Introduction
www.AUTOdiagnostika.lv
Introduction
Page 1 of 3
Top Next
Attention: the device is not compatible to Windows Vista The modern vehicles are fitted with car access and immobilizing systems which are realized on RFID technology. RFID is an abbreviation of words Radio Frequency Identification. An RFID system basically consists of two components: transponder and Base Station. The transponder has small dimensions and can be implanted inside a car key. The transponder requires no internal power supply, it derives its power form the magnetic component of the RF (Radio Frequency) signal generated by the Base Station. As a key is one part of security system, the other is the Base Station. The Base Station is an electronic unit equipped with an antenna and employs the transponder. In common use the Base Station is known as the immobilizer. There are many various models of transponders. The oldest models had fixed data stored in memory. In that case Base Station read contents of transponder memory and verified it. These models can be cloned very easy. For attacker, to do this it is enough to read transponder memory and copy one in the new clear transponder. The middle generation of transponders had more smart architecture. These transponders can have a password, flexible adjustable configuration, re-writeable non-volatile memory and other features. Practically these two generation does not provide good protection. These transponders can be scanned and data transmission between the Base Station and the transponder can be grabbed and analysed or replayed later. The new word in RFID technology is the cryptography. This is the last generation in secure systems area. These transponders have built-in calculation unit that provide ciphered communication and data exchange between the Base Station and the transponder. In case the key is lost or memory data is crashed or in case of physically damage and so on the technician must have an instrument that can operate with the transponders. For this reason in our studio has been created the tool named GAMBIT. In the world there is a huge amount of various models of transponders and the device which operates with all known transponders should be very expensive. Therefore our studio has chosen the most actual in our opinion models of transponders. Thus the compromise has been achieved, allowing to the technician on the one hand to save money, on the other hand to get the good tool. The Gambit device is intended for transponders programming. Types of transponders and available operations are shown in the table 1. Table 1.
EML
Read
Write
YES
YES
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhF231.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Introduction
Megamos
YES
Note 1
PCF 7930
YES
YES
PCF7931
YES
YES
PCF7935
YES
YES
PCF7936
YES
YES
TEMIC 11
YES
Note 2
TEMIC 12
YES
Note 2
T5
Note 3
YES
Page 2 of 3
Note 1 Megamos (Silka reference 13) is OTP chip. However, this chip can be emulated on the basis of the chips PCF7930, PCF7935. The program has the built - in mechanism, allowing to calculate an image for these chips. The PCF7930/35 chips in an emulate mode work as well as the Megamos chip. Megamos can also be copied into T5 transponder. Note 2 Temic transponder is OTP chip. Temic can be copied into T5 transponder. Note 3 Readable after it has been written. If T5 has been written as Megamos, it can be read as Megamos. If T5 has been written as Temic it can be read as Temic. See also the brief description of transponders.
Why use Gambit
Top Previous Next
Compatible for new computer standards Gambit supports USB technology that is very actual for modern computers. As is known the modern notebooks have no COM ports in their configuration, instead of this the USB communications are applied. Also the Gambit derives its power from the USB and does not require a battery or external power source so, the Gambit is fully USB-based device.
Save time Gambit has built-in calculation unit which can operate with various anti-attacker protection algorithms implemented in immobilizers. This feature allows the Gambit to make work for you.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhF231.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Introduction
www.AUTOdiagnostika.lv
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhF231.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
Page 3 of 3
2010.12.13.
www.AUTOdiagnostika.lv
Intro
Intro
Page 1 of 2
Top Previous Next
An old models of immobilizers employed simple methods of recognition of a key and generation of keys to them is not difficult task. More modern immobilization devices realize hard accessible algorithms and are the most difficult units from the point of view of generation of keys. Some methods of manufacturing of keys for old immobilizers are described in sections Cloning of the chapter Articles and Step1 of the chapter Tutorial Megamos of this document. There are three common methods of making of keys: Key Maker Image Dump Clone. To learn about these methods read appropriate topics in this chapter.
Method KeyMaker
Top Previous Next
Key Maker The essence of this method will be that there is an opportunity to calculate information which the immobilizer expects to receive from a key. For this purpose all over again it is necessary to read memory of an immobilizer. Then it is necessary to find in the received data those parts which concern directly to keys. In some cases these data are submitted in a plain kind, in other cases these data are ciphered. If the data are in a plain kind, it may be copied in a key. If the data are ciphered, before copying of them it is necessary to decipher. After the data are copied, it is necessary to configure a key. Some aspects of a configuration are considered in chapter Tutorial and as example it is recommended to read tutorial for PCF7935 transponders. As a result of such method the key is completely matched to an immobilizer and is ready for operation. The program has automatic Key Maker therefore you do not need to make calculations and decoding of the data. The Key Maker automatically calculates the relevant data and writes down them in a key. All that for this purpose is required is to read an immobilizer memory. The memory dump received thus is the entrance data for the Key Maker. The Key Maker will automatically do necessary actions. We regularly supplement the program with new Key Makers which facilitate your work. The most part of Key Makers is free-of-charge however the some Key Makers is paid. The Key Makers are accessible from menu TOOLS - SPECIAL.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh1D19.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Intro
Page 2 of 2
About ways of purchase you can learn from section Purchase Module in the chapter Utilities . See example for EWS3 See technical article about memory standards in eeprom of 93xx series
Method ImageDump
Top Previous Next
Image Dump In case of a key is lost by the owner or it is necessary to make an additional key, the dealer orders a new key from the vehicle manufacturer. It is necessary to explain, that new keys can be divided into two category. The first kind is completely matched to the certain car and at once is ready for operation. This is the type of completely programmed key. The second category keys are pre - programmed and requires adaptation to the certain vehicle. Such the pre - programmed key keeps in the memory the standard for the certain manufacturer data and can be adapted to any car of the certain series. In other words a key memory contains an image compatible for all vehicles of certain series. Audi and VW is an one example of great quantity of manufacturers of the second category and BMW is an example of the first category. The Image Dump Generator is intended for keys of the second category and is free-of-charge. The generator has built-in data about images of some series of vehicles and can write the relevant data in a transponder. After you have made a key with the Image Dump Generator it is necessary to match that to the vehicle using the appropriate equipment. To access Image Dump Generator menu follow TOOLS - SPECIAL.
Method Clone
Top Previous Next
Clone It is the most simple method to make a key. The cloning can be performed only at old immobilizing systems. Nevertheless many modern automobiles continue to use this out-of-date system. Mainly it is the French and Italian manufacturers. To make a key the original key must be read and received data has to be copied into a transponder. To learn more about this method read the Cloning article of the chapter Articles of this document. How to clone Temic... How to clone Megamos... How to emulate Megamos...
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh1D19.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Installation
Installation
Page 1 of 3
Top Previous Next
First of all it is necessary to install the driver for USB. Drivers for WIN98 and XP can be received directly from the seller or can be found at link www.ftdichip.com Find out the DRIVERS on the left navigation panel
Choose sub item VCP
Download the suitable driver.
Go to the Home Page and find out DOCUMENTS on the left navigation panel and choose sub item Installation Guides
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh461D.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Installation
Page 2 of 3
The Installation Guide document describes how to install drivers. Read installation manual.
In the case of unsuccessful installation the driver should be removed by the standard windows' procedure or by running FTClean utility that you can find on section UTILITIES under RESOURCES.
After the driver installed successfully plug the hardware and run the Gambit.exe. The program tries to find out the Gambit hardware and if unsuccessful confirms this with the message:
In this case you should repeat installation preliminary having removed the driver. If you do not see this message it means all works correctly. As the hardware found the main window appears:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh461D.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Installation
www.AUTOdiagnostika.lv
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh461D.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
Page 3 of 3
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Transponders
Page 1 of 25
Top Previous Next
EML
MEGAMOS, TEMIC , T5
PCF 7930/31/35/36, T5
EML The chip has the model of memory similar to the PCF7930/31. However, some areas of memory have differences from similar areas in the PCF7930/31. The device takes into account these differences, however it is necessary to show care at work with the EML, as some areas of memory are OTP. As this type of chips is used only on automobiles of BMW, for simplification of work and the prevention of wrong operations at manual mode, the program has the built - in menu named as Key maker. Due to this feature programming of the chip can be automatic at desire. In this case the entrance data for the program are the eeprom dump of an immobilizer (EWS) of a car. Both modes as read as write are available. MEGAMOS, TEMIC The chip is OTP (One Time Programmable), therefore function of record is impossible. Nevertheless, as it has been told above, the program can calculate the dump for emulation of the Megamos on the basis of the PCF or T5 chips . Temic can be emulated only on the basis of the T5 chip. See how to emulate Megamos See now to clone Megamos using T5 transponder See how to clone Temic using T5 transponder PCF7930 Both writing, and reading of data are available. PCF7931
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 2 of 25
The chip is OTP, therefore function of record can be performed only one time. PCF7935 The PCF7935 has two areas of memory: General Memory and Shadow Memory. Both memories are accessible both to record, and for reading. PCF7936 With this type of chips the device supports both record and reading in password mode. T5 Universal chip. May be configured to operate as Megamos, Temic, PCF7930-31.
Intro
Top Previous Next
PCF7930 PCF7931 PCF7935 The PCF7935 chip incorporates 144 bytes of non volatile memory that is organized as 9 blocks with 16 bytes per block. The General Memory consists of eight blocks and the Shadow Memory of one. Usually the Shadow Memory is invisible while reading. The General Memory contains the configuration bytes located to the certain addresses. During work with the chip it is necessary to observe extreme care as the part of memory is OTP ( One Time Programmable ).
This manual can be applied to the PCF7930-31 transponders except for the Shadow Memory section. Step 1
Top Previous Next
READ MODIFY WRITE CLEAR See Hardware Operations Plug the programmer in USB port and run software. After hardware found the main window appears. Select transponder type PCF7935 and be sure that general memory is chosen. Insert a PCF7935 transponder into hole of the programmer. Click READ button. After the transponder is read you can see the contents of it's memory in hex editor field. On this step of us does not interest memory of the chip, therefore press button CLEAR.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 3 of 25
After the CLEAR button clicked the programmer erases all the memory in the transponder, thus the chip has the state equal to the delivery state. In other words now we have a new clear transponder. Read the transponder again by clicking on READ button. You can see the memory of the absolutely clear transponder:
As you see all memory has value 00 except the 1F address that has value 07. Choose menu FILE - SAVE AS, give the MyClear name to the file and save it.
Place the mouse cursor on hex editor field, click on address 20 and type numbers using keyboard as shown on picture:
Click button MODIFY:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 4 of 25
The programmer writes data into the transponder.
Now it is time to explain difference between WRITE and MODIFY buttons. By pressing the button WRITE occurs writing of all memory. By pressing the button MODIFY occurs writing only those addresses which are allocated by dark blue color in a window of the editor. Click button READ and after reading is finished observe the dump of the transponder. It must be same as before reading, only dark blue marks are replaced by the black symbols:
Save the file by name My_1. Now we'll write the file saved with name MyClear. Choose menu FILE - OPEN and select file with name MyClear. The file will be loaded into the program and you see it in the editor window:
Click button WRITE After writing complete click button READ. The read dump is the same you have loaded.
Step 2
Top Previous Next
RESTRICTION OF VISIBLE AREA There are configuration addresses for restriction of the visible for reading area in the memory of the
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 5 of 25
transponder. These addresses are 1E and 1F. The General Memory is split into 8 blocks by 16 bytes. The block0 contains memory addresses 00 ‌ 0F, the block1 contains the memory addresses 10 ‌ 1F and so on. The address 1E contains the number of the first available for reading block. The address 1F contains the number of the last available for reading block. Let's explore these addresses. Load the file by name My_1 you saved above: FILE - OPEN. The file well be loaded into the program and you see it in the editor window:
Press button WRITE to write dump into memory of the transponder. Press button READ. You can see the same dump in editor field. Put the mouse cursor on address 1F of the dump and type the new value 05:
Click on MODIFY After modify completed press button READ You can see the new dump:
You see that last two lines there were changes. As in 1F address there is a value 05, the chip cannot transfer the blocks 6 and 7. Instead of them the transponder cyclically substitutes blocks 0 and 1.
Put the mouse cursor on address 1E of the dump and type the new value 04:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 6 of 25
Click on MODIFY After modify completed press button READ You can see the new dump:
As in 1E address there is a value 04, the chip cannot transfer the blocks from 0 to 3. Now the chip cyclically transfers the blocks 4 and 5.
Put the mouse cursor on address 1F of the dump and type the new value 07:
Click on MODIFY. Do not click Write! After modify completed press button READ You can see the new dump:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 7 of 25
As the address 1E has value 04, the first available for reading block is the block 4. As the address 1F has value 07, the last available for reading block is the block 7. By the methods discussed above apply the value 00 to the address 1E to fully open chip for reading. After reading you'll get the original dump:
Step 3
Top Previous Next
PASSWORD CHANGE PASSWORD ACTIVATE PASSWORD DEACTIVATE PASSWORD PASSWORD FIELD The password restricts write operations. It is transparent for reading operations. The password consists of 7 bytes and is allocated on addresses 00 ‌ 06. The write operations can be executed only knowing the proper password. Place the mouse cursor on hex editor field, click on address 00 and type numbers using keyboard as shown on picture:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 8 of 25
Click on MODIFY After modify completed press button READ Observe the dump and be sure the values of the password are right
Now the chip has the password value 11 22 33 44 55 66 77 but password is not still active. As the password is not active it can be read. In case the password activated it cannot be read. Let's activate password. The password activation address is the address 07. The Low Significant Bit of the value on this address is the password activation attribute. The 0-bit corresponds to deactivated password and the 1-bit corresponds to password active state. Press button Copy From Dump:
In the PASSWORD field will appear the current password. You also can edit this field manually.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 9 of 25
This step was not obligatory for activation of the password, now we do this to not forget the correct password.
Put the mouse cursor on address 07 of the dump and type the new value 01:
Click on MODIFY After modify completed press button READ You will see this dump:
As the password is active now it cannot be read. Place the mouse cursor on hex editor field, click on address 1E and type numbers 05 as shown on picture:
Click on MODIFY After modify completed press button READ You will see the dump:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 10 of 25
As the first and the last opened for reading blocks are 5, the transponder transmits cyclically the block 5. You can write invisible areas too. Let's do it. Place the mouse cursor on hex editor field, click on address 60 and type numbers using keyboard as shown on picture:
Click on MODIFY After modify completed press button READ You will see the old dump because of the addresses 1E and 1F restrict reading area:
You can write into transponder because of correct password presents in the field PASSWORD. Let's change this field. Put the mouse at the PASSWORD field and change the last byte to 00:
Now try open the chip using the wrong password.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 11 of 25
Place the mouse cursor on hex editor field, click on address 1E and type numbers 00 and 07 as shown on picture:
Click on MODIFY The error message will appear:
Type the correct value on the last byte ( 77 ) of the password and click MODIFY After Modify completed you will see the opened chip except the password area:
Deactivate password. Apply value 00 at address 07 and click MODIFY. After Modify complete click READ button and fully opened dump appears:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Step 4
Page 12 of 25
Top Previous Next
SHADOW MEMORY The transponder contains 1 block (16 bytes) of shadow memory. Select memory model:
Now you see the new performance of the editor because of the shadow memory has size of 16 bytes:
Place the mouse cursor on hex editor field, click on address 00 and type numbers using keyboard as shown on picture:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 13 of 25
Click on MODIFY After modify completed press button READ You will see the same dump:
Return to the general memory. Click button CLEAR. The programmer clears the both memories the general and the shadow.
Step 5
Top Previous Next
WRITE BYTEWISE After the byte is written in the chip the contents of the modified block are sent back to programmer. It corresponds to the data exchange protocol. So the programmer can check data it writes. The Write Bytewise mode uses this feature.
Load the My_1 file:
Click button WRITE to write all dump. Restrict reading area (the other term is Close): apply to the both addresses 1E and 1F the value 05 and click MODIFY. After Modify is completed you can see only the 5-th block:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 14 of 25
Click the Write Bytewise button:
The new window appears:
Type the value 10 at the Address field and the value AA at the Data field:
You can navigate between the Data and the Address fields by clicking TAB key on the keyboard. Press ENTER on the keyboard or click OK button The window shows contents of the modified block:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 15 of 25
The first byte is the byte you have written. The last two bytes are values placed on addresses 1E and 1F accordingly.
In the given tutorial the only basic methods and transponder features have been considered. The full description of features of the chip is not the purpose of this tutorial. This tutorial is intended for the description of work of the Gambit programmer.
Intro
Top Previous Next
The PCF7936 is the new generation of transponders and employs a cryptography technologies. The PCF7936 always keeps the password active status. At delivery state the transponder has the password value 4D 49 4B 52. The chip incorporates 32 bytes of non volatile memory that is organized as 8 pages with 4 bytes per page. The memory is split into areas for Transponder Configuration / Personalization ( TCFG area ) and User Memory ( USER area ). Depending on the chip configuration, it is accessed in Password or Cipher mode. The Gambit programmer supports the Password mode. During work with the chip it is necessary to observe extreme care as the part of memory is OTP ( One Time Programmable ). The USER area is "safe" and well suitable for studying the interface of the program.
Step 1
Top Previous Next
See Hardware Operations Plug the programmer in USB port and run application. The main window appears. Select the PCF7936 transponder type on the top right corner of interface:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 16 of 25
Insert the PCF7936 transponder into programmer hole. Press button READ ALL:
The read contents of memory appear in fields:
Move the mouse cursor on the left part of the window. As the result, the brief information list appears:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 17 of 25
Navigate to the other items of the left part of the window. As was described above the last 4 pages ( User Area ) is safe therefore the first test you should do is writing in one of those pages. Type the 01 02 03 04 values in the page 4:
Click the WRITE button opposite to the Page 4 field:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 18 of 25
Click button READ opposite to the Page 4 field:
You can see the new value ( 01 02 03 04 ) in the Page 4 field.
You can read the transponder properly because of the correct password presents in the PASSWORD field. Change the value in the PASSWORD field:
Click button READ opposite to the Page 4 field:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 19 of 25
Now the wrong value appears in the Page 4 field. It is because of the wrong password was applied to the chip. In this case a random value appears while reading. Click button Set Default under the PASSWORD field and restore it's contents:
Read the Page 4 again. Now the correct value appears in it's field:
Intro
Top Previous Next
The MEGAMOS chip incorporates 64 bits of non volatile memory that is organized as 40 bits of data and 24 bits of CRC (check sum). For simplification of operations with these chips the Gambit automatically determines the beginning of memory in a continuous stream of the data and shows only the pure data. As CRC is not the data it are not shown on the screen. However the program checks correctness of CRC and takes into account this value at work. The manufacturer writes down the necessary information in the chip at a stage of manufacture. Such method excludes the fact of manufacturing of two identical chips. The user cannot change the information in the chip. Concepts " the clean chip " or "non-programmed chip" for this type of transponders does not exist. Thus the user cannot copy the information from one chip to another. However Gambit can emulate work of this transponder using completely other kind of transponders.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Step 1
Page 20 of 25
Top Previous Next
See Hardware Operations
Plug the programmer in USB port and run application. The main window appears. Select the MEGAMOS transponder type on the top right corner of interface:
Insert Megamos type transponder into device hole Click button READ:
After reading complete the data appears in hex editor field:
The CRC:OK text below the editor field means that CRC is correct and reading was successful. In case the ERROR CRC text appears:
The reading operation should be repeated. As it was mentioned in introduction for this tutorial the Gambit programmer can emulate the Megamos chip using the chips of other types. Commonly the PCF7930 ‌ 35 are suitable for this action. Click button SIMULATE PCF 7930/35
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 21 of 25
The dialog window appears:
As default the Store To Editor is chosen. Click OK button.
If the Save To File is chosen after OK button is clicked the Save File window appears. Save the file. You can use this file later. To do this choose in main window transponder type PCF7930 or PCF7935 and perform FILE - OPEN operation. As a result the file for emulation appears in hex editor field. Select transponder type PCF7930 or PCF7935 on the right top corner:
The window of PCF7930/35 appears. The relevant data for emulating is already loaded in editor field:
Insert a clear transponder (or a key) into device hole. If the transponder is not clear it should be preliminary cleared. See how to clear transponder‌ Click button WRITE
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 22 of 25
After the write operation complete select transponder type as MEGAMOS:
Click button READ:
After reading complete the data appears in hex editor field. The data is same as it was in a Megamos transponder. Finally it is possible to clear the PCF transponder as was described in Step 1 of the Tutorial 7935 chapter. See how to clone MEGAMOS using T5 transponder
Intro
Top Previous Next
The TEMIC chip incorporates 64 bits of non volatile memory. The memory content is transmitted cyclically as continuous datastream while normal operation. The manufacturer writes down the necessary information in the chip at a stage of manufacture. Such method excludes the fact of manufacturing of two identical chips. The user cannot change the information in the chip. Concepts " the clean chip " or "non-programmed chip" for this type of transponders does not exist. Thus the user cannot copy the information from one chip to another. However Gambit can copy these chips in to universal transponder T5.
This manual can be applied to the Temic 11 transponders as well as Temic 12.
Step 1
Top Previous Next
Because of transponder transmits memory content cyclically the only one way to find out the point of the next cycle starts in the datastream is to local a header. It is common situation that manufacturer divides 8 bytes of memory in three arrays: header, data and CRC. The two first bytes in data memory
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 23 of 25
are the header. The manufacturer uses any standard header and as example Mercedes Sprinter’s Temic keys have header 660Fh. Plug the programmer in USB port and run software. After hardware found the main window appears. Select transponder type TEMIC and subtype 12. There are only two types of Temic transponders Temic11 and Temic12.
Insert a Temic12 transponder into hole of the programmer. Click READ button. After the transponder is read you can see the contents of its memory in the hex editor field. In case the transponder has same header as it specified in field “Header” after reading complete Gambit shows dump of the key:
In a case if the transponder has other header after reading datastream instead of the dump will be shown:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Transponders
www.AUTOdiagnostika.lv
Page 24 of 25
In this example transponder has header 7589h. Gambit tries to find out sequence 660Fh (default header) and fails. In this case technician has to ways to get right dump: auto searching and manual searching of a header. To search automatically specify new header in field “Header” and click Find Header button. The program searches all the datastream for the new header and if found displays the dump. The new header should be known beforehand. To search manually there are two buttons (ShiftLeft and ShiftRight) below the hex editor field. Purpose of these buttons is to “shift” the datastream bitwise.
For key cloning completely not important the header is found whether or not. Searching of the header basically is intended for reverse engeneering. To clone key just insert T5 transponder into programmer and click Write T5 button.
To learn more about controls and opportunity see section Clone Temic
Intro
Top Previous Next
T5 transponder is an universal device that has reconfigurable architecture. This property allows the device to adjust many parameters and as result the device can emulate properties of other transponders such as Megamos, Temic. Gambit cannot read clean T5 transponder because of the clean transponder still has no configuration. After the T5 is written it adjusts own configuration to emulate properties of Megamos or Temic transponder. After configuration adjusted the T5 can be read as simple Megamos or Temic transponder.
The device supposes reusable programming, therefore at studying its properties there is no risk to destroy or lock its memory.
Clone Temic
Top Previous Next
Plug the programmer in USB port and run software. After hardware found the main window appears. Select transponder type TEMIC and subtype 12 or 11.
To determine which type of the transponder is in a key, is simply try to read a key in modes 11 and 12. In case of a wrong choice reading fails Insert the original key into programmer hole and click Read button. For key cloning completely not important the header is found whether or not while reading. Nevertheless if the program will find
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Transponders
Page 25 of 25
header write down the data from a hex editor field. Insert the T5 transponder into programmer hole, click Write T5 button and wait for writing finishing. If the program has found header while reading, click Read button again end verify data.
Clone Megamos
Top Previous Next
Plug the programmer in USB port and run software. After hardware found the main window appears. Select transponder type MEGAMOS. Insert the original key into programmer hole, click Read button and wait for reading finishing. Write down received data from the hex editor field. Insert the T5 transponder into programmer hole, click Write T5 button and wait for writing finishing. Click Read button again end verify data.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhCEC5.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Update hardware
Update hardware
Page 1 of 5
Top Previous Next
The file with enc extension is intended for an update of hardware. To perform the update of the hardware, execute below-mentioned actions: 1. Start the program Gambit.
If at this stage the program at start does not find a hardware ignore the warning about the hardware is not found and follow further. 2. Choose from the menu section: Tools-Utilities-Update hardware
3. Click the UPDATE button and specify the path to the file. Process takes about 3 minutes. Upon termination of process the window of an update will be closed and will open the main window of the program. The update is finished.
Purchase module
Top Previous Next
The order for module purchasing Payment is one-time for any module. To perform a payment choose in menu Tools - Utilities - Purchase module:
In the appeared window select the necessary module
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhFE80.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Update hardware
www.AUTOdiagnostika.lv
Page 2 of 5
... and click Request module button:
The program will suggest to save a file. Save it with any name. Send the file to the address office@scorpio-lk.com. In the answer you'll receive an initiating file for the programmer. Choose in menu Tools - Utilities - Purchase module:
In the appeared window choose Install module:
The program will request an initiating file. Specify the patch to the file. Initialization process takes about five seconds then the program will inform you about the module is installed:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhFE80.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Update hardware
www.AUTOdiagnostika.lv
Page 3 of 5
After the module is installed you should check it if it works properly. To do this run TOOLS - SPECIAL - Module you've purchased For an example we shall assume that you installed the module MB AAM key maker. Actually you should choose the real module. The window of the maker appears.
Usually the very first step is opening of a file. Click button OPEN FILE at the right top corner of this window and load appropriate file that typically is a dump from an immobilizer in BIN format:
As you can see the WRITE KEY button is inactive now. After the file loaded successfully it goes active:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhFE80.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Update hardware
www.AUTOdiagnostika.lv
Page 4 of 5
Click this button. Do not insert a transponder at this time! In case the module installed successfully after a few seconds the text on the left bottom corner appears:
In some seconds you will see the message about an error was occurred during writing:
It is because of a transponder does not present in the programmer. The installation was successful.
In case after the WRITE KEY button was clicked you can see the message about the function is payable the installation was unsuccessful:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhFE80.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Update hardware
www.AUTOdiagnostika.lv
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hhFE80.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
Page 5 of 5
2010.12.13.
Intro
www.AUTOdiagnostika.lv
Intro
Page 1 of 3
Top Previous Next
In this section working methods with BMW immobilizers are considered. Modes of operations with other immobilizers are similar to this.
Example EWS
Top Previous Next
WARNING The created key has the activated password and is not suitable for use on other cars.
The created key completely is adapted individually for the immobilizer and at once is ready for operation.
The example described below concerns to EWS 3 type. Operations with other types of EWS' is similar to this example.
Read out an eeprom contents from EWS (BMW immobilizer) and save received dump in BIN format.
To perform the read operation usage of any programmer that supports MC68HC11EA9 processors is allowable. In case you have no appropriate tool for reading of processors, you can find the suitable equipment on the link www.scorpio-lk.com. In that case we recommend to use programmer Omega MTRK.
Plug the device and run Gambit.exe. Choose form main menu TOOLS-SPECIAL-BMW-EWS3 maker:
The new image of the window appears:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh17D4.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Intro
www.AUTOdiagnostika.lv
Page 2 of 3
By clicking on Home button you can return to the main window. The Write button is inactive now because of no file loaded in the Gambit. Click the Open File Button and specify the path to the dump file of the immobilizer. The Write button becomes active and there will be changes in a field of a brief information:
In this example the immobilizer has four keys in use. The other six keys are free and can be added to the immobilizer without harm to other keys. At creation of a key you also can choose a number of a key which is taking place in the list of used keys, however in this case you should be sure that the car has no a key with number chosen you. In other words it is impossible to create some keys with identical number.
Choose any key you want to create in the field of keys:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh17D4.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Intro
Page 3 of 3
Insert a clear transponder (or a key) into device hole. If the transponder is not clear it should be preliminary cleared. See how to clear transponder‌ Click button Write Key:
The dialog window appears:
Choose the relevant type for transponder you have inserted into device hole. Click button OK. In few seconds the program writes appropriate data in the transponder. The new key is ready for operation.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh17D4.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
www.AUTOdiagnostika.lv
Online updates
Online updates
Page 1 of 3
Top Previous Next
Updating The program has opportunity to receive the update files in online mode. Connect the hardware to PC. Be sure the PC has internet connection. Choose menu item Help - Gambit online updates:
The following window appears:
Click the upper button:
The program checks the newest version on web site and compares with the actual current version. In case the versions are equal the results are as shown here:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh3148.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Online updates
www.AUTOdiagnostika.lv
Page 2 of 3
In case the versions not equal the result is another:
All positions marked as “You have old version� should be updated. Click button to download the new software Gambit.exe
and specify directory you want to save the downloaded file. The program starts the downloading process of the new software.
Do not specify directory that already contains the Gambit.exe file. After software downloading completes close the program and replace the old Gambit.exe file with the new one. Now updating of the software is fully completed. Run the new Gambit.exe and download the new hardware version:
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh3148.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Online updates
www.AUTOdiagnostika.lv
Page 3 of 3
Specify the directory where the file will be saved. The program starts the downloading process of the new hardware file.
You may save hardware file with any name. The downloaded hardware file should be uploaded into the programmer. Follow the menu item Tools - Utilities - Update hardware and perform updating. See how to update hardware.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh3148.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Memory Organisation in eeprom
www.AUTOdiagnostika.lv
Memory Organisation in eeprom
Page 1 of 6
Top Previous Next
Dump format understanding That it is necessary to know at work with the 93xx series of eeprom.
Physically there are three main types of memory: eeprom inside of a processor and two types of external memory, they are memory as eeprom chip and flash memory. It is enough frequently for creation of a key that it is necessary to obtain preliminary data from memory of an immobilizer. Usually immobilizers have memory inside the processor or in the external eeprom chip.For this purpose there are the special devices named programmers. In this article mathematical aspects of representation of memory will be considered. As the Gambit working in a Key Maker mode operates with a dump of memory of an immobilizer (at a mathematical stage), the technician should have concept about standards of models of memory. There are two memory image standards: the Little Endian (e.g. Intel) and the Big Endian (e.g. Motorola). These terms are used to describe the order in which bytes are stored in memory. In Big Endian byte ordering, the most significant byte is stored first and in Little Endian byte ordering, the least significant byte is stored first. The byte ordering in read dump depends on a programmer type. The difference of these standards can be seen on following example: Little Endian
Big Endian
The difference between these dumps is the byte ordering. There is a great amount of manufacturers in the world which produce programmers. These devices use this or that standard of memory image. It is very important to know which standard is implemented in the programmer while it prepares a dump for the Key Maker function. The greatest problems arise at work with the 93xx series of eeprom because of various programmers differently read this chip.
The Key Maker assumes that the dump has Little Endian byte ordering.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh51FF.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Memory Organisation in eeprom
www.AUTOdiagnostika.lv
Page 2 of 6
Let's assume that the technician used the programmer with Big Endian while the Key Maker expects the data according to the Little Endian standard. The key data that to be written in a transponder is allocated on address 0x10 and has length of 8 bytes. Key Maker reads data on address 0x10 and puts it into transponder memory in the byte ordering that is expected: FE13 0F05 05EF 8985 (transponder data is wrong, the key will not be accepted by immo) Actually the true byte ordering is other: 13FE 050F EF05 8589 (transponder data is true, the key will be accepted by immo) To resolve this problem the technician should perform the "swap byte" operation with the dump after memory reading.
In case the Key Maker displays message "Note: Dump Autoswap" any format is allowed.
The swap byte operation changes the byte ordering from one standard to another. How it is possible to know beforehand what standard supports a programmer? There are some ways to do this. First of all try learn it from documentation of the programmer. Another way is to compare the target data of the programmer to the known programmer that uses known standard. As example PonyProg programmer implements the Big Endian standard and Omega Orange the Little Endian. Another side of this problem is that 93xx series of eeprom provides two modes of operations. They are the 8-bit format and 16-bit format. Modern programmers support both these modes. If a techician reads an eeprom separately as 8-bit and as 16-bit format and compares produced dumps he can find that there is difference between the both dumps. The difference is byte ordering. To reduce a problem of standards we recommend to read the eeprom always as 16-bit format. It is necessary to remember that memory organisation of eeprom depends on the logical level on pin ORG of the chip. Usually if we are working with the 93xx series the ORG pin is 6-th pin of the chip. Zero level at ORG pin selects the 8bit mode and the High level selects the 16-bit mode. Usually immobilizers use the 8-bit mode and therefore the ORG pin is connected to the ground. In case of a technician tries to read the eeprom by in-circuit method he should desolder the ORG pin and apply high logical level on it. For this reason we recommend to not work in-circuit method. Instead of this desolder the chip from the pcb-board and place one on a programmer. After this operation reading in 16-bit mode runs without any problems.
Cloning of Keys
Top Previous Next
As is known some types of immobilizers use the fixed code of a key which does not vary in due course. Such codes can be copied from one key to another. One of variants of copying has been considered in section Step1 of the Tutorial Megamos chapter. In those example the original key based on the Megamos chip all over again has been read and then copied in the PCF7935 chip.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh51FF.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Memory Organisation in eeprom
www.AUTOdiagnostika.lv
Page 3 of 6
In this article we shall consider sequence of operations which will allow to copy a key of the Alfa Romeo 145. Keys of Alfa Romeo contain PCF7930 transponders in fixed mode. First of all the original key should be read. Let's assume at reading the following dump has been received (mode PCF7930 or PCF7935):
Save the dump and open one with any HEX-editor program. It is completely clear, that a transponder transfers only one block of the data. Let's leave in the dump this block of the data and other areas we shall replace on 0x00:
Now it is necessary to adjust the chip so that it transfers only the block 3. For this purpose we shall change in appropriate way area of a configuration. These area is the 0x1E and 0x1F addresses in the dump. In detail this area has been discussed in section Step2 of chapter Tutorial 7935.
Save the edited dump and return to the Gambit. Select PCF7935 or PCF7930 chip and load the edited dump ( FILE – OPEN ). The dump appears in hex editor window of Gambit. Put the clear transponder into programmer and click WRITE button. After writing operation finished the new transponder works as well as the original key.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh51FF.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Memory Organisation in eeprom
www.AUTOdiagnostika.lv
Page 4 of 6
This simple method can be applied to many types of vehicles. See how to clone Temic See how to clone Megamos
Transponder proper placement
Top Previous Next
Transponder positioning relatively to the antenna of the programmer. The transponder should be positioned as close as possible to the center of the antenna of the programmer. The antenna is a coil inside of the device. The coil has a hole for transponder placement. An ideal case is the transponder placed directly into the coil through the hole. In practice, the often situation is the transponder already implanted into a key. In this case insertion of the transponder into the hole is impossible. The antenna has limited working radius however it allows proper operations in most cases. Some manufacturers release keys with the wide handle and with the transponder displaced to its edge (as example, old AUDI ‌ 1996 key). This case is illustrated on picture 1. The distance between the transponder and the center of the coil is larger than working radius of the antenna. At such arrangement communication with the transponder can be non-stable or completely impossible. To position a key as shown in figure 2 it is impossible because of its mechanical shape. The compromise solution is to arrange a key horizontally above the hole as it shows picture 3.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh51FF.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Memory Organisation in eeprom
www.AUTOdiagnostika.lv
Page 5 of 6
Various types of transponders of various manufacturers have various sensitivity. Also transponders in due course can change the parameters (to degrade), including sensitivity.
Hardware Operations
Top Previous
In this article we shall show as correctly to connect the Gambit device to PC and to start the program.
Start of the program Starting position: the PC runs also the program is not started, the device is unplugged. Plug the programmer in USB port. Wait for a few seconds.
This time is necessary for Windows for search the driver. Usually this time is about of 3-5 seconds.
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh51FF.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.
Memory Organisation in eeprom
www.AUTOdiagnostika.lv
Page 6 of 6
In case you have speakers connected to PC after the driver found you’ll hear a sound signal. Run Gambit.exe After hardware found the main window appears.
Closing of the program Close Gambit.exe by clicking EXIT button in right bottom corner. Unplug hardware form USB port. In case you have speakers connected to PC after the device unplugged you’ll hear a sound signal.
Do not leave the hardware connected to PC for a long time during Gambit.exe stopped. Otherwise in some hours of such state the Windows can disconnect the driver. If it has taken place, start of the program will fail. • Disconnect the device from USB port for some seconds and then plug in again. • Wait for a few seconds. • Run Gambit.exe
www.AUTOdiagnostika.lv file://C:\Documents and Settings\pavelnieks\Local diagnostic equipmentSettings\Temp\~hh51FF.htm reviews and manuals
www.AUTOdiagnostika.lv diagnostic equipment reviews and manuals
2010.12.13.