This article explores two different VCDS clone cables, comparing their hardware, installation process, and performance. We also delve into the process of reverse-engineering the firmware of a seemingly legitimate VCDS clone cable.
The first cable utilizes an Atmega162 chip, requiring a separate loader executable flagged as malicious by antivirus software. Despite being advertised as a V2 cable, it’s functionally a HEX-CAN cable, an older version. This cable, priced at $29, requires a potentially harmful loader, making its use within a virtual machine advisable.
Interestingly, a genuine Ross-Tech HEX-CAN cable also employs the Atmega162 chip. This might explain why counterfeiters chose this particular microcontroller.
The second cable, priced at $49, features an STM32F405 chip, similar to the genuine VCDS V2 cable. This version functions without a loader or modification to the VCDS software, operating flawlessly with an active internet connection. Performance-wise, it surpasses the genuine HEX-CAN cable in logging speed and overall responsiveness.
To further investigate, the STM32F405 chip was extracted and analyzed. Initially locked with RDP Level 2 protection, preventing debug access, the chip was successfully unlocked using a ChipWhisperer.
While RDP Level 1 remains active, memory dumping is achievable by glitching the RDP1 check during bootloader communication. However, this method risks accidental chip erasure due to the internal RC oscillator used for baud rate calculation. Switching to CAN communication, relying on the HSE clock, is planned for improved stability.
A video demonstrating the unlocking process is available: https://youtu.be/4JFo23tYOq0
Ultimately, while a genuine VCDS cable is recommended, this STM32F405-based clone offers a functional alternative for budget-conscious users. Keep in mind that future VCDS software updates requiring firmware updates might render this clone incompatible, limiting its use to version 20.4.1. This version, included with the cable, is confirmed to be the unmodified official release from Ross-Tech.
