I've been mucking around with the CAN-BUS side of the FDIM, but really I have not gotten anywhere.
I do now know there's more to the AS-BUILT files in the various units in the car, you can read data by-ID and it's got heaps more stuff in there, that also includes the AS-BUILT data and more. You can't really change anything though without going into security modes higher than "default". To do that, you can request a higher mode, you get a few bytes of "seed" data which you can calculate a "key" to respond with.
This was all cracked by a couple of Uni doctorates in 2010 or 2011. I've heard Ford changed the algorithms in 2011/12, probably because of their work. You can still download their PDF on the topic now. Not much else is available on it all though. I did find this however, which has all the keys (407 of them, but there's quite a few duplicates)...
https://sec.sipsik.net/CarHacking/co.../brute_keys.py
It has all the pre-2011 keys.
I've attached a .txt version here. It's the only file I could find on the Internet that contains all the keys.
But none of them open up the FG2
ICC.
This is a real shame, I was doing this because I think once you unlock it, then it's possible for you to run a file from a USB stick called "/image-usb-recore/recore.sh" that all the firmwares have as a "last resort".
Clearly you don't want to "recore" your device without all the files, but, this was a hack-vector into running your own script on these units without removing it from your car. Your own back-up or restore commands etc...
Seems to be properly locked down now though. If the algorithm has changed, I'd need a full firmware dump to get any closer to the goal... As I say, a real shame.