PDA

View Full Version : Simos PCR 2.1 EEPROM UNLOCK Manually



mamanacusa
12th June, 2013, 11:03 PM
If anyone need i can offer unlock service for those using galletto2 mini with no chance to unlock it.

Eeprom must be read via regular IC chip programmer and I can do it manually at really nice price.

Algorithm might be for sale also.

Regards

camil
12th June, 2013, 11:36 PM
That would be nice for users with tool that not yet support direct unlock but yes read/write of unlocked ecu. ;)

mamanacusa
12th June, 2013, 11:56 PM
The process takes 8 bytes for calculation

vp44
17th June, 2013, 11:24 PM
If someone needs unlocking help, just send me org eeprom file.
I will help for free.

TCSTigersClaw
19th June, 2013, 05:39 PM
I thought Galletto Mini 2 Euro clone could rear PCR2.1

cp2010
26th June, 2013, 09:37 AM
galletto2 MINI - read/write via obd (only unlocked ecu)
galletto3 MINI - unlock in boot mode, read/write via obd

rj22
26th June, 2013, 09:19 PM
post dump 25640 and you will unlock

LaraVAG
26th June, 2013, 10:18 PM
free unlock PCR2.1 too all :)

Nio
26th June, 2013, 11:49 PM
free unlock PCR2.1 too all :)

What dongle need?

camil
27th June, 2013, 12:10 AM
free unlock PCR2.1 too all :)

lol not that free if need dongle :)

chli1976
27th June, 2013, 05:38 AM
Any solution for this ?

206214

mysamed
27th June, 2013, 08:55 AM
https://www.virustotal.com/tr/file/7c83be3b7531915f97b965236bbc4e2404badde74daf511f68 7a47490f8214b1/analysis/1372319638/

camil
27th June, 2013, 10:14 AM
https://www.virustotal.com/tr/file/7c83be3b7531915f97b965236bbc4e2404badde74daf511f68 7a47490f8214b1/analysis/1372319638/

I guess 5/46 and saying "suspicious" and "Gen:blabla" means nothing. Just false positive because of selfcompression engine.

morgano
27th June, 2013, 01:46 PM
THis is what that dongled sw do.

======================================
CODE:004A295E mov ebx, 24Ah
CODE:004A2963
CODE:004A2963 loc_4A2963: ; CODE XREF: CODE:004A2987j
CODE:004A2963 mov edi, [esi+330h]
CODE:004A2969 mov eax, edi
CODE:004A296B mov edx, ebx
CODE:004A296D call sub_48540C
CODE:004A2972 mov ecx, eax
CODE:004A2974 xor cl, 0FFh
CODE:004A2977 mov eax, edi
CODE:004A2979 mov edx, ebx
CODE:004A297B call sub_485420
CODE:004A2980 inc ebx
CODE:004A2981 cmp ebx, 252h
CODE:004A2987 jnz short loc_4A2963


======================================

Before checks that the file size is correct and that he can read ECM16TDI in correct position of file.

If you want to understand... well. :)

Nio
27th June, 2013, 02:08 PM
Any solution for this ?

206214

I have same problem. Anyone can give solution? Thanks.

morgano
27th June, 2013, 03:04 PM
Solution is buy dongle. I disassembled sw and show you algoritm, what more do you need?

mihaiservice
27th June, 2013, 04:45 PM
Solution is buy dongle. I disassembled sw and show you algoritm, what more do you need?
Hello
if you have dissambled then you can by pass this VMProtect dongle,little borland languges every body it know ;)

Mike

morgano
27th June, 2013, 04:48 PM
Again, why need remove dongle? Is clear what that loop i posted does with the eeprom content.

No need dongle, and no need this sw either.

RaraK
28th June, 2013, 05:58 AM
Again, why need remove dongle? Is clear what that loop i posted does with the eeprom content.

No need dongle, and no need this sw either.

Thanks a lot, easy to read loop, very easy function! :)

Metin
29th June, 2013, 12:03 AM
unlocker work with dongle for galetto2 who buy from www.car-prog.com (http://www.car-prog.com) can run this software
tested with my mini :)

eddieddi
29th June, 2013, 08:43 PM
I made a little VB6 programm, hope this will help...
please test and report...
:)

br
Eddi

morgano
29th June, 2013, 09:12 PM
I made a little VB6 programm, hope this will help...
please test and report...
:)

br
Eddi

Now add the dongle envelope and you have top product to sell :)

lol

eddieddi
29th June, 2013, 09:19 PM
No need....lol

maybe someone like it and make a dll without Dongle for china FG V53...?

:) :) :)

veloseeped
29th June, 2013, 10:26 PM
I made a little VB6 programm

Ed, it's time now to add several strings to your programm and option for Audi 3.0T Simos 8.x unlocker will be ready ;-)

eddieddi
30th June, 2013, 07:26 AM
If you tell me the details & algo it should be no problem to do this...
;-)

RaraK
30th June, 2013, 08:05 PM
or before and after of eeprom :)

morgano
30th June, 2013, 10:10 PM
Guess algo is same, just need to check for other tags, not only ECM16TDI ;) maybe ECM30TDI.

kennfeld
1st July, 2013, 12:25 AM
Guess algo is same, just need to check for other tags, not only ECM16TDI ;) maybe ECM30TDI.


tags is easy ..

eddieddi
1st July, 2013, 04:58 AM
I dont have files for example...

veloseeped
1st July, 2013, 05:25 PM
maybe ECM30TDI.

ECM30TFS........

veloseeped
1st July, 2013, 05:36 PM
If you tell me the details & algo it should be no problem to do this...
;-)

I will send it tommorow per e-mail.

eddieddi
1st July, 2013, 07:33 PM
I will send it tommorow per e-mail.

Ich danke Dir ! ;)

eddieddi
6th July, 2013, 08:39 PM
@Veloseeped & others
Update for my little programm, i added Simos8.x 3.0T ;)

207984

BR,
Eddi

imcumen
7th July, 2013, 04:01 PM
is same algo for SIMOS PCR 2.2 ?

BR

eddieddi
10th July, 2013, 03:49 PM
I dont know, sorry...

BR

hellmouth666
8th August, 2013, 12:45 PM
so if i understand i can read out my simos pcr 2.1 with my galletto unlock it with the program and than write back and then my ecu will be unlocked ?

RaraK
8th August, 2013, 02:20 PM
is same algo for SIMOS PCR 2.2 ?

BR

upload eeprom

mikolodz
14th August, 2013, 04:13 PM
@Veloseeped & others
Update for my little programm, i added Simos8.x 3.0T ;)

207984

BR,
Eddi

Thanks for your work, great program

But look here:
UNLOCK SIMOS PCR2.1 & 8.xx via EEPROM - - Car Diagnostic Tools (http://www.magik-tool.com/product.php?id_product=57)
someone is selling this program

wiski
14th August, 2013, 06:01 PM
someone is selling this program
Ahh Mr. Silvio will tell you that he made it if you ask him :eviltongue:

eddieddi
14th August, 2013, 07:01 PM
I also already see my little programm on Ebay as "additional gift" when buying a Galletto...

BR
Eddi

morgano
14th August, 2013, 07:41 PM
Incredible, just hexedited your name and put his webname. Morons! :) Always taking profit of other people work, even after they release for free.

I hope no one will buy there the program, instead come and download here free for DK users.

Regards,

overs0ull
14th August, 2013, 08:51 PM
Nice work it very useful program . keep it on this way .
Regards .

mexanico1971
15th August, 2013, 06:56 PM
I think that is portuguese site !

blacktoy
17th August, 2013, 03:26 PM
Hi,

Here is a manual from me how to do the unlock in Winols:

open the eeprom (25640) on winols
choose the decimal mode
and 16 bit
go to the address 24A
24A 24C 24E and 250
we will calculate this 4 value
you will 65535 - 24A value
write it to 24A
for example on my file 17052 is 24A value
65535 - 17052
48483
you will write 48483 to 24A
the you will do it same for 24C
65535 - 24C = will new value
for example in my file 34224 is 24C value
65535 - 34224 = 31311 is new value for 24C
you will calcuate this 4 value
and save and write the file
after do that
to be sure
calculate the all 4 values ori and tuned
(old (24A + 24C + 24E + 250) + new (24A + 24C + 24E + 250) ) / 4 = 65535 must be

mikolodz
17th August, 2013, 04:16 PM
You can use windows calculator and do Xor FFFF FFFF FFFF FFFF
on value from adress #0024A-#00252

for example:
DE161A9443B211E2 Xor FFFFFFFFFFFFFFFF = 21E9E56BBC4DEE1A

this is from 25640 dump i found on this forum

morgano
18th August, 2013, 12:33 AM
You can use windows calculator and do Xor FFFF FFFF FFFF FFFF
on value from adress #0024A-#00252

for example:
DE161A9443B211E2 Xor FFFFFFFFFFFFFFFF = 21E9E56BBC4DEE1A

this is from 25640 dump i found on this forum

Exactly what the loop of the software i posted does.

Take bytes from one to one since 024Ah and Xor every one with 0FFh.

Regards ;)

FALCON30
13th April, 2015, 05:24 PM
sorry for off topic
Is possible to unlock used ECU to write data Tricore and 25640 from old?
I have damaged one.

kospoz
13th April, 2015, 07:22 PM
sorry for off topic
Is possible to unlock used ECU to write data Tricore and 25640 from old?
I have damaged one.
No mate only if you can remove tricore and eeprom from old and put them to other ecu

FALCON30
13th April, 2015, 07:24 PM
:(( ok
THX for replay.


Wysłane z iPhone za pomocą Tapatalk

chriskross
13th April, 2015, 07:46 PM
avdi can read immodata of pcr now

youssef70
13th April, 2015, 07:59 PM
avdi can read immodata of pcr now

yes tested ok
https://www.youtube.com/watch?v=UqCP8Rq3hQA

kospoz
13th April, 2015, 08:03 PM
avdi can read immodata of pcr now
Then we can do immo off for pcr?

youssef70
13th April, 2015, 08:38 PM
Then we can do immo off for pcr?

immo off =no; but then we can adapt to immo (dash comfort ...)

xanubysx
13th April, 2015, 09:14 PM
Only for 900e :)

flyins
13th April, 2015, 09:18 PM
sorry for off topic
Is possible to unlock used ECU to write data Tricore and 25640 from old?
I have damaged one.

Get someone with autologic easy job mate if you can get someone, just plug used ecu in then get autologic plugged in and then car scan then send to autologic and then write back to car job done, seen it done two week ago, and by the way you do mean PCR 2.1 dont you?
Does AVDI need an ecu that it can comm to so it can read immo data? Autologic dont need to have any ecu apart from the new/used one

smayer
13th April, 2015, 10:01 PM
Get someone with autologic easy job mate if you can get someone, just plug used ecu in then get autologic plugged in and then car scan then send to autologic and then write back to car job done, seen it done two week ago, and by the way you do mean PCR 2.1 dont you?
Does AVDI need an ecu that it can comm to so it can read immo data? Autologic dont need to have any ecu apart from the new/used one
And in case used ecu is dead how autologic solve ?

flyins
14th April, 2015, 12:19 AM
And in case used ecu is dead how autologic solve ?

Why would you buy a used ecu thats broken?? As i say get used ecu fit to car and then get autologic to program to car, but you need to be upto date with payment as you need to send read of car to them! So why would you fit a used dead ecu? I was replying back to::
Originally Posted by FALCON30 View Post
sorry for off topic
Is possible to unlock used ECU to write data Tricore and 25640 from old?
I have damaged one.

But yes also you can use a USED pcr2.1 and program to car with autologic without the need to have original ecu
And if youve got a USED ecu thats dead, thats a totally different problem, as for one youve been had off or for two unlucky for buying a dead ecu, i would just bin it and get another, as there cheap enough not to waste time on.
How would you solve if the used ecu you got was dead? I would like to know so that i can repair if one is ever damaged?
many thanks flyins

smayer
14th April, 2015, 01:24 AM
Why would you buy a used ecu thats broken?? As i say get used ecu fit to car and then get autologic to program to car, but you need to be upto date with payment as you need to send read of car to them! So why would you fit a used dead ecu? I was replying back to::
Originally Posted by FALCON30 View Post
sorry for off topic
Is possible to unlock used ECU to write data Tricore and 25640 from old?
I have damaged one.

But yes also you can use a USED pcr2.1 and program to car with autologic without the need to have original ecu
And if youve got a USED ecu thats dead, thats a totally different problem, as for one youve been had off or for two unlucky for buying a dead ecu, i would just bin it and get another, as there cheap enough not to waste time on.
How would you solve if the used ecu you got was dead? I would like to know so that i can repair if one is ever damaged?
many thanks flyins



Sorry mate, i understand autologic need read original ecu, so my question is not use dead ecu but how solve with original dead, Now all clear.
Thanks

flyins
14th April, 2015, 01:51 PM
No mate, autologic DONT need to read orig ecu, so basically car with no ecu then fit a used one and then thats it. You just install a USED ecu then download from car then send download to autologic then reprogram car and then start mate,
when my mate did the car 2 week ago the job was so easy, just fitted a used ecu from another car (skoda octavia) and then he just did a download of car then went online with autologic then 15 mins later after a brew got file then programmed car,and i must say saved loads of messing about, since then he has done a polo for someone else i know. To be honest i was abit skeptical when he said he could do it! But autologic did.
Many thanks flyins

navodaru
11th December, 2015, 06:59 PM
What address is responsable for egr in dump (95640 )

soxten
2nd February, 2016, 10:04 AM
Can someone explain this in a simple way for me?
I'am not a programmer but... It would be nice to know what this is.






THis is what that dongled sw do.

======================================
CODE:004A295E mov ebx, 24Ah
CODE:004A2963
CODE:004A2963 loc_4A2963: ; CODE XREF: CODE:004A2987j
CODE:004A2963 mov edi, [esi+330h]
CODE:004A2969 mov eax, edi
CODE:004A296B mov edx, ebx
CODE:004A296D call sub_48540C
CODE:004A2972 mov ecx, eax
CODE:004A2974 xor cl, 0FFh
CODE:004A2977 mov eax, edi
CODE:004A2979 mov edx, ebx
CODE:004A297B call sub_485420
CODE:004A2980 inc ebx
CODE:004A2981 cmp ebx, 252h
CODE:004A2987 jnz short loc_4A2963


======================================

Before checks that the file size is correct and that he can read ECM16TDI in correct position of file.

If you want to understand... well. :)

morgano
2nd February, 2016, 10:09 AM
It is a loop, takes byte from offset 0x24A and invert all bits, adds one to offset and again take byte from it and invert all bits, it repeats the loop until offset reaches 0x252. Just that.

morgano
4th February, 2016, 04:26 PM
@soxten

Lesson is free mate, but a simple "Thanks" button press would make me more collaborative in future.

@ecutuners

Thanks for the thanks even you knew perfectly the algo explained lol

soxten
4th February, 2016, 10:08 PM
Sorry morgano!!!! Thx Sir!

leverage454
25th July, 2016, 10:11 AM
galletto v54 china clone do it perfectly ;)
details are here ( french language )
http://www.lesamisdelaprog.com/ecus/2731-delockage-simos-pcr2-1-debute-une-bonne-base.html

morgano
26th July, 2016, 06:22 AM
Many tools do it perfectly, this theead is about knowledge and how to do it manually, no need to spam with another forum post in foreign language.

gsmflasch
2nd August, 2017, 07:28 AM
Is it possible to clone PCR 2.1 Simos?

I have the old ecu and will buy some second hand unit (if i can clone the data from old one).


By the way if someone has this fault already maybe has some advice?
Fuel pump, and all connected parts are already replaced but still this fault is active and the latest things what i want to try is another ECU.

-P101F High Pressure Fuel Supply- Maximum Pressure Exceeded
-Fuel Metering Valve 1 Control Difference
-Engine Turn OFF during drive.

slimach
21st January, 2018, 12:16 PM
hi i have a little problem with my ECU PCR2.1 CAYD. I can read but not write.When i read ID Ido not see LOOK OR UNLOCK. I have eeprom can you help me?

doctore
21st January, 2018, 12:19 PM
....post dump

slimach
21st January, 2018, 01:29 PM
vw caddy2011 cayd pdr2.1

doctore
21st January, 2018, 01:50 PM
vw caddy2011 cayd pdr2.1



........tr this

slimach
22nd January, 2018, 09:33 AM
........tr thisit doesn't help

pepeoi
7th October, 2019, 09:52 AM
here unlocker with no dongle...

immokill
7th October, 2019, 08:09 PM
with. Vcds. You can see in parameters if it is locked or unlocked

Diagagadir2018
14th November, 2019, 05:08 PM
free unlock PCR2.1 too all :)



no want downlaod thanks*

jesmadrid
2nd May, 2020, 10:23 PM
[QUOTE = LaraVAG; 2013508] desbloqueo ~~~~~~~o de PCR2.1 también todo :)[/ QUOTE]

jesmadrid
2nd May, 2020, 10:25 PM
esto es parar galletto?