Reverse engineering a 411 operating system

They go by many names, P01, P59, VPW, '0411 etc . Circa 1999 to 2006. All VPW OBD2 PCMs.
User avatar
Posts: 172
Joined: Fri Feb 02, 2018 3:13 pm

Re: Reverse engineering a 411 operating system

Postby NSFW » Thu Feb 14, 2019 6:18 pm

Please start a new thread for the E66 / E67 stuff.
Please don't PM me with questions about tuning or flashing - start a thread instead. Thanks!

Posts: 2407
Joined: Sun Aug 02, 2009 9:16 pm
Location: Bayside, Melbourne, Victoria

Re: Reverse engineering a 411 operating system

Postby VX L67 Getrag » Fri Feb 15, 2019 9:41 am

Ahh yeah sorry, I just saw other thing's could be seen when doing the 411 loading so I hoped it may lead to something with the other controllers but sorry for the hijack!

Posts: 104
Joined: Sat Dec 15, 2018 7:38 am

Re: Reverse engineering a 411 operating system

Postby Gampy » Sat Feb 23, 2019 7:38 am

Is it possible to get someone with repo access to DE-encrypt:
12202088 - 2001 512k.xdf
12208322 - 2001 512k.xdf

The rest already are.

Thus the next poor soul to trying to use NSFW's powershell scripts doesn't get so discombobulated.

Thank you

Posts: 104
Joined: Sat Dec 15, 2018 7:38 am

Re: Reverse engineering a 411 operating system

Postby Gampy » Sat Feb 23, 2019 1:30 pm

After figuring out the xdf was encrypted, the next issue came with Convert-XdfToIdc.ps1 script on osid 12208322, it's having trouble with some tables.

Errounous lines in the created .idc:
Code: Select all
MakeNameEx(, "CurveTable 8 Rows Calibration Segment Information", nameFlags);
MakeNameEx(, "CurveTable 8 Rows Checksum Information", nameFlags);
.
.
.
MakeNameEx(, "CurveTable 5 Rows D1201 - Transmission Gear Ratios", nameFlags);
Obviously they are missing the adddress, mmedaddress of EMBEDDEDDATA is missing from the xdf's.

I know just simple basics of xml, so any suggestions would be appreciated.

Thanks

User avatar
Posts: 172
Joined: Fri Feb 02, 2018 3:13 pm

Re: Reverse engineering a 411 operating system

Postby NSFW » Sun Feb 24, 2019 5:19 am

Looks like the ps1 script needs to check that the address is non-empty before it writes a MakeNameEx. Until that gets fixed, just remove those lines from the IDC script. The segment informatino and checksum information isn't very useful in IDA anyway.

It looks like the author of the XDF set out to find the gear ratios, but didn't actually find them. So remove that line too. Maybe try to find them yourself? :) If you find them in another OS first (using an XDF that has them defined properly) then that will probably give you some hints about where to look in this OS.
Please don't PM me with questions about tuning or flashing - start a thread instead. Thanks!

Posts: 104
Joined: Sat Dec 15, 2018 7:38 am

Re: Reverse engineering a 411 operating system

Postby Gampy » Mon Feb 25, 2019 9:28 pm

Identifying the known leaves the unknown to be identified ...

Gear ratios are there and appear to be done the same as others I checked ... I dunno know, Greek to me.
Code: Select all
  <XDFTABLE uniqueid="0x7DD5" flags="0x30">
    <title>D1201 - Transmission Gear Ratios</title>
    <description>Transmission Gear Ratios.&#013;&#010;&#013;&#010;*** applicable to 4L60E or 4L80E transmissions only ***</description>
    <CATEGORYMEM index="0" category="14" />
    <XDFAXIS id="x" uniqueid="0x0">
      <EMBEDDEDDATA mmedelementsizebits="16" mmedmajorstridebits="-32" mmedminorstridebits="0" />
      <units>Ratio</units>
      <indexcount>1</indexcount>
      <datatype>0</datatype>
      <unittype>0</unittype>
      <DALINK index="0" />
      <LABEL index="0" value="0.00" />
      <MATH equation="X">
        <VAR id="X" />
      </MATH>
    </XDFAXIS>
    <XDFAXIS id="y" uniqueid="0x0">
      <EMBEDDEDDATA mmedelementsizebits="16" mmedmajorstridebits="-32" mmedminorstridebits="0" />
      <units>Gear</units>
      <indexcount>5</indexcount>
      <outputtype>4</outputtype>
      <datatype>0</datatype>
      <unittype>0</unittype>
      <DALINK index="0" />
      <LABEL index="0" value="1st" />
      <LABEL index="1" value="2nd" />
      <LABEL index="2" value="3rd" />
      <LABEL index="3" value="4th" />
      <LABEL index="4" value="Reverse" />
      <MATH equation="X">
        <VAR id="X" />
      </MATH>
    </XDFAXIS>
    <XDFAXIS id="z">
      <EMBEDDEDDATA mmedelementsizebits="16" mmedrowcount="5" mmedmajorstridebits="0" mmedminorstridebits="0" />
      <decimalpl>3</decimalpl>
      <min>0.000000</min>
      <max>8.000000</max>
      <outputtype>1</outputtype>
      <MATH equation="X">
        <VAR id="X" />
      </MATH>
      <MATH row="1" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18A36" sizeinbits="16" />
      </MATH>
      <MATH row="2" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18A38" sizeinbits="16" />
      </MATH>
      <MATH row="3" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18AF6" sizeinbits="16" />
      </MATH>
      <MATH row="4" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18AF8" sizeinbits="16" />
      </MATH>
      <MATH row="5" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18A3A" sizeinbits="16" />
      </MATH>
    </XDFAXIS>
  </XDFTABLE>

Posts: 32
Joined: Wed Apr 11, 2018 8:50 am

Re: Reverse engineering a 411 operating system

Postby bubba2533 » Tue Mar 05, 2019 3:13 pm

I've never used powershell. Can somebody help out an idiot and tell me what I'm doing wrong.

1. Open powerwheel command
2. Naviagte to script directory and run
Code: Select all
.\Generate-PidLabels.ps1 .\PidList.txt
(I moved them to the same directory.)

I get a bunch of these errors:

Code: Select all
Cannot index into a null array.
At C:\Users\brand\Desktop\12593358-master\Scripts\Generate-PidLabels.ps1:29 char:2
+     $functionAddress += $bytes[$start+7]
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArray

Posts: 104
Joined: Sat Dec 15, 2018 7:38 am

Re: Reverse engineering a 411 operating system

Postby Gampy » Wed Mar 06, 2019 2:02 am

I am a Powershell dummy as well ...

However, if you were to hit CTRL-C just after you invoke the script, you may very well see that it cannot find the bin or the pidlist ...
I do not know how to properly fix this yet, the hack is to edit Generate-PidLabels.ps1 and change the following two lines to include the full path and filename ...
Code: Select all
$bytes = [System.IO.File]::ReadAllBytes("12593358.bin")
$lines = [IO.File]::ReadAllLines(".\pidlist.txt")

They should both be command line parameters, Powershell has that functionality built in, it should be simple to do as well as add some simple error checking that the files exist before continuing.
As soon as the vampire leaves I'll look into this ...

[edit]
Figured it out while waiting for the vampire to show up ...
Make the following changes:
Code: Select all
-param($Path)
+param([string]$Bin, [string]$Pidlist)
 
-$bytes = [System.IO.File]::ReadAllBytes("12593358.bin")
+$bytes = [System.IO.File]::ReadAllBytes($Bin)
 
-$lines = [IO.File]::ReadAllLines(".\pidlist.txt")
+$lines = [IO.File]::ReadAllLines($Pidlist)

Then it's use would be:
Code: Select all
.\Generate-PidLabels.ps1 -Bin <Full path and filename to bin> -Pidlist <Full path and filename to PidList.txt> | Out-File <Output filename.idc> -Encoding ASCII

Posts: 85
Joined: Tue Oct 16, 2012 12:17 pm
Location: Perth

Re: Reverse engineering a 411 operating system

Postby Tre-Cool » Sun Mar 10, 2019 5:47 pm

The efilive guys have made it pretty clear that they are not going to update or add additional functions to their custom os line for the ls1b ecu, but it might be worth checking with them about using it as a base to further add functions or modify existing code.

Previous

Return to GM LS1 512Kbyte and 1Mbyte

Who is online

Users browsing this forum: No registered users and 2 guests