PCM Hammer P01 and P59 flash tool v015

They go by many names, P01, P59, VPW, '0411 etc. Also covering E38 and newer here.
User avatar
NSFW
Posts: 679
Joined: Fri Feb 02, 2018 3:13 pm

Re: PCM Hammer - new ls1 flash tool

Post by NSFW »

Distributing customized GM operating systems is distrubting two things: GM's operating system plus someone's customization.

GM owns the copyright to the factory operating systems.

Anyone who customizes an operating system owns the copyright to their customization.

Distributing factory GM operating systems... on one hand it's making copies without copyright, but on the other hand if someone has GM's PCM it seems to me that they have the right to use GM's software on it. So that seems fine to me. And I don't expect to see GM suing their customers or users, especially with the right-to-repair laws that we have in the US.

Distrubting the customizations seems to me like a perfectly clear copyright violation. It would be perfectly reasonable for the custom OS developers to sue people who are involved in that.

Anyone who buys a closed-source custom OS has the right to use the customization, but not the right to distribute it (make copies and give them out). If the PCM ends up in a junkyard, that usage right is transferred to whoever ends up with the PCM.

I'm not a lawyer, but that's what it all looks like to me. And legal questions aside, it just seems unethical to use customizations that were created by HPT or EFIL without paying them for the work that it took to come up with those customizations.
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!
smallbrain
Posts: 2
Joined: Wed May 22, 2019 3:14 pm
cars: 02 LB7

Re: PCM Hammer - new ls1 flash tool

Post by smallbrain »

hi all. im new.
have been enjoying digging through all this car hacking. Im pretty inexperienced with this stuff, having mainly used vag-com on old TDIs and a recent struggle with my truck due to new enhanced emissions testing. Looking for a way to modify or force complete a comprehensive components test brought me here. My background is in industrial controls and infosec, so ive done some reversing and know my way around a hex editor.

working on an 02 LB7 California model. pcmhammer has trouble reading out the bin. connects okay and identifies the pcm okay, then falls on its face. Have seen others have success with this unit- hopefully mine is a solved problem. debug log attached. sorry for the text puke.

Code: Select all

[08:21:32:540]  PCM Hammer 005
[08:21:32:540]  ElmDevice initialization starting.
[08:21:33:591]  TX: 
[08:21:33:606]  TX: AT Z
[08:21:34:495]  ELM327 v1.3a
[08:21:34:495]  TX: AT E0
[08:21:34:510]  AT E0  OK
[08:21:34:510]  TX: AT S0
[08:21:34:526]  OK
[08:21:34:526]  TX: AT RV
[08:21:34:548]  Voltage: 11.9V
[08:21:34:548]  TX: AT I
[08:21:34:564]  Elm ID: ELM327 v1.3a
[08:21:34:595]  Initializing PcmHacking.AllProDeviceImplementation
[08:21:34:595]  TX: AT #1
[08:21:34:695]  This is not an AllPro device.
[08:21:34:695]  Determining whether PcmHacking.ScanToolDeviceImplementation is connected.
[08:21:34:695]  TX: ST I
[08:21:34:765]  ScanTool device ID: STN1151 v4.0.2
[08:21:34:765]  TX: AT AL
[08:21:34:812]  OK
[08:21:34:827]  TX: AT SP2
[08:21:34:849]  OK
[08:21:34:865]  TX: AT DP
[08:21:34:881]  SAE J1850 VPW
[08:21:34:881]  TX: AT AR
[08:21:34:912]  OK
[08:21:34:928]  TX: AT AT0
[08:21:34:943]  OK
[08:21:34:943]  TX: AT SR F0
[08:21:34:981]  OK
[08:21:34:981]  TX: AT H1
[08:21:34:997]  OK
[08:21:34:997]  TX: AT ST 20
[08:21:35:028]  OK
[08:21:39:083]  Setting timeout for ReadProperty, 47 ms.
[08:21:39:083]  TX: AT ST 0B
[08:21:39:199]  OK
[08:21:39:199]  TX: AT SH 6C 10 F0 
[08:21:39:215]  Set header response: OK
[08:21:39:215]  TX: 3C01 
[08:21:39:346]  RX: 6C F0 10 7C 01 00 31 47 54 48 4B
[08:21:39:346]  TX: 3C02 
[08:21:39:485]  RX: 6C F0 10 7C 02 32 33 31 33 32 46
[08:21:39:485]  TX: 3C03 
[08:21:39:701]  RX: 6C F0 10 7C 03 32 32 31 38 31 36
[08:21:39:701]  VIN: 1GTHK23132F221816
[08:21:39:717]  Setting timeout for ReadProperty, 47 ms.
[08:21:39:717]  TX: AT ST 0B
[08:21:39:733]  OK
[08:21:39:733]  Setting timeout for ReadProperty, 47 ms.
[08:21:39:733]  TX: AT ST 0B
[08:21:39:748]  OK
[08:21:39:748]  TX: 3C0A 
[08:21:39:833]  RX: 6C F0 10 7C 0A 00 E7 6D 85 45 41
[08:21:39:833]  OS ID: 15166853
[08:21:39:833]  Setting timeout for ReadProperty, 47 ms.
[08:21:39:833]  TX: AT ST 0B
[08:21:39:887]  OK
[08:21:39:887]  TX: 3C08 
[08:21:39:987]  RX: 6C F0 10 7C 08 00 E7 6D 84
[08:21:39:987]  Calibration ID: 15166852
[08:21:39:987]  Setting timeout for ReadProperty, 47 ms.
[08:21:39:987]  TX: AT ST 0B
[08:21:40:018]  OK
[08:21:40:018]  TX: 3C04 
[08:21:40:119]  RX: 6C F0 10 7C 04 33 38 36
[08:21:40:119]  Index was outside the bounds of the array.
[08:21:40:134]  System.IndexOutOfRangeException: Index was outside the bounds of the array.
   at PcmHacking.Protocol.ParseUInt32(Message message, Byte responseMode)
   at PcmHacking.Protocol.ParseUInt32FromBlockReadResponse(Message message)
   at PcmHacking.Query`1.<Execute>d__11.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at PcmHacking.Vehicle.<QueryUnsignedValue>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at PcmHacking.Vehicle.<QueryHardwareId>d__38.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
   at PcmHacking.MainForm.<readPropertiesButton_Click>d__24.MoveNext() in C:\GitHub\PcmHacks\Apps\PcmHammer\MainForm.cs:line 514
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: PCM Hammer - new ls1 flash tool

Post by antus »

Code: Select all

[08:21:40:119]  RX: 6C F0 10 7C 04 33 38 36
Thats supposed to be a uint32 after ID 04. So 33 38 36 is one byte short.

If you want to contribute and you have the skills fork develop and have a look at the parsing code called around here. It looks like its actually the hardware id read though as calibration id completed successfully in your log. https://github.com/LegacyNsfw/PcmHacks/ ... es.cs#L205

It might need a check for each of the interfaces and return 0 if the result is invalid, or someting like that.

But the root cause might be a timing issue here https://github.com/LegacyNsfw/PcmHacks/ ... ce.cs#L156
Those values might be a little too optimistic for the STN1151 you have there and might need a tiny offset added.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
smallbrain
Posts: 2
Joined: Wed May 22, 2019 3:14 pm
cars: 02 LB7

Re: PCM Hammer - new ls1 flash tool

Post by smallbrain »

antus wrote:

Code: Select all

[08:21:40:119]  RX: 6C F0 10 7C 04 33 38 36
...

But the root cause might be a timing issue here https://github.com/LegacyNsfw/PcmHacks/ ... ce.cs#L156
Those values might be a little too optimistic for the STN1151 you have there and might need a tiny offset added.
good call antus. ill try slowing it down some. ty
THEFERMANATOR
Posts: 13
Joined: Sat May 25, 2019 2:48 am

Re: PCM Hammer - new ls1 flash tool

Post by THEFERMANATOR »

Is there anyway to use a TECH2 clone to read the .bin files out with this software? I've tried all the settings I can find, it says it recognizes it, but won't actually read anything. I also have a generic obd2 to usb cable that initializes, but won't actually do anything either, so I'm wondering if I have the software setup correctly. Sorry for the most likely stupid questions, but was hoping I could use what I have already as I use the TECH2 clone to flash using TIS2000 and the SPS just fine. I've been using EFILIVE, but would LOVE to find a cheaper way to flash. I'm already setup with a bench harness and a spare 0411 PCM to try out with for now.
THEFERMANATOR
Posts: 13
Joined: Sat May 25, 2019 2:48 am

Re: PCM Hammer - new ls1 flash tool

Post by THEFERMANATOR »

I ordered a OBDlink SX cable off of amazon so I could start reading .bin's, and ran into an issue. This is on a known good, RUNNING PCM out of my 99 TAHOE that received an 0411(P01) swap. I have flashed it several times now with EFILIVE, but I want to read it out to get the .bin file to look into some hex file changes in it, and I cannot read it. I know it's not the cable,software, or my install because I was able to successfully read the tune out of my spare 0411(identical PCM) that I flashed 2 days ago via TIS2000 using SPS and my TECH2. Here's what it display's when I try to read it.

[01:47:03:983] PCM Hammer 005
[01:47:05:029] Voltage: 13.9V
[01:47:05:044] Elm ID: ELM327 v1.3a
[01:47:05:075] ScanTool device ID: STN1130 v4.0.1
[01:47:09:755] VIN: 1GNDT13W91K218983
[01:47:09:865] OS ID: 12212156
[01:47:09:974] Calibration ID: 4294967295
[01:47:10:067] Hardware ID: 9386530
[01:47:10:333] Serial Number: 1EB18Z821082
[01:47:10:426] Broad Cast Code:
[01:47:10:535] MEC: 0
[01:47:31:221] Will save to C:\Users\Ferman\Documents\TUNERPRO files\.bin files\tahoe file.bin
[01:47:31:237] Querying operating system of current PCM.
[01:47:31:346] OSID: 12212156
[01:47:31:705] Unknown unlock code 0x53
[01:47:35:761] Unable to process unlock response.
[01:47:35:761] Unlock was not successful.
User avatar
DavidBraley
Posts: 172
Joined: Thu Jun 07, 2018 8:15 am
cars: 1948 GMC
Location: Fort Collins, Colorado

Re: PCM Hammer - new ls1 flash tool

Post by DavidBraley »

Is it possible EFI Live somehow locked the bin file the last time it was used to make changes to the PCM?
-David

I'm a machinist... because engineers need heroes too.
THEFERMANATOR
Posts: 13
Joined: Sat May 25, 2019 2:48 am

Re: PCM Hammer - new ls1 flash tool

Post by THEFERMANATOR »

DavidBraley wrote:Is it possible EFI Live somehow locked the bin file the last time it was used to make changes to the PCM?
Don't think so. I just went back in and read it out using the stock key with no problem. I even went and flashed a different cal file in it making sure there was no locking protection enabled, and it went through without a problem. I have 2 identical PCM's setting on my kitchen table, a 35 amp power supply, bench harness, and tuning equipment. My V2 will read either PCM without problem(only 1 is licensed to my cable), I can connect my TECH 2 to either without issue, and I can even read the properties out of either PCM without issue, but I cannot read the file out of the PCM that is licensed to my V2. When I last flashed it, the seed key showed up as $FFFF if that helps. $2B76 is the seed key showing up for the PCM with a fresh TECH 2 flash in it.
User avatar
DavidBraley
Posts: 172
Joined: Thu Jun 07, 2018 8:15 am
cars: 1948 GMC
Location: Fort Collins, Colorado

Re: PCM Hammer - new ls1 flash tool

Post by DavidBraley »

Well, it's obvious you know a LOT more about this stuff than I do.

I'll be curious to hear what the PCM Hammer guru's have to say when they chime in...
-David

I'm a machinist... because engineers need heroes too.
Yortt
Posts: 131
Joined: Mon Apr 13, 2009 10:11 am

Re: PCM Hammer - new ls1 flash tool

Post by Yortt »

THEFERMANATOR wrote:
DavidBraley wrote:Is it possible EFI Live somehow locked the bin file the last time it was used to make changes to the PCM?
Don't think so. I just went back in and read it out using the stock key with no problem. I even went and flashed a different cal file in it making sure there was no locking protection enabled, and it went through without a problem. I have 2 identical PCM's setting on my kitchen table, a 35 amp power supply, bench harness, and tuning equipment. My V2 will read either PCM without problem(only 1 is licensed to my cable), I can connect my TECH 2 to either without issue, and I can even read the properties out of either PCM without issue, but I cannot read the file out of the PCM that is licensed to my V2. When I last flashed it, the seed key showed up as $FFFF if that helps. $2B76 is the seed key showing up for the PCM with a fresh TECH 2 flash in it.
The later Flashscan software changes/cycles the seed which continues to be identified by Flashscan but is effectively locked to other software due to the seed key mismatch.
Post Reply