E92 PCM Reverse Engineering

Disassembly, Reassembly, Tools and devleopment. Going deep with Hardware and Software.
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: E92 PCM Reverse Engineering

Post by antus »

Good work!
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: E92 PCM Reverse Engineering

Post by antus »

Tazzi wrote:
bubba2533 wrote:I'm surprised you didn't write the entire kernel in C and compile it all at once. Was there any specific reason for that?

Another issue I'm seeing is that in the Ghidra disassembly a handful of times b (unconditional branch) instructions are viewed as the end of a function. This causes the decompiled view of the function to break the function decompiled view into multiple functions even though it should be one function. I'm going to download the latest version to see if that fixes anything.
Simple because I was unable to get it to understand that I was trying to run the entire code in RAM. I did ask questions on forums about it, but it doesnt appear it was designed to be like that, or at least I couldn't get it to be setup like that.
You could take the C kernel make system from pcmhammer, and swap over to the gnu ppc cross compiler https://gnutoolchains.com/powerpc-eabi/ The linker configuration to run from ram and side step around the traditional startup functions would be the same. So with just a little reconfiguration you could move straight on to the C code.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
bubba2533
Posts: 498
Joined: Wed Apr 11, 2018 8:50 am
cars: 03 Chevy S10 Turbo V6

Re: E92 PCM Reverse Engineering

Post by bubba2533 »

Ok, I have the compiler and I don't see a cpu that matches.

Here is the list the compiler gives:

Code: Select all

Known CPUs (for use with the -mcpu= and -mtune= options):
    401 403 405 405fp 440 440fp 464 464fp 476 476fp 505 601 602 603 603e 604
    604e 620 630 740 7400 7450 750 801 821 823 8540 8548 860 970 G3 G4 G5 a2
    cell e300c2 e300c3 e500mc e500mc64 e5500 e6500 ec603e native power3 power4
    power5 power5+ power6 power6x power7 power8 powerpc powerpc64 rs64 titan
Edit: It looks like this website gives a better description and perhaps just putting -mcpu=powerpc is the way to go with this cpu.
Last edited by bubba2533 on Thu May 04, 2023 1:37 am, edited 1 time in total.
LS1 Boost OS V3 Here. For feature suggestions post in here Development Thread. Support future development ->Patreon.
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: E92 PCM Reverse Engineering

Post by Tazzi »

Maybe just the generic PowerPC option?
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
bubba2533
Posts: 498
Joined: Wed Apr 11, 2018 8:50 am
cars: 03 Chevy S10 Turbo V6

Re: E92 PCM Reverse Engineering

Post by bubba2533 »

It compiled a very stripped down version of the kernel with no errors. So that's looking quite promising.
LS1 Boost OS V3 Here. For feature suggestions post in here Development Thread. Support future development ->Patreon.
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: E92 PCM Reverse Engineering

Post by Tazzi »

bubba2533 wrote:It compiled a very stripped down version of the kernel with no errors. So that's looking quite promising.
How large did the kernel become out of curiosity?
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
bubba2533
Posts: 498
Joined: Wed Apr 11, 2018 8:50 am
cars: 03 Chevy S10 Turbo V6

Re: E92 PCM Reverse Engineering

Post by bubba2533 »

I stripped it down to only a few functions just to minimize the scope of what I was doing so it's really small (268 bytes).

I just put it back into Ghidra and it looks really good so far.
LS1 Boost OS V3 Here. For feature suggestions post in here Development Thread. Support future development ->Patreon.
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: E92 PCM Reverse Engineering

Post by antus »

Yeah you dont need the most advanced cpu feature support, more features may save size, but a more baseline instruction set will still run fine. I dont know how much ram you have in that device, maybe its plenty and kenel size doesnt matter, but note that as soon as you turn on the optimisations it becomes really critical that you flag registers as volatile becuause otherwise the optimiser will think data is read last time in a register is still current and optimise things out that it thinks are having no effect, but they are. I had a go at this with the pcmhammer kernel but it got too complicated for me. If your serious about a ppc kernel it'd be worth trying to get this right from the start and being able to compile wiht optimisations at -O2
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
User avatar
Gatecrasher
Posts: 272
Joined: Sat Apr 25, 2020 6:09 am

Re: E92 PCM Reverse Engineering

Post by Gatecrasher »

Am I completely misunderstanding this code, or is the OEM reflash kernel just a gently massaged version of the NXP/ST C90FL standard software driver?
bubba2533
Posts: 498
Joined: Wed Apr 11, 2018 8:50 am
cars: 03 Chevy S10 Turbo V6

Re: E92 PCM Reverse Engineering

Post by bubba2533 »

Do you have a log of the kernel?

I’ll have to look into that standard.
LS1 Boost OS V3 Here. For feature suggestions post in here Development Thread. Support future development ->Patreon.
Post Reply