hotsd101
28th May, 2018, 11:37 AM
Hi Guys,
It seems allot of people are killing cas3+ encrypted modules for various reasons especially when using rubbish tools, like CGDI key programmer (the red unit, the blue one is probably also junk, but ive not used).
here is 1 guaranteed methods how to 100% kill a cas3+ secured, il use 0l15y 512 as an example of a scenario.
Example:
1. if the cas has ever been connected to for either isn dme reading or to make an aftermarket key with CGDI programmer (and probably other china tools also), these tools write a bunch of crap unnecessary data to the unit, including deliberate masking of checksums. Its a joke really. Instead of just writing necessary key data, they go to town on you, even deliberately modifying vin checksums to make them look wrong and coming up with stupid data file sizes which are useless.
2. This isnt a problem, until someones tries to read the MCU with something like xprog to change VINS or make a backup or KM correction etc. What will happen is you will corrupt the MCU because of all the junk CGDI writes in before you came along. If your lucky, its will only be the flash or eeprom, if your unlucky you will kill the bootloader which is not repairable. The only way to fix the lucky scenario is to find the working matching eeprom file from someone (this is only usefull to make the cas wake up once again from its dead state), make sure you have your original flash file, erase MCU in xprog, write back your original flash file, then write the borrowed eeprom file, plug back to vehicle, flash with winkfp (at this stage if tool32 does not recognition the cas its all over, you need to wake it up, 12v to the wakeup line of the cas will do the trick) writing UIF this is a must but use your full correct vin setting winkfp option properly, back to xprog and reflash your original backup flash and then back to car and repeat winkfp flash to remove any leftover china junk from the xprog flash you just done, this will 100% work.
CONCLUSION and How to Avoid:
1. Avoid CGDI programmer at all costs and possibly other china tools with ZERO support.
2. Check if cas looks like it has been manipulated in the past, solder joints etc.
3. If you want to be sure you have stock bmw firmware, flash with winkfp first before doing anything, get it back to factory. Sometimes winkfp wont do a full write when uif's are the same so you can pull the obd cable half way through the flash and let is deliberately fail itself ensuring the next flash will be a full stock run the second time (this is default winkfp behaviour). Winkfp will 100% NEVER under any circumstances not be able to flash back a failed flash of its own once its started, the first thing it writes is data to make sure if it fails it still wakes back up, including signature seed key data. Winkfp will NOT save you from china rubbish, it was not made to do so.
4. Only read write with xprog once you know the MCU is 100% oem
5. I will do a video for how simple it is to checksum vin number changes in cas3+ encrypt, DO NOT TRUST online 8bit checksum calculators, they are wrong.
6. If you must use the china crap to make a key and are prepared to risk it, do the oem flashes before you remove from car, then at least xprog will have clean proper backups, then do the oem winkfp flashes again after the china junk is finished and you have your key. Winkfp will never overwrite key data as its wasnt made by chinese ;)
********************
The CGDI programmer i have used is a disaster and exactly as explained, deliberate attempts and completely unnecessary nonsense. I have only every used the China junk and its the same junk every time.
I have no idea about explorer or autohex so cannot comment but i have heard both offer good support and ive heard this from many many people. I dont know why these 2 companies dont do a tonned down less expensive version of there product for enthusiasts, that would get all this china junk off the market.
So lets look at some example of CGDI . Latest firmware from 1 month ago and latest software v 2.2.1
1. After installation, the so called free authorisations are not even active.
2. Submitted a request on the manufacturer website (not hard to find, just google "cg prog car) to ask how it can be activated. No response and the following week the form is removed from the website all together.
3. SInce they have a phone number, called the phone number and someone answered in chinese, i asked "do you speak english" the person answered in english, "no i dont speak english" and instantly hang up.
4. Sent a message on facebook page and skype to someone calle "Anna" asking for support, when she eventually replaied, she said i needed to go to whats app chat with support and stopped replying even though she was supplied with photos of the auth issue. No response at all.
5. contacted whats app support, The immediately answer, when i politely ask about the issues, no more replies at all. So far, 3 weeks and nothing.
6. Contact the company product was purchased from, they tell me the stopped selling CGDI because it terrible and does not work most of the time.
https://preview.ibb.co/d8Jqay/1.png (https://ibb.co/fgtOvy)
7. So i thought, damn, il give some functions a try. CAS3 - 9389115, try read key data, "version not supported". LOL - Very old ista i-level. Tried 3 different cas3, until finally 1 was detected by the device. Try 1 cas2 e60, detected but key write "success", key does not work at all. Remote or otherwise, got sick of wasting keyfobs. "Unlock key feature", must be kidding, does not work at all. Comfort Access Keys, write data with wrong page data, lol, list goes on and on.
https://preview.ibb.co/mH20ay/2.png (https://ibb.co/b7Tv8J)
8. I though oh well, maybe it will read ISN MSD/MSV like it says, lets see.
Follow instructions, start reading ISN - Few minutes later, DME (also old i-level, at least 6 years)= Dead. Why this chinese device starts writing the dme is beyond me. Anyhow, DME dead, not even winkfp could recover it. Only way to recover the DME was with great difficulty and far more complicated non china tools.
https://preview.ibb.co/cibOTJ/3.jpg (https://ibb.co/mMKcoJ)
https://preview.ibb.co/j8SNoJ/3a_dme.jpg (https://ibb.co/cgvWhd)
It seems allot of people are killing cas3+ encrypted modules for various reasons especially when using rubbish tools, like CGDI key programmer (the red unit, the blue one is probably also junk, but ive not used).
here is 1 guaranteed methods how to 100% kill a cas3+ secured, il use 0l15y 512 as an example of a scenario.
Example:
1. if the cas has ever been connected to for either isn dme reading or to make an aftermarket key with CGDI programmer (and probably other china tools also), these tools write a bunch of crap unnecessary data to the unit, including deliberate masking of checksums. Its a joke really. Instead of just writing necessary key data, they go to town on you, even deliberately modifying vin checksums to make them look wrong and coming up with stupid data file sizes which are useless.
2. This isnt a problem, until someones tries to read the MCU with something like xprog to change VINS or make a backup or KM correction etc. What will happen is you will corrupt the MCU because of all the junk CGDI writes in before you came along. If your lucky, its will only be the flash or eeprom, if your unlucky you will kill the bootloader which is not repairable. The only way to fix the lucky scenario is to find the working matching eeprom file from someone (this is only usefull to make the cas wake up once again from its dead state), make sure you have your original flash file, erase MCU in xprog, write back your original flash file, then write the borrowed eeprom file, plug back to vehicle, flash with winkfp (at this stage if tool32 does not recognition the cas its all over, you need to wake it up, 12v to the wakeup line of the cas will do the trick) writing UIF this is a must but use your full correct vin setting winkfp option properly, back to xprog and reflash your original backup flash and then back to car and repeat winkfp flash to remove any leftover china junk from the xprog flash you just done, this will 100% work.
CONCLUSION and How to Avoid:
1. Avoid CGDI programmer at all costs and possibly other china tools with ZERO support.
2. Check if cas looks like it has been manipulated in the past, solder joints etc.
3. If you want to be sure you have stock bmw firmware, flash with winkfp first before doing anything, get it back to factory. Sometimes winkfp wont do a full write when uif's are the same so you can pull the obd cable half way through the flash and let is deliberately fail itself ensuring the next flash will be a full stock run the second time (this is default winkfp behaviour). Winkfp will 100% NEVER under any circumstances not be able to flash back a failed flash of its own once its started, the first thing it writes is data to make sure if it fails it still wakes back up, including signature seed key data. Winkfp will NOT save you from china rubbish, it was not made to do so.
4. Only read write with xprog once you know the MCU is 100% oem
5. I will do a video for how simple it is to checksum vin number changes in cas3+ encrypt, DO NOT TRUST online 8bit checksum calculators, they are wrong.
6. If you must use the china crap to make a key and are prepared to risk it, do the oem flashes before you remove from car, then at least xprog will have clean proper backups, then do the oem winkfp flashes again after the china junk is finished and you have your key. Winkfp will never overwrite key data as its wasnt made by chinese ;)
********************
The CGDI programmer i have used is a disaster and exactly as explained, deliberate attempts and completely unnecessary nonsense. I have only every used the China junk and its the same junk every time.
I have no idea about explorer or autohex so cannot comment but i have heard both offer good support and ive heard this from many many people. I dont know why these 2 companies dont do a tonned down less expensive version of there product for enthusiasts, that would get all this china junk off the market.
So lets look at some example of CGDI . Latest firmware from 1 month ago and latest software v 2.2.1
1. After installation, the so called free authorisations are not even active.
2. Submitted a request on the manufacturer website (not hard to find, just google "cg prog car) to ask how it can be activated. No response and the following week the form is removed from the website all together.
3. SInce they have a phone number, called the phone number and someone answered in chinese, i asked "do you speak english" the person answered in english, "no i dont speak english" and instantly hang up.
4. Sent a message on facebook page and skype to someone calle "Anna" asking for support, when she eventually replaied, she said i needed to go to whats app chat with support and stopped replying even though she was supplied with photos of the auth issue. No response at all.
5. contacted whats app support, The immediately answer, when i politely ask about the issues, no more replies at all. So far, 3 weeks and nothing.
6. Contact the company product was purchased from, they tell me the stopped selling CGDI because it terrible and does not work most of the time.
https://preview.ibb.co/d8Jqay/1.png (https://ibb.co/fgtOvy)
7. So i thought, damn, il give some functions a try. CAS3 - 9389115, try read key data, "version not supported". LOL - Very old ista i-level. Tried 3 different cas3, until finally 1 was detected by the device. Try 1 cas2 e60, detected but key write "success", key does not work at all. Remote or otherwise, got sick of wasting keyfobs. "Unlock key feature", must be kidding, does not work at all. Comfort Access Keys, write data with wrong page data, lol, list goes on and on.
https://preview.ibb.co/mH20ay/2.png (https://ibb.co/b7Tv8J)
8. I though oh well, maybe it will read ISN MSD/MSV like it says, lets see.
Follow instructions, start reading ISN - Few minutes later, DME (also old i-level, at least 6 years)= Dead. Why this chinese device starts writing the dme is beyond me. Anyhow, DME dead, not even winkfp could recover it. Only way to recover the DME was with great difficulty and far more complicated non china tools.
https://preview.ibb.co/cibOTJ/3.jpg (https://ibb.co/mMKcoJ)
https://preview.ibb.co/j8SNoJ/3a_dme.jpg (https://ibb.co/cgvWhd)