TC1791_CAN_BSL
TC1791_CAN_BSL copied to clipboard
bri3d
AttributeError: 'bool' object has no attribute 'hex'
Hellow! I am trying to extract passwords and am getting the following error.
kuchka@raspberrypi:~/TC1791_CAN_BSL $ python3 bootloader.py
/home/kuchka/TC1791_CAN_BSL/bootloader.py:67: SyntaxWarning: "is" with a literal. Did you mean "=="?
if data[0] is 0xA0:
Welcome to Tricore BSL. Type help or ? to list commands, you are likely looking for upload to start.
(BSL) extract_boot_passwords
Setting up PWM waveforms...
Resetting ECU into Supplier Bootloader...
Sending 59 45...
Timestamp: 1692210128.669170 ID: 00a7 S Rx DL: 8 91 1c e1 77 fd 7d f7 1d Channel: can0
FAILURE
Calculating key for seed:
Traceback (most recent call last):
File "/home/kuchka/TC1791_CAN_BSL/bootloader.py", line 743, in <module>
BootloaderRepl().cmdloop()
File "/usr/lib/python3.9/cmd.py", line 138, in cmdloop
stop = self.onecmd(line)
File "/usr/lib/python3.9/cmd.py", line 217, in onecmd
return func(arg)
File "/home/kuchka/TC1791_CAN_BSL/bootloader.py", line 711, in do_extract_boot_passwords
extract_boot_passwords()
File "/home/kuchka/TC1791_CAN_BSL/bootloader.py", line 284, in extract_boot_passwords
sboot_login()
File "/home/kuchka/TC1791_CAN_BSL/bootloader.py", line 271, in sboot_login
print(sboot_seed.hex())
AttributeError: 'bool' object has no attribute 'hex'
SocketcanBus was not properly shut down
Bumping this issue up. Having the same error:
Welcome to Tricore BSL. Type help or ? to list commands, you are likely looking for upload to start.
(BSL) sboot
Setting up PWM waveforms...
Resetting ECU into Supplier Bootloader...
Sending 59 45...
Timestamp: 1731065574.696726 ID: 00a7 S DLC: 8 0f a1 bf fe fa eb df 1f Channel: can0
FAILURE
Calculating key for seed:
Traceback (most recent call last):
File "/tools/simos18_tools/TC1791_CAN_BSL/./bootloader.py", line 743, in
It's been a long time since I originally set this up, but I'm fairly certain this indicates something isn't correct on the hardware side. PWM wires backwards (they're mislabeled in one of the pics on here, iirc), level shifter not working correctly, etc.
I've dug a bit deeper and here is what I have found.
Sboot executed instead of extract_boot_passwords terminates the script with the following error:
(BSL) sboot
Setting up PWM waveforms...
Resetting ECU into Supplier Bootloader...
Sending 59 45...
Timestamp: 1731070638.591204 ID: 0204 S E DLC: 8 00 20 00 00 00 00 83 00 Channel: can0
None
None
None
None
None
None
None
None
None
None
Timestamp: 1731070638.701080 ID: 07e8 S DLC: 8 a0 ff ff ff ff ff ff ff Channel: can0
Got A0 message
Sending 6B...
Sending 6B...
Timestamp: 1731070638.701093 ID: 07e8 S DLC: 8 a0 02 ff ff ff ff ff ff Channel: can0
Got A0 message
Switching to IsoTP Socket...
Traceback (most recent call last):
File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 743, in
IsoTPSocketConnection gets a wrong argument instead of address. I have checked udsoncan lib docs and here is what I found:
class IsoTPSocketConnection(BaseConnection):
"""
Sends and receives data through an ISO-TP socket. Makes cleaner code than SocketConnection but offers no additional functionality.
The can-isotp module <https://github.com/pylessard/python-can-isotp>_ must be installed in order to use this connection
:param interface: The can interface to use (example: ``can0``)
:type interface: string
:param address: The address used to bind the the socket. Before 1.21, txid/rxid were needed here, this has changed with v1.21
:type address: ``isotp.Address`` or ``isotp.AsymmetricAddress``
:param name: This name is included in the logger name so that its output can be redirected. The logger name will be ``Connection[<name>]``
:type name: string
:param tpsock: An optional ISO-TP socket to use instead of creating one.
:type tpsock: isotp.socket
Starting from 1.21 udsoncan switched to a different type of address provision. Hence it fails. I'll try to get the older udsoncan lib to continue to work on my ECM but it is clear that it would be great to have the project actualized with consideration of changes in all dependencies thrugh all these years since it was written
Downgraded udsoncan to 1.20 and now getting:
(BSL) sboot
Setting up PWM waveforms...
Resetting ECU into Supplier Bootloader...
Sending 59 45...
None
None
Timestamp: 1731073075.081290 ID: 07e8 S DLC: 8 a0 ff ff ff ff ff ff ff Channel: can0
Got A0 message
Sending 6B...
Sending 6B...
Timestamp: 1731073075.082872 ID: 07e8 S DLC: 8 a0 02 ff ff ff ff ff ff Channel: can0
Got A0 message
Switching to IsoTP Socket...
Traceback (most recent call last):
File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 743, in
Digging deeper
Here is all of the package versions that mine is running (working), maybe this will help. I'm also on debian buster version, with Python 3.9.2
async-timeout==4.0.3 bitarray==2.8.1 bitstring==4.1.1 bleak==0.20.2 can-isotp==1.9 certifi==2020.6.20 cffi==1.15.1 chardet==4.0.0 colorzero==1.1 cryptography==41.0.3 dbus-fast==1.94.1 distro==1.5.0 ecdsa==0.18.0 esptool==3.3.2 gpiozero==1.6.2 idna==2.10 lz4==4.3.2 msgpack==1.0.5 numpy==1.19.5 packaging==23.1 picamera2==0.3.12 pidng==4.0.9 piexif==1.1.3 pigpio==1.78 Pillow==8.1.2 pycparser==2.21 pycryptodome==3.18.0 pyserial==3.5 python-apt==2.2.1 python-can==4.2.2 python-prctl==1.7 PyYAML==6.0.1 reedsolo==1.5.4 requests==2.25.1 RPi.GPIO==0.7.0 sa2-seed-key==0.0.1 simplejpeg==1.6.4 six==1.16.0 spidev==3.5 ssh-import-id==5.10 toml==0.10.1 tqdm==4.66.1 typing-extensions==4.7.1 udsoncan==1.18.1 urllib3==1.26.5 v4l2-python3==0.3.2 wrapt==1.15.0
@aarons3 , Thank you, that helped. I even could get seed calculated. However, hit another error:
(BSL) extract_boot_passwords
Setting up PWM waveforms...
Resetting ECU into Supplier Bootloader...
Sending 59 45...
None
None
None
None
None
None
None
None
Timestamp: 1731076122.591086 ID: 07e8 S Rx DL: 8 a0 ff ff ff ff ff ff ff Channel: can0
Got A0 message
Sending 6B...
Sending 6B...
Timestamp: 1731076122.591099 ID: 07e8 S Rx DL: 8 a0 02 ff ff ff ff ff ff Channel: can0
Got A0 message
Switching to IsoTP Socket...
Sending 0x30 to elevate SBOOT shell status...
Success
Sending 0x54 Generate Seed...
Success
Calculating key for seed:
dea9abacde6409fdca75d0bacebc2fe3242d81dc55f2ccf5a1cabf7c4a7e2505a00a448ebb6fa3c99e196b60394329ea9ebc482d8a16806130f7f7ab67874bf7ef853995cb64eb736392428b1f07a1d61188c94f20efd012f1a4a422d8ec07899d8a4da89462b451920ff228e0efca34db7420d5c4b38ebfb2c79aa821c2097f9586a470712d58bd68b7b42a232ea5292440033f823ff3a44720121bf977c9076284023a59b28f00fc419c2617d0214d545288527129aface98e4a35a78b7f50896fbf44a9a778882c2d63ea45e64f83b4a4f3a7f5b6d2a81dbf0411528cff5822976523b8d9e15cf692aa6bd0ab6874fe44ebbcf96234d7c7b1d873ad30ca91
Key calculated :
94F003C94D7AD550B9FBCA6CA7DC4CCBF3DF34F04305A77987BDF4A4EF9B6E998C11D4D4FD28FFE2C6028356FB563621FE0B06AC398EE3658BAE3C14D34ECBAA599136F29291F2BFA4112297FDF9EC04674732969AB27FDA74EFD10A99019FBD06E87B3AEC9F18E146573740EBC54E0CC54ABCF2A9BFF0B472F92DDAC0BD160058F67AFBE6DE1E1EA832C52C58CB234896B3981D3AAF71B349DC4F24E3FFEC78AE1EFCB855B855D08A9AAA0FF7B47334231A2B766E04D183FAFF917F58C8F14E9691609BA5ADA1336EA347133473DFC5E69DB1DFF7CAEE053718D155320E2C0DB4DC8E2B9BFEF4A5BD70E68A71C1A9ED481BBA06BBA2004075CEC24600021425
Sending 0x65 Security Access with Key...
Traceback (most recent call last):
File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 743, in
An alternate way you can get the boot passwords is via the "manual method" which is described in the Simos18_SBOOT repository.
I'm on the first step where you run twister to compute the key data and get the timing value. Normally it's 01Dxxxxx for the B part number simos18 units. Yours is way different, which kind of makes me suspect that something is off here, but you can still continue the process.
run a couple 'sboot' commands and post the seed, if you can. Running twister starting at 0 on rpi hardware will be a pretty long process, a lot better on more powerful hardware if you have it. (I'm using my NAS which isn't powerful, but still a lot better than my pi4 lol).
His key recovery worked, there was some weird issue with the isotp socket where he never received a response to the Send Key message. I think the stack trace in this case is a bit of a red herring; it’s a bug but the alternative would basically be a nice “no data received” error.
The main thing I could see causing this would be if the ECU rebooted during the time where the script was performing the seed/key calculation somehow. I actually think trying again might be a viable approach here. If that doesn’t work it’s time to start taking can dumps to see what’s up I think.
On Fri, Nov 8, 2024 at 8:25 AM aarons3 @.***> wrote:
An alternate way you can get the boot passwords is via the "manual method" which is described in the Simos18_SBOOT repository.
I'm on the first step where you run twister to compute the key data and get the timing value. Normally it's 01Dxxxxx for the B part number simos18 units. Yours is way different, which kind of makes me suspect that something is off here, but you can still continue the process.
image.png (view on web) https://github.com/user-attachments/assets/e77fb6cb-9094-47e0-9749-99af15dcc930
— Reply to this email directly, view it on GitHub https://github.com/bri3d/TC1791_CAN_BSL/issues/3#issuecomment-2465034210, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABTO2NRGC573HQFS6SNJVLZ7TJWRAVCNFSM6AAAAABRNJ6BGWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRVGAZTIMRRGA . You are receiving this because you are subscribed to this thread.Message ID: @.***>
@aarons3 , Twister runs pretty slow on my RPi3+. I have gone through manual process to identify the value and it is different all the time:
[emiter@emiters-srv Simos18_SBOOT-main]$ ./twister 025748C5 dea9abac **** FOUND **** Seed: 025748C7
Key Data: 94F003C94D7AD550B9FBCA6CA7DC4CCBF3DF34F04305A77987BDF4A4EF9B6E998C11D4D4FD28FFE2C6028356FB563621FE0B06AC398EE3658BAE3C14D34ECBAA599136F29291F2BFA4112297FDF9EC04674732969AB27FDA74EFD10A99019FBD06E87B3AEC9F18E146573740EBC54E0CC54ABCF2A9BFF0B472F92DDAC0BD160058F67AFBE6DE1E1EA832C52C58CB234896B3981D3AAF71B349DC4F24E3FFEC78AE1EFCB855B855D08A9AAA0FF7B47334231A2B766E04D183FAFF917F58C8F14E9691609BA5ADA1336EA347133473DFC5E69DB1DFF7CAEE053718D155320E2C0DB4DC8E2B9BFEF4A5BD70E68A71C1A9ED481BBA06BBA2004075CEC24600021425 Seed Data: DEA9ABAC DE6409FD CA75D0BA CEBC2FE3 242D81DC 55F2CCF5 A1CABF7C 4A7E2505 A00A448E BB6FA3C9 9E196B60 394329EA 9EBC482D 8A168061 30F7F7AB 67874BF7 EF853995 CB64EB73 6392428B 1F07A1D6 1188C94F 20EFD012 F1A4A422 D8EC0789 9D8A4DA8 9462B451 920FF228 E0EFCA34 DB7420D5 C4B38EBF B2C79AA8 21C2097F 9586A470 712D58BD 68B7B42A 232EA529 2440033F 823FF3A4 4720121B F977C907 6284023A 59B28F00 FC419C26 17D0214D 54528852 7129AFAC E98E4A35 A78B7F50 896FBF44 A9A77888 2C2D63EA 45E64F83 B4A4F3A7 F5B6D2A8 1DBF0411 528CFF58 22976523 B8D9E15C F692AA6B D0AB6874 FE44EBBC F96234D7 C7B1D873 AD30CA91 [emiter@emiters-srv Simos18_SBOOT-main]$ ./twister 02000000 dea9abac **** FOUND **** Seed: 025748C6
Key Data: 94F003C94D7AD550B9FBCA6CA7DC4CCBF3DF34F04305A77987BDF4A4EF9B6E998C11D4D4FD28FFE2C6028356FB563621FE0B06AC398EE3658BAE3C14D34ECBAA599136F29291F2BFA4112297FDF9EC04674732969AB27FDA74EFD10A99019FBD06E87B3AEC9F18E146573740EBC54E0CC54ABCF2A9BFF0B472F92DDAC0BD160058F67AFBE6DE1E1EA832C52C58CB234896B3981D3AAF71B349DC4F24E3FFEC78AE1EFCB855B855D08A9AAA0FF7B47334231A2B766E04D183FAFF917F58C8F14E9691609BA5ADA1336EA347133473DFC5E69DB1DFF7CAEE053718D155320E2C0DB4DC8E2B9BFEF4A5BD70E68A71C1A9ED481BBA06BBA2004075CEC24600021425 Seed Data: DEA9ABAC DE6409FD CA75D0BA CEBC2FE3 242D81DC 55F2CCF5 A1CABF7C 4A7E2505 A00A448E BB6FA3C9 9E196B60 394329EA 9EBC482D 8A168061 30F7F7AB 67874BF7 EF853995 CB64EB73 6392428B 1F07A1D6 1188C94F 20EFD012 F1A4A422 D8EC0789 9D8A4DA8 9462B451 920FF228 E0EFCA34 DB7420D5 C4B38EBF B2C79AA8 21C2097F 9586A470 712D58BD 68B7B42A 232EA529 2440033F 823FF3A4 4720121B F977C907 6284023A 59B28F00 FC419C26 17D0214D 54528852 7129AFAC E98E4A35 A78B7F50 896FBF44 A9A77888 2C2D63EA 45E64F83 B4A4F3A7 F5B6D2A8 1DBF0411 528CFF58 22976523 B8D9E15C F692AA6B D0AB6874 FE44EBBC F96234D7 C7B1D873 AD30CA91 [emiter@emiters-srv Simos18_SBOOT-main]$ ./twister 02000000 c7d9acb3 **** FOUND **** Seed: 024F8A56
Key Data: 80C54F3831E819D1F2E984E37C8E090AD4A0C61593A4CF726FD4D20F526E4AFC8DF66BBF47CE93DD9AFB50CCFA9CFE450AB1EDDACA86D8DB9DC4456FCF1807CB889849BBF9425E8F945F8267BB46C4A4F955C72E849CBBDA1EA1FA4567779C6AA0BEAEADCC1389400EAD7B547FB5097BAA074AF21A372C1E328EAE61A0884AE6101A6816C540F4C15FEEFFDA1ED08A95315AAE7C2AEC98F9649AA2566C3DDA6C36F9F35853C7ED9A44BBEB3A149ED689D1127D642A4E1A9708BFC3AF82CB88B71D2231DEC03202B2ED52AD97BB6BB26C4ED1966DD5967E33E26966584D641C1C87DEF1004FC1A496C970F248710ACDBA8B77229D4D1500DCD3FA2AE30002DBF0 Seed Data: C7D9ACB3 B041D7D9 87898DC9 80090B7D 1C773939 7DCD4480 F3F5484C 27F0DCB7 96B716DD AE1054A6 9F9D69A2 F82A1441 60936263 0E76344E 9C1D3872 8B69B270 53FCFF42 585B1FCC 44DC4591 FDD447C3 5BDA00F3 692366C1 EC68D81C 57855D09 0928A60F A1F82CFC DD7F8C42 3AD20371 3CE0AF68 DA396C7B 28EC183D 9121F2B4 C51E4882 2F82091E 5B46E71B DC73CD6D 819387D6 15A6AE0D 17ACEBBE 150E72A3 70EEEC78 3D9F93C6 0B4E9341 C821747E 3BEB92FA D8AC8503 D5EA133F CA7F85CC 5B2504A7 6B4D78A4 D6C4F437 53489C8D EF79CA92 EC8DB891 42777A35 56C03223 5372792F 6B3A0505 AED676FF 9DCD22A0 B4ED5C7D 87698B1A D68DD9B0 D5847E20 [emiter@emiters-srv Simos18_SBOOT-main]$ ./twister 02000000 a0cf4bb7 **** FOUND **** Seed: 02623A30
Key Data: 9781934BF0CBE39DDD307D80510F285A6413EA5C3A4FC8F6492C9C78357BC37A114CDD8240B29FD43ACE6E318165F57CF5473B6218A91AFC605E6C2E15ABDF798B0F64D345381E758B28ED108C02D87DA724D6FE0386EA7DF0D5ECA510CDD6B13E253FE9EEB35FB885FA782C67DAC27FC9B71B60EE4450624A0938069DFDD8DCFEBBC8DADB1096B0EFF37E970688422D2684259C0EC7F3BA139218B90E720B35859C9AD316C5956B0372BA6976535D20C3253D3599718F99506683DDB4D6DE6000E4569B8883A5666BBB787505417EB9E1A27A2661BD35F98586C6862A424E70709AF71D8E838698D7D2D7D1F824CF5FFDE9FE097FFC00C27B6DDD5500027320 Seed Data: A0CF4BB7 F6006A02 08E8B9C8 CE813FB7 6B685F81 6AF06F1B B2218C97 7182D9D0 E85CF15B C33EB05D F062550D EEB80F99 8AE3567F 912E2E5B 109A7EAF A43624A7 67C9A26D 9DDF256E 72856067 501410A3 3A1A3496 5862A4A6 7F876968 55B8FBB7 19238857 83B5EE6B 5E4E11CB C64829FD 8F002FBD ABE30F58 13E71B0C 10789B40 39CBDEC3 21806F64 F19C96EE 43478B5F F8F59AE9 E953E240 9579A36D A5DB4AF7 0B9F069D 45D054AB 90F2C78B F251B5BD 3FB1027F 82D31EC1 A762499C 70B1960F 1FF0B64B 1AB7C406 3C17AAC4 2BCA3D7B 9CA4BE16 81A34DD5 85C5C584 78503E20 3E218669 4533A01D 85547C47 71453EA1 D72EA346 DBAA582E BDF6CFC6 379A46CC [emiter@emiters-srv Simos18_SBOOT-main]$ ./twister 02000000 d7162c1d **** FOUND **** Seed: 02610E8C
Key Data: 23DD61D36EFE983BCC968DB3EC1C061ED9E2C924EA21D06AD5444F15641385A0E41F48192976D2C652B23751B6645C6F6372851353D2261EE18AA6A8A8A421027081413DC81CBB3EA119D7AED41F175F5BD1265C701B4FE5E0055DEA0AB1C52593C3302AE2F7B272B0E0401A1D3EA6E240DD3240549972EFACF60D203DE32F51CC676585134EAF5C19AFEE5C9CD0E80E4FE269271D66D3E967AAE5E58A2EB200CBD0E1389EDFE9B994B702B21286FB8C6E2BC0FB694822BB27BD722F7B626B0C424C23B24C206D35638A4F49CC1280BB2578D27A3E4A89206AE095D4968927396A9FD5C256097637144DDAB2E6ABDEFE5B26866E9C7700E69E8FD8C800028899 Seed Data: D7162C1D 34751D39 9889B41C 86716FD3 320C6DED E04C626D AB0BDB03 E819E106 C7626A9D F7D938E4 F6A1BADB A03B5C79 4772D981 9D26D326 FF0ADE14 79416BB1 DA7B6980 15B51710 4344C7C7 0512B787 59BE3C46 060DACA3 8EEA79A0 054D14A8 AE859136 3D71701D 2D426C89 76BD10CF BE4D397D D10E5F51 7ED93DD2 B61F0387 E82E2C8C D5FA0857 46C17627 31C0473A 46654F2A 6B75EDD8 5C6C012A 2E7BC4AA 09829C03 D16442A5 F1316CEF E961CB61 C2ECA122 CF4B3DC4 7448786E DA578E08 FF0B2E17 28A34516 916AE69C A08477E2 665B8855 E710122C C9BED1AF B5965C4A 1325A6EE A2118DE7 04A4E8C4 44F12E33 ECE04263 4056B184 8CCF72C0 DB0DF8CB
Currently my bootloader.py values is set to 02300000 but it still takes 10-15 minutes to calculate the value.
@bri3d , Thank you for joining! Currently my assumption is that calculation of key takes too long (10-15 MINUTES even after tweaking with the value in bootloader.py after many iterations) and causes ECM to somehow fall out of the session. I'm not sure if this is actual, just an assumption
I do have omp installed and when I run twister it loads all 4 cores of my RPi to 400%, just for clarity
Doing what Aaron suggests and using the manual process may help for you then, offloading the calculation to your computer. The timeout is (I think) around 5 minutes, so you have quite a bit of time. I’ve never seen such a high variance in seed (timer) values or such a slow calculation; it seems like your Pi has some competition for resources or low clocks (temp/power) or… something? I developed this whole thing on a Pi 3, so it’s definitely possible.
On Fri, Nov 8, 2024 at 8:51 AM em1ter @.***> wrote:
I do have omp installed and when I run twister it loads all 4 cores of my RPi to 400%, just for clarity
— Reply to this email directly, view it on GitHub https://github.com/bri3d/TC1791_CAN_BSL/issues/3#issuecomment-2465093692, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABTO2N5S7MRQSNBRRUQ663Z7TMX5AVCNFSM6AAAAABRNJ6BGWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRVGA4TGNRZGI . You are receiving this because you were mentioned.Message ID: @.***>
Thank you. TBH I've never worked with RPi before, although my work is closely related with Linux and UNIX servers. The power to my Pi is supplied from lab power supply set to 13V to CAN hat integrated buck converter. The same power line powers the ECM. I have not played with Pi OS and HW setup much so it may be indeed lacking computing power. I;ll research on what I can do to speed it up. Offloading the calculation to a separate more powerful PC can be a solution to my problem as well however to automate it definitely requires bootloader.py to be rewritten to pass the seed over the network somewhere like running the command via ssh and getting the output from it. I'll see what I can do with this.
Once again, thank you @aarons3 and @bri3d for all your advises!
The documentation Aaron linked for the “manual” process will let you offload processing using the power of copy and paste :)
On Fri, Nov 8, 2024 at 9:15 AM em1ter @.***> wrote:
Thank you. TBH I've never worked with RPi before, although my work is closely related with Linux and UNIX servers. The power to my Pi is supplied from lab power supply set to 13V to CAN hat integrated buck converter. The same power line powers the ECM. I have not played with Pi OS and HW setup much so it may be indeed lacking computing power. I;ll research on what I can do to speed it up. Offloading the calculation to a separate more powerful PC can be a solution to my problem as well however to automate it definitely requires bootloader.py to be rewritten to pass the seed over the network somewhere like running the command via ssh and getting the output from it. I'll see what I can do with this.
Once again, thank you @aarons3 https://github.com/aarons3 and @bri3d https://github.com/bri3d for all your advises!
— Reply to this email directly, view it on GitHub https://github.com/bri3d/TC1791_CAN_BSL/issues/3#issuecomment-2465154797, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABTO2M3XH35FJN3DNE5333Z7TPRJAVCNFSM6AAAAABRNJ6BGWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRVGE2TINZZG4 . You are receiving this because you were mentioned.Message ID: @.***>
@bri3d , I've had some progress. I have wrapped execution of twister on remote server into sh script and made bootloader.py running it instead of local twister. That actually worked and allowed me get key way faster than when running it on Pi. However I'm still getting the same error:
Sending 0x65 Security Access with Key...
Traceback (most recent call last):
File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 743, in
Since I do not have any tools dedicated for logging CAN frames but I'll try to build something from what I have laying around to dump the entire communication of Pi with ECM.
Just for clarity, my ECM is Simos18.1 (06K907425B) with controller TC1791S-384. Although this project is named "TC1791_CAN_BSL" and relates to Simos18_SBOOT, in your research "secrets-of-simos18" I found that the ECM you used was Simos18.6 (06K907425E) with controller TC1791S-512. Could it be that due to firmware or hardware differences CAN frames to communicate with ECM are different between 18.1 and 18.6?
No, it’s all the same. 18.1 and 18.6 are functionally identical and 18.10 just has a different public key. The steps to enter the bootstrap loader are the same for all Tricore parts.
I’m away from my computer and have been answering from my phone; I’ll take a quick look to make sure the error you’re seeing isn’t a bug at its root cause, but I’m pretty sure it’s just the ECU not responding to you sending the Key for some reason.
On Fri, Nov 8, 2024 at 10:11 AM em1ter @.***> wrote:
@bri3d https://github.com/bri3d , I've had some progress. I have wrapped execution of twister on remote server into sh script and made bootloader.py running it instead of local twister. That actually worked and allowed me get key way faster than when running it on Pi. However I'm still getting the same error:
Sending 0x65 Security Access with Key... Traceback (most recent call last): File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 743, in BootloaderRepl().cmdloop() File "/usr/lib/python3.9/cmd.py", line 138, in cmdloop stop = self.onecmd(line) File "/usr/lib/python3.9/cmd.py", line 217, in onecmd return func(arg) File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 676, in do_sboot sboot_login() File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 275, in sboot_login sboot_sendkey(bytearray.fromhex(key)) File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 148, in sboot_sendkey print_success_failure(conn.wait_frame()) File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 67, in print_success_failure if data[0] is 0xA0: TypeError: 'NoneType' object is not subscriptable
Since I do not have any tools dedicated for logging CAN frames but I'll try to build something from what I have laying around to dump the entire communication of Pi with ECM.
Just for clarity, my ECM is Simos18.1 (06K907425B) with controller TC1791S-384. Although this project is named "TC1791_CAN_BSL" and relates to Simos18_SBOOT, in your research "secrets-of-simos18" I found that the ECM you used was Simos18.6 (06K907425E) with controller TC1791S-512. Could it be that due to firmware or hardware differences CAN frames to communicate with ECM are different between 18.1 and 18.6?
— Reply to this email directly, view it on GitHub https://github.com/bri3d/TC1791_CAN_BSL/issues/3#issuecomment-2465305637, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABTO2NA3S45IH5YAZKD3RTZ7TWEFAVCNFSM6AAAAABRNJ6BGWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRVGMYDKNRTG4 . You are receiving this because you were mentioned.Message ID: @.***>
@bri3d , An update from my side. After tweaking around with Pi OS settings, and reconnecting wires I was able to finally extract boot passwords. The issue I was facing was definitely a communication issue caused by either slow pi performance or bad continuity of CAN bus connection. Either way now it works. I even got MCU ID and flashinfo.
However there is another issue. I'm unable to perform reading. It fails with the following error:
(BSL) send_read_passwords 8e4ea0dc 8dae4902
Timestamp: 1731135273.948932 ID: 0400 S Rx DL: 8 04 8e 4e a0 dc ff ff ff Channel: can0
Timestamp: 1731135273.950496 ID: 0400 S Rx DL: 8 04 00 00 cd 00 ff ff ff Channel: can0
Timestamp: 1731135273.951977 ID: 0400 S Rx DL: 8 04 8e 4e a0 dc ff ff ff Channel: can0
Timestamp: 1731135273.953468 ID: 0400 S Rx DL: 8 04 00 00 cd 00 ff ff ff Channel: can0
(BSL) compressed_read AF000000 18000 PMU0_DFlash.bin
Traceback (most recent call last):
File "/tools/simos18_tools/TC1791_CAN_BSL/bootloader.py", line 747, in
Is this another issue with my hw and/or connection or is it something different?
Btw, if you don't like me flooding in this issue but still don't mind helping me please ping me on my email [email protected] and we can figure out the way of communication which most suits you. Thank you in advance!
args[1] is 18000 , which isn't a valid hex byte string since it has an odd number of characters :)