Reflash Counter

Updated 2011-03-18: 100-limit, see last paragraph

Just like their petrol counterparts, BoxerDiesel ECUs also have a flash counter at ROM address 0xFFB00 & 0xFFB02 (2x uint16, big endian). The latter one is a logical complement for backup and/or to level out a possible checksum.
Example: “00 01 FF FE” means one reflash has been made.
Counter value probably starts at zero (“00 00 FF FF”) out of factory, showing re-flashes so to speak.
Maximum value is decimal 65,534 (“FF FE 00 01”), at which point it stays the same, not overflowing back to zero.
In standard dealer flash procedure, the actual incrementing is done by the bootloader.
Besides those four bytes, no further data seems to be saved in this special area (0xFFB00, length 128 bytes). Probably a good thing – not to overdo things like other manufacturers tend to do.
When flashing this particular block, the standard bootloader ignores the upload data (supposed to be FFs).
For downloading ROM it depends on the used bootloader whether it returns the actual bytes from there. Standard bootloader just reports fake bytes (FFs) in order to match upload and pass the flash verification test.

Regarding reflash counter there’s an artificial limit of 100 reflashes. Reaching this value, dealer flash software will likely refuse to work. Both ECUs (gasoline and diesel) as well as TCUs seem to be affected, chip types SH7055 and SH7058(S) at least.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s