[Turbotime]

I am new to tuning and mostly just using slave units whilst i learn what is needed to write my own files. Have a couple questions i have been unable to find the answer to. firstly the file kess reads from the ecu is this one of the ktag files (micro processor, eeprom, flash) secondly what are these three files. I think flash file is what the kess reads as file size is the same and if so what does eeprom and microprocessor hold data wise.

If two ecus share the same hw number but different software is it possible to change the software version to that of the other ecu (maybe eeprom or microprocessor)

lastly what is blending ecu files and how is it done i assume its editing a original file to match a modifed file with different software version?

Apologises if stupid questions or answered before, I have looked for these answers

---

I have two 1.8t vag ecus with different maps, one was locked out to obd reading so i managed to read the data via ktag and tried to write the other ecus backup into the locked ecu, data was written successfully but car doesnt run with the ecu unfortunately. Car belongs to myself and just using spare ecu to learn on.

[ABH]

I understand why you are asking. I didn't find clear info about this either, so I had to figure it out myself.

Using master tools, these are the files I get when reading an edc17cp44 (Tricore TC1797) in boot mode.
This ECU doesn't have external flash and EEPROM in emulated in internal TC1797 flash also.

Ktag backup:
============
filename.EPR 64 KB
filename.MCP 4,096 KB
filename 1,090 KB
"filename.EPR" is an uncoded binary file containing the full EEPROM.
"filename.MCP" is an uncoded binary file containing the full 4 MB internal flash of the TC1797 (including OTP areas).
"filename" is probably a compressed version of the full flash/eeprom.

Kess read:
==========
filename 4,161 KB
This file contains the micro flash (4 MB) followed by the EEPROM (64 KB).
There is a 238 byte header in the top of the file. The rest of the file (micro flash followed by eeprom) is ciphered by simple XOR scrambling.

Some ECUs (like the Tricore TC1797 based edc17cp44) have One Time Programmable (OTP) areas in flash. These areas can only be written once during factory programming. After factory programming they can only be read, not re-written. So, even if the HW of two ECUs are the same (same PCB, same components etc.), the individual OTP programming can effectively make ECUs with the same HW numbers different.
There is an encryption key stored in the OTP area. This key is used by the bootloader when doing normal reading/writing to the flash using VAS/ODIS and an official flash file like FRF or OSG.
"Boot mode" read/write (used by Kess/Ktag) circumvent this encryption/decryption step in the normal bootloader.

The EEPROM content is also matched to the OTP key. I.e. the ECU will only work with its original EPR file. The EPR file can however be modified (patched) in some areas and still work with the ECU. The EPR file is organized in blocks of 128 bytes and each block contains two CRC32 checksums that must be re-calculated when changes are made to the block.
The cars immobilizer is matched to the content of the EPR file. I.e. the Vehicle Indentification Number (VIN) stored in the immobilizer and the VIN stored in the EEPROM must match. In the EPR file the VIN is hashed by the OTP key and stored in a 16 bytes long "IMMO" block. The VIN is also stored in ASCII form in the EEPROM.
When an ECU from another car is to be used, you need to patch the IMMO block in EEPROM with a new block that has been calculated from your cars VIN and the OTP key of the new ECU. When the IMMO block is patched also new checksums must be calculated. The IMMO block is found in multiple 128-byte blocks in the EEPROM and all of them need to be changed. As an alternative to EEPROM patching the immobilizer can be disabled by patching the program code in the flash.
The new ECU can be flashed with another SW file to better match the original SW version of the car. The EPR file can however not be changed.