GM E38 E67 E40 Kernel/Bootloader Development Extravaganza

[Tazzi]

I didnt even know 'unhex' was a thing... learn something new every day.

Clean way to display a 2 byte value as hex is value.toString("X4"). This will convert to hex and ensures is always 4 characters to keep it uniform.

[Tre-Cool]

Tre-Cool I'm pasting a clip of the code I am using in the bootloader/kernel code I have.. I can post up the hole thing but the algo is there for E38..

For brute forcing I just wrote up some processing code that tries every possible key and waits 10 seconds in between tries.. you need to wait 10 seconds or it spits out an error.. 65535 possibles at 10 seconds each is 7 days, lol..

Good to see someone else here who knows how to code, i sure as shit don't. haha.

I just learn/work out how to work the ecu's to get what i want when tuning/playing and share what i learn.

I leave the coding to the likes of Tazzi here (who actually made a program to do just what you've done already to unlock ecu's).

I'm in I.T myself but more on the Server/ESX/Network mgmt - jack of all trades, master of none. I'll get my "hands dirty" if i really need to, like i did recently to upgrade my dyno controller.

[ironduke]

I didnt even know 'unhex' was a thing... learn something new every day.

Clean way to display a 2 byte value as hex is value.toString("X4"). This will convert to hex and ensures is always 4 characters to keep it uniform.

Thanks Tazzi for even remotely suggesting I taught you something, that right there is funny, don't care who you are..

I'm using unhex to to the opposite of what you just showed, right?? What would you use to convert a String to a value?? That's what unhex does for me, unless I am just plain wrong I am reading the elm responses as a string then getting rid of the '>' and spaces,cr bytes,etc and then using substring to get the bytes I need, since they are hex values I use unhex to convert a char or string to a value.. String 'ff' is turned into 255, or 0xff, or 11111111 depending on how you want to display it.. Do you think i would be better off learning how to read serial data as bytes instead? I had started to but easier for me to debug if i can just println the string then work with it..

I am assuming processing is different than what your coding in? C, C++, C?? I learned using arduino and that's a weird broken down into slow people language, processing is the closest thing I could find to what arduino uses so that's how I ended up using it.. I am still a beginner and have no idea about classes, public, private, etc.. when I read up on it my eyes start to water and I get lightheaded.. lol

Working on stepping directly into c++ or c#? I keep on screwing up and start with too high a goal and get frustrated.. For now I just want to write some damn code that will make the MDI act like am elm327 when I send it a atma and either send the data to a file or scroll it down the command line.. I have one elm that can do 115,200 and trying to see what is actually going to the ecu is frustrating.. Seems the elm repeated commands if it doesn't get a response even when responses are turned off? not always, but sometimes??

lol.. Just saw all my typing.. sorry for the sidetrack... Least you have some insight on my ability, or lack of.. For me this is fun.. This is just a hobby for me..

[Tazzi]

I didnt even know 'unhex' was a thing... learn something new every day.

Clean way to display a 2 byte value as hex is value.toString("X4"). This will convert to hex and ensures is always 4 characters to keep it uniform.

Thanks Tazzi for even remotely suggesting I taught you something, that right there is funny, don't care who you are..

I'm using unhex to to the opposite of what you just showed, right?? What would you use to convert a String to a value?? That's what unhex does for me, unless I am just plain wrong I am reading the elm responses as a string then getting rid of the '>' and spaces,cr bytes,etc and then using substring to get the bytes I need, since they are hex values I use unhex to convert a char or string to a value.. String 'ff' is turned into 255, or 0xff, or 11111111 depending on how you want to display it.. Do you think i would be better off learning how to read serial data as bytes instead? I had started to but easier for me to debug if i can just println the string then work with it..

I am assuming processing is different than what your coding in? C, C++, C?? I learned using arduino and that's a weird broken down into slow people language, processing is the closest thing I could find to what arduino uses so that's how I ended up using it.. I am still a beginner and have no idea about classes, public, private, etc.. when I read up on it my eyes start to water and I get lightheaded.. lol

Working on stepping directly into c++ or c#? I keep on screwing up and start with too high a goal and get frustrated.. For now I just want to write some damn code that will make the MDI act like am elm327 when I send it a atma and either send the data to a file or scroll it down the command line.. I have one elm that can do 115,200 and trying to see what is actually going to the ecu is frustrating.. Seems the elm repeated commands if it doesn't get a response even when responses are turned off? not always, but sometimes??

lol.. Just saw all my typing.. sorry for the sidetrack... Least you have some insight on my ability, or lack of.. For me this is fun.. This is just a hobby for me..

Having a goal is all that matters. If you have no goal you wont be passionate about completing it.

Read the serial as a string when using the ELM since thats how they have been designed to be used.

In terms of programming languages, either C# or VB. I swap between both quite regularly, so its just a matter of trying one out and start learning

[Highlander]

So true

[In-Tech]

Also this is an example of two bins where the ECU has swapped the parameter block between the two memory sectors.

This is from the same ecu, but simple after the ecu has changed where this block has stored itself (For whatever reason).

I noticed it when comparing the reads. I did them a while ago, and cant remember if I did post this.

It appears to be some sort of "housecleaning" the cpu does on shut down. I've seen it a few times now while I was attempting to clone.

On that note, I've made it a bit further, got the seed/key to change so boxes are NOT "tuner locked" but still having trouble with the traceability/serial. This one is an '08 e38(serv.#12612384) that I have a 2011 camaro file in. I will have a chance next week to put in an actual vehicle and see if this early/late e38 stuff matters if all the modules are correct.

[Tazzi]

Also this is an example of two bins where the ECU has swapped the parameter block between the two memory sectors.

This is from the same ecu, but simple after the ecu has changed where this block has stored itself (For whatever reason).

I noticed it when comparing the reads. I did them a while ago, and cant remember if I did post this.

It appears to be some sort of "housecleaning" the cpu does on shut down. I've seen it a few times now while I was attempting to clone.

On that note, I've made it a bit further, got the seed/key to change so boxes are NOT "tuner locked" but still having trouble with the traceability/serial. This one is an '08 e38(serv.#12612384) that I have a 2011 camaro file in. I will have a chance next week to put in an actual vehicle and see if this early/late e38 stuff matters if all the modules are correct.

So long as that slave chip is updated too... youll be sweet
Otherwise the throttle blade was literally causing mad on a test car I did last year. SPS update did the missing slave which made it all happy

[In-Tech]

Thanks for the reply Tazzi, I'm shipping two ecu's out tomorrow so I should know early next week how it goes. The "clone" was that 3f80 box earlier in the thread.

Now it's:
VIN: 2G1FS1EW2B9165332 <<<<<<This is just the vin to show camaro 6spd

PCM Service No: 12633238
PCM Traceability Code:
PCM Security Seed: A1D3

PCM Module 1: 12639270
PCM Module 2: 12642192
PCM Module 3: 12632570
PCM Module 4: 12632574
PCM Module 5: 12642190
PCM Module 6: 12642188
PCM Module 7: 12625892
PCM Module 8: 12632566

LS9 VVE and injectors, no vats, 4" MAF tube, etc, etc, etc

[Tazzi]

Well looks like Im going to have to actually replace my own cars ECU. Seems its memory has corrupted since its VIN and serial are complete garbage, its also not accepting the factory key so cant even read it out

I had a dodgy EBCM which was causing all sorts of problems including popping fuses, Im thinking its actually caused damage to the param section, maybe interrupted when it was rewriting itself for param sector

[In-Tech]

Oh booo, that sucks, sorry. What ecm was that one?