Hello,

Hoping someone can explain this to me. I searched but could not find much information about it. I have a brand new Cummins ECM P/N 5258003 that I can read with V2 but cannot flash - EFI Live says "DO NOT FLASH" and after trying anyway it crashes at the end and Rom Boots the ECM. The OS is 11610805 Chrysler Cal is 61301434AM Cummins Cal is S90189.17 and the bootloader is 01000601. I programmed the ECM with Calterm and fixed it no problem but would like to understand more about the EFI Live issue. See attached photo.

Thank you!

21817

Ah ok, that is a protected ECM.
It is easily bypassed though, check out the document linked to below. We probably should change that warning to be a bit more descriptive and not so frightening. :grin:

http://download.efilive.com/Tutorials/PDF/Cummins%20BootRSA%20Patch%20User%20Guide.pdf

Thank you, makes sense. When I modified the calibration bootloader end date to 01000502 EFI Live does not show the DO NOT FLASH message, but of course it still crashes. A more helpful message would be "Apply CM2100A Patch before full flash"

Interesting though I was able to flash several older compatible OS and calibration files with bootloaders ranging from 01000500 to 01000599 into this same ECM. Flash completed successfully each time, so that makes me wonder if the patch is only needed for the most recent calibrations...like when Cummins encrypted all their calibrations starting in August 2016 (which is very easy to work around in Calterm).

Not all CM2100's came with the digital signature checks, it was something they added later in the life cycle of the ECM.
By the way, when you go to flash you should have seen this message on the screen when Bootblock 1000601 was detected in the ECM...

"Anti-Tuning BB"
"Patch ECM First"

Cheers,
Ross

Did not see any of those messages. It is a brand new ECM purchased last week. Something doesn't make sense then. I tried both the December 2017 release and the February 2018 beta release...same result, no message in either version.

It warned ok for me, I just tested on my protected ECM.

21820

OK thank you. What P/N ECM? I will recheck that again tomorrow to be sure I didn't miss something. If you don't mind me asking, how does the EFI Live anti-tuning patch compare to unlocking the ECM/calibration in Calterm as "Unsecure"? Reason I ask is the Dodge Cummins ECMs are particularly interesting to me because they operate on CAN and J1939 simultaneously and working with the Cummins template in the CM2100A is much more involved than in a CM2250, CM2150, CM850 etc. with Insite.

My protected ECM has no label on it sorry.
Keep in mind that the Cummins OEM tools only flash via J1939, as far as I know the CM2100 only verifies the calibration digital signatures when flashed via OBD-II, not via J1939. The unlocking of the ECM via CalTerm is a different thing than what we are dealing with here, this was a specific Dodge security request I would say as I've never seen it active on any other Cummins ECM.

I just added in to the script to report back the Bootblock part number to the screen (well, it only reports back 3 digits but that is a Cummins screw up) and like before if the anti-tuning BB is detected you will be warned.

Protected CM2100A
Executing: C:\Program Files (x86)\EFILive\V8\Config\CMC_F.obj
Virtual Machine Started
Script Loaded
Script Verified
Checking Data File...
Bootblock: 00000601 << New line to be shown on PC.
Anti-Tuning BB: Patch ECM First << Only shown if BB is '601'
Unlocking: Trying MFG key...

Unprotected CM2100A
Executing: C:\Program Files (x86)\EFILive\V8\Config\CMC_F.obj
Virtual Machine Started
Script Loaded
Script Verified
Checking Data File...
Bootblock: 00000503 << New line to be shown on PC.
Unlocking: Trying MFG key...

That'll be in the next update.

Thank you! Those improvements will be very helpful for a number of users. And you are correct, signatures are not verified in the CM2100A unless flashed via CAN (OBDII). I flashed the CM2100A both ways, first with EFI Live on a blank (seeded) controller, then again after with Calterm. And then did it again the other direction. It was interesting to note the ECM did not have an issue either way provided the bootloaders matched.

Is there any plan to add a VIN writing tool for the Dodge Cummins ECMs? It would be helpful to be able to write the VIN without having to reflash the entire ECM. In Calterm it can be written without a flash in both the Cummins template and the vehicle side of the calibration (the VIN is stored in multiple locations in the ECM).

Thanks for the quick responses and all the great work!

Thank you! Those improvements will be very helpful for a number of users.
Well you are the first to mention it in 5 years :grin:
To be fair though, in the Dodge tuning world it is just a commonly known thing about the CM2100 ECM so I suppose most people are aware of it (it sounds like you are from the big rig world from what you've previously posted).


Is there any plan to add a VIN writing tool for the Dodge Cummins ECMs?
It can be done directly to the ECM via OBD-II commands without flashing but it needs to be done via the V7 scantool.
Yes the VIN is stored in two locations but it only allows one (the one linked the anti-theft) to be updated via OBD-II. That has served well so far.

Well you are the first to mention it in 5 years :grin:
To be fair though, in the Dodge tuning world it is just a commonly known thing about the CM2100 ECM so I suppose most people are aware of it (it sounds like you are from the big rig world from what you've previously posted)..

Fair enough. Never too late to improve something that is already good instead of just accepting it the way it is.

Yes, I am from the heavy-duty world and everything else in between. I have been designing and building dyno control systems for gasoline and diesel engines for several years and recently started using your product. I blend a lot of technologies and applications to produce stand alone systems.

My protected ECM has no label on it sorry.
Keep in mind that the Cummins OEM tools only flash via J1939, as far as I know the CM2100 only verifies the calibration digital signatures when flashed via OBD-II, not via J1939. The unlocking of the ECM via CalTerm is a different thing than what we are dealing with here, this was a specific Dodge security request I would say as I've never seen it active on any other Cummins ECM.

For what it's worth...Today I inspected the digital signature verification. I bench programmed a rom-booted CM2100A P/N 5258003 for a 2008 Dodge Ram 6.7L with Calterm on J1939 only using the Cummins calibration. I used Calterm to enter the ESN and VIN and installed it in the truck. I verified the flash with wiTECH on OBDII, programmed the key, and entered the injector quantity adjustments and the engine started right up with no DTCs.