And I have no idea why it's blowing up on that line. That's weird.
P59 flash kernel development
Re: P59 flash kernel development
You're the first person to try a full flash on a P59 so nothing about this is already known.
And I have no idea why it's blowing up on that line. That's weird.
And I have no idea why it's blowing up on that line. That's weird.
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!
Re: P59 flash kernel development
My buddy owns a junkyard so Ive got access to all the pcms I can brick and avt 852. Is there a way software wise to put pcm into recovery. LS droid says they have like 4 dif recovery modes and can bring pcm back almost everytime.
and avt 852. Is there a way software wise to put pcm into recovery. LS droid says they have like 4 dif recovery modes and can bring pcm back almost everytime.Re: P59 flash kernel development
Flashing a calibration that has a bad checksum will put the PCM into a recovery mode that requires the pin-grounding trick to flash it again. I learned this the very first time I tried to use PCM Hammer in my Corvette. And that's why the app now validates checksums.Vampyre wrote:My buddy owns a junkyard so Ive got access to all the pcms I can brick
I think the grounding is required because the bad checksum implies that the flash chip is defective, and GM would rather replace the PCM in that case. Erasing the calibration block without rewriting it (leaving the whole thing as FF FF FF...) will put the PCM into a recovery mode that does not require the grounding trick, at least for the P01. P59s have two calibration blocks, and if I remember right, erasing one of them will require grounding, but the other won't.
In addition to the checksum, the operating system expects to see a magic number at a certain address - 0x4AFC at 0x1FFFE. If that's present, the PCM validates the checksum or assumes that the flash chip is bad. If the magic number is not present, the PCM assumes it just hasn't been given a calibration yet.
I don't know what the other recovery modes are. Probably only because I haven't gotten around to making the specific mistakes that trigger them.
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!
Re: P59 flash kernel development
Which way sends the recovery-mode pings mentioned in Issue #114??NSFW wrote: Flashing a calibration that has a bad checksum will put the PCM into a recovery mode that requires the pin-grounding trick to flash it again. I learned this the very first time I tried to use PCM Hammer in my Corvette. And that's why the app now validates checksums.
Erasing the calibration block without rewriting it (leaving the whole thing as FF FF FF...) will put the PCM into a recovery mode that does not require the grounding trick, at least for the P01. P59s have two calibration blocks, and if I remember right, erasing one of them will require grounding, but the other won't.
In addition to the checksum, the operating system expects to see a magic number at a certain address - 0x4AFC at 0x1FFFE. If that's present, the PCM validates the checksum or assumes that the flash chip is bad. If the magic number is not present, the PCM assumes it just hasn't been given a calibration yet.
I don't know what the other recovery modes are. Probably only because I haven't gotten around to making the specific mistakes that trigger them.
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Re: P59 flash kernel development
I think that was with an erased-but-not-programmed calibration block.
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!
Re: P59 flash kernel development
Thank you ...NSFW wrote:I think that was with an erased-but-not-programmed calibration block.
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Re: P59 flash kernel development
On the Amd chip it's segment 0x10000, or calibration segment #2, it's the 64kb calibration segment.
If erased it repeatedly sends: 6CF010A20163
If erased it repeatedly sends: 6CF010A20163
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
-
jlvaldez
- Posts: 155
- Joined: Mon Feb 11, 2019 12:48 pm
- cars: '01 - Corvette Z06
'20 - Sierra Denali
'03 - Volvo S80 T6
'16 - Accord V6 - Location: DFW, Texas
Re: P59 flash kernel development
Which OSes and P59/P01 is this in? I just checked my binaries that I pulled from my PCMs, and I don't have that number at that address in any of them... In my P59 it's just 0xFFFFFFF at that address and 0x00000000 in my P01NSFW wrote:Vampyre wrote:In addition to the checksum, the operating system expects to see a magic number at a certain address - 0x4AFC at 0x1FFFE. If that's present, the PCM validates the checksum or assumes that the flash chip is bad. If the magic number is not present, the PCM assumes it just hasn't been given a calibration yet.
-
antus
- Site Admin
- Posts: 8250
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
Re: P59 flash kernel development
AFAIK its all of them. Heres those lines from a 2003 HSV P01 bin. Are you sure your looking in the right place? The OS bootloader uses it for those recovery modes so it should be there. The last 2 bytes of the calibration and os segment is what is checked, and 2 slightly different recovery modes are entered if either of them are missing.
Code: Select all
0x0001FFF0 | 4A FC 4A FC 4A FC 4A FC 4A FC 4A FC 4A FC 4A FC | J.J.J.J.J.J.J.J.
0x0007FFF0 | FF FF FF FF FF FF FF FF FF FF FF FF FF FF 4A FC | ..............J.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
-
jlvaldez
- Posts: 155
- Joined: Mon Feb 11, 2019 12:48 pm
- cars: '01 - Corvette Z06
'20 - Sierra Denali
'03 - Volvo S80 T6
'16 - Accord V6 - Location: DFW, Texas
Re: P59 flash kernel development
Lol I was being an idiot and flipped the address and data aroundantus wrote:AFAIK its all of them. Heres those lines from a 2003 HSV P01 bin. Are you sure your looking in the right place? The OS bootloader uses it for those recovery modes so it should be there. The last 2 bytes of the calibration and os segment is what is checked, and 2 slightly different recovery modes are entered if either of them are missing.
Code: Select all
0x0001FFF0 | 4A FC 4A FC 4A FC 4A FC 4A FC 4A FC 4A FC 4A FC | J.J.J.J.J.J.J.J. 0x0007FFF0 | FF FF FF FF FF FF FF FF FF FF FF FF FF FF 4A FC | ..............J.
When I first read it, I saw address of 0x4AFC. Doh. Late night stupidity