Question for the Gurus

Posts: 41
Joined: Fri Jan 01, 2010 12:45 pm

Re: Question for the Gurus

Postby planethax » Thu Feb 04, 2010 5:40 am

So if I have this correctly I am needing to
Create a Bootloader for the INTEL FLASH chip to tell the MOTOROLA CPU to Dump the BIN to my peripheral device?


:wall:

Site Admin
User avatar
Posts: 6396
Joined: Sat Feb 28, 2009 8:34 pm

Re: Question for the Gurus

Postby antus » Thu Feb 04, 2010 8:10 am

I wouldnt be looking at a boot loader, no. While you could probably add some kind of boot loader to the code which could contain the option to dump the chip at startup the problem would be getting it on the flash chip in the first place, and it would not be standard. So, when you used it to upload a new bin, unless that bin was pre-patched with a bootloader you'd be back to square one. Most GM ecus have a method (after unlocking) of loading code to ram and executing it. So you'd be wanting to create the code that can run from ram to read/erase/write the flash chip. It may be possible to capture this code somehow from a bin update with a gm tech 2 or similar, or you could look at creating it yourself. If you could log a code update with a tech 2 then you'd see the whole process you need to implement.
Have you read the FAQ? For lots of information and links to significant threads see here: viewtopic.php?f=7&t=1396

Posts: 41
Joined: Fri Jan 01, 2010 12:45 pm

Re: Question for the Gurus

Postby planethax » Thu Feb 04, 2010 9:29 am

Hmmm, well most places I have read says that These PCms do not have the routine built in for reading/writing files, so we need a bootloader.

I do have a Tech2, maybe I'll see if my Elm will monitor DL while it is connected and then do a reflash and capture it all.

Site Admin
User avatar
Posts: 6396
Joined: Sat Feb 28, 2009 8:34 pm

Re: Question for the Gurus

Postby antus » Thu Feb 04, 2010 9:45 am

well im not well versed in OBD2 but AFAIK all the OBD1.5 and later pcms do have the ability to load code to ram and execute, which provides the way in. Capturing the process would put you well on the way.

If you were going to use a boot loader you'd need to know how it fits in to the rest of system. Where it lives in the pcm, how to get it there and how the cpu honours it and uses it at startup. Some of this info could be found in the cpu datasheet. But I bet the dealers dont hack in a bootloader to flash in a factory code update.
Have you read the FAQ? For lots of information and links to significant threads see here: viewtopic.php?f=7&t=1396

User avatar
Posts: 4991
Joined: Sun Mar 01, 2009 2:54 pm
Location: Perth, WA

Re: Question for the Gurus

Postby VL400 » Thu Feb 04, 2010 10:18 am

planethax wrote:Hmmm, well most places I have read says that These PCms do not have the routine built in for reading/writing files, so we need a bootloader.


The OBDII PCMs over here dont have the code in there to read/write the bin, but you dont use a bootloader as such. You have to write your own just like antus was saying send it to the PCMs RAM - there are specific modes described in the J1850 paper for this purpose. There is a guy on thirdgen.org thats playing with the OBDII code, dimented24x7. Very switched on guy and might be able to give you some help on whats needed in the routines for the 32bit CPUs - he has disassembled a fair bit of the code now so should have a pretty good idea.

Posts: 41
Joined: Fri Jan 01, 2010 12:45 pm

Re: Question for the Gurus

Postby planethax » Thu Feb 04, 2010 2:29 pm

This is the lastest info I have found (maybe some have different definitions of bootloaders? )

1) you unlock the PCM
2) set the PCM into diagnostics mode
3) request upload (to ram)
4) upload the "bootloader" after uploading you send the address in ram that you uploaded it to, this tells the PCM to reboot and start execution at that address
5) PCM reboots
6) the bootloader is listening fir commands
7) you tell the bootloader "give be bytes 1-256 of the flash" it reads them and sends you a message with the bytes in it
8) repeat 7 untill you have read the entire flash
9) turning the key off ... Wait 5-15 seconds... Turn key on and the ram is cleared and the pc reboots again.
Writing to the flash is about the Sam but the loader listens for write commands.

The hardest part is writing the bootloaders. They must be compiled to run on the motorolla 68332 chip. have yet to find a compiler for that chip

User avatar
Posts: 4991
Joined: Sun Mar 01, 2009 2:54 pm
Location: Perth, WA

Re: Question for the Gurus

Postby VL400 » Thu Feb 04, 2010 3:11 pm

Thats a little different to how I understood it to be - if they do in fact reset then yeah you could call it a bootloader. And can say thanks to GM for making it different!

All the info I have for the OBDII PCMs here on Oz dont reset after the routines are sent to the PCM - you just request that they start executing. You need to reset it once finished though as the RAM is all messed up. The OBD1.5 PCMs dont reset either, just start executing. They are still a class 1 serial device.

Posts: 41
Joined: Fri Jan 01, 2010 12:45 pm

Re: Question for the Gurus

Postby planethax » Thu Feb 04, 2010 3:22 pm

Well, GM is good at making things different lol.

Going to set up the elm to monitor while I do some testing with TechII to capture whats going on.

Just not sure if the Elm will infact still monitor dataline with TechII connected.
Heres hoping!

Posts: 67
Joined: Thu Jan 14, 2010 1:03 am

Re: Question for the Gurus

Postby sabercatpuck » Fri Feb 05, 2010 5:48 am

The biggest problems I forsee with monitoring with the elm are needing a way to patch 2 devices in at the same time, not being able to see what happens in 4x mode, and the easy ones setting it up to log the session, set the at h1 and at ma on the elm to see all the traffic.

Previous

Return to Disassembly and Reassembly

Who is online

Users browsing this forum: No registered users and 1 guest