ECU Tuning Protection and Chiptuning
On Bosch EDC17 and MED17 ECUs
What is this “tuning protection” many companies are talking about. Here’s a brief explanation of it. “Tuning Protection” for the Infineon TriCore TC-series processors (Bosch MED17/EDC17) On the CR TDI and 1.8/2.0 Turbo Petrol engines with the latest Bosch ECU generation (MED17 for the petrols, EDC17 for the diesels, I’ll just refer them to MEDC17 from now on…),
Bosch has implemented some new security measures to protect against aftermarket reprogramming of the engine control unit calibration data. Bosch originally started to use various checksums in the late 80′s to verify the data integrity of the engine control unit memory content. Originally this was just a simple additive checksum, where you count the sum of all bytes in the file, and store the value in one place. Later on, it was also used to protect the data from unauthorised modifications.
For example, ME7.5 ECU (1.8 Turbo) contains about 70 different checksum blocks, and the result values are filtered through various functions to have a secure method of verifying data integrity. At around the same time, Bosch started using access control on the outside ECU reprogramming (that is what we call the OBD flashing nowadays). It’s usually a normal challenge-response scheme with a seed-key algorithm. Of course, the chiptuning industry kept on and solved these functions to have methods of correcting the checksums, and to have OBD programming capability of these ECUs. About 7-8 years ago, Bosch started using RSA signatures to control the ECU contents. Early on, just a 256bit RSA, then 512bit RSA, and nowadays, on these new ECUs, its a hash from a 1024Bit RSA signature. Something thats virtually un-crackable with traditional brute force methods. Since these keys are yet to be solved, tuners have had to find other ways of programming the ECUs.
When the MEDC17 ECU family was released, a backdoor was found in the programming algorithm. Originally this hash was checked only after certain conditions were met. If they are not met, it was not checked. So the programming method made sure that was the case every time they programmed the ECU. This “Tuning Protection”, as it is commonly called, just means that this backdoor has been sealed, and the ECU always checks the hash validity after every OBD programming attempt. If this is not valid, it sets a flag in the memory that prevents the car from starting. Our tools can detect this function just by reading the ECU via OBD. Many others, including some big brand names, have problems with cars not starting after writing. That is why, for now, on these protected ECU’s, we need to open the ECU to use a processor function built in the TC17xx-series processors, which allows to boot and reset the ECU at any given moment from pins on the motherboard. This way the ECU does not detect it as being an OBD programming attempt, and skips the hash validity check. At this time, there are no tuning companies who can bypass this security check and if an ECU has “Tuning Protection” then it will need to be programmed by taking the ECU out and opening it. Some call it “bench flash”, some say they “install a probe”, but this is how it is done by ALL tuners who are offering remaps on “protected” MEDC17 ECUs.
Now it is nearly impossible for Remap-tuners to identify the algorithm of ECU data, it is assumed that from now on, there will only be performance tuning with Add-on ECU tunings. In this respect, this trend of ECU chiptuning will continue and thus the chiptuning technologies will develop as chiptuning companies compete each other. Swisschip will make a constant effort to remain as the leader of the chiptuning industry.
As the chiptuning industry grows, more and more customers will tend to be attracted towards unqualified low-quality/low-price chiptuning products, and this will result in both small and large issues in their vehicles, making the ECUs harder to go back to original status, even after removing the chiptuning boxes. Again, we strongly recommend you to use the chiptuning products that are qualified in both hardware-wise and software-wise even if it isn’t the Swisschip, to give you and your vehicle an improved performance, together with safety.