KI221 Communication #56
Comments
|
If you try to unlock KI221 on bench, you won't be able to do it. This issue was also found by Feezex: jglim/UnlockECU#21 |
|
два англичана ахах))) |
|
Thank you for answers. Iam trying in the car, not bench. When taking vedi or other tools, I can send commands and get direct the requested keys. |
|
Hello FlashY7, Since the same J2534 device works in Vediamo but not here, this is likely to be a valid issue. In Could you consider uploading both (Vediamo/Diogenes) j2534 traces using J2534-Shim? This post will explain the setup process. This setup takes some effort, but will produce detailed logs to compare the difference with Vediamo. |
|
Hi jglim, i have just did it. I logged 1x ved and 2x with different builds of CaesaerSuite. CaesarSuite seems you can send some UDS, than again come no answer - its looking like the SW is stucking to receive or send commands. Even 11 01, 10 03 in such moment not work. But, when you "wake" it with 10 92, you can do 27 01, 11 01, 10 03 and all. VEDIShimDLL_2023-03-16_10-59-17_0363.txt |
третьим будешь?)) |
|
|
@FlashY7 I'm still looking at this issue, and it is interesting to see that there are In the meantime, if you are keen to try a "development" build, this version of Diogenes has a rewritten networking stack that behaves a bit more like Vediamo. Most features are not implemented yet as I am still getting the connectivity in order. I have only tested this on UDS targets as I do not have any KW2C3PE devices to try on. The new build requires .net 5 or later. The interface has some changes; here is a screen recording on how to connect to an ECU: 0HOdgjtKpF.mp4 |
|
Hi jglim, |
|
Diogenes 2 test ki211, can't connect and recognize the variant. |
|
Hi folks, I appreciate the positive feedback and the bug reports very much. I've attached to a CRD3 on the bench, encountered the same issue (still UDS) and applied a fix: |
|
i have just try it. I was able to connect, unlock it, and I was able to read and write the whole EEPROM of KI221. |
|
|
|
how you like that:
IC907.smr-d |
|
Folks, thanks for testing it out. I'm glad to see that it's generally working, at least for ECUs with For "class 1" ECUs such as KI211 I am still unsure if the 500<->83.3k issue is fixed yet #52 . In the screenshot from @mercikc55 , there are multiple Also, please note that there is a known visual bug in the ComParam list, where it does not automatically refresh when loading a new CBF, until it is clicked at least once. @Feezex Thanks for the trace. The new networking stack is a bit too tight on the timings, and those requests without responses exceeded the p2max timeout (default ~150ms). UDS typically adds a bit more slack through the Also of note is #55 : ComParams are now editable. It should be possible to load a similar CBF for an unknown ECU, adjust the ComParams, then initiate the connection. |
|
I tried your first Diogenes II dbg ver. on KI211 on car, connected but no variant. Probably, second dbg was tested by mercikc55, also no variant. |
Diogenes II dbg ver_2. |
Probably trace with #11 j2534 logger will be more useful |
Yes, sure |
|
Don't know about bench connection, but last dbg build connects with ki211 on the car, identify variant but for 27 01 cmd i get 7F 27 80 |
exactly the same on the bench |
|
if you read nicely - ki221 bench doesnt work, as of security access issue, Seems there is lack of data received by ki from eis, zgw, sam and so on. Tested KI+ZGW+EIS build, still security acces query becomes rejected. |
|
Hi folks, I'm still looking at this; though I have no concrete answers, Here are some notes from my observation: Looking at the trace from @mercikc55 (#56 (comment)), there are two The first message is sent at After the At This is unexpected since KI211 should be a "class 1" ECU, where session-related requests ( I'll find time to generate a build with more logging information soon. This might take a while since I am still away on my annual reservist training. |
|
Hello all again, I saw an issue where the |
|
Hey @jglim, just read this issue. Response Also on ki211 like clusters there is a highest mode, which is called VDO mode and you can call any diag function, but not sure how it works on other clusters. You can enter in VDO mode via this command: |
|
And yes, I can confirm that for ki211 you need to send tester present message periodically to 0x1c can id, otherwise any diag request will fail with |
|
Hello @VladLupashevskyi, Thanks for your advice. VDO mode is new to me; I've assumed so far that privileges are automatically granted when completing security access challenges. I assume that entering VDO mode is a requirement before raw memory read/write commands are made available? For other clusters, I can only add on my experience on the 204, where privileged commands (full access to volatile and nonvolatile memory, and external eeprom) are automatically granted after entering level 9, then level 13. As for the connectivity and session issue, I am still unsure as to where the application is failing right now. As far as I can tell, the current implementation should send If there's a chance that you might be able to look at it, please use the v2 branch. (v2 also has a somewhat functional interpreter which might be of interest to you) |
|
@jglim hey v2 branch looks interesting :) Will take a look at it in about 2 weeks when I'm back home. VDO mode unlocks functions which start from 31 FA xx and 31 FB xx, many of them do not exist in CBF, just happened to find them during reverse engineering of ki211. For other functions you should be fine with I think it does not really matter what is sent first either |
last dbg build + can hacker works, no 7F 27 80 |
Open a repo for Diogenes II or post a source please. |
|
It is visible when you choose from the branch menu; here is a direct link. The repo has been there for a while (~April '23) but I don't think github makes it very obvious that it is available. One of my prior goals was to get ki211-like ecus working with v2, but I have underestimated the amount of work that is required for that. Hopefully more folks might notice and experiment with that branch. |
|
got it! havent pay attention before that theres a branches inside! |
hi guys,
having issue with Unlock KI221. Its connecting well but when i want unlock a level, its not doing it. 10 03 ok, 10 92 ok, 27 01,FD not ok.
When continue trying more things, it stops even to receive the commands until you do a reconnect.
I used the last build I found in the KI211 thread. CaesarSuite_dbg_2023_02_02-A
Last official Build its also not working with it, but there you can see only in TRACE after 1 minute around: the 27 01 requested seed key.
I have tested same Build on same PC for IC172, its working perfect.
Trace_20230315_1835.txt
Anyone idea?
Best regards
The text was updated successfully, but these errors were encountered: