Just finished writing the backbone of my flashtool last week. Can flash any MEDC17(presently only UDS based). Here’s a snippet of a EDC17C46 being flashed on bench:
It’s not just an FRF flash. Any modified file can be flashed(code and data area). An exploit in the bootloader is leveraged to allow RSA check(TPROT) to be bypassed and allow unsigned code to execute.
Presently using Tactrix Openport 2.0(J2534) as an interface and Arduino Due for logging CAN traffic.