Cool 2GR-FE stock ECU has been hacked and the immobilizer can be removed!

check it out guys:

So a couple weeks ago someone contacted me to say that the IS350 ECUs were hacked and asked me about the 2GR-FE ecus again. Instead of ignoring it this time i contacted the vendor to see if the technique was applicable to the 2GR-FE. they were initially very friendly, i shipped them an ECU overnight and then they stopped responding to e-mails.

a few days later they said they'd be happy to help me out at the cost of about $4000 per ECU type.

needless to say, this was a bit of a shock and nothing like what we discussed.

so now i was armed with two bits of info: first it is actually possible and second i have some yahoo out there to prove wrong

With that motivation i brushed up my notes from a few years ago about this chip just being a rebranded renesas V850 chip. went and read all the unintended acceleration reports again for more information and then dusted out some of my old renesas gear.

Some more digging and it ended up being pretty easy to read the information from the chip. it also made me notice that the Toyota programming wizard files are not encrypted in any way.

So i ordered up a few "junk" ecus from e-bay and got to testing. it turns out the immobilizer is stored on a 2nd chip but it wasn't hard to figure that one out.

So once i cloned that and the other chip the "junk" ecu starts the engine just fine.

i did a cursory scan for some info and found a few things, the DTCs were somewhat obvious so i was able to remove all the automatic transmission and emissions DTCs so now i have a functioning CEL!.

I need to get the rev-limiter raised and then i'll offer this as a service.

Here's what the costs will be:
$100 remove immobilizer
$250 do any changes to the tune (that are currently supported of course)
$50 core charge if you want me to ship an ECU out before you return yours.

and if you end up wanting more changes done at a later date I will charge $80 for any of the allowed changes.

Currently I can do this to any Highlander ECU if you want to keep your immobilizer. or if you want the immobilizer removed i can do any ECU that has the part number 275036-0360 written on the circuit board. (as far as i know this is all highlander, avalon and sienna ECUs.) That will involve converting it over to being a highlander ECU since only the highlander calibration seems to support the no immobilizer calibration.

as for modifications i can do to the calibration right now:
1) remove unwanted DTCs
2) fix VVT-I maps to stop torque drop-off
3) raise redline

obviously more changes will come in time.

*update, 2nd video:

