rellullapaasee (14th February, 2021)
Congratulations to your nice project!
I really appreciate you effort. Members like you are making this forum also interesing for people (like me) who want to gain deeper knowledge of transponder functionality.
One question back to the topic:
Would it also be possible to read and program the XMA Memory in Hitag2(+EE) Transponders with your project? You only mentioned this feature in context with AES transonders.
rellullapaasee (14th February, 2021)
rlessa0576 (24th June, 2021)
It would be great if you could manage to implement XMA access also for Hitag2. As far as I know, this would be the first project which supports XMA using low-cost devices (e.g. Effi doesn't support it).
Btw. you mentioned command set for XMA with Hitag2 is already known. For my interest, could you tell me where you found this info?
kt315b (14th February, 2021), rellullapaasee (14th February, 2021)
Command set is here:
Enter XMA state: 00111
INC_BLOCK_POINTER: 00100
DEC_BLOCK_POINTER: 00101
READ_PAGE(0-7): 11XXX
WRITE_PAGE(0-7): 10XXX
There was also some Chinese site having this info (found using Google, but it may be gone now as couldn't find it any more...)
Anyway, some test application already available:
ee.jpg
Could you introduce what can be done with hitag2+ee access? Laguna III seems to have VIN written there. Interface was easy as pie but what can we achieve with that?
Last edited by rellullapaasee; 14th February, 2021 at 10:16 PM.
Catalizator (14th February, 2021), Col19 (3rd June, 2021), kt315b (15th February, 2021), rlessa0576 (24th June, 2021), spirky (17th March, 2021), XProfig (15th February, 2021)
Interesting topic ...
Members with ZERO message before this topic , no help , no tool , not locksmith , come to nowhere to show the method to build Hitag reader/programmer !
In 3 hours the made EEPROM Hitag2 reader ....
Peoples are wonderfully , working for free in an public forum ...
Don't be stupid , for me , it's an fake messiah !
@ rellullapaasee:
Wow, that was really fast. Thanks again!
I will try it out next weekend. I'm going to use the PCF7991 ABIC in my ZedBull 504. I'm really excited if this will work.
For what do I need this? I want to use it for my BMW E90 smartkey I recently bought from chinese seller where remote is not working yet (key can already start the car). This keyfob has a PCF7945 inside and some guys from this forum stated that BMW remotes don't use the standard HiTag2 remote fields. Instead, they said remote data has to be programmed somehow in XMA area. So I want to try to figure out which data have to be programed by looking at the XMA Memory of my original working remote.
@ TERMINATOR, why is it such a big problem for you when people are developing tools for free based on their research? Are you envious that you payed lot of money for your fancy professional tools, and now some people here are sharing these tools for free?
Can't you accept that there are people out there, who do this research and development just for their interest as hobby? I don't understand why you need to disturb this thread again and again with replys contributing nothing to this topic.
Did you already test the tool rellullapaasee posted? If not there is no reason to give such offending comments!Don't be stupid , for me , it's an fake messiah !
fuzz1 (27th June, 2021), rellullapaasee (15th February, 2021)
There is quite lot of Hitag2 variants as can be see in attachment. Seems that BMW may not belong to standarn hitag2+ee category. Excited to hear if it still can be read with standard way... So, there is some place for commercial tools but unfortunately this field has gone sick recent years. Basically many things are still relatively simple.
But what has happened: tool developers try to protect their products with massive obscuring interfaces when others trying to clone these ruined tools what ever price. And massively money is spent for nothing. Tools are even impossible to use and at least slowing down. For quick comparison Zed bull needs frustrating long time to read hitag2 fields. And why? Serial port communication uses some idiotic crypt messaging and all effort is used for that! And that is still pretty good tool.
And stupid cloners use more time to clone these devices when they could write own better software even with less work! Definetly there is need for open source projects that shakes the business.
For me cars are mainly hobby while helping people now and then. Not trying to get money for living. For that purpose high cost tools with annual licensing is absolutely no way! I would pay around 500€ for good tool without annual tributes. VVDI Prog and R.E.T are pretty good example of those.
You wish , unfortunately i'm equipped with better keyTag for free , i don't use it because i use latest tool to automatically pre-code all cars key .
For use this tool manually you need "kripto key" or "Secret key" , you need expensive tools ( 600€ and more ) ....
No sens my friend in your logic .
Are you envious because you don't profit of ABRITES anniversary free ProTag + free RR012 ? ho yes !
TERMINATOR you cried 1 year here for cheap AES programmer and now you argue - If you now have this that you need just don't read this thread
Also was the same with Truecode - you cried that cable is expensive and then adverted more expensive UCO
Also was the same with AVDI - you cried how expensive is now advert them every day
I have respect to all your helpful posts but just stop the spam
I will tell you the result as soon as I managed to test it.There is quite lot of Hitag2 variants as can be see in attachment. Seems that BMW may not belong to standarn hitag2+ee category. Excited to hear if it still can be read with standard way... So, there is some place for commercial tools but unfortunately this field has gone sick recent years. Basically many things are still relatively simple.
TERMINATOR, good to hear that you have better tools. For professional locksmiths it makes sense to use good quality professional tools. Surely they safe you a lot of time and the price pays off after few jobs.
But in this thread there are people which are interested in the technical details of the functionality. Obviously you are not interested in this, you are only arguing. So please stop spamming this interesting thread! You contributed absolutely nothing so far.
And this is also wrong. I have a chinese XProg for 40$, whith which it was possible to read out CAS. CAS3 Editor extracted the crypto data I needed for key programming!For use this tool manually you need "kripto key" or "Secret key" , you need expensive tools ( 600€ and more ) ....
I am waiting for the administration to react to comments and reproaches TERMINATOR1000
you can't insult the participants, especially since people make good and cheap programs!
one dreamer ! one ...
40$ for renault Kadjar or 2016+Clio4 ?????
????? INSULT ?????
AES HITAG tool have no interests if you don't have kypto-key on Twingo3 , Megane 4 , 2016+Clio4 ....
Nothing is free , you'r an dreamer like rellullapaasee
Bookmarks