Hi ! I've found here thread about mpc555 reverse engineering. My car is equipped with mpc555 & am29bl802 like delco. When I load flash dump into ida, it won't recognize and show me ppc code Probably I need to set rom start address or maybe something else ....
PS. Firmware dump is in attachment.
mpc555 disassemlbing
mpc555 disassemlbing
Last edited by zuzu on Fri Dec 04, 2015 8:25 pm, edited 1 time in total.
- antus
- Site Admin
- Posts: 8253
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
Re: mpc555 disassemlbing
Load it as powerpc/big endian, then choose mpc5xx, other than that defaults are fine.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Re: mpc555 disassemlbing
Can't find where to choose mpc5xx. File is loaded as ppc (big endian), but nothing was analyzed
http://prntscr.com/99voqu
http://prntscr.com/99voqu
- antus
- Site Admin
- Posts: 8253
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
Re: mpc555 disassemlbing
Maybe your copy of ida is too old? 6.6 is OK.
load file -> stock.bin -> as binary file. processor type = powerpc big endian [PPC] -> OK
Do you want to change processor type to PPC? -> Yes
Disassembly memory organization -> OK (change when you figure more out later)
Choose the device name -> mpc5xx -> OK
Loaded information type -> OK
load file -> stock.bin -> as binary file. processor type = powerpc big endian [PPC] -> OK
Do you want to change processor type to PPC? -> Yes
Disassembly memory organization -> OK (change when you figure more out later)
Choose the device name -> mpc5xx -> OK
Loaded information type -> OK
Code: Select all
ROM:00000000 # Processor : PPC
ROM:00000000 # Target assembler: GNU Assembler
ROM:00000000 # Byte sex : Big endian
ROM:00000000 # MMIO Base : 0x00000000
ROM:00000000 # SIMD Instructions: SPE
ROM:00000000 # Processor Profile: Embedded
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Re: mpc555 disassemlbing
Yes !! Downloaded 6.6 and there is such dialog ! Now code is analyzed.
Thank you !
Thank you !
-
- Posts: 81
- Joined: Sun May 11, 2014 6:36 pm
- cars: Z06
Re: mpc555 disassemlbing
What are you looking to do with this?
Re: mpc555 disassemlbing
Good morning and happy new year,antus wrote:Maybe your copy of ida is too old? 6.6 is OK.
load file -> stock.bin -> as binary file. processor type = powerpc big endian [PPC] -> OK
Do you want to change processor type to PPC? -> Yes
Disassembly memory organization -> OK (change when you figure more out later)
Choose the device name -> mpc5xx -> OK
Loaded information type -> OK
Code: Select all
ROM:00000000 # Processor : PPC ROM:00000000 # Target assembler: GNU Assembler ROM:00000000 # Byte sex : Big endian ROM:00000000 # MMIO Base : 0x00000000 ROM:00000000 # SIMD Instructions: SPE ROM:00000000 # Processor Profile: Embedded
may i bother you with some similar question? I have an ecu with mpc55x, too. I read the ecu and got 1mb flash file, one 448kb file (maybe internal) and another 1kb file (95xx). I do have a corresponding damos file which lists the memory layout. I´m a bit familiar with IDA working on C16x controller, but that is a whole different layout.
I read abut SDA and TOC, but i couldn´t find a lsi r2 or lsi r13 instruction. Does that mean there is no SDA/TOC needed? How would i deal with the additional flash files?
Any hints are highly appreciated.
- Attachments
-
- 2020-01-04_100258.jpg (186.59 KiB) Viewed 10230 times
- antus
- Site Admin
- Posts: 8253
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
Re: mpc555 disassemlbing
I dont really understand your question, but I think you would load the first bin, then go file->load->additional binary file and load the other files in the location they would exist in the PCM memory space.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396