Open Source Hitag Programmer

[XProfig]

Congratulations to your nice project!

I really appreciate you effort. Members like you are making this forum also interesing for people (like me) who want to gain deeper knowledge of transponder functionality.

One question back to the topic:
Would it also be possible to read and program the XMA Memory in Hitag2(+EE) Transponders with your project? You only mentioned this feature in context with AES transonders.

[rellullapaasee]

Congratulations to your nice project!

I really appreciate you effort. Members like you are making this forum also interesing for people (like me) who want to gain deeper knowledge of transponder functionality.

One question back to the topic:
Would it also be possible to read and program the XMA Memory in Hitag2(+EE) Transponders with your project? You only mentioned this feature in context with AES transonders.

You are wellcome!

It is not currently possible to access hitag2 XMA with Windows application because commands differ from AES set. This set is however already found and may be added to coming releases.

[XProfig]

It would be great if you could manage to implement XMA access also for Hitag2. As far as I know, this would be the first project which supports XMA using low-cost devices (e.g. Effi doesn't support it).

Btw. you mentioned command set for XMA with Hitag2 is already known. For my interest, could you tell me where you found this info?

[rellullapaasee]

It would be great if you could manage to implement XMA access also for Hitag2. As far as I know, this would be the first project which supports XMA using low-cost devices (e.g. Effi doesn't support it).

Btw. you mentioned command set for XMA with Hitag2 is already known. For my interest, could you tell me where you found this info?

Command set is here:
Enter XMA state: 00111
INC_BLOCK_POINTER: 00100
DEC_BLOCK_POINTER: 00101
READ_PAGE(0-7): 11XXX
WRITE_PAGE(0-7): 10XXX

There was also some Chinese site having this info (found using Google, but it may be gone now as couldn't find it any more...)

Anyway, some test application already available:
ee.jpg

Could you introduce what can be done with hitag2+ee access? Laguna III seems to have VIN written there. Interface was easy as pie but what can we achieve with that?

[TERMINATOR1000]

Interesting topic ...

Members with ZERO message before this topic , no help , no tool , not locksmith , come to nowhere to show the method to build Hitag reader/programmer !
In 3 hours the made EEPROM Hitag2 reader ....
Peoples are wonderfully , working for free in an public forum ...

Don't be stupid , for me , it's an fake messiah !

[XProfig]

@ rellullapaasee:
Wow, that was really fast. Thanks again!
I will try it out next weekend. I'm going to use the PCF7991 ABIC in my ZedBull 504. I'm really excited if this will work.

For what do I need this? I want to use it for my BMW E90 smartkey I recently bought from chinese seller where remote is not working yet (key can already start the car). This keyfob has a PCF7945 inside and some guys from this forum stated that BMW remotes don't use the standard HiTag2 remote fields. Instead, they said remote data has to be programmed somehow in XMA area. So I want to try to figure out which data have to be programed by looking at the XMA Memory of my original working remote.

@ TERMINATOR, why is it such a big problem for you when people are developing tools for free based on their research? Are you envious that you payed lot of money for your fancy professional tools, and now some people here are sharing these tools for free?
Can't you accept that there are people out there, who do this research and development just for their interest as hobby? I don't understand why you need to disturb this thread again and again with replys contributing nothing to this topic.

Don't be stupid , for me , it's an fake messiah !

Did you already test the tool rellullapaasee posted? If not there is no reason to give such offending comments!

[rellullapaasee]

@ rellullapaasee:
Wow, that was really fast. Thanks again!
I will try it out next weekend. I'm going to use the PCF7991 ABIC in my ZedBull 504. I'm really excited if this will work.

For what do I need this? I want to use it for my BMW E90 smartkey I recently bought from chinese seller where remote is not working yet (key can already start the car). This keyfob has a PCF7945 inside and some guys from this forum stated that BMW remotes don't use the standard HiTag2 remote fields. Instead, they said remote data has to be programmed somehow in XMA area. So I want to try to figure out which data have to be programed by looking at the XMA Memory of my original working remote.

!

There is quite lot of Hitag2 variants as can be see in attachment. Seems that BMW may not belong to standarn hitag2+ee category. Excited to hear if it still can be read with standard way... So, there is some place for commercial tools but unfortunately this field has gone sick recent years. Basically many things are still relatively simple.

But what has happened: tool developers try to protect their products with massive obscuring interfaces when others trying to clone these ruined tools what ever price. And massively money is spent for nothing. Tools are even impossible to use and at least slowing down. For quick comparison Zed bull needs frustrating long time to read hitag2 fields. And why? Serial port communication uses some idiotic crypt messaging and all effort is used for that! And that is still pretty good tool.

And stupid cloners use more time to clone these devices when they could write own better software even with less work! Definetly there is need for open source projects that shakes the business.

For me cars are mainly hobby while helping people now and then. Not trying to get money for living. For that purpose high cost tools with annual licensing is absolutely no way! I would pay around 500€ for good tool without annual tributes. VVDI Prog and R.E.T are pretty good example of those.

[TERMINATOR1000]

@ TERMINATOR, why is it such a big problem for you when people are developing tools for free based on their research? Are you envious that you payed lot of money for your fancy professional tools, and now some people here are sharing these tools for free?
Can't you accept that there are people out there, who do this research and development just for their interest as hobby? I don't understand why you need to disturb this thread again and again with replys contributing nothing to this topic.



Did you already test the tool rellullapaasee posted? If not there is no reason to give such offending comments!

You wish , unfortunately i'm equipped with better keyTag for free , i don't use it because i use latest tool to automatically pre-code all cars key .
For use this tool manually you need "kripto key" or "Secret key" , you need expensive tools ( 600€ and more ) ....
No sens my friend in your logic .

Are you envious because you don't profit of ABRITES anniversary free ProTag + free RR012 ? ho yes !

[Manta1600]

You wish , unfortunately i'm equipped with better keyTag for free , i don't use it because i use latest tool to automatically pre-code all cars key .
For use this tool manually you need "kripto key" or "Secret key" , you need expensive tools ( 600€ and more ) ....
No sens my friend in your logic .

Are you envious because you don't profit of ABRITES anniversary free ProTag + free RR012 ? ho yes !

TERMINATOR you cried 1 year here for cheap AES programmer and now you argue - If you now have this that you need just don't read this thread


Also was the same with Truecode - you cried that cable is expensive and then adverted more expensive UCO


Also was the same with AVDI - you cried how expensive is now advert them every day


I have respect to all your helpful posts but just stop the spam

[XProfig]

There is quite lot of Hitag2 variants as can be see in attachment. Seems that BMW may not belong to standarn hitag2+ee category. Excited to hear if it still can be read with standard way... So, there is some place for commercial tools but unfortunately this field has gone sick recent years. Basically many things are still relatively simple.

I will tell you the result as soon as I managed to test it.

TERMINATOR, good to hear that you have better tools. For professional locksmiths it makes sense to use good quality professional tools. Surely they safe you a lot of time and the price pays off after few jobs.

But in this thread there are people which are interested in the technical details of the functionality. Obviously you are not interested in this, you are only arguing. So please stop spamming this interesting thread! You contributed absolutely nothing so far.

For use this tool manually you need "kripto key" or "Secret key" , you need expensive tools ( 600€ and more ) ....

And this is also wrong. I have a chinese XProg for 40$, whith which it was possible to read out CAS. CAS3 Editor extracted the crypto data I needed for key programming!

[Catalizator]

I am waiting for the administration to react to comments and reproaches TERMINATOR1000
you can't insult the participants, especially since people make good and cheap programs!

[rellullapaasee]

Interesting topic ...

Members with ZERO message before this topic , no help , no tool , not locksmith , come to nowhere to show the method to build Hitag reader/programmer !
In 3 hours the made EEPROM Hitag2 reader ....
Peoples are wonderfully , working for free in an public forum ...

Don't be stupid , for me , it's an fake messiah !

I was really laughing for that! Don't know what Terminator1000 was thinking when posting that but it is quite flattering anyway

[TERMINATOR1000]

And this is also wrong. I have a chinese XProg for 40$, whith which it was possible to read out CAS. CAS3 Editor extracted the crypto data I needed for key programming!

one dreamer ! one ...
40$ for renault Kadjar or 2016+Clio4 ?????

I am waiting for the administration to react to comments and reproaches TERMINATOR1000
you can't insult the participants, especially since people make good and cheap programs!

????? INSULT ?????
AES HITAG tool have no interests if you don't have kypto-key on Twingo3 , Megane 4 , 2016+Clio4 ....
Nothing is free , you'r an dreamer like rellullapaasee

[TERMINATOR1000]

TERMINATOR you cried 1 year here for cheap AES programmer and now you argue - If you now have this that you need just don't read this thread


Also was the same with Truecode - you cried that cable is expensive and then adverted more expensive UCO


Also was the same with AVDI - you cried how expensive is now advert them every day


I have respect to all your helpful posts but just stop the spam

yes after COVID19 , ABRITES give it to me for free , what you don't understand my friend ??? , show must go on True-code R.E.T is died ? NEW TOOL come , Classic AVDI give us RR012 like freeware & free ProTAG for anniversary !!!!

It's war of tools

[Manta1600]

yes after COVID19 , ABRITES give it to me for free , what you don't understand my friend ??? , show must go on True-code R.E.T is died ? NEW TOOL come , Classic AVDI give us RR012 like freeware & free ProTAG for anniversary !!!!

It's war of tools

I can't understand why you spam every tool that you don't like it

If you don't like something no need to spam it