Originally Posted by
GMPX
Each controller uses a different seed/key algorithm. This ensures that you can't accidentaly try to program a LS1 PCM with a Diesel tune, nor can anyone just blatantly reprogram the PCM without figuring out each controllers security algo.
For example (and this is very simplified).
Assume a LS1 PCM sends back a seed of $2000. The algo to calculate the unlock key is simply to add 1, EFILive would send back a key of $2001 and bingo the PCM is unlocked and you can proceed to reflash the ECM.
Now, lets say on a Diesel ECM the algo was to add 2, then EFILive would send back a key of $2002.
This way there is no way the Diesel ECM would allow the LS1 tune to be flashed as the key would be wrong, EFILive knows what controller it is trying to flash and therefore the algo to calcualte the key will only work on that controller type.
Each PCM has a brute force timer to stop multiple requests of invalid keys, so if you send the wrong key twice then the PCM won't allow another attempt for 10 seconds, multiply that by 65533 possible key values and it kind of drags out a bit.
For myself, I can have the flash chip off, reprogrammed in a EPROM burner and back on in about 20mins with a valid seed/key pair if the PCM was locked.
I don't think GM's intention behind the seed/key was fort knox type security, it serves it's simple purpose well. I have tried to figure out if there is any backdoors left open by GM but there isn't, they thought it out quite well.
Cheers,
Ross