GS7 program code disassembly project

808AWD325xi

Lurker
Nov 27, 2016
21
11
0
Moline, IL
Ride
2009 335i
I checked out A7848443.0da and see that it's signed with a 1024-bit RSA private key:
Code:
8003FE00:             AF 0D FF 08 87 C7 14 86 C1 94 5A B3  #    /....G..A.Z3
8003FE10: 17 E6 AC 9E E9 DA 0A 7D 2F F2 90 62 69 F5 4D 25  #.f,.iZ.}/r.biuM%
8003FE20: 10 E1 F4 B1 72 29 1D 38 8E D4 96 1C D3 01 B0 20  #.at1r).8.T..S.0
8003FE30: F5 80 0B 70 15 30 93 7B 27 3E A1 C0 85 F3 4D ED  #u..p.0.{'>[email protected]
8003FE40: F1 35 4E C4 64 5E DF FF A0 A6 A7 7F CE BB 02 18  #q5NDd^_. &'.N;..
8003FE50: B5 FF 45 E2 DF 0B E0 4B E6 66 F9 FB 72 90 4B 4F  #5.Eb_.`Kffy{r.KO
8003FE60: 0A 34 0C ED 47 1F 05 4F B3 DC 15 2B 29 26 8F A8  #.4.mG..O3\.+)&.(
8003FE70: 6C 47 14 9F B2 3D 6F 5E 74 84 DA 38 5C 3E 48 09  #lG..2=o^t.Z8\>H.
8003FE80: 8F 94 B9 97                                      #..9.

How did you guys bypass the signature verification?
 

carabuser

Lieutenant
Oct 2, 2019
870
1
766
0
UK
Ride
Z4 35i & 335i
I checked out A7848443.0da and see that it's signed with a 1024-bit RSA private key:
Code:
8003FE00:             AF 0D FF 08 87 C7 14 86 C1 94 5A B3  #    /....G..A.Z3
8003FE10: 17 E6 AC 9E E9 DA 0A 7D 2F F2 90 62 69 F5 4D 25  #.f,.iZ.}/r.biuM%
8003FE20: 10 E1 F4 B1 72 29 1D 38 8E D4 96 1C D3 01 B0 20  #.at1r).8.T..S.0
8003FE30: F5 80 0B 70 15 30 93 7B 27 3E A1 C0 85 F3 4D ED  #u..p.0.{'>[email protected]
8003FE40: F1 35 4E C4 64 5E DF FF A0 A6 A7 7F CE BB 02 18  #q5NDd^_. &'.N;..
8003FE50: B5 FF 45 E2 DF 0B E0 4B E6 66 F9 FB 72 90 4B 4F  #5.Eb_.`Kffy{r.KO
8003FE60: 0A 34 0C ED 47 1F 05 4F B3 DC 15 2B 29 26 8F A8  #.4.mG..O3\.+)&.(
8003FE70: 6C 47 14 9F B2 3D 6F 5E 74 84 DA 38 5C 3E 48 09  #lG..2=o^t.Z8\>H.
8003FE80: 8F 94 B9 97                                      #..9.

How did you guys bypass the signature verification?
You can just skip it. The signature check is actually requested by the tester as part of the write procedure.
 

carabuser

Lieutenant
Oct 2, 2019
870
1
766
0
UK
Ride
Z4 35i & 335i
I thought you were using WinKFP to flash the TCU with modified 0pa and 0da files. What tool are you using for flashing?
Yes you can use winkfp but you need to patch the files to remove the check.

I'll make an app to do it when i have a spare weekend. Ediabaslib makes it quite easy to build a program.
 

bernardo774

New Member
Aug 15, 2022
5
1
0
Hello!
have someone the PDF with Functional Description for DCT Gen1?

Alec help me to the GWS conversion, all working fine escept one litle issue, some times when i left the gas pedal in 3.000 or 4.000 rpm, i got some delay and rpm oscilation, looks like the clutch desengage to change the next gear but have some 400-500 rpm oscilation. Just happen when i left the gas pedal. With pedal pressed, the gearbox change the gears fine.

This not occurs every time or with WOT.

In D mode and 20-30% pedal, all working fine.
M mode no problens, like the tork puntch, the tires doesnt like
 

JohnDaviz

Lieutenant
Jan 6, 2019
863
577
0
Ride
335i E92 DCT
some times when i left the gas pedal in 3.000 or 4.000 rpm, i got some delay and rpm oscilation, looks like the clutch desengage to change the next gear but have some 400-500 rpm oscilation. Just happen when i left the gas pedal. With pedal pressed, the gearbox change the gears fine.

This not occurs every time or with WOT.

I have the same thing happening sometimes. I have only a GTS tune on stock non M hardware.
 
  • Like
Reactions: bernardo774