource of the loader application. The opel one runs on it's on but the Vagtacho one seems to need the loader. I think they couldn't unpack it right so the loader is needet to start it.

Can you post pictures both inf from inside, both side of pcb?

Later, I havent a cam at the moment. I opened it already.
It semms to have a universal PCB with many unused space which is propably used for other interfaces too.

The Vagtacho part itself consists of a atmega8l a eeprom and the usb chip as the other vagtacho cables.

I think they couldn't break the copy protection by hardware so they cracked the software.

Edit:
I extracted the Vagtacho and Opel tool out of the loader: http://rapidshare.com/files/401924902/newchina.zip.html
The Opel tool runs on its own but the Vagtacho tool doesnt. Maybe somebody with better cracking skills than me is able to reverse and fix it.

To get the Opel tool running they added extra code at the end of the file so i dind't think it would be easy to get the Vagtacho running:

0046632C > $ 55 PUSH EBP
0046632D . 8BEC MOV EBP,ESP
0046632F . 83C4 F0 ADD ESP,-10
00466332 . 53 PUSH EBX
00466333 . B8 2C614600 MOV EAX,opel.0046612C
00466338 . E8 5303FAFF CALL opel.00406690
0046633D . 8B1D C87F4600 MOV EBX,DWORD PTR DS:[467FC8] ; opel.00469C30
00466343 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
00466345 . E8 7609FFFF CALL opel.00456CC0
0046634A . 8B0D B0804600 MOV ECX,DWORD PTR DS:[4680B0] ; opel.00479D68
00466350 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
00466352 . 8B15 00E44500 MOV EDX,DWORD PTR DS:[45E400] ; opel.0045E44C
00466358 . E8 7B09FFFF CALL opel.00456CD8
0046635D . 8B0D F0804600 MOV ECX,DWORD PTR DS:[4680F0] ; opel.00479D48
00466363 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
00466365 . 8B15 84DD4500 MOV EDX,DWORD PTR DS:[45DD84] ; opel.0045DDD0
0046636B . E8 6809FFFF CALL opel.00456CD8
00466370 . 8B0D 34804600 MOV ECX,DWORD PTR DS:[468034] ; opel.00479D50
00466376 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
00466378 . 8B15 90DF4500 MOV EDX,DWORD PTR DS:[45DF90] ; opel.0045DFDC
0046637E . E8 5509FFFF CALL opel.00456CD8
00466383 . 8B0D E07F4600 MOV ECX,DWORD PTR DS:[467FE0] ; opel.00479D5C
00466389 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
0046638B . 8B15 D0E14500 MOV EDX,DWORD PTR DS:[45E1D0] ; opel.0045E21C
00466391 . E8 4209FFFF CALL opel.00456CD8
00466396 . 8B03 MOV EAX,DWORD PTR DS:[EBX]
00466398 . E8 BB09FFFF CALL opel.00456D58
0046639D . 5B POP EBX
0046639E . E8 35DEF9FF CALL opel.004041D8
004663A3 . 90 NOP

Will this work with the vagtacho 2.5 cable, do you know?

probably not. you need 3.1 cable.
I think someone just made loader for easy running nothing else.

hatee, opeldt fix imports, runs better..

Later, I havent a cam at the moment. I opened it already.
It semms to have a universal PCB with many unused space which is propably used for other interfaces too.
aybe somebody with better cracking skills than me is able to reverse and fix it.

0046639E . E8 35DEF9FF CALL opel.004041D8
004663A3 . 90 NOP
[/code]


AWESOME THREAD DUDE.

What programme did you use to take napart the loader?

What programme did you use to take napart the loader?
OllyDbg (OllyDbg v1.10 (http://www.ollydbg.de/))


I think it should work with a 2.5 cable too. But only when the ATmega is functional. As the most 3.01 cables in my oppinion are broken because af the reprogramming of the USB chip.

And i think the loader s not just for the easy running. It does something with the Vagtacho exe. Maybe it runs it and manipulates it memory or something else.

don't have 2.5 ver to test, but maybe it will work... somebody with with some balls wanna try:) ?
hatee (http://www.digital-kaos.co.uk/forums/members/176903-hatee/) can you post your ept? does all functions work in program works? have you tried ME options?

Thank you for your help hatee. Unfortunataly it's only partialy working.
http://www.digital-kaos.co.uk/forums/f133/vagtacho-3-30-a-52448/index13.html#post652060

Maybe it's a problem of my eeprom. That's my contant of my ept-file

[Basic Details]
Device Type=7
VID PID Type=1
USB VID=0403
USB PID=D099
[USB Power Options]
Bus Powered=1
Self Powered=0
Max Bus Power=90
[USB Serial Number Control]
Prefix=00
Use Fixed Serial Number=1
Fixed Serial Number=00000004
[USB Remote WakeUp]
Enable Remote WakeUp=1
[Windows Plug and Play]
Enable Plug and Play=0
[USB String Descriptors]
Manufacturer=FTDI
Product=USB <-> ISO Interface
[Programming Options]
Only Program Blank Devices=0
[BM Device Specific Options]
USB Version Number=1
Disable Serial Number=0
IO Pin Pull Down in Suspend=0
[Dual Device Specific Options A]
RS 232 mode=1
245 FIFO mode=0
245 CPU FIFO mode=0
OPTO Isolate mode=0
High Current Drive=0
[Dual Device Specific Options B]
RS 232 mode=1
245 FIFO mode=0
245 CPU FIFO mode=0
OPTO Isolate mode=0
High Current Drive=0
[Dual Device Driver Options A]
Virtual Com Port Driver=1
D2XX Driver=0
[Dual Device Driver Options B]
Virtual Com Port Driver=1
D2XX Driver=0
[R Device Specific Options]
Invert TXD=0
Invert RXD=0
Invert RTS#=0
Invert CTS#=0
Invert DTR#=0
Invert DSR#=0
Invert DCD#=0
Invert RI#=0
C0 Signal=13
C1 Signal=13
C2 Signal=13
C3 Signal=13
C4 Signal=1
Enable Ext Osc=0
High Current I/O=0
Load D2XX Driver=0
In EndPoint Size=0
[DualHS Device Specific Options]
IFAIsFifo7=0
IFAIsFifoTar7=0
IFAIsFastSer7=0
AIsVCP7=1
IFBIsFifo7=0
IFBIsFifoTar7=0
IFBIsFastSer7=0
BIsVCP7=1
IOPinDriveDual=0
UTMIDrive=0
UTMIVendor=0
SuspendOnD7Low=0
[QuadHS Device Specific Options]
AIsVCP8=1
BIsVCP8=1
CIsVCP8=1
DIsVCP8=1
ARIisTXDEN=0
BRIisTXDEN=0
CRIisTXDEN=0
DRIisTXDEN=0
IOPinDriveQuad=0