LeX2K

I programmed the eeprom with the code from my original ECU to a new ECU. Car did not start, so swapping chips likely won't work either. Sorry for giving wrong info.

Can also confirm the programming and key learn procedure shows in this thread does not work correctly on a 2000 ES300. Inserting first master key does program but after that it will not register any new keys. Car does start with the first master key but the security light does not behave normally. Which is, insert key light goes out instantly. Inserting key causes the light to go out after about 5 seconds, like the programming procedure is not complete.

If anyone knows the proper procedure post it.

LeX2K

Made a programming header so I don't have to keep removing the eeprom can only remove it so many times before the PCB is damaged.


Liquid electrical tape blob to keep the wires stable


This is the eeprom dump from my car


After me trying to do the key learn on the flashed ECU


Definitely didn't work correctly.

Arsenii

Hello,

The FSM for a 2001 ES300 shows a bit of a different procedure for the Automatic Registration Mode than the one shared in the first post:

1. Right after the EEPROM is cleared, the Security Light will Blink until the first key is inserted into the ignition.
2. Start by Inserting the First Key, do not turn it, the Security Light should stay On.
3. The Security Light will remain On until the Programming is complete, after which Security Light should turn Off.
4. After the Security Light turned Off, take the key out, the Security Light should start Blinking.
5. Start the procedure over by Inserting Next key in the Ignition.

It seems like the procedure is designed in such a way that you have to have All 3 keys on hand to get registered correctly. As before, the Last key used in the Automatic programming becomes a Valet key even if it is physically cut as a Master Key, meaning that it could start a car, but it can't be used to program any new keys.

The manual mentions that you can terminate the procedure without registering all 3 keys, but the wording is not all that clear, and it will require a proper scan tool, below is a quote from the manual.

Hope this helps and best of luck!

LeX2K

I'll give that a try although that is basically what I attempted. I have 2 master keys and a valet key, the originals that came with the car. I'm wondering if the transponder is remembering the keys, and I put in the 2nd master key instead of master #1. My main key could actually be the 2nd master. Not sure that's just a guess.

But now that I can program the ECU *****-nilly until the cows come how I can experiment. The way I read the force completion procedure is either/or. Brake pedal or scan tool.

Arsenii

Interesting.. You mentioned that only the first key programs, all the rest fail, how it manifest itself, does the light show any different behavior? They do have the light flash codes 2-1 or 2-2 in case if the registration fails for whatever reason..

I would be quite bemused if it is the case, I am pretty sure all the key does is store its unique identification code, as even Valet keys are only made so by different bitting and different programming into the car, they have the same exact transponder. That said, I've heard of cases with some VAG models where if you program a key into a different car, it would stop responding to the car it came with originally, again, for whatever reason..

Could be, but usually they are a lot more upfront about it, not listing it as a second step, can't hurt to try though ... I guess..

Uhhh, careful not to trigger that Nuke-Mode, it usually comes with a big red button..

Hope this helps and best of luck! (May need it this time)

LeX2K

First one programmed as expected light went out. After that, light stayed on computer never acknowledged the next key(s).
Look at the images I posted of the rom dump from my car and the programming attempt some of the values are the same. In different places but same values.
Transponder key/chip is supposedly powered by RF meaning the chip itself can be programmed. At least according to what I've read.
To be blunt, when it comes to software Toyota is hopeless. Techstream looks like something straight out of 1996.

Arsenii

There are a few observations about the ROM dumps that you posted, comparing them to the ones that were broken down by speedkar9 - it seems like the reason behind the strange light behavior is that the key you did manage to program went in as a Valet Key, not a Master, could be a result of the procedure being terminated prematurely. Though as for the argument about the order of the keys, it seems like you got lucky and ended up trying the key that was Master 1 in your original ECU, even though it is stored as Valet now.

Other than that, parameter 0x00000040 - 0C shows the number of keys stored in the system as an inverse hex, you have FF after an attempted programming, which means no keys stored, and your original ECU with I am assuming 3 factory keys stored is FC. Not only that, this parameter is shifter one row to the Right in the New ECU, being in 0D column this time instead of 0C, I wonder if was placed in the correct row during the cleanout, as it still indicates that you have no keys stored, even though you do have one Valet key recorded in the system.

I know you tried flashing the EEPROM with the dump from the original ECU and it didn't work, but have you tried altering the dump from the New ECU to the values of your keys from the Original ECU, as EEPROM usually stores a lot more than just key values, which could be the reason behind the car not starting. You only need to add at least one Master key, after that you will have all the freedom to add the rest of the keys the *normal* way.

Would be interesting to try the Second key first then, might not be the order that matters as established above, but an issue with that second key specifically, messing with the procedure, then if it fails right away, you will know why. Also, as far as I understand it, the light should start flashing after you take out the first key while waiting for the next one, only staying on after the key is inserted. When there is no key in the lock and the light keeps flashing, it could be flashing out an error code of some sort, the manual is pretty vague about both the codes and their meaning however, only mentioning their existence as a whole..

Yeah, that one's tough to argue with..

Though go tell that to Mercedes from early to mid 2000's, I doubt they changed much since then. Coming to think of it, I can't recall any factory diagnostics equipment that would be usable, let alone good, not off the top of my had that is, Toyota is not the worst in this tournament, for better ... or for worse..

Hope this helps and best of luck!

LeX2K

I'll be trying this next go round. The values I wrote to the donor ECU from my original make the donor identical to the original, programming wise. I verified this by writing the eeprom then saving it to a file. Then compared files. They were identical.

It did seem like the first key programmed as a valet now that I think about it, when inserted the security light stays on for a bit then goes out (I'm not in programming mode, regular car operation) that is exactly how the valet key behaves. Still would like to know why there are two identical eeproms but I don't feel like desoldering it and checking if it clones the first eeprom.

Arsenii

Well, the idea is instead of creating a carbon copy of the EEPROM from your original ECU, take the values that make up your keys from Original, and only change those in the New EEPROM, leaving everything else the same. That way, *theoretically*, you will have your keys programmed into your ECU, without having to jump the hoops with the Automatic procedure that doesn't seem to cooperate well.

You are in pretty unique position where you have the actual codes for all your keys already. Below is what makes up all your keys as per the post made by speedkar9, just a bit more concise. Try changing only those variables in the EEPROM dump that you got from the New ECU and see what happens, with any luck, you should have your keys programmed with none of the hassle.

If that won't play out, try adding only One of the keys, changing the Key Count to FE for 1 key, instead of FC for all 3 keys. Again, with any luck, you will have at least one Master Key programmed in, and you will be able to add all the rest of the keys with normal programming sequence from there should you need it.



The chart above is the reason I suspected it, as in your Second dump, the numbers that match Master 1 key are now in place of the Valet key, hence why I mentioned you getting lucky in the previous post, since now we know that you used a key stored as Master 1 in your Original ECU as the First (and as luck would have it, only) key during your attempt.

My best guess would be that it may be completely unrelated, storing something like driving habits or other presets, could be why you need a Scan Tool to reset those in newer cars instead of simply taking the Battery Terminal off like in the good old days.

Sorry if it sounds like beating a dead horse, just wanted to make everything clear.

Hope this helps and best of luck!

LeX2K

Great info thanks! I have some cool things to try.