Mode 05/06 Usage

160 And 8192 Baud Aldl
Post Reply
manianac
Posts: 4
Joined: Mon Feb 23, 2015 12:18 pm

Mode 05/06 Usage

Post by manianac »

Does anyone have any logged data or OE reflashs using Mode 05/06 to write eeproms over ALDL?
User avatar
VL400
Posts: 4991
Joined: Sun Mar 01, 2009 2:54 pm
cars: VL Calais and Toyota Landcruiser. Plus some toys :)
Location: Perth, WA
Contact:

Re: Mode 05/06 Usage

Post by VL400 »

Mode 5/6 is to allow uploading your own code to the PCM RAM and then executing it. Log a flashtool write cal/bin (or get bin) of a VX/VY flash PCM as that is how I did them to read/write the flash memory. It would likely differ from the OE method, just looked through the PCM code to work out how to get the PCM responding, didnt have a bus sniff of a tech-2 operation.
manianac
Posts: 4
Joined: Mon Feb 23, 2015 12:18 pm

Re: Mode 05/06 Usage

Post by manianac »

Right, I figured I'd try to see if anyone had a decent method logged of how the manufacturers did it. Any would do, I could suit it to my needs. My problem is my Mode 06 packet is limited to a 33 byte payload, not enough to even erase and program a byte with whats needed to be done. I did find a factory routine for saving BLM/FreezeFrame to EEPROM which I'm thinking I'll try to use. I will say this is not a full flash ECU with security, this is an older one with a 2KB EEPROM. I have to erase every byte to $FF and then program what I need, takes quite a few precious bytes to do.

Just trying to not re-invent the wheel ;)

One thought I was considering was attempting to put a routine up in chunks and executing it after its been loaded. I only have roughly ~200 bytes to work with though (512 bytes RAM on this one)
User avatar
VL400
Posts: 4991
Joined: Sun Mar 01, 2009 2:54 pm
cars: VL Calais and Toyota Landcruiser. Plus some toys :)
Location: Perth, WA
Contact:

Re: Mode 05/06 Usage

Post by VL400 »

manianac wrote:My problem is my Mode 06 packet is limited to a 33 byte payload, not enough to even erase and program a byte with whats needed to be done.
...
One thought I was considering was attempting to put a routine up in chunks and executing it after its been loaded. I only have roughly ~200 bytes to work with though (512 bytes RAM on this one)
I had a similar problem, you are on the right track uploading chunks of code - I could get more than 33 bytes though so was a little easier. Basic idea is to upload a small section of code plus a fixed responder at the end of each chunk. I dont know what ECU you are working with but on the Commodore flash PCMs there is an address table of code that is always present. The address points to code for routines that can be used, one of which is frame transmit.

So I upload a bit of code (the first being a simple wait loop that handles the COP etc) and always tack the following on the end to get a response. The FFBD address is a bit of code in the PCM used to do the reply..

Code: Select all

; ----------------------
	; -- Upload Responder --
	; ----------------------
	ldaa	#0xAA			; AA For All Ok
	psha				; \ 
	tsy				; / Point IY To Response Byte
	ldaa	#0x06			; Mode 6
	ldab	#0x01			; 1 Byte
	jsr	0xFFBD			; Tx The Frame Using PreWritten Routine And Jump Vector
	pula				; Fix Stack
	rts				; Return To Caller

To overcome the frame size limititation and small amount of RAM, I upload code that always stays present handling all future incoming frames. This is capable of handling larger frames, so then when I upload various tasks (like the erase, write, read, checksum etc) they are only left in RAM while being used, replaced by the next task.
manianac
Posts: 4
Joined: Mon Feb 23, 2015 12:18 pm

Re: Mode 05/06 Usage

Post by manianac »

I didn't mention which ECU i was using as I didn't think there'd be any interest. Its a US GM Saturn ECU, has 32KB PROM, 512 bytes of RAM, and 2KB EEPROM.

I like the idea of using a Mode 05 Reply to make sure it uploaded correctly. I figure if anyone captures a OE update, it'd be nice to see how GM did it.
User avatar
VL400
Posts: 4991
Joined: Sun Mar 01, 2009 2:54 pm
cars: VL Calais and Toyota Landcruiser. Plus some toys :)
Location: Perth, WA
Contact:

Re: Mode 05/06 Usage

Post by VL400 »

Yeah it would be good to get a capture of a factory write operation to know how things are meant to be done, if you do get one can you post it up here?

Might be able to get something from the US guys over at gearhead EFI .. http://www.gearhead-efi.com/
manianac
Posts: 4
Joined: Mon Feb 23, 2015 12:18 pm

Re: Mode 05/06 Usage

Post by manianac »

I will ask them. Sadly I have no access to anything GM related (work in an import shop), but I will if i ever get one. Thanks for the help.
Post Reply