ADVrider

Go Back   ADVrider > Bikes > GSpot > Parallel Universe
User Name
Password
Register Inmates Photos Site Rules Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Search this Thread Display Modes
Old 10-16-2008, 03:31 PM   #31
MonsterJ
I have motopsychosis
 
Joined: Sep 2008
Location: Bay Area, CA
Oddometer: 262
I still think I'm gonna give it a shot. Anything electronic can be defeated. I've got an electrial background as well as few good firends that are electrical engineers in the aviation industry (and motorcyclists themselves) who are going to give me a hand.

So could you point me to that flow chart? Anyone have a detailed .PDF of the bike's schmatics? TIA!
__________________
-Nooner

Temple, TX -> Cape May, NJ -> Mobile, AL -> ECity, NC -> Kodiak, AK -> Mobile, AL -> Sacto, CA -> Cape Cod, MA -> New London, CT -> San Francisco, CA -> Juneau, AK (summer of '13) -> where to next?
MonsterJ is offline   Reply With Quote
Old 10-16-2008, 04:10 PM   #32
Slappy McGee
Fatty Fat
 
Slappy McGee's Avatar
 
Joined: Jan 2006
Location: South Caccalacca
Oddometer: 593
Quote:
Originally Posted by MonsterJ
I still think I'm gonna give it a shot. Anything electronic can be defeated. I've got an electrial background as well as few good firends that are electrical engineers in the aviation industry (and motorcyclists themselves) who are going to give me a hand.

So could you point me to that flow chart? Anyone have a detailed .PDF of the bike's schmatics? TIA!
Can't remember where I came across the flowchart, but from memory it goes something like this.
  1. Key inserted
  2. Start button pressed
  3. Computer reads keycode via antenna ring (note, the ring is "dumb" and doesn't actually have any logic, it's just like the antenna on your car hooked to your radio. The actual "logic" happens in the radio) Let's say the computer reads code 1234 from the key.
  4. Computer passes code 1234 to encrypted section of ROM. Undocumented/unpublished (for security reasons) functionality occurs here which passes "yeah" or "nea" to the rest of the computer.
  5. If yes, computer allows the engine to start.
  6. If no, the computer will not allow the engine to start (i.e. no fuel pump, no current to spark plugs, etc).
Point of the matter is, the "magic" happens in the bike's computer, so there is nothing to bypass or rewire, you would need to write new firmware for the bike's computer, and the section dealing with the key codes is in a supposedly "unmodifyable" encrypted portion of the ROM. This is specifically done to be as "unhackable" as possible, so as to prevent the average thief (or engineer for that matter) from bypassing the system. There's also supposedly logic to lock down the engine after some number of keycodes being passed, so if you had a code generator passing keycodes the system would lock up after X number of attempts.

Not trying to disuade you, and I agree anything can be defeated with enough time and money, but I can't see anyone coming up with a solution more compelling than a $40 spare key ring. Any solution would have to involve either

a) decrypting the special section of the ROM
b) figuring out how to modify the supposedly unmodifyable above, once you decrypted it
c) rewiring and loading new firmware onto the bikes ECU, violating warranty and presumably making future BMW updates incompatible

-OR-

a) disabling the computer altogether
b) completely rewiring the bike without the ECU (i.e. whole new electrical system)

Either would certainly induce more instability in the system than exists in the antenna ring, and cost way more than $40.

The benefits (no $40 part) far outweigh the cons (unsupported firmware on the bike's computer, which also controls every other function that makes the bike run, from brake lights to ignition timing -OR- a complete rewiring of the bike).
Slappy McGee is offline   Reply With Quote
Old 10-16-2008, 05:07 PM   #33
]I)Money
D NOT I
 
]I)Money's Avatar
 
Joined: Mar 2006
Location: Central central.
Oddometer: 3,548
Quote:
Originally Posted by Slappy McGee
Can't remember where I came across the flowchart, but from memory it goes something like this.
  1. Key inserted
  2. Start button pressed
  3. Computer reads keycode via antenna ring (note, the ring is "dumb" and doesn't actually have any logic, it's just like the antenna on your car hooked to your radio. The actual "logic" happens in the radio) Let's say the computer reads code 1234 from the key.
  4. Computer passes code 1234 to encrypted section of ROM. Undocumented/unpublished (for security reasons) functionality occurs here which passes "yeah" or "nea" to the rest of the computer.
  5. If yes, computer allows the engine to start.
  6. If no, the computer will not allow the engine to start (i.e. no fuel pump, no current to spark plugs, etc).
Point of the matter is, the "magic" happens in the bike's computer, so there is nothing to bypass or rewire, you would need to write new firmware for the bike's computer, and the section dealing with the key codes is in a supposedly "unmodifyable" encrypted portion of the ROM. This is specifically done to be as "unhackable" as possible, so as to prevent the average thief (or engineer for that matter) from bypassing the system. There's also supposedly logic to lock down the engine after some number of keycodes being passed, so if you had a code generator passing keycodes the system would lock up after X number of attempts.

Not trying to disuade you, and I agree anything can be defeated with enough time and money, but I can't see anyone coming up with a solution more compelling than a $40 spare key ring. Any solution would have to involve either

a) decrypting the special section of the ROM
b) figuring out how to modify the supposedly unmodifyable above, once you decrypted it
c) rewiring and loading new firmware onto the bikes ECU, violating warranty and presumably making future BMW updates incompatible

-OR-

a) disabling the computer altogether
b) completely rewiring the bike without the ECU (i.e. whole new electrical system)

Either would certainly induce more instability in the system than exists in the antenna ring, and cost way more than $40.

The benefits (no $40 part) far outweigh the cons (unsupported firmware on the bike's computer, which also controls every other function that makes the bike run, from brake lights to ignition timing -OR- a complete rewiring of the bike).
The other possibility would be to design a part that constantly fed "1234" to the computer, but I can't believe that it would be cheaper (or more reliable a solution) than carrying a $40 spare.
__________________
Quote:
Originally Posted by wxwax
Yes, but everything you've ever posted in the basement indicates that you're certifiably crazy, so you don't count.

"Another road remains, but it provides no more. It can only take us away"
]I)Money is offline   Reply With Quote
Old 10-16-2008, 10:33 PM   #34
big adv
I need supervision
 
big adv's Avatar
 
Joined: May 2007
Location: Kelowna, BC. CND
Oddometer: 1,072
The system is a bit more complex that that, you cannot simply 'supply the same 1234 code' to the ECU constantly. It uses a rolling code system with two way interrogation of the chip in the key. This system has been used for years (10+) in the auto business. The system is very reliable and very difficult to defeat. BMW simply got a bad batch of the antenna rings, they recalled them and all is good, only 07 and early 08's were affected.

If you would like a detailed wiring diagram of the system, just draw a box on the right side of a piece of paper, label this 'BSM-K', on the left draw another box, label this 'antenna', now draw four lines parallel to each other that connect the two boxes. The top wire is 15(switched power), the bottom is 31(ground) the middle two are MS-CAN hi and low.(medium speed contoller area network signal hi, low) Thats it the whole system, let us know how you make out.


The actual way the system works is like this;
Turn the key to the run position
-power is supplied to the antenna coil windings via 15 and grounded via 31, this creates a electromagnetic field around the coil(which surrounds the ign cylinder)
-this field powers the chip in the key, turning it on.
-at the same time the eng ecu powers up
-now the eng ecu interrogates the key to see if it is authorized.
-it asks for an authentication code and then a conformation code(double incripted rolling)
-if all is good then the eng ecu will boot
-if not, it will not start and display an 'EWS' warning.

Hope this helps,

Earl
__________________
BA

My dad's a TV repair man, he has an awsome set of tools. We can fix that!


big adv is offline   Reply With Quote
Old 10-17-2008, 12:01 PM   #35
blackie
Still Hibernating
 
blackie's Avatar
 
Joined: Dec 2007
Location: Cowgary, AB
Oddometer: 434
Quote:
Originally Posted by Slappy McGee
Here's the list I have thus far. Let me know if I missed anything.

Requirement

Use

Tool

  • Torx T10
Misc Fasteners

Wiha Topra Torx Driver Set 28295

  • Torx T15
Misc Fasteners

"

  • Torx T25
Misc Fasteners

"

  • Torx T30
Misc Fasteners

"

  • Torx T45
Misc Fasteners

Craftsman socket

  • Torx T50
Misc Fasteners

Craftsman socket

  • Metric Hex Bits
Misc Fasteners

Generic bits for topra driver

  • Philips bits
Misc Fasteners

Generic bits for topra driver

  • Slotted bits
Misc Fasteners

Generic bits for topra driver

  • 3/8" Drive Ratchet
Sockets



  • Ratchet Extension
Misc



  • 17mm Socket
Front Wheel



  • Spark plug socket
Spark plug removal

????

  • 10mm Wrench
Misc



  • 13mm Wrench
Chain adjusters



  • 22mm Wrench
Rear wheel



  • Torx E8 Socket
Handlebars



  • Torx E10 Socket
Gear lever



  • Adjustable Wrench
Misc

Craftsman Pro

  • 3 Tire levers
Tire repair

Aerostich Ti Levers

  • Valve Core Tool
Tire repair

Camel Valve Core Tool

  • Air pump
Tire repair

Compressor

  • Tire Patch Kit
Tire repair

Generic patch kit

  • Locktite
Misc

Locktite Blue

  • LED Headlamp
Misc



  • Tiewraps
Misc



Thats a good list you got going there.
The optional service toolkit for includes a E12 Torx socket. Haven't quite used it so I have no idea where that is used....yet..
see this thread
http://f800riders.org/forum/showthread.php?t=19565 post#8 for the list of tools provided in the optional service kit.
__________________
2008 F650GS Twin
blackie is offline   Reply With Quote
Old 11-05-2008, 07:35 PM   #36
Desert Dave
Enjoying the moment
 
Desert Dave's Avatar
 
Joined: Aug 2004
Location: Tracy, CA
Oddometer: 2,688
Just going over my toolkit for the 800 and realized that the front axle takes the same size hex as my Strom. Same tool for both. Never have upgraded since I did my first tire change and am still using a bolt with a 3/4" head (1/2" thread) and a nut jammed. Simple an it works well.
__________________
See what I've been up to! Ongoing Ride Report



Desert Dave is offline   Reply With Quote
Old 11-05-2008, 08:27 PM   #37
Motoriley
Even my posing is virtual
 
Motoriley's Avatar
 
Joined: Feb 2003
Location: Deepest darkest burbs of Montreal
Oddometer: 2,670
Tools

Thanks for putting this list together. Really only need the E torx bits so far.
__________________
04 Toyota Sienna, new wipers for 2011!!
Electricity (120 AC), Indoor Plumbing, new kitchen tap for 2010!!!
Color tube TV, Microwave Oven (yes she rotates!),Washer & Dryer,Paved Driveway,
Website - http://www.apormc.com/
Vids - http://www.youtube.com/user/Motoriley?feature=mhum
Motoriley is offline   Reply With Quote
Old 12-01-2008, 08:21 PM   #38
ColoradoKID
Yo!!
 
Joined: Dec 2008
Location: Denver, CO
Oddometer: 27
F800 GS Tool Kit For Sale

It's not cheap ($179) but if you don't want to spend hours in the hardware store this could be a sweet deal. They claim to have all of the required tools for every fastener on the bike... Oh - and it fits under the seat!

http://www.advdesigns.net/f800gstoolkit.html

ColoradoKID screwed with this post 12-01-2008 at 08:39 PM
ColoradoKID is offline   Reply With Quote
Old 12-01-2008, 11:26 PM   #39
tmex
Beastly Adventurer
 
tmex's Avatar
 
Joined: Apr 2006
Location: NorCal
Oddometer: 2,039
Quote:
Originally Posted by Desert Dave
Just going over my toolkit for the 800 and realized that the front axle takes the same size hex as my Strom. Same tool for both. Never have upgraded since I did my first tire change and am still using a bolt with a 3/4" head (1/2" thread) and a nut jammed. Simple an it works well.
Dave the front axle does not screw out like it does on the 12GS. It just slides out after the end bolt on the left side is removed, and the pinch bolts are loosened. The hex shape on the the right side is superfluous.

I have had three issues with the toolkit as listed so far.

1> The speed sensor on the rear wheel has very little clearance for the torx bit, and a small 1/4" extension is needed to remove it without having the torx bit at a slight angle which risks stripping. The speed sensor should be removed when removing the rear wheel.

2> I found a small wooden or plastic dowl handy for tapping out the front and rear axles (with the largest wrench you have acting as a hammer) to the point where they are flush at the driven end. Makes removal much easier. Probably not esentially, but a nice to have. In the garage I would simply use a plastic mallet.

3> This is really a nitpick, but include a small shop rag or two to wipe your hands and to place parts on if you are disassembling things in the dirt.
__________________
my favorite bike - R1200GS
tmex is offline   Reply With Quote
Old 12-02-2008, 10:35 AM   #40
Bucko
In a parallel world
 
Bucko's Avatar
 
Joined: Mar 2004
Location: South Coast, CA
Oddometer: 817
Quote:
Originally Posted by ColoradoKID
It's not cheap ($179) but if you don't want to spend hours in the hardware store this could be a sweet deal. They claim to have all of the required tools for every fastener on the bike... Oh - and it fits under the seat!

http://www.advdesigns.net/f800gstoolkit.html
I see that kit uses the Motion Pro 24mm socket/tire spoon combo. I ordered one of those and wasn't happy at all with how it (didn't)f it the rear axle nut. Because the wrench is aluminum, it's too thick around the socket to fit in the tight space around the nut. Luckily, my DR-Z came with a neat steel wrench that I've transferred to the GS.
Bucko is offline   Reply With Quote
Old 12-02-2008, 11:35 AM   #41
AdvDesigns
Adventurer
 
Joined: Oct 2006
Location: NorCal
Oddometer: 57
F800GS Tool Kit

We have a F800GS that we have been testing the Adventure Designs tool kit on for more than a month. We took most of our F800GS apart just to make sure the kit worked as described. The Motion Pro 24mm combo lever does not need to be used to remove the wheel. The kit comes with a 24mm socket for the axle and oil plug. Best of all, the entire tool kit fits under the locked seat with your manual and insurance papers!
__________________
1993 DR250 (sold)
2003 1150 GS Alpine White (sold)
2006 R1200GSA Silver
www.AdvDesigns.com

AdvDesigns screwed with this post 12-02-2008 at 03:33 PM
AdvDesigns is offline   Reply With Quote
Old 12-02-2008, 11:50 AM   #42
spoof
on backwards
 
spoof's Avatar
 
Joined: Oct 2003
Location: Santa Fe, NM
Oddometer: 299
Quote:
Originally Posted by AdvDesigns
The Motion Pro 24mm combo lever does its job. It fits the axle nut sufficiently when you are out on the road/trail and in a bind.
And can you confirm that the one in your kit fits the oil drain plug? I held an aluminum Motion Pro 24 mm level up to the plug and it didn't fit into the recess to grip the plug.
__________________
agitate*contemplate
spoof is offline   Reply With Quote
Old 12-02-2008, 12:26 PM   #43
DolphinJohn
Not Fragile
 
DolphinJohn's Avatar
 
Joined: Mar 2007
Location: Nature Coast, Florida
Oddometer: 3,901
Quote:
Originally Posted by spoof
And can you confirm that the one in your kit fits the oil drain plug? I held an aluminum Motion Pro 24 mm level up to the plug and it didn't fit into the recess to grip the plug.
The list of ingredients on the website has a 24mm socket for oil drain.

My questions are:
Socket for spark plug included?

Long extension included?

These items are pictured but not listed in ingredients.
__________________
_________________________________

My Ride Reports
DolphinJohn is offline   Reply With Quote
Old 12-02-2008, 12:42 PM   #44
AdvDesigns
Adventurer
 
Joined: Oct 2006
Location: NorCal
Oddometer: 57
kit questions

Yes, a 24mm socket is included for the drain plug. The kit also includes the long 6 inch extension and the spark plug socket as pictured. We will update the parts list on the web-site. Thanks for pointing the clarification out.
__________________
1993 DR250 (sold)
2003 1150 GS Alpine White (sold)
2006 R1200GSA Silver
www.AdvDesigns.com
AdvDesigns is offline   Reply With Quote
Old 12-02-2008, 01:43 PM   #45
DolphinJohn
Not Fragile
 
DolphinJohn's Avatar
 
Joined: Mar 2007
Location: Nature Coast, Florida
Oddometer: 3,901
Quote:
Originally Posted by AdvDesigns
Yes, a 24mm socket is included for the drain plug. The kit also includes the long 6 inch extension and the spark plug socket as pictured. We will update the parts list on the web-site. Thanks for pointing the clarification out.

Thanks.

it would be nice to have everything stowed under the seat
__________________
_________________________________

My Ride Reports
DolphinJohn is offline   Reply With Quote
Reply

Share

Thread Tools Search this Thread
Search this Thread:

.
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


Times are GMT -7.   It's 12:20 PM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright ADVrider 2011-2014