Here we’re trying to downgrade CAS3+ ISTAP. Because it’s encrypted since ISTAP upgrade and it doesn’t allow VVDI BIMTool or any software to write a key to it.
What we want to do is:
Write back the original FLASH data that was doing a key before.
Try to crank CAS3+ module by BIMTool and bench test platform.
So, first we write the original FLASH into CAS3 by VVDI Prog Programmer.
Set up bench test platform:
Connect the cable to all hardware (BIMTool, JBE, CAS3, key slot, switch…)
Notice the PIN on JBE module.
Insert the key and light on the cluster.
We see there is a steering lock but we can bring up the mileage. (The temper dot comes from the mismatch of the kilometer between CAS and cluster)
We hook up BIMTool.
Turn to “CAS key learn” page and connect.
Click on “Get Key Info” and “Add key”.
If it’s encrypted, here it’ll prompt.
But, it asks if we’re going to update firmware, which means FLASH writing by VVDI Prog worked.
Now disconnect PC from the Internet.
Press “No” to update firmware.
Then press “Yes” to flash CAS firmware.
Follow the instruction and it gives us key info.
Finally we manage to crack and downgrade CAS3+ ISTAP on bench.
Try if it can give us ISN.
Exchange ECU/CAS>>CAS – CAS3+ OBDII>>Read ECU ISN
Try it via EEPROM dump file that we got from VVDI Prog, and a working key.
More functions to be explored!