Enhancement ideas for the bootstrap loader

[prj]

1. The bootstrap loader can be made almost fully universal by compiling for TC1.3.1. In fact you can on-the-fly detect which micro is used and act accordingly.
2. Implement a checksum routine so that unchanged sectors can be skipped, and the write verified.
3. Use LZMA or similar compression when sending data over the CAN, then de-compress and write on the fly. Even using 1mbit/s CAN speed your maximum actual data rate isn't that hot. Using compression and buffering helps.

[bri3d]

All good ideas, although I do not have any other Tricore HW to test with, I can read the data sheets to figure out the sector tables and register config.

Now that I can recover passwords, I finally have an incentive to improve this - this was really a very "quick and dirty" hack to be able to dump RAM, now that I can actually unlock the Flash on my bench ECU, I can start to work through that side of the code.

[prj]

I have a stack of them... I think the only thing I might not have is TC1766.

I also have a little device which allows to control the power to the ECU using the K-Line.
This can be used to restart the device, and if you standardize the protocol at least a little at some point, then a client can be written.

Of course for Bosch ECU's there's a full code execution exploit in the SBOOT. As funny as it is, that also needs a bootloader, which is in fact very similar to the hardware bootloader in many ways. Just the setup is different.
So it is possible to make something more universal. Not sure if you have the motivation to do it though :)