# 2010+ ECU tuning clarification



## 2ptslo (Jul 16, 2003)

I'm sure this has been discussed but I am having a hard time finding a more clear answer. What is so different with a 2010+ ECU that is preventing our 2.5L to be directly programmed? I see that 2.0T can be easily done and same with Golf R but somehow ours are on lockdown.

I was talking to Unitedmotorsport and they said it could be YEARS  before a direct flash is available!!! please say it isn't so!!! 

someone clue me in as to why this is so much more difficult than all of the other models.


----------



## madbikes (Dec 30, 2010)

It's because the port-flash loophole is closed on the 2010+ ECU. Bench flash is required, meaning you need to remove the ECU, crack it open and bench flash it once, then you're golden.


----------



## 2ptslo (Jul 16, 2003)

madbikes said:


> It's because the port-flash loophole is closed on the 2010+ ECU. Bench flash is required, meaning you need to remove the ECU, crack it open and bench flash it once, then you're golden.


since the port-flash-loophole is closed, how does the dealer do their port ECU updates?

BTW thank you for the respone :beer:


----------



## nothing-leaves-stock (Mar 1, 2005)

differnt set up for dealer...doing differnt things and its VW, oem computers etc. as of now, bench flash and opening the ecu is the only way so far for 10+, APR, UM, C2 etc....as far as i know.


----------



## 2ptslo (Jul 16, 2003)

nothing-leaves-stock said:


> differnt set up for dealer...doing differnt things and its VW, oem computers etc. as of now, bench flash and opening the ecu is the only way so far for 10+, APR, UM, C2 etc....as far as i know.


If I am understanding this right, it is possible if VW does it, it's a matter of understanding their new security better and cracking it. 

maybe someone can ease my mind about this but i don't feel very comfortable with anyone besides the dealer touching my ECU. Besides personal discomfort, is there any legitimate reason i should be so overly cautious?


----------



## DirtyCandy (Nov 23, 2010)

2ptslo said:


> If I am understanding this right, it is possible if VW does it, it's a matter of understanding their new security better and cracking it.
> 
> maybe someone can ease my mind about this but i don't feel very comfortable with anyone besides the dealer touching my ECU. Besides personal discomfort, is there any legitimate reason i should be so overly cautious?


You see all these 2.0T getting tuned and what not, well they are going thru the same thing, bench flash and opening up the ecu.. the big difference is that for 2.5l only unitronic has a tune available and for the 2.0T pretty much everyone has it because that's where the bigger profit is for them since most people buy the gti.

PS: Be sure to do a search on the shop before bringing over to them, as around on local forums and what not. Go unitronic btw! I love my tune and you'd be surprised what your car can do with the stage2+ they offer. although once C2 or UM releases theirs I want to get one of their turbo kits and go with their tune as well.


----------



## AnotherA2VR6 (Jun 20, 2002)

2ptslo said:


> If I am understanding this right, it is possible if VW does it, it's a matter of understanding their new security better and cracking it.


It's not a matter of understanding or a lack of effort. These files are protected by a digital signature, which ensures the software calibration has been created and signed by a trusted publisher, VW. Earlier versions of ECU software, (09 Rabbit, etc.), contained a flaw in the validation of this digital signature. This made it possible for the aftermarket to create custom software and calibrations and then insert a specialy crafted digital signature that would essential fool the ECU into thinking the file came from a trusted publisher. This software vulnerability was then fixed, (2010+ Rabbit, etc.), closing the door on this port flash workaround. The VW dealer port flashes only files signed with the private VW key. Even if a specific VW dealer had the will or ability to port flash an aftermarket file using the factory tool, they would be unable to since the file was not signed by VW. Note that the digital signature is generated when the software calibration is created/released and not at the time of the flash by the dealer.

VW does not want to give out it's private key used to sign these files as it then has no way to ensure only approved software runs on the ECUs installed in it's vehicles, (think warranty claims, bad press related to malfunctioning vehicles, etc.). Without this private key it is impossible to sign a file that will pass the signature check by the ECU during flashing. Also "Cracking" this key is not feasible, at least with publicly available computing hardware. The only way to get this private key would be for it to be leaked, which to my knowledge has not happened.

So in order to install software on these ECUs, the aftermarket companies must open the ECU and flash their modified software using a lower level method that bypasses the digital signature check that takes place during a port flash.



2ptslo said:


> maybe someone can ease my mind about this but i don't feel very comfortable with anyone besides the dealer touching my ECU. Besides personal discomfort, is there any legitimate reason i should be so overly cautious?


Anytime the ECU is opened there is a risk of damaging the electronics, but any reputable company should cover replacement costs it they damage the ECU. Back in the days before port flashing, the ECUs had to be opened to install a chip. Sometimes the chip install involved de-soldering the old chip and soldering a new one in. The bench flash process on the newer ECUs is no where near as intrusive or risky as de-soldering/soldering a chip.

So these are the facts. My advice, just talk to the company/installer before you do decide to go with aftermarket software, and if you're not comfortable with the process, that's your personal decision.


----------



## 2ptslo (Jul 16, 2003)

WOW EXACTLY the response I was looking for, thank you for taking time to do so.:beer:

I wish there was a reputable software producing company in AZ that I could drive to and just get it done!! Aside from custom software from a local tuning shop I'm stuck 

What exactly is being done when they open up the ECU? If they no longer physically remove the chip (unsolder it) reflash it and then resolder it back in, what exactly is that process?

Do the companies have a method of testing the ECUs before sending out?

I miss the MKIII days where you can pop the chip out and pop a new one in and DONE haha


----------



## AnotherA2VR6 (Jun 20, 2002)

2ptslo said:


> What exactly is being done when they open up the ECU? If they no longer physically remove the chip (unsolder it) reflash it and then resolder it back in, what exactly is that process?


The microprocessor contains on-board flash memory that is used to store the software. The ECU is opened and either the external ECU connector or the manufacturing programming pads are used to connect power and communications to the bench programming hardware. A probe is then connected from the bench programmer to a single pin/pad coming from the microprocessor. Now the process of reading/writing the flash memory of the microprocessor can take place.



2ptslo said:


> Do the companies have a method of testing the ECUs before sending out?


The ability is there to test that the ECU boots correctly back into the normal program once closed back up. But if that is done is dependent on the specific company's install procedure or the strictness that the installer follows that procedure.


----------



## jettaglx91 (Jul 27, 2004)

"AnotherA2VR6" is pretty much correct. His explanation is spot on except its Bosch(and Siemens) not VW keeping the "key" private. Siemens does the same but even more so on some of the other ecu's such as the B8 S4 has like a dozen points that need grounded to enable write mode. 

All 2010+ cars(including some 2009 A4's that have received an ecu update) need to have the ecu pulled and have that done. I've personally done it on hundreds of ecu's, and if done carefully and correctly it poses no reliability issue and is virtually undetectable by the dealer. The only exception is the TTS and Golf R as they are still FSI and ecu is basically the same as the mk5 cars. 

In relation to the 2.5 for MK6, United Motorsport also now has a tune available


----------



## jettaglx91 (Jul 27, 2004)

DirtyCandy said:


> once UM releases theirs I want to get one of their turbo kits and go with their tune as well.


its been available for a couple months now


----------



## 2ptslo (Jul 16, 2003)

jettaglx91 said:


> "AnotherA2VR6" is pretty much correct. His explanation is spot on except its Bosch(and Siemens) not VW keeping the "key" private. Siemens does the same but even more so on some of the other ecu's such as the B8 S4 has like a dozen points that need grounded to enable write mode.
> 
> All 2010+ cars(including some 2009 A4's that have received an ecu update) need to have the ecu pulled and have that done. I've personally done it on hundreds of ecu's, and if done carefully and correctly it poses no reliability issue and is virtually undetectable by the dealer. The only exception is the TTS and Golf R as they are still FSI and ecu is basically the same as the mk5 cars.
> 
> In relation to the 2.5 for MK6, United Motorsport also now has a tune available



thank you for further input. I am glad this thread went in the exact direction I was looking for. I'm tired of threads going places no one intended them to go and thus being anther wasted page on the forum.

I would LOVE to get United Motorport tune. I think what I will have to do, considering my over-cautiousness, is buy another ECU (from a wrecked 2010+ of course) and send that in. 

In 2010+ cars, do we have issues with matching ECU to the car or it should work as long as it's 2010+?


----------



## jettaglx91 (Jul 27, 2004)

2ptslo said:


> thank you for further input. I am glad this thread went in the exact direction I was looking for. I'm tired of threads going places no one intended them to go and thus being anther wasted page on the forum.
> 
> I would LOVE to get United Motorport tune. I think what I will have to do, considering my over-cautiousness, is buy another ECU (from a wrecked 2010+ of course) and send that in.
> 
> In 2010+ cars, do we have issues with matching ECU to the car or it should work as long as it's 2010+?


you are gonna want to match the exact part number. however there is still a catch. Im not sure if the immobilizer can be defeated yet on those ecu's, which means if you get another ecu you may have to go to the dealer, get them to match it to the car, then send it out to be chipped. This will cost quite a bit of money and would be much easier to simply find a ride for a couple days and ship your original ecu out.


----------



## Jefnes3 (Aug 17, 2001)

Yep. immo defeat required for spare ecu. So far this is not a big deal.

-Jeffrey Atwood


----------



## madbikes (Dec 30, 2010)

jettaglx91 said:


> its been available for a couple months now


Not for anything after 2010 yet. I can tell you any day that the rev hang in the 2012 is worst than a Civic Si. Most of the people I met local to me are blaming it on the tune, but will definitely ask the service guys as I need to make an appointment for my check-up (past due)


----------



## 637395 (Sep 15, 2011)

The MKVI Jetta is being worked on by Unitronic Chipped as we speak. They -do- already have software out for the MKVI Golf 2.5L.

They will be issuing an OBDII platform within the next month or so (allegedly).

Source: My sales guy at USRT (Usually Sideways Rally Team).

:thumbup:


----------



## thygreyt (Jun 7, 2009)

SimpleStaple said:


> The MKVI Jetta is being worked on by Unitronic Chipped as we speak. They -do- already have software out for the MKVI Golf 2.5L.
> 
> They will be issuing an OBDII platform within the next month or so (allegedly).
> 
> ...


sales guy by any chance is justin?


----------



## 637395 (Sep 15, 2011)

thygreyt said:


> sales guy by any chance is justin?


Hahahah yep - he is my boy! He lives right over the bridge in Jersey. We take bubble baths together.


----------



## jettaglx91 (Jul 27, 2004)

madbikes said:


> Not for anything after 2010 yet.


I would check with UM, if it's not already done I bet he can make it


----------



## 2ptslo (Jul 16, 2003)

SimpleStaple said:


> The MKVI Jetta is being worked on by Unitronic Chipped as we speak. They -do- already have software out for the MKVI Golf 2.5L.
> 
> They will be issuing an OBDII platform within the next month or so (allegedly).
> 
> ...


What exactly do you mean by OBDII platform? Do you mean flashing through the port without the need to take out the ECU?


----------



## 637395 (Sep 15, 2011)

2ptslo said:


> What exactly do you mean by OBDII platform? Do you mean flashing through the port without the need to take out the ECU?


Yessir.

•|Sent via Tapatalk Android. Likely pooping or stuck in traffic.|•


----------



## jettaglx91 (Jul 27, 2004)

SimpleStaple said:


> Yessir.


ehh Ill believe that when I see it. the encryption on the new ecu's is like 100's of times more complicated then the previous ecu's (256bit vs 1024bit if I remember correctly)

For example APR has numerous engineers(some of which actually helped design the this engine management systems years ago) and have said short of someone, somehow stumbling upon the key, it would take years to possibly crack. Keep in mind its like 1000 digits in a row that need to be correct.


----------



## 637395 (Sep 15, 2011)

jettaglx91 said:


> ehh Ill believe that when I see it. the encryption on the new ecu's is like 100's of times more complicated then the previous ecu's (256bit vs 1024bit if I remember correctly)
> 
> For example APR has numerous engineers(some of which actually helped design the this engine management systems years ago) and have said short of someone, somehow stumbling upon the key, it would take years to possibly crack. Keep in mind its like 1000 digits in a row that need to be correct.


Just telling you what I was told.

•|Sent via Tapatalk Android. Likely pooping or stuck in traffic.|•


----------



## 2ptslo (Jul 16, 2003)

SimpleStaple said:


> Yessir.
> 
> •|Sent via Tapatalk Android. Likely pooping or stuck in traffic.|•





jettaglx91 said:


> ehh Ill believe that when I see it. the encryption on the new ecu's is like 100's of times more complicated then the previous ecu's (256bit vs 1024bit if I remember correctly)
> 
> For example APR has numerous engineers(some of which actually helped design the this engine management systems years ago) and have said short of someone, somehow stumbling upon the key, it would take years to possibly crack. Keep in mind its like 1000 digits in a row that need to be correct.


seem like one of them potentially "stumbled" upon the key :thumbup:

If this is true then i CANNOT WAIT!!! opcorn::beer:


----------



## jettaglx91 (Jul 27, 2004)

2ptslo said:


> seem like one of them potentially "stumbled" upon the key :thumbup:
> 
> If this is true then i CANNOT WAIT!!! opcorn::beer:


again ill believe it when i see it and eat my words if it happens and well if someone did they need to also play the lottery and do the same for the 2.0T as they will sell those 100:1 versus a mk6 2.5 flash


----------



## 2ptslo (Jul 16, 2003)

jettaglx91 said:


> again ill believe it when i see it and eat my words if it happens and well if someone did they need to also play the lottery and do the same for the 2.0T as they will sell those 100:1 versus a mk6 2.5 flash


indeed, I'm just being optimistic here HAHA:thumbup:


----------



## driftme (Apr 12, 2008)

why not crowdsource computing power? =]

i bet everyone who wants a port flash will sign up, and we'll get that sucker cracked in a jiffy :laugh:


----------



## AnotherA2VR6 (Jun 20, 2002)

For a detail description on the complexity of cracking the 1024bit key see this: http://www.rsa.com/rsalabs/node.asp?id=2088. With current hardware the keys are not going to be cracked, ever, even if the cracking attempt was distributed onto millions of machines. The only possible way that a port flash of aftermarket software to a protected ECU will ever happen will be if the keys are leaked.


----------



## 637395 (Sep 15, 2011)

For the 9th time, I am just telling you what Unitronic Chipped said!


----------



## jettaglx91 (Jul 27, 2004)

SimpleStaple said:


> For the 9th time, I am just telling you what Unitronic Chipped said!


Myself and Another are simply trying to re-iterate that either someone hit the holy grail and is the luckiest person alive or someone at USRT was confused as to what they were telling you.


----------



## 637395 (Sep 15, 2011)

jettaglx91 said:


> Myself and Another are simply trying to re-iterate that either someone hit the holy grail and is the luckiest person alive or someone at USRT was confused as to what they were telling you.


And now the 10th time, no, my buddy at USRT was not confused... He was just repeating what Unitronic had told him as well. It's not that hard to comprehend...

Sure, maybe the key is missing still and cannot be broken, but once again, just repeating, again... They said it's on it's way out with an OBDII interface.

Granted, Unitronic could also be wrong, but I am just repeating what was told. I was with my friend of USRT when we pulled the database/info to check and that was when we both got confirmation of what I've repeated over and over.


----------



## 2ptslo (Jul 16, 2003)

eace:

Perhaps someone from Unitronic can chime in if they choose to and smooth over this debate:beer:

for now all we can do is wait and hope that they figured something out opcorn:


----------



## driftme (Apr 12, 2008)

AnotherA2VR6 said:


> For a detail description on the complexity of cracking the 1024bit key see this: http://www.rsa.com/rsalabs/node.asp?id=2088. With current hardware the keys are not going to be cracked, ever, even if the cracking attempt was distributed onto millions of machines. The only possible way that a port flash of aftermarket software to a protected ECU will ever happen will be if the keys are leaked.


:what:

i didnt realize it was a 1024 bit key =] yea..


----------

