V6 ability for pcm hammer.

[Gampy]

The kudos goto,
Vampyre for causing the itch.
Antus for digging out the DLC and WatchDog2 (COPB) addresses.
Kur4o for the kernel base address.

All I did was line up the ducks and pull the trigger.

This is basically the micro kernel used to gain first access as well as it's ld file, minus my interrogation/debug code.

micro-kernel.c.txt

(11.5 KiB) Downloaded 215 times

I do stack the data on the end of the kernel, so you will need to raise the data location if the kernel grows.

micro-kernel.ld.txt

(207 Bytes) Downloaded 207 times

As for moving forward, WriteMessage(...) et al will need attention.

Have fun ...

[antus]

I havnt tested (no hardware yet), but I trust that it works. Well done and thanks for sharing back!

[Gampy]

It is just a simple Version response that's all ... Works for me, as is.

Wish it could be more ...

It would probably be a good idea for someone with repo access to merge develop into P04.

[Vampyre]

nice gampy

[Vampyre]

im trying to see what else we can strip away so that read kernel is small enough for you to load gampy. what all have you stripped out. I think if you remove the added code for flash ID and kernel check you might get it small enough

[antus]

I got a delivery today

[Holden202T]

Antus and i both got presents today

wasted no time ripping the covers off mine, this is what im working with.

i got it connected to the bench and managed to get it to talk, just vanilla Pcmhammer 011 unzipped and run up.

[09:01:28:639] PCM Hammer 011
[09:01:28:659] Loaded DLL
[09:01:28:768] Connected to Scantool
[09:01:28:772] Battery Voltage is: 13.997
[09:01:28:837] Thanks for using PCM Hammer.
[09:01:32:687] VIN: 1GNDX03E4XD159683
[09:01:32:710] OS ID: 16242772
[09:01:32:734] Calibration ID: 16242894
[09:01:32:759] Hardware ID: 9357440
[09:01:32:837] Serial Number: 3DH99J8306
[09:01:52:956] BCC query failed: Error
[09:01:52:985] MEC: 0
[09:02:11:490] Will save to C:\Temp\read1.bin
[09:02:13:311] Querying operating system of current PCM.
[09:02:13:350] OSID: 16242772
[09:02:13:424] Unknown unlock code 0x53
[09:02:18:410] Unlock response was 4 bytes long, expected 6.
[09:02:38:434] Unable to process unlock response.
[09:02:38:437] Unlock was not successful.

here is the debug log if it helps at all.... im no good at coding but happy to test anything people need.

pcmahmmer debug.txt

(5.59 KiB) Downloaded 194 times

[Gampy]

Awesome gents,

Getting a kernel on board is a bit tougher, though not hard.

Believe I just figured out whats broke within WriteMessage() et al, once y'all get a non micro kernel (I used write-kernel) whittled down to size, see if this gets it talking back at ya!

Code: Select all

void WriteByte(unsigned char byte)
{
	unsigned char status;

	// Insert byte before checking status
+	DLC_TRANSMIT_FIFO = byte;
+	WasteTime();

	// Status 2 means the transmit buffer is almost full.
	// In that case, pause until there's room in the buffer.
	status = DLC_STATUS & 0x03;

	// TODO: try looping around 0x02 (almost full) rather than 0x03 (full)
	unsigned char loopCount = 0;
	while ((status == 0x02 || status == 0x03) && loopCount < 250)
	{
		loopCount++;

		// With max iterations at 25, we get some 2s and 3s in the loop counter.
		for (int iterations = 0; iterations < 50; iterations++)
			WasteTime();

		ScratchWatchdog();
		status = DLC_STATUS & 0x03;
	}
-	DLC_TRANSMIT_FIFO = byte;
}

[kur4o]

As for moving forward, WriteMessage(...) et al will need attention.

Writing will be the same as p01 and p59 intel and amd chips except for the following changes:

Code: Select all

chip init 

Load
$0006 - word_fffffa4c
$6820 - word_fffffa4a
$7020 - word_fffffa4e

$0006 - word_fffffa48

For intel chip only:
before erase or program
bitset #0 word_ffffe2fa
wait till

bit #5 is set at word_fffffa19

after erase or program
bitclear #0 word_ffffe2fa
wait till

bit #5 is cleared at word_fffffa19

amd chip id 22AB 
segments
0
2000
4000
6000
8000
10000
20000
30000
40000
50000
60000
70000

[Vampyre]

thats the edits for the write kernel correct