- Shorted LED Driver Mosfet In Hisense LED TV Repaired
- Restored Philips LED TV Fully Water Logged In Floods
- Samsung Smart TV Powering On/Off
- Blinking Stand By LED Light In LED TV Repaired
- No Tuning Problem In LED TV Repaired
- Sanyo DP40142 LED/LCD TV Repair
- LED Backlight Problem In LG TV- Checked With LED TV Backlight Tester
- Unexpected Shorted Parts In LG LED TV
- How To Repair LED TV Mainboard
- You Will Be Stunned Of What’s Found Inside The TV (No Power Fault)
Lada 111 1.6L 16V 2005 year – Immo Off
As the title say, in this writing I will try to show as best I can how to make the immobilizer system off, or disarm it in the Lada 111 type of car. What is an immobilizer system and what for is it in the car? An immobilizer system or in short “immo” is an anti theft system in modern cars, trucks, bikes etc. As in the upper text described, the main usage is to securing the vehicle from unauthorized driving.
These systems are very complex and hard to crack, but not impossible. In some countries this kind of hacking the immo is forbidden. The very basic but main components are for an immo system:
– Vehicle key
– Ignition ring
– Immo ecu or so called immo box.
I tried to make a block diagram about a very simple immo system. I hope you got the path. When the key is in the Ignition ring and is turned to ignite position. The immo ecu will request the ID from the key which is inside the key in the so called transponder.
The Immo ecu will check if that key is Key 1, 2, 3 etc. and send the authorization data to the engine ecu. If the engine ecu see an acceptable data got from the immo ecu and that data is correct in his eeprom, than the engine ecu will allow to start the injection sequence etc.
This is a very simple and very basic description about the immo system, so please use It for a basic interpretation only. What will happen if the ecu goes bad and will be interchanged? Or the immo ecu goes bad, or the key is lost or bad… ?
– You can go to an official service and pay a very high bill for the repair.
– Go to some other person who can maybe hack all this unit’s and save some money.
Let’s see how this is done on this type of car, the Lada 111. This car have an APS-4 immo ecu and a Bosch 0 261 208 315 engine ecu. From a previous contact with a similar car with the same immo system I know does this engine ecu can be made something like virgin, or to delete the data inside the eeprom of the ecu in a meaning does the ecu wont check for authorization. But in this case you must disconnect the data line between the engine ecu and the immo ecu.
The reason is because, if the data line, so called K line is active between the immo ecu and the engine ecu, the immo ecu will activate the authorization sequence in the engine ecu aven it is deactivated in the engine ecu.
Have in mind does the immo ecu will make any effort to protect he vehicle, and will try to disable whatever he can to protect the vehicle. In today’s modern cars this communication is gone between a computer network inside the car. I won’t take attention to the APS-4 immo box, just cut the K line wires and the immo system is no more able to take control over the engine ecu or whatever ecu. My first step was to take out the engine ecu from the vehicle and locating the eeprom inside.
We have to desolder this eeprom but there is a hidden big problem, which could kill the ecu.
Here is the problem:
This is also a situation where novices make common mistake, when it comes to soldering/desoldering smd parts. After the soldering/desoldering task the whole unit can be killed.
What’s the problem?
This is a double side pcb. Full filled with small smd parts on both side. If we look closer we can see the eeprom is direct above the cpu. We have also heavy GND circuit cupper traces on the pcb which will act as a heat sink. In this case, the possibility not to overheat the pcb and the cpu are very small.
There are several possibility how to read this smd eeprom.
- Unsolder with hot air – unsafe high risk to overheat and kill the unit, but with care it is safe.
- Unsolder with some soldering stick – not an option for me, because a high risk of possibility to lift the trace.
- Read the eeprom incircuit – most safe technique not to overheat or crack the trace,
but there is a high risk to get a corrupted data reading or writing. I went to No 1 technique but with care. Here is what I did:
I used the housing of the ecu as a heat sink. Put it on a way on the pcb does the cpu are completely covered with the aluminum case. So the heat will quickly take from the cpu, but be warned! Even with this technique there is a risk to overheat!
Adding much flux paste to the legs of the eeprom or whatever component you deal with, is a good idea. The flux paste will help to concentrate the heat to the legs and the attacked region will not cool down quickly as it would without adding flux. Every time when it comes to desoldering smd parts, preheat the pcb. In this case I don’t used a pcb pre-heater because the parts which are on the other side of the pcb, but I pre-heated the region around the eeprom with my hot air desoldering gun.
Now, when we have the eeprom out of the pcb, we have to read, change the dump* and write back the new dump into the eeprom and solder the eeprom back to the pcb. Dump – is a synonym of the content of an eeprom or flash memory. For reading this type of eeprom you can use something like the MiniPro TL866 or many other programmer will support this eep.
The content modification you can do in a hex editor manual or you can use commercial software like the ECU Vonix some version or so. I don’t like that commercial software because they make stuff automatically and are very universal tools. Universal tool are good but they can make thing bad. But Ecu Vonix is a good tool for simple vehicles. Will do the job for sure.
Here is a part of the unmodified eeprom content:
I like my HxD hex editor. As you can see this eeprom is pretty empty. The immo data is written at the offset H20 and H40. Ok, I won’t go into the deep in the technique how to mod this data, bat use a software as I mentioned and you will do the job on this type of car and on similar too.
Load the dump into the EcuVonix software and let them do the mod. Save the new file and program it back to the eeprom.
Here we come to another tricky step, what could also kill the ecu. We are talking more about killing today than repairing, do you asked yourself, “will this car run again?” So, what‘s the problem? You programmed the eeprom and must to try somehow the content if it is working. Ok, you will solder it back, but what if the content is actually not working?
And you have to correct something in the dump and write again the dump to the eeprom? You have to go again into the risk to overheat the pcb and maybe kill the ecu etc…
That’s a bit frustrating or? Here is how I go around situations like this, and I can try many times the dump until I success.
One picture talks 1000 words:
I hope you got the point. With this “adapter” I can many times program the eeprom without to soldering/unsoldering etc..
Ok, the dump was created with the EcuVonix software, the immo is now disarmed in the engine ecu and the engine ecu won’t request any more for any authorization. Now we have to cut the wire on the immo ecu. These wires are actually the network wire what is used by all the computers inside the car to communicate with each other.
If you leave this wires as they are, the immo ecu will immediately lock down the engine ecu when you turn the key in ignite position. That means, the engine ecu will again ask for ignite authorization etc.
Here is what wire must be cut and wire it together. That is the so called K line wire. You can simply cut them and that would be enough, but if you don’t wire them together than you can’t any more make a diagnostic on this vehicle. Your diagnostic scanner tool cant communicating any more with the ecu’s inside the car, because the network is in open circuit stage.
This is the connector on the immo ecu, the PIN9 and PIN18 must be shorted.
After this mod, put back the connector to the immo ecu and enjoy in your work. Congratulation, your immobilizer system is disarmed.
I hope you enjoy this tutorial and will save lot of repair time.
This article was prepared for you by Christian Robert Adzic from Novi Knezevac-Serbia.
Please give a support by clicking on the social buttons below. Your feedback on the post is welcome. Please leave it in the comments.
P.S- If you enjoyed reading this, click here to subscribe to my blog (free subscription). That way, you’ll never miss a post. You can also forward this website link to your friends and colleagues-thanks!
Note: You can check his previous post in the below link: