PCMTec Development Blog

[Tazzi]

Damnn no mucking around here!!

Is there something we can do to help push on? Amazed at the speed your smashing through the Ford bin.

[rolls]

Damnn no mucking around here!!

Is there something we can do to help push on? Amazed at the speed your smashing through the Ford bin.

At this stage not a lot, I'm limited by time and tools as I've hit a roadblock until my OpenPort 2.0 turns up (next week). Once I get further along the things that will benefit from the community are the following:

Hardware donations, eg ECUs people are interested in getting supported
Debugging equipment, eg a BDM which is about $1k which is too much money for what is currently a free project
Naming structure for definition files. Eg come up with a list of variable & table names with descriptions that does not infringe on existing products.
A good decompiler for PowerPC, currently I can't get anything running that will generate pseudo C code for PPC asm. This makes the assembly much easier to read, even something as simple as this would be a huge help.

I've found the following decompilers if someone can figure out how to get it running from the command line with my PCM binary that would be a massive help. Attached my binary which can be opened in IDAPro easily.
http://www.backerstreet.com/rec/rec.htm
http://boomerang.sourceforge.net/

edit: I can get the RECStudio to sort of work if I do the following commands

def-cpu PowerPC
def-segment -0 0x0 -a 0x0 -L 0x60000 (length 60000 bytes)

It will process maybe 30% of the file but as a lot of the routines appear to be interrupt service routines they have no actual jump command and hence look like stranded code. If I force it to look at the code it seems to ignore it most of the time or crash in an infinite loop.

Would be great if I could give it my IDA code and it could decompile that. IDA does a great job of disassembling and labelling the code I just want per subroutine pseudo C code to make it easier to read, it seems nothing can easily do this currently.

Retdec https://retdec.com/ used to work but now it incorrectly detects the format as COFF64, the IDAplugin also doesn't work.

[antus]

Ive used the USB BDM NT from http://www.usbjtag.com/ on the '0411. I have one you could borrow for a while, otherwise they are $65 USD + post.

[rolls]

Ive used the USB BDM NT from http://www.usbjtag.com/ on the '0411. I have one you could borrow for a while, otherwise they are $65 USD + post.

Oh wow that is cheap, I guess I didn't look hard enough. I might just buy one when I get to the point I want to do some actual debugging.

[antus]

Do you have software in mind to go with it? I get the feeling that the BDM interface on the processor is one thing and its simple enough but finding good pc side debugging software is another question, and may limit the type of BDM interface you need for pc software compatability. I'd love to know how you go with this and Im keep to help figure it out.

Ive also got a segger jlink for jtag, which I think is more industry standard.

Having said that, being more obscure platforms than x86/x64 the debug software tends to look archaic and be hard to use compared to what pc people are used too. See the attached for an idea of what you might get. Note that C language is shown, not asm. Very clunky and possibly just a time killer. There is also the question about what the embedded hardware does in a pcm when you hold up the cpu. I wouldnt necessarily expect external hardware to hold up too, and that would likely create error conditions as soon as you let the cpu run again.

Static offline analysis is probably but not necessarily more beneficial.

[rolls]

Yeah good point, if the engine was running you could possibly destroy it as well due to leaving the injectors jammed on filling the cylinder bore and bending a rod.

[rolls]

https://github.com/rolandh/J2534DotNet/ ... ionFord.cs

Uploaded my UDS/OBD implementation with a sample GUI project that will attempt to access level 1 security

[jay woo]

What version of IDA are you using? The plugin lists greater than 6.6. Many people use a shared version and that was back in version 5 last time I checked.

[rolls]

Got my OpenPort 2.0 yesterday and spent today playing with it. Can successfully read the entire flash no problems with it, supports the 18v on pin13 which is great. Not bad for the ~$200 it cost

I can probably flash successfully as well but I want to set up my test bench with my spare PCM before trying that out.

[antus]

Nice work