Reverse engineering a 411 operating system

They go by many names, P01, P59, VPW, '0411 etc. Also covering E38 and newer here.
User avatar
NSFW
Posts: 679
Joined: Fri Feb 02, 2018 3:13 pm

Re: Reverse engineering a 411 operating system

Post by NSFW »

Please start a new thread for the E66 / E67 stuff.
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!
VX L67 Getrag
Posts: 2877
Joined: Sun Aug 02, 2009 9:16 pm
Location: Bayside, Melbourne, Victoria
Contact:

Re: Reverse engineering a 411 operating system

Post by VX L67 Getrag »

Ahh yeah sorry, I just saw other thing's could be seen when doing the 411 loading so I hoped it may lead to something with the other controllers but sorry for the hijack!
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: Reverse engineering a 411 operating system

Post by Gampy »

Is it possible to get someone with repo access to DE-encrypt:
12202088 - 2001 512k.xdf
12208322 - 2001 512k.xdf

The rest already are.

Thus the next poor soul to trying to use NSFW's powershell scripts doesn't get so discombobulated.

Thank you
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: Reverse engineering a 411 operating system

Post by Gampy »

After figuring out the xdf was encrypted, the next issue came with Convert-XdfToIdc.ps1 script on osid 12208322, it's having trouble with some tables.

Errounous lines in the created .idc:

Code: Select all

MakeNameEx(, "CurveTable 8 Rows Calibration Segment Information", nameFlags);
MakeNameEx(, "CurveTable 8 Rows Checksum Information", nameFlags);
.
.
.
MakeNameEx(, "CurveTable 5 Rows D1201 - Transmission Gear Ratios", nameFlags);
Obviously they are missing the adddress, mmedaddress of EMBEDDEDDATA is missing from the xdf's.

I know just simple basics of xml, so any suggestions would be appreciated.

Thanks
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
User avatar
NSFW
Posts: 679
Joined: Fri Feb 02, 2018 3:13 pm

Re: Reverse engineering a 411 operating system

Post by NSFW »

Looks like the ps1 script needs to check that the address is non-empty before it writes a MakeNameEx. Until that gets fixed, just remove those lines from the IDC script. The segment informatino and checksum information isn't very useful in IDA anyway.

It looks like the author of the XDF set out to find the gear ratios, but didn't actually find them. So remove that line too. Maybe try to find them yourself? :) If you find them in another OS first (using an XDF that has them defined properly) then that will probably give you some hints about where to look in this OS.
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: Reverse engineering a 411 operating system

Post by Gampy »

Identifying the known leaves the unknown to be identified ...

Gear ratios are there and appear to be done the same as others I checked ... I dunno know, Greek to me.

Code: Select all

  <XDFTABLE uniqueid="0x7DD5" flags="0x30">
    <title>D1201 - Transmission Gear Ratios</title>
    <description>Transmission Gear Ratios.

*** applicable to 4L60E or 4L80E transmissions only ***</description>
    <CATEGORYMEM index="0" category="14" />
    <XDFAXIS id="x" uniqueid="0x0">
      <EMBEDDEDDATA mmedelementsizebits="16" mmedmajorstridebits="-32" mmedminorstridebits="0" />
      <units>Ratio</units>
      <indexcount>1</indexcount>
      <datatype>0</datatype>
      <unittype>0</unittype>
      <DALINK index="0" />
      <LABEL index="0" value="0.00" />
      <MATH equation="X">
        <VAR id="X" />
      </MATH>
    </XDFAXIS>
    <XDFAXIS id="y" uniqueid="0x0">
      <EMBEDDEDDATA mmedelementsizebits="16" mmedmajorstridebits="-32" mmedminorstridebits="0" />
      <units>Gear</units>
      <indexcount>5</indexcount>
      <outputtype>4</outputtype>
      <datatype>0</datatype>
      <unittype>0</unittype>
      <DALINK index="0" />
      <LABEL index="0" value="1st" />
      <LABEL index="1" value="2nd" />
      <LABEL index="2" value="3rd" />
      <LABEL index="3" value="4th" />
      <LABEL index="4" value="Reverse" />
      <MATH equation="X">
        <VAR id="X" />
      </MATH>
    </XDFAXIS>
    <XDFAXIS id="z">
      <EMBEDDEDDATA mmedelementsizebits="16" mmedrowcount="5" mmedmajorstridebits="0" mmedminorstridebits="0" />
      <decimalpl>3</decimalpl>
      <min>0.000000</min>
      <max>8.000000</max>
      <outputtype>1</outputtype>
      <MATH equation="X">
        <VAR id="X" />
      </MATH>
      <MATH row="1" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18A36" sizeinbits="16" />
      </MATH>
      <MATH row="2" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18A38" sizeinbits="16" />
      </MATH>
      <MATH row="3" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18AF6" sizeinbits="16" />
      </MATH>
      <MATH row="4" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18AF8" sizeinbits="16" />
      </MATH>
      <MATH row="5" col="1" equation="X/4096">
        <VAR id="X" type="address" address="0x18A3A" sizeinbits="16" />
      </MATH>
    </XDFAXIS>
  </XDFTABLE>
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
bubba2533
Posts: 498
Joined: Wed Apr 11, 2018 8:50 am
cars: 03 Chevy S10 Turbo V6

Re: Reverse engineering a 411 operating system

Post by bubba2533 »

I've never used powershell. Can somebody help out an idiot and tell me what I'm doing wrong.

1. Open powerwheel command
2. Naviagte to script directory and run

Code: Select all

.\Generate-PidLabels.ps1 .\PidList.txt
(I moved them to the same directory.)

I get a bunch of these errors:

Code: Select all

Cannot index into a null array.
At C:\Users\brand\Desktop\12593358-master\Scripts\Generate-PidLabels.ps1:29 char:2
+     $functionAddress += $bytes[$start+7]
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : NullArray
LS1 Boost OS V3 Here. For feature suggestions post in here Development Thread. Support future development ->Patreon.
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: Reverse engineering a 411 operating system

Post by Gampy »

I am a Powershell dummy as well ...

However, if you were to hit CTRL-C just after you invoke the script, you may very well see that it cannot find the bin or the pidlist ...
I do not know how to properly fix this yet, the hack is to edit Generate-PidLabels.ps1 and change the following two lines to include the full path and filename ...

Code: Select all

$bytes = [System.IO.File]::ReadAllBytes("12593358.bin")
$lines = [IO.File]::ReadAllLines(".\pidlist.txt")
They should both be command line parameters, Powershell has that functionality built in, it should be simple to do as well as add some simple error checking that the files exist before continuing.
As soon as the vampire leaves I'll look into this ...

[edit]
Figured it out while waiting for the vampire to show up ...
Make the following changes:

Code: Select all

-param($Path)
+param([string]$Bin, [string]$Pidlist)
 
-$bytes = [System.IO.File]::ReadAllBytes("12593358.bin")
+$bytes = [System.IO.File]::ReadAllBytes($Bin)
 
-$lines = [IO.File]::ReadAllLines(".\pidlist.txt")
+$lines = [IO.File]::ReadAllLines($Pidlist)
Then it's use would be:

Code: Select all

.\Generate-PidLabels.ps1 -Bin <Full path and filename to bin> -Pidlist <Full path and filename to PidList.txt> | Out-File <Output filename.idc> -Encoding ASCII
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
User avatar
Tre-Cool
Posts: 265
Joined: Tue Oct 16, 2012 12:17 pm
cars: VY SS UTE, VX Drag Car
Location: Perth
Contact:

Re: Reverse engineering a 411 operating system

Post by Tre-Cool »

The efilive guys have made it pretty clear that they are not going to update or add additional functions to their custom os line for the ls1b ecu, but it might be worth checking with them about using it as a base to further add functions or modify existing code.
Post Reply