# TPROT PW dump on FXX MEVD 17.2.G



## packetpilot (May 13, 2016)

I'd like to know if anyone has any hints on how to rig the MEVD 17.2.G DME to have it dump its TPROT password (presumably 64bits expressed in hex) at boot.

I've got an MEVD split open with pin 19 able to ground (for boot mode) and I'm able to achieve ACK on the CAN bus (I have CAN data and CAN "password" pins bridged and communicative) but can't seem to sniff the TPROT password.

On E-gen MEVD 17.2.G DMEs, it appears as if jumping two pins (pin 51 from connector 1, and pin 6 from connector 2) with 120Ohm; would do the trick. This seemingly does not apply to FXX DMEs of the same board model.










It appears on F-gen DMEs, 1KOhm; resistor is needed on JTAG pins 1 and 5, although it seems as if jumping them (as had been the case on the image above) is not the right approach. (I haven't tested.)









For what it's worth, my hopes are to gain JTAG read/write capabilities using nothing other than Infineon's own freely-available software (MemTool/DAS) and inexpensive tools (DAP miniWiggler at ~USD100).

Thanks for any insights/pointers you can share.


----------



## reewerd (Dec 13, 2015)

Still need help?


----------



## aboulfad (Jun 5, 2015)

reewerd said:


> Still need help?


I don't think the OP figured it out, or that it's as easy as that using JTAG access. Do you think it's possible using the tools mentionned above and can you help?


----------

