Close |
ECU Model | Connection | OBD2 Parameters | Fault Codes | Documentation |
---|---|---|---|---|
Autodetect OBD2 | K-Line or CAN bus (14 protocols) | 194 | 2435 | Wikipedia OBD2 |
Motorbikes + ATV's + Honda Watercraft + Kohler Lawn Mowers | |||||||
ECU Model | Connection | Speed (baud) | Scanning | Flashing | Tuning | ECU Connector Pins / Diagram | More Details |
---|---|---|---|---|---|---|---|
Delphi MT05 and MT05.2 | K-Line ISO 14230 | 10.400 | 115 params | YES | YES | Delphi MT05 & MC21 Manual.pdf | |
Kohler Engines MT05 | K-Line ISO 14230 | 10.400 | 136 params | YES | YES | Delphi MT05 & MC21 Manual.pdf | |
Briggs & Stratton MT05 | K-Line ISO 14230 | 10.400 | 136 params | YES | YES | Delphi MT05 & MC21 Manual.pdf | |
Rongmao MT05 | K-Line ISO 14230 | 10.400 | 115 params | NO | NO | Delphi MT05 & MC21 Manual.pdf | See Appendix 1 |
HiSun MT05 | CAN ISO 15765 | 500.000 | 180 params | NO | NO | Delphi MT05 & MC21 Manual.pdf | See Appendix 3 |
Chinese Fake MT05 | ISO 14230 or ISO 15765 | 10.400 or 500.000 | OBD2 only | NO | NO | Delphi MT05 & MC21 Manual.pdf | See Appendix 4 |
Delphi MT05.3 | CAN ISO 15765 | 500.000 | 180 params | In future | NO | Delphi MT05 & MC21 Manual.pdf | See Appendix 2 |
Bosch MSE 3.0 | K-Line ISO 14230 | 10.400 | 41 params | NO | NO | Bosch MSE 3.0 Manual.pdf | |
Bosch MSE 6.0 K-Line | K-Line ISO 14230 | 10.400 | 70 params | NO | NO | Bosch MSE 6.0 Manual.pdf | |
Bosch MSE 6.0 CAN | CAN ISO 15765 | 500.000 | 88 params | NO | NO | Bosch MSE 6.0 Manual.pdf | |
Bosch MSE 8.0 | CAN ISO 15765 | 500.000 | 76 params | NO | NO | Bosch MSE 8.0 Manual.pdf | |
Deni E1700 | CAN Raw proprietary | 250.000 | 55 params | NO | NO | Deni EXX00 Manual.pdf | |
Honda K-Line | K-Line proprietary | 10.400 | 77 params | In future | NO | Honda Manual.pdf | |
Lifan EFI 9 Euro 4 | K-Line ISO 14230 | 10.400 | 40 params | NO | NO | Lifan EFI 9 Euro 4 Manual.pdf | |
Liteon MC21 | K-Line ISO 14230 | 9.600 | 80 params | NO | NO | Delphi MT05 & MC21 Manual.pdf | |
Motion SE08 | K-Line ISO 14230 | 10.400 | 180 params | NO | NO | Motion SE08 & DE08 Manual.pdf | |
Motion DE08 | K-Line ISO 14230 | 10.400 | 180 params | NO | NO | Motion SE08 & DE08 Manual.pdf | |
Yeson 28S-06 and 28S-16 | K-Line ISO 9141 | 10.400 | 51 params | NO | NO | Yeson 28S Manual.pdf | |
Cars + Vans | |||||||
ECU Model | Connection | Speed (baud) | Scanning | Flashing | Tuning | ECU Connector Pins / Diagram | More Details |
Bosch MSA 15 (Diesel) | K-Line KW 1281 | 9.600 | 48 params | NO | NO | ||
Bosch PSG 5 (Injection Pump) | K-Line KW 1281 | 9.600 | 10 params | In next version | NO | Bosch PSG 5 Manual.pdf | |
Not ImplementedThe vendor specific parameters of the following ECU's are not yet implemented but a manual is available.
| |||||||
ECU Model | Connection | Speed (baud) | Scanning | Flashing | Tuning | ECU Connector Pins / Diagram | More Details |
Deni E0900 | K-Line + CAN Raw | OBD2 only | NO | NO | Deni EXX00 Manual.pdf | ||
Deni E1900 | K-Line | OBD2 only | NO | NO | Deni EXX00 Manual.pdf | ||
Harley Dyna 2016 | CAN Bus | 500.000 | OBD2 only | NO | NO | Harley Dyna 2016 Manual.pdf | See Appendix 5 |
Rojo GY6-125 | ISO 15765 | 500.000 | Proprietary | NO | NO | Rojo GY6 Manual.pdf | |
FAI | J1939 | 250.000 | Proprietary | NO | NO | Fai Manual.pdf |
Show Full Size |
Show Full Size |
Show Full Size |
The older MT05 ECU is not OBD 2 compliant.
The newer Delphi MT05.2 implements a basic OBD2 support.
But OBD2 was designed to check that a vehicle complies the emission laws.
OBD2 data has a limited usefulness for the service technician.
HUD ECU Hacker can display the OBD2 data from any vehicle,
but much more useful is the vendor specific scan data.
HUD ECU Hacker displays 90 detailed scan parameters with vendor-specific information
of the Delphi MT05 which you will not find in any "universal" OBD2 scantool. |
|
|
|
|
|
Pin | Type | Usage Options |
---|---|---|
J1-2 | Output | ECP valve or Start motor disable relay or AC cooling fan relay or Head light relay or Second air injection valve |
J1-3 | Output | MIL Lamp or Misfire generation status of cylinder 1 |
J1-4 | Output | O2 heater B or AC cooling fan relay or Head light relay or Second air injection valve |
J1-5 | Input | O2 Sensor B or Analog input 1 |
J1-6 | Output | Tacho (RPM) or Toggle signal when MAP is read or Output of TPS duty cycle signal to second ECU (4 cylinder engines) |
J1-14 | Input | Rollover Sensor Input or Power adding switch input |
J1-15 | Input | O2 Sensor B or Analog input 2 or Input for TPS duty cycle signal from first ECU (4 cylinder engines) |
J1-16 | Input | Reset EEprom by short to ground or Idle RPM adjust or Differential lock |
J1-18 | Input | Clutch/Neutral switch or Reverse gear switch |
J2-3 | Output | K-Line communication or Head light relay or Second air injection valve |
J2-6 | Output | Injector B or Second air injection valve or Cooling fan relay |
J2-12 | Input | TPS sensor input or MAP sensor only system |
K-Line / VAG KKL Adapter | J2534 Adapter | ELM327 / OBDLink Adapter | |
---|---|---|---|
Connection | Only K-Line | K-Line + CAN bus | K-Line + CAN bus |
Advantage | As there is no intelligence in the adapter even the counterfeit are working perfectly. You can also make your own cheap DIY adapter with 2 transitors. | Professional adapters for scanning and flashing. They are technically the best choice. | Hobbyist adapters. Bluetooth and WIFI versions available. There is no advantage over J2534 adapters. |
Disadvantage | No support for CAN bus.
Cannot measure battery voltage. Timing depends on computer speed. |
The genuine are expensive but chinese clones exist which do work. | Misdesigned (see below)
ECU Emulator and CAN Raw protocol do not work. All ELM327 adapters in internet are fake, except genuine OBDLink, ScanTool. |
Summary | OK (limited use) | recommended | deprecated |
Price Genuine | $5 USD | $180 ... $500 USD | OBDLink: $40 USD |
Price Counterfeit | $5 USD Do NOT buy Ross-Tech |
Chinese Clone: $20 USD is OK Do NOT buy Mini-VCI fake |
$10 USD Do NOT buy cheap fake! |
Here you see the order of most recommended to least recommended adapters:
|
HUD ECU Hacker Function |
K-Line + BMW Adapters |
J2534 Adapter |
OBDLink Adapter |
Fake Elm327 Adapter |
UsbCAN Adapter |
VAG K+CAN Adapter |
|
---|---|---|---|---|---|---|---|
Parameter Scanning |
K-Line ISO 9141 K-Line ISO 14230 |
||||||
CAN ISO 15765 | |||||||
CAN Raw | |||||||
Data Slewing |
K-Line ISO 9141 K-Line ISO 14230 |
||||||
CAN ISO 15765 | |||||||
CAN Raw | |||||||
Sniffing | K-Line ISO 9141 K-Line ISO 14230 |
||||||
CAN ISO 15765 | |||||||
CAN J1939 | |||||||
CAN Raw | |||||||
Flashing MT05 / MT05.2 |
K-Line ISO 14230 | ECU Emulator |
K-Line Fast Init | ||||
K-Line 5-Baud Init | |||||||
CAN ISO 15765 | |||||||
CAN Raw | |||||||
Proprietary Protocols |
K-Line Honda | ||||||
K-Line KW 1281 | |||||||
Can measure battery voltage |
VAG K+CAN adapters support only CAN buses with 100 kBaud and 500 kBaud. |
|
|
Show Full Size |
|
|
|
Show Full Size |
|
|
|
This cheap USB adapter has a FTDI chip and works perfectly as K-Line adapter.
Additionally it has a PIC18F25K80 microprocessor that can communicate with CAN bus.
But how to activate CAN mode and what commands to send to the adapter is completely undocumented.
There is only one software that can use this adapter over CAN bus: VAG-K+CAN Commander.
The Chinese sell a clone of the original VAG adapter with a cracked version of the VAG software on a CD.
I had to do a complex reverse engineering to find out how to configure this adapter for CAN bus.
ATTENTION:
The original adapter was developed by VAG for Volkswagen and Audi cars.
These use 500 kBaud for the Drive train CAN bus and 100 kBaud for the Convenience and Infotainment CAN bus.
While this adapter works on K-Line with any baudrate, for CAN bus only 100 and 500 kBaud are implemented.
If you need CAN bus, it is recommended to buy a J2534 adapter instead which supports a wide range of baudrates.
However, many CAN bus ECU's use 500 kBaud, so this adapter may be useful for the majority of CAN bus ECU's.
|
|
This cheap USB adapter has a FTDI chip and works perfectly as K-Line adapter.
Additionally it has an ATMEGA162 microprocessor that can communicate with the DCAN bus from BMW.
The adapter has a switch that connects pin 7 (K-Line) with pin 8 which is normally unused. Only older BMW cars use pin 8.
The Chinese sell a clone of the original BMW adapter with a cracked version of the BMW software INPA on a CD.
ATTENTION:
The original adapter was developed by BMW specifically for their cars.
The CAN bus functionality is only useful for BMW: It supports only 100 kBaud and 500 kBaud.
It listens only on the 11 bit CAN ID's 130 and 600 ... 6FF and supports only ISO 15765 protocol with extended addressing.
All this configuration is hard coded in the firmware of the adapter and cannot be changed.
Additionally the adapter has a higher power consumption than other adapters. It becomes warm.
Do not buy this adapter. If you already have one, it is only useful for K-Line. The position of the switch is irrelevant.
|
|
|
|
|
|
Here you see a Chinese clone of a Tactrix adapter that is significantly cheaper than the original.
These clones are an identical copy of the original hardware and they work perfectly.
If you see "1234" below the barcode you have a Chinese counterfeit adapter.
The genuine Tactrix shows the unique serial number below the barcode which are 8 letters.
The only problem is that the label says:
"Reinstall computer system if original software installed before."
"Use our software only or the device will be damaged!!!"
Nothing will be damaged when you use this adapter with HUD ECU Hacker.
Use the toolbar button Install USB Driver in HUD ECU Hacker and install the original Tactrix driver.
This label says that you must NOT use the EcuFlash software from Tactrix to upload a new firmware to the adapter.
The Chinese use their own firmware. But there is no need to update the firmware in the adapter.
By the way: The latest firmware is from 2016.
|
ELM327 adapters are a misdesign. They are also significantly slower than the other adapters.
They have too many commands which makes programming complicated.
Instead of leaving the intelligence in the controlling software (as J2534 adapters do) all the intelligence is in the chip.
The chip must be configured with hundreds of commands.
Instead of transmitting binary data directly (as J2534 adapters do), they use ASCII strings, which is simply a bad design.
ISO 15765 data is passed by the adapter with missing CAN ID or must be parsed in the controlling software (STUPID design!)
Instead of using internally an USB capable processor (as J2534 adapters do) they convert USB first to RS232 which is slower
and the COM port must be configured with the correct baudrate, while J2534 adapters neither need COM ports nor baudrates. If you have very fast CAN bus traffic the ELM327 loses packets because the internal serial connection is too slow.
Another issue is that the ELM327 can store configuration in non-volatile memory resulting in not predetermined behaviour.
None of the ELM327 adapters (not even the genuine) supports the CAN Raw protocol.
The internal buffer in the adapter is too small for high speed CAN bus traffic. You will get BUFFER FULL errors.
So, if you already have a ELM327 or OBDLink adapter study the Trace pane to see how many errors you get.
But if you don't have an adapter yet, do not buy it. See summary above.
|
|
|
|
|
Do not use the drivers from a CD or from Windows Update.
I have implemented the driver installation into the toolbar at the top of HUD ECU Hacker.
Install the Prolific driver version 3.3 from 2008 which also works on Windows 8 and 10.
|
|
|
Show Full Size |
Show Full Size |
Command (from PC): | 04 61 ( 08 02 ) 03 |
Response (from ECU): | 05 62 ( FB 55 01 ) 03 |
Command | Response | ||||||
---|---|---|---|---|---|---|---|
Header 1 | 04 | Packet Length | Header 1 | 05 | Packet Length | ||
FB | Inverted: FB = 04 XOR FF | FA | Inverted: FA = 05 XOR FF | ||||
Header 2 | 61 | Counter | Header 2 | 62 | Counter + 1 | ||
9E | Inverted: 9E = 61 XOR FF | 9D | Inverted: 9D = 62 XOR FF | ||||
Payload 1 | 08 | Command Read ADC Channel | Payload 1 | FB | Response Read ADC Channel | ||
F7 | Inverted: F7 = 08 XOR FF | 04 | Inverted: 04 = FB XOR FF | ||||
Payload 2 | 02 | Channel no. 2 | Payload 2 | 55 | ADC Value High Byte | ||
FD | Inverted: FD = 02 XOR FF | AA | Inverted: AA = 55 XOR FF | ||||
ETX | 03 | End of Transfer | Payload 3 | 01 | ADC Value Low Byte | ||
FE | Inverted: FE = 01 XOR FF | ||||||
ETX | 03 | End of Transfer |
Show Full Size |
5-Baud Initialization | |||
---|---|---|---|
Sender | Data | Baudrate | Meaning |
Tester | 0x33 | 5 Baud | Address |
ECU | 0x55 | 10400 Baud | Synchronization |
ECU | 0x08 (0x94) | 10400 Baud | Keyword 1 |
ECU | 0x08 (0x94) | 10400 Baud | Keyword 2 |
Tester | 0xF7 (0x6B) | 10400 Baud | Keyword 2 (inverted: F7 = 08 XOR FF) |
ECU | 0xCC | 10400 Baud | Address (inverted: CC = 33 XOR FF) |
Tester | Packet | 10400 Baud | First Command |
Command (from PC): | 68 6A F1 ( 01 00 ) C4 |
Response (from ECU): | 48 6B 11 ( 41 00 BE 36 B0 03 ) A9 |
OBD2 Command '01 00' | Response (1...7 data bytes) | ||||
---|---|---|---|---|---|
Header 1 | 68 | Fix value | Header 1 | 48 | Fix value |
Header 2 | 6A | Fix value | Header 2 | 6B | Fix value |
Header 3 | F1 | Source address (Tester) | Header 3 | 11 | Source address (ECU) |
Payload 1 | 01 | OBD2 Service 1 | Payload 1 | 41 | Service confirmation = 01 + 40 |
Payload 2 | 00 | PID 0 | Payload 2 | 00 | PID confirmation |
Checksum | C4 | 68+6A+F1+01+00 = C4 | Payload 3 | BE | 8 Bits encoding supported PID's |
Payload 4 | 36 | 8 Bits encoding supported PID's | |||
Payload 5 | B0 | 8 Bits encoding supported PID's | |||
Payload 6 | 03 | 8 Bits encoding supported PID's | |||
Checksum | A9 | 48+6B+11+41+00+BE+36+B0+03 = A9 |
|
|
Command (from PC): | 81 11 F1 ( 81 ) 04 |
Response (from ECU): | 83 F1 11 ( C1 EF 8F ) C4 |
Command 'Start Communication' | Response Short (1...63 data bytes) | ||||
---|---|---|---|---|---|
Header 1 | 81 | 80 + length of data (1 byte) | Header 1 | 83 | 80 + length of data (3 bytes) |
Header 2 | 11 | Destination address (ECU) | Header 2 | F1 | Destination address (tester) |
Header 3 | F1 | Source address (tester) | Header 3 | 11 | Source address (ECU) |
Payload 1 | 81 | Service 'Start Communication' | Payload 1 | C1 | Service confirmation = 81 + 40 |
Checksum | 04 | 81+11+F1+81 = 04 | Payload 2 | EF | Key byte 1 (bit flags) |
Payload 3 | 8F | Key byte 2 (always 0x8F) | |||
Checksum | C4 | 83+F1+11+C1+EF+8F = C4 |
Command 'Read Data' | Response Long (64...255 data bytes) | ||||
---|---|---|---|---|---|
Header 1 | 82 | 80 + length of data (2 byte) | Header 1 | 80 | Extra length byte follows |
Header 2 | 11 | Destination address (ECU) | Header 2 | F1 | Destination address (tester) |
Header 3 | F1 | Source address (tester) | Header 3 | 11 | Source address (ECU) |
Payload 1 | 21 | Service 'Read Data' | Header 4 | 66 | Length of data (102 byte) |
Payload 2 | 01 | Subfunction 1 | Payload 1 | 61 | Service confirmation = 21 + 40 |
Checksum | A6 | 82+11+F1+21+01 = A6 | Payload 2 | 01 | Subfunction confirmation = 01 |
Payload 3 | ... | Parameter raw data byte 1 | |||
Payload 102 | ... | Parameter raw data byte 100 | |||
Checksum | ... | 80+F1+11+66+61+01+... |
Command (from PC): | 81 11 F1 ( 3E ) C1 |
Response (from ECU): | 81 F1 11 ( 7E ) 01 |
Command (from PC): | 72 05 ( 00 F0 ) 99 |
Response (from ECU): | 02 04 ( 00 ) FA |
Command 'Initialize' | Response | ||||
---|---|---|---|---|---|
Header 1 | 72 | Command | Header 1 | 02 | Command AND 0x0F |
Header 2 | 05 | Byte count in this packet | Header 2 | 04 | Byte count in this packet |
Payload 1 | 00 | Parameter byte 1 | Payload 1 | 00 | Response byte 1 |
Payload 2 | F0 | Parameter byte 2 | Checksum | FA | 02+04+00+FA = 00 |
Checksum | 99 | 72+05+00+F0+99 = 00 |
|
|
|
|
104: 5D C4 C4 82 00 7F 34 03
105: 00 00 20 00 00 98 4B 76
106: 00 00 00 00 00 00 00 B4
107: 90 80 E8 03 10 27 01 29
108: 00 F0 64 00 00 00 64 00
109: 7F 02 00 00 7F 03 00 00
110: 00 00 00 00 00 00 00 00
111: 64 00 64 00 00 00 00 00
|
-------- Command -----------
(Tx) 7E0: 22 F1 95
(Tx) 7E0: 03 22 F1 95 00 00 00 00 (SF: Len= 3)
-------- Response ----------
(Rx) 7E8: 10 11 62 F1 95 53 45 30 (FF: Len= 17)
(Tx) 7E0: 30 00 00 00 00 00 00 00 (FC: Continue)
(Rx) 7E8: 21 35 50 33 53 31 56 31 (CF: Seq= 1)
(Rx) 7E8: 22 31 38 30 37 00 00 00 (CF: Seq= 2)
(Rx) 7E8: 62 F1 95 53 45 30 35 50 33 53 31 56 31 31 38 30 37
| ||
Show Full Size |
D100 : Air Suspension Control 6
DC00 : Anti-theft Status
F00B : Electronic Steering Control
F017 : Engine Knock Level #1
F032 : Linear Displacement Sensor
F07B : Power Converter 2 Limits Active Power
FC92 : Air Fuel Ratio
FD71 : Brake actuator stroke status
FD7C : Diesel Particulate Filter Control 1
FDD3 : Turbocharger Information 6
FE4E : Door Control 1
FE71 : Laser Tracer Position
FEAF : Fuel Consumption (Gaseous)
FEE1 : Retarder Configuration
FEF4 : Tire Condition Message 1
|
RespFilter
and RespMask
in the parameter XML file.RespID
instead.
Example 1 | Example 2 | Example 3 | |
---|---|---|---|
Field 'Response ID' | 7E8 = 111 1110 1000 | 7EX = 111 1110 XXXX | empty |
Field 'Response Filter' | 7E8 = 111 1110 1000 | 7E0 = 111 1110 0000 | 7E8 = 111 1110 1000 |
Field 'Response Mask' | 7FF = 111 1111 1111 | 7F0 = 111 1111 0000 | 7FC = 111 1111 1100 |
Received ID's
that match the
filter and mask
|
7E8 = 111 1110 1000 only 1 ID matches |
7E0 = 111 1110 0000
7E1 = 111 1110 0001
7E2 = 111 1110 0010
7E3 = 111 1110 0011
7E4 = 111 1110 0100
7E5 = 111 1110 0101
7E6 = 111 1110 0110
7E7 = 111 1110 0111
7E8 = 111 1110 1000
7E9 = 111 1110 1001
7EA = 111 1110 1010
7EB = 111 1110 1011
7EC = 111 1110 1100
7ED = 111 1110 1101
7EE = 111 1110 1110
7EF = 111 1110 1111
16 ID's match
|
7E8 = 111 1110 1000
7E9 = 111 1110 1001
7EA = 111 1110 1010
7EB = 111 1110 1011
4 ID's match
|
|
|
Show Full Size |
HUD ECU Hacker allows you to scan several ECU's and tune the MT05 without asking for a license fee.
And HUD ECU Hacker will never show you any advertising.
HUD ECU Hacker is the result of 4 years of full-time programming!
There is absolutely no documentation about the internals of the MT05.
Every detail you see in HUD ECU Hacker has required a very time consuming reverse engineering.
However, scanning and MT05 tuning is charityware: the author does not earn money with it.
But if this program has helped you saving money by not needing expensive commercial software
or an expensive scan tool you are asked to give a donation to a non-profit organization of your choice. Like for example Shanti Bavan, a project which gives education for free to the poorest of the poor in India.
There is an excellent documentary about this very special residential school on Netflix: Daugthers of Destiny
|
Show Full Size |
|
|
|
|
Show Full Size |
Show Full Size |
Show Full Size |
Show Full Size |
The modified slew values are not stored in the non-volatile memory of the ECU.
However this feature is for experts only. Wrong values can produce knocking or stall the motor.
I saw that the ECU does not go to sleep mode after changing some of the values.
Do not forget to click 'Reset all presets in ECU' when you are finished with your testing.
|
Show Full Size |
Show Full Size |
<Xml Version="1" EcuModel="Delphi MT05.2" MacroFile="Flashing.cs" >
Show Full Size |
Macro Function | Sniff Terminal |
CAN Raw Terminal |
ISO 15765 Terminal |
RS232 Terminal |
Injection Window |
ECU Emulator |
---|---|---|---|---|---|---|
void SendPacket(Packet TxPack) Sends a CAN Raw packet. |
YES | Only for CAN Raw |
||||
Packet ReceivePacket(int Timeout, bool Throw) Receives a CAN Raw packet. |
YES | Only for CAN Raw |
||||
byte[] SendCommand(int Timeout, params byte[] Payload) Sends a command to the ECU and receives the response. |
YES | All except CAN Raw |
||||
byte[] SendBusInit(byte[] InitCommand) Sends a K-Line bus init and then the InitCommand. |
Only K-Line |
|||||
void Disconnect() Disconnects (stop scanning) when the macro has finished. |
YES | |||||
void OpenCanRaw(int Baudrate, bool b29bit, int CmdID,
Opens a new CAN Raw connection. |
YES | |||||
void IdlePolling(int MinInterval) Polls the parameters in the Parameter XML file. (Refresh Dashboard) |
YES | |||||
string GetParameter(string UID) Gets the value of a scan parameter as displayed in the dashboard. |
YES | |||||
void RefreshParams(params string[] UIDs) Refreshes ReadOnce scan parameter values in the dashboard. |
YES | |||||
void WritePort(params byte[] Data) Writes bytes to the RS232 port. |
YES | |||||
byte[] ReadPort(int ByteCount, int Timeout, bool Throw) Reads bytes from the RS232 port. |
YES | |||||
void ClearPortRx() Clears the receive buffer of the RS232 port. |
YES | |||||
Packet[] OnPacketReceived(Packet RxPack) Generates the ECU reponse(s) for an ECU command that is not defined in the Emulator XML file. |
YES | |||||
Packet[] GetEmuXmlResponse(string CmdID) Returns the response(s) for CmdID from the Emulator XML file. |
YES | |||||
void OnSniffData(Packet RxPack) Is called when a packet has been sniffed. |
YES | |||||
void ChangeKLineBaudrate(int Baudrate) Changes the baudrate for K-Line. |
YES | YES | YES | |||
bool UserAborted() Returns true when the user wants to abort the maro. |
YES | YES | YES | YES | YES | |
void PrintTrace(string Text) Prints a text to the Trace pane. |
YES | YES | YES | YES | YES | YES |
void Sleep(int Interval) Pauses the marco with a precision of 1 millisecond. If you don't need this precision use Thread.Sleep() instead. |
YES | YES | YES | YES | ||
DialogResult MessageBox(String Message, Shows a messagebox that blocks the macro until a button is clicked. |
YES | YES | YES | YES | ||
Macro Function | Sniff Terminal |
CAN Raw Terminal |
ISO 15765 Terminal |
RS232 Terminal |
Injection Window |
ECU Emulator |
byte[]
arrays.string Hex = ByteArray.ToHex(int First, int Count)
string Text = ByteArray.ToAscii(int First, int Count)
byte[] New = ByteArray.Extract(int First, int Count)
byte[] New = ByteArray.Append(byte[] Data, int First, int Count)
byte[] New = ByteArray.ReplaceAt(int Pos, byte[] Replace)
bool ByteArray.Matches(params byte[] Data)
bool ByteArray.StartsWith(params byte[] Data)
int ByteArray.Find(int Start, params byte[] Pattern)
int ByteArray.DiffBytes(params byte[] Data)
void ByteArray.Fill(byte Value)
Example:
byte[] MyTest = new byte[] { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 };
string StrHex = MyTest.ToHex(2, 3); // here StrHex is "33 44 55"
|
Processor | Delphi MT05 | Delphi MT05.2 | ||
---|---|---|---|---|
Model | SAK-XC164CM-16F40F | SAK-XC164CS-32F40BB | ||
Flash Memory | 128 kB | 256 kB | ||
RAM | 8 kB | 12 kB | ||
Clock | 32 MHz | 32 MHz | ||
Flash Memory | Delphi MT05 | Delphi MT05.2 | ||
Bootloader | 000000 - 003FFF | 16 kB | 000000 - 003FFF | 16 kB |
Configuration Data | 004000 - 004FFF | 4 kB | 004000 - 004FFF | 4 kB |
Calibration Tables | 005000 - 007FFF | 12 kB | 005000 - 00AFFF | 24 kB |
Firmware | 008000 - 01FFFF | 96 kB | 00B000 - 03FFFF | 212 kB |
Before flashing for the first time store your original flash file in a secure place!
If flashing of only the calibration tables goes wrong your ECU may still communicate over K-Line.
But if flashing the firmware area goes wrong your ECU will probably be bricked.
|
Download the flash memory of your ECU into a BIN file, go to the tab "Tuning", select your file and HUD ECU Hacker will auto-detect all calibrations.
With the charityware HUD ECU Hacker you save a lot of money by not having to buy commercial software.
Flash download, checksum correction and flash upload of the MT05 can also be done with HUD ECU Hacker.
Please do not forget to give a donation for using HUD ECU Hacker.
|
|
|
|
|
|
|
|
|
|
|
Show Full Size |
|
|
|
|
|
|
|
Position 0 | Position 255 |
---|---|
|
|
Show Full Size |
Show Full Size |
Zurück zur Startseite | |
Back to start page |