V6 ability for pcm hammer.
Re: V6 ability for pcm hammer.
hard part is knowing if boot sector is there
i guess ill try with my hptuners or winflash see if I wake up a P04
i guess ill try with my hptuners or winflash see if I wake up a P04
- antus
- Site Admin
- Posts: 8253
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
Re: V6 ability for pcm hammer.
The pcm does its factory floor checks at boot and looks for a signature at the end of the OS, and at the end of the calibration. If either is missing it can enter recovery mode with no security for the initial factory floor flash. What the short is doing, as far as I understand, is glitching an address line above the address range of the bootsector, which is enough to crash the pcm, so that the watchdog triggers and the pcm reboots or the processor does it itself on invalid opcode. On the reboot the boot sector does the checks for the cal and os signature, and because the address bus is glitched it cant seethe signatures and thinks its on the factory floor and goes in to recovery mode. These 2 things happen in the moment you have the pins shorted. Then your flash software can get in, and because you have removed the address line short the entire flash is open for read or write. Its a great hardware hack. For the P04s we'll need to confirm which address line were glitching on the P01/P59 and come up with an equivalent for the P04. The P04 has a signature but its a different couple of bytes in a different place. I expect we could adapt the hack if we need to.
@gampy some pics the expand because they are larger than about 1000px. We set the thumbnail size gigantic so for the most part you get a usable image, but can still expand if you need to. Whether people are posting high res on purpose or just straight off their phones without realising the size it ends up useable.
For BDM I think we need to just look at the processor pin outs and trace the relevant pins across the pcb and find easy places to solder on for each of them. I think the cpu is the same as in the P01 and P59 so it should be possible to sit there with a multimeter scratching the coating off pins and finding the places.
@gampy some pics the expand because they are larger than about 1000px. We set the thumbnail size gigantic so for the most part you get a usable image, but can still expand if you need to. Whether people are posting high res on purpose or just straight off their phones without realising the size it ends up useable.
For BDM I think we need to just look at the processor pin outs and trace the relevant pins across the pcb and find easy places to solder on for each of them. I think the cpu is the same as in the P01 and P59 so it should be possible to sit there with a multimeter scratching the coating off pins and finding the places.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Re: V6 ability for pcm hammer.
Antus,
A quote from here
You were right the first time!
-Enjoy
A quote from here
I would have to say your bloody eyes work better ...antus wrote:sorry, my eyes must have been bleeding, now I look again its not FFC006, its actually FFD006 as it was in the P01/P59, so nothing to try
ida can show you the bytes and the instructions from the factory bin so you can identify how the hardware works. but to compile a new kernel you'd use the gnc 68k toolchain from here http://gnutoolchains.com/m68k-elf/ and run build.bat in the kernel source dir.
You were right the first time!
Code: Select all
move.b #$55,($FFFFFA27).w ; 'U'
move.b #$AA,($FFFFFA27).w
bclr #7,($FFFFC006).w
bset #7,($FFFFC006).w
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Re: V6 ability for pcm hammer.
what file was that from gampy?
Also tried the short pin last night with no sucesses but Ive also nvr gotten it to work on a p01/p59 so not sure what im doing wrong. Starting to think maybe i should just sit back and stay out of you guys way.
Also tried the short pin last night with no sucesses but Ive also nvr gotten it to work on a p01/p59 so not sure what im doing wrong. Starting to think maybe i should just sit back and stay out of you guys way.
Re: V6 ability for pcm hammer.
Either one of the Grand Am GT LA1 files you uploaded.
What is the number you've attached to the filename (12201465, 12594385)??
Service Number??
[edit]
NO DON'T DO THAT!
You have helped make great progress, don't give up now ... Besides, Tell me you haven't learned a ton and I'll call ya a liar!
You've done well.
You don't need to short pin unless you have a crashed unit, that is unlikely at this stage.
If you are having Seed/Key issues that can be resolved ...
What is the number you've attached to the filename (12201465, 12594385)??
Service Number??
[edit]
NO DON'T DO THAT!
You have helped make great progress, don't give up now ... Besides, Tell me you haven't learned a ton and I'll call ya a liar!
You've done well.
You don't need to short pin unless you have a crashed unit, that is unlikely at this stage.
If you are having Seed/Key issues that can be resolved ...
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Re: V6 ability for pcm hammer.
Ive got 2 P04s that are crashed from loss of connection from my other software.
The numbers are the osids, they are found at 7FFFA-D big indian in the Bin files.
Ive learned a lot, still havnt figured out how to put it into practice since i cant even figure out how to get this damn Kernel to compile to even try and load or test anything. I hate constantly having to rely on others to do basic stuff. If others have to do the basics for me then it is easier for them to just test it also which makes me testing obsolete. I cant figure out how to decompile the bins into what you guys are reading either, apparently im missing a very import step for both of these things.
The numbers are the osids, they are found at 7FFFA-D big indian in the Bin files.
Ive learned a lot, still havnt figured out how to put it into practice since i cant even figure out how to get this damn Kernel to compile to even try and load or test anything. I hate constantly having to rely on others to do basic stuff. If others have to do the basics for me then it is easier for them to just test it also which makes me testing obsolete. I cant figure out how to decompile the bins into what you guys are reading either, apparently im missing a very import step for both of these things.
Re: V6 ability for pcm hammer.
Im going to keep the first post updated with info we find in case others are looking for it
Re: V6 ability for pcm hammer.
I would recommend only facts ...Vampyre wrote:Im going to keep the first post updated with info we find in case others are looking for it
Just wanting to keep things clear.
I do not like ambiguity, ambiguity leads to regurgitated misinformation, this LS world is saturated with misinformation regurgitation.
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Re: V6 ability for pcm hammer.
agreed gampy, mind posting the edits you made in the code to get seed/key working?
Re: V6 ability for pcm hammer.
Hackatooye ...
This is a hack at best and not meant for public consumption!
Code: Select all
key = 0;
switch (algo)
{
case 01:
- algolookup = 7;//,8,40,1,2
+ algolookup = 40;
break;
default:
algolookup = algo;
break;
}
- key = unchecked((ushort)KeyAlgo(seed, algolookup));
+ UInt16 flopSeed = (UInt16)((seed & 0xFFU) << 8 | (seed & 0xFF00U) >> 8);
+ key = unchecked((UInt16)KeyAlgo(flopSeed, algolookup));
//45634
return key;
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!