When the ECU in my Subaru blew, I bought an identical used unit for about $100.
At first I did a blind try of the replacement ECU... and of course it threw codes and car would not crank. Security lockout feature. To avoid dealer re-programming of all security codes in the car and re-matching the keyfobs...
I just moved the little 8-pin EEPROM over from my original ECU to the "new" replacement ECU. I figured all the critical car-specific configuration data was on that chip. I was right... The replacement ECU worked a charm, and never looked back. Of course, the EEPROM was not socketed, so this was a hot-air removal using a rework station.. but an 8pin SOIC is childs play.
I'm aware of where the network SIM card goes in the radio module of the Tesla premium (w/nav) daughtercard. That's one critical piece of ID that has to move over to get hooked up on Tesla net.
Where are Tesla's car-specific configuration ID's held on the CPU board... can they be moved over similarly? Even if un/soldering is required?
Maybe this is hopeless though, like if Tesla CPU board has a crypto-protected chip with hardware instance serial number burned into it, and that number is used to generate keys that are spread through the car.. then... eesh. That creates a "matching set" hardware lockout preventing module replacement.
I do recall a few releases back Tesla added encrypted software signatures on Application modules that spread around the car with updates... so they can verify these are Tesla certified pieces of (untampered) code operating the car at runtime. But I wonder if that mentality was in place on the hardware modules when they were baking them back in 2010?
