mpc555 disassemlbing

Disassembly, Reassembly, Tools and devleopment. Going deep with Hardware and Software.
Post Reply
zuzu
Posts: 3
Joined: Tue Dec 01, 2015 8:42 am
cars: bmw

mpc555 disassemlbing

Post by zuzu »

Hi ! I've found here thread about mpc555 reverse engineering. My car is equipped with mpc555 & am29bl802 like delco. When I load flash dump into ida, it won't recognize and show me ppc code :( Probably I need to set rom start address or maybe something else ....
PS. Firmware dump is in attachment.
Last edited by zuzu on Fri Dec 04, 2015 8:25 pm, edited 1 time in total.
User avatar
antus
Site Admin
Posts: 8228
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: mpc555 disassemlbing

Post by antus »

Load it as powerpc/big endian, then choose mpc5xx, other than that defaults are fine.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
zuzu
Posts: 3
Joined: Tue Dec 01, 2015 8:42 am
cars: bmw

Re: mpc555 disassemlbing

Post by zuzu »

Can't find where to choose mpc5xx. File is loaded as ppc (big endian), but nothing was analyzed :(
http://prntscr.com/99voqu
User avatar
antus
Site Admin
Posts: 8228
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: mpc555 disassemlbing

Post by antus »

Maybe your copy of ida is too old? 6.6 is OK.

load file -> stock.bin -> as binary file. processor type = powerpc big endian [PPC] -> OK
Do you want to change processor type to PPC? -> Yes
Disassembly memory organization -> OK (change when you figure more out later)
Choose the device name -> mpc5xx -> OK
Loaded information type -> OK

Code: Select all

ROM:00000000 # Processor       : PPC
ROM:00000000 # Target assembler: GNU Assembler
ROM:00000000 # Byte sex        : Big endian
ROM:00000000 # MMIO Base        : 0x00000000
ROM:00000000 # SIMD Instructions: SPE
ROM:00000000 # Processor Profile: Embedded
Attachments
mpc5xx.png
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
zuzu
Posts: 3
Joined: Tue Dec 01, 2015 8:42 am
cars: bmw

Re: mpc555 disassemlbing

Post by zuzu »

Yes !! Downloaded 6.6 and there is such dialog ! Now code is analyzed.
Thank you !
Highlander
Posts: 81
Joined: Sun May 11, 2014 6:36 pm
cars: Z06

Re: mpc555 disassemlbing

Post by Highlander »

What are you looking to do with this?
Leinad78
Posts: 10
Joined: Tue Jan 13, 2015 4:26 pm

Re: mpc555 disassemlbing

Post by Leinad78 »

antus wrote:Maybe your copy of ida is too old? 6.6 is OK.

load file -> stock.bin -> as binary file. processor type = powerpc big endian [PPC] -> OK
Do you want to change processor type to PPC? -> Yes
Disassembly memory organization -> OK (change when you figure more out later)
Choose the device name -> mpc5xx -> OK
Loaded information type -> OK

Code: Select all

ROM:00000000 # Processor       : PPC
ROM:00000000 # Target assembler: GNU Assembler
ROM:00000000 # Byte sex        : Big endian
ROM:00000000 # MMIO Base        : 0x00000000
ROM:00000000 # SIMD Instructions: SPE
ROM:00000000 # Processor Profile: Embedded
Good morning and happy new year,

may i bother you with some similar question? I have an ecu with mpc55x, too. I read the ecu and got 1mb flash file, one 448kb file (maybe internal) and another 1kb file (95xx). I do have a corresponding damos file which lists the memory layout. I´m a bit familiar with IDA working on C16x controller, but that is a whole different layout.
I read abut SDA and TOC, but i couldn´t find a lsi r2 or lsi r13 instruction. Does that mean there is no SDA/TOC needed? How would i deal with the additional flash files?

Any hints are highly appreciated.
Attachments
2020-01-04_100258.jpg
2020-01-04_100258.jpg (186.59 KiB) Viewed 9775 times
User avatar
antus
Site Admin
Posts: 8228
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: mpc555 disassemlbing

Post by antus »

I dont really understand your question, but I think you would load the first bin, then go file->load->additional binary file and load the other files in the location they would exist in the PCM memory space.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Post Reply