Prior to reading or flashing any controller, the EFILive software performs a security negotiation with the controller for permission to access the controller. In the past, the security negotiations were implemented using a simple challenge-response process.

In 2017 GM began modernizing and hardening their controllers' security negotiations which is now far more complex and virtually impossible to automate within the EFILive software. This means the end user must now concern themselves with the security negotiations prior to reading or flashing one of these new controllers.
  • It takes on average about five days to find the correct security code on a controller that use GM's previous security system.
  • It would take on average about 174,000 years to find the correct security code on a controller that use GM's new, hardened security system.
  • Over 1 trillion possible security codes exist and guessing the correct code used on a particular vehicle is virtually impossible.
EFILive software now has a controller-authorization module that helps you manage the data required to gain access to your controller.  The Controller Authorization documentation provides detailed instructions, however the basic process requires users to:
  1. Attempt to read or flash the controller to obtain the unauthorized auth-code. Because the controller is not yet authorized, the read or flash will fail with the error message: $0552 Reading and flashing are not yet authorized for this controller.
  2. Send the Unauthorized auth-code to an authorization code provider to obtain an Authorized auth-code.
  3. Enter the Authorized auth-code into the EFILive software.
  4. Continue to read or flash the controller using the normal EFILive process.
Controller auth-codes can be moved between PC's and FlashScan and AutoCal easily and efficiently.   To assist with smooth software integration, EFILive will process Controller Authorization codes during the beta phase of this implementation.  These will be processed manually during regular New Zealand business hours at a cost of US$50 per auth-code.  

Given the location of EFILive and associated time zone differences for many of our customers, "authorization code providers" will be able to issue auth-codes independent of EFILive.  Authorization code providers will most likely charge a service fee to cover their costs.
  It is expected that in most cases auth-codes will be authorized and returned to customers on the same business day, but you should allow one standard business day to receive your authorized auth-code.  Current authorization code providers are listed in the documentation. 


Controller Authorization is required on the following controllers: