GM E38 Kernel/Bootloader Reverse Engineering Extravaganza

Bosch Motronic etc ECUs and PCMs
Posts: 93
Joined: Tue Oct 16, 2012 12:17 pm
Location: Perth

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby Tre-Cool » Wed Jul 24, 2019 8:53 pm

I have about 6 spare e38 ecu's. i normally pick them up from wrecked cars or people selling shit off.

Comes in handy with locked ecu's as i can get the car tuned while i wait for the original to unlock on the bench.

just a pia to swap out compared to the ls1's.

Posts: 2432
Joined: Sun Aug 02, 2009 9:16 pm
Location: Bayside, Melbourne, Victoria

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby VX L67 Getrag » Wed Jul 24, 2019 9:50 pm

I have a few E38 controllers, but not sure what a J device is(do you mean J2534?) I have a few I believe to choose from if you want me to do any testing!

User avatar
Posts: 1851
Joined: Thu May 17, 2012 8:53 pm
Location: WA

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby Tazzi » Wed Jul 24, 2019 10:16 pm

Tre-Cool wrote:I have about 6 spare e38 ecu's. i normally pick them up from wrecked cars or people selling shit off.

Comes in handy with locked ecu's as i can get the car tuned while i wait for the original to unlock on the bench.

just a pia to swap out compared to the ls1's.

They actually are hey. I programmed my ute as a G8 the other day... wasy the only thing which would program the slave OS using SPS and thought I bricked the damn thing since car no longer would start :lol:
Was actually because it needed a few relearns, but regardless.. its not fun pulling them out!

VX L67 Getrag wrote:I have a few E38 controllers, but not sure what a J device is(do you mean J2534?) I have a few I believe to choose from if you want me to do any testing!

AH yeah my bad, when I say J tools, Im referring to any J2534 complaint scantool.

Most people have them so makes it easier to program for. Although I have come across some tools which are a little picky with how connections are made but all 'main' common J tools would be suitable.
Image

Posts: 2432
Joined: Sun Aug 02, 2009 9:16 pm
Location: Bayside, Melbourne, Victoria

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby VX L67 Getrag » Wed Jul 24, 2019 10:44 pm

Yeah the best overall tool which has J2534 is the tactrix, the only issue I've had with it is when I install openECU it tries to tell it to forget about comport & use passthru & is a major PITA for some other software & figuring the easiest way to fix this is STILL an issue(I had BITbox on my pc teamviewer for 2 hours & they couldn't figure out how to get it back to standard comport).... anyway off track if you want me to test anything let me know.

User avatar
Posts: 1851
Joined: Thu May 17, 2012 8:53 pm
Location: WA

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby Tazzi » Thu Jul 25, 2019 11:22 am

Yeah that is an odd issue.

Anyways back on topic. Something else Im not 100% certain on, is exiting out of the kernel. I assume I just do a BLR and it will exit?? or... it will just freak the fuck out?

I know ignition off/on will reset the unit.. but thats not really the greatest option for it all.

Thinking about it.. when running the kernel in the first place, commands are sent and then executed (Hence we an run the kernel), so... once would assume when you do a BLR, it 'should' pickup from where is started? But then that becomes rubbish if the flash has been completely changed.. So it would need to start from the beginning again.

Almost certain Im over thinking this. There will be an easier way.
Image

Posts: 407
Joined: Wed Mar 04, 2009 8:52 pm

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby ejukated » Thu Jul 25, 2019 11:23 pm

Tazzi wrote:I believe making it work with J-tools will be best, already have that stuff nailed down so its just a matter of actually sending a kernel and the rest should be fairly straight forward.
Anyone with a J tool and E38, will be needing some other to give it a whirl! Im yet to see a E38 with different flash memory, but might be best to get a tonne of reads to just be safe.

The flashchips support reporting back what they are. So, thatll be a quick way of getting the kernel to report to the scantool if its going to be supported or not.


I've got one of each service number used in the commodores and a Taxtrix if you need any testing

Site Admin
User avatar
Posts: 5710
Joined: Sat Feb 28, 2009 8:34 pm

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby antus » Fri Jul 26, 2019 10:08 am

The older generation kernels set a status code and then enter an infinite loop to let the watchdog reset the pcm. The boot code checks the status byte and knows if the kernel reported a problem or not. Not sure what supposed to happen on the later generation though. Can you see any infinite loop?
Have you read the FAQ? For lots of information and links to significant threads see here: viewtopic.php?f=7&t=1396

User avatar
Posts: 1851
Joined: Thu May 17, 2012 8:53 pm
Location: WA

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby Tazzi » Fri Jul 26, 2019 2:35 pm

hm.... looks like it just fires off a final CAN frame then does nothing, just branches back to nothing (End of code), so it must just panic/end, and ecu restarts.??
Image

Site Admin
User avatar
Posts: 5710
Joined: Sat Feb 28, 2009 8:34 pm

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby antus » Mon Jul 29, 2019 2:09 pm

Yeah so if there is a watchdog (there very likely is) and its not reset in that loop, the watchdog would issue the hardware reset when the code is stuck in an infinite loop.
Have you read the FAQ? For lots of information and links to significant threads see here: viewtopic.php?f=7&t=1396

User avatar
Posts: 1851
Joined: Thu May 17, 2012 8:53 pm
Location: WA

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Postby Tazzi » Tue Jul 30, 2019 12:07 pm

antus wrote:Yeah so if there is a watchdog (there very likely is) and its not reset in that loop, the watchdog would issue the hardware reset when the code is stuck in an infinite loop.


Going through the code, the WDT is not checked or modified in any way. So either the CPU realises it reaches the end of its code and then resets. Or, panics when nothing happens and restarts. Based on the logs, it appears to occur after a couple seconds.

Theres likely a smarter option to do, so will need to read through the reference manual more for the MPC562.
Image

PreviousNext

Return to Bosch ECUs

Who is online

Users browsing this forum: No registered users and 1 guest