PCM Hammer Release 021

They go by many names, P01, P59, VPW, '0411 etc. Also covering E38 and newer here.
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer Release 021

Post by Gampy »

Gotcha, Thanks, I assume that one is for Atmel's ??

-Enjoy
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
spfautsch
Posts: 1
Joined: Mon Mar 20, 2023 7:34 am
cars: 1995 C4
2001 C5
Location: Montgomery City, MO
Contact:

Re: PCM Hammer Release 021

Post by spfautsch »

I have a driver class for a commercial, VIN "licensed" interface that I'd like to contribute. Didn't want my first interaction here to be starting a new thread or PM'ing you before throwing out a warning. If interested NSFW hit me up on PM for details as I have a quick question I'd like to pose before proceeding.

It's an interface made by AVT for the vendor that's based on their 83x model so it was less than an hour's work adapting the AvtDriver.cs source.

I find the codebase very clean and well maintained. I'm a big proponent of FOSS so happy to see something of this quality and for this purpose being actively developed. Nice work!
In-Tech
Posts: 778
Joined: Mon Mar 09, 2020 4:35 pm
Location: California

Re: PCM Hammer Release 021

Post by In-Tech »

Gampy wrote:Gotcha, Thanks, I assume that one is for Atmel's ??

-Enjoy
We used the Atmel mainly for glitching and passthru, The packet was sent in clean before we glitched in and executed the packet sitting in the I/O buffer. I don't know much about that as a couple other guys did that side :( Again, long time ago.

spfautsch, Welcome :)
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: PCM Hammer Release 021

Post by antus »

@spfautch, more drivers are welcomed, send us a pull request againy develop branch on github to contribute.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
abs351
Posts: 25
Joined: Sun Jan 06, 2019 12:22 pm
cars: Too many

Re: PCM Hammer Release 021

Post by abs351 »

Hello team,

Many thanks for taking the time to read such request. I have decided to attempt to retrieve the binary file from a Holden 2005 VZ SSZ 5.7 gen 3 commodore.
The tool I have been using is the VX NANO/VX diag that supports SAE 2534. I can confirm the unit works as I have used Tech2WIN to read the cars PCM and DTC error codes.
I have updated its firmware to the latest and it seems to read the ECU fine (VIN, voltage ect) but builds a 0 byte bin file when selecting to read entire PCM option.
I have not used an OBD scan tool as i don't have one that is supported within pcm hammer)

I have attached the debug log and user log. (****I have added XXXX to certain areas within the user log )

I have tried variant settings and drivers within the PCM hammer application with the same result, can someone kindly assist where I'm going wrong here?
VX.PNG
VX.PNG (87.38 KiB) Viewed 1047 times
hammer.png
hammer.png (25.54 KiB) Viewed 1047 times
Thanks

ABS
Attachments
PcmHammer_userLog_20230413@163929.txt
(3.4 KiB) Downloaded 38 times
PcmHammer_debugLog_20230413@163938.txt
(30.66 KiB) Downloaded 44 times
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: PCM Hammer Release 021

Post by antus »

Thanks for reporting, its failing because OS ID: 1273057 is not in its database and size is defaulting to 0. If your technical you can get the source code from github and add the osid and try again else one of us can add it and send you a test build. 127... sounds like it might be a proprietry patch on the OS and theyve changed the ID to reflect this.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
abs351
Posts: 25
Joined: Sun Jan 06, 2019 12:22 pm
cars: Too many

Re: PCM Hammer Release 021

Post by abs351 »

Hi Antus,

Many thanks for the prompt reply. If you can kindly share a test build?
Ill attempt to compile the file on github also in the interim.

thanks once again
abs351
Posts: 25
Joined: Sun Jan 06, 2019 12:22 pm
cars: Too many

Re: PCM Hammer Release 021

Post by abs351 »

Hello Antus,

Many thanks for sharing the beta version, I'm afraid there is an unlock error once i perform a read of the PCM.
I overwrote the current files and executed the application ( pcmhammer-1mbcos.zip).
VZ1.PNG
VZ1.PNG (46.96 KiB) Viewed 934 times

Is there anything that needs to be done on my end?

FYI, I have received some intel on the car, it seems to have been tuned prior. Would there be a tuner lock causing this? but then counter acts from previous version of which the PCM hammer .021 version allowed to unlock the ECU?
Just a thought.

regards
ABZ
Attachments
1.PcmHammer_debugLog_20230415@003017.txt
(2.93 KiB) Downloaded 44 times
1.PcmHammer_userLog_20230415@003040.txt
(947 Bytes) Downloaded 38 times
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer Release 021

Post by Gampy »

abs351,

You have a few choices,
1. Open the PCM and use the 'Short Trick' to glitch past security.
2. Use Universal Patcher J-Console with the attached script, I'm told it can take up to about 30 minutes, downside, UP is complicated!
3. Use a Brute Force program floating around here that may or may not work and can take as much as 7 days to complete, it's easy to use, downside, time!

You are using J2534 so I highly recommend Universal Patcher!
Here is how,
Download the latest package here: UniversalPatcher-Full.Zip
Unzip, and run UniversalPatcher.exe
. Select Menu: Utilities
. Select: Logger
After Logger opens,
. Select Tab: J-Console
. Select: Device Type
. Check: Timestamps
In group box Protocol 1,
. Select Protocol: J1850VPW
Make sure PCM is powered and ignition is on.
. Select Button: Connect/Disconnect
The Logger should be running and you should see green (received) data flowing ...
. Select Button: Upload script
. Select: Attached script ($10_brute_unlock_var_algo.txt)

You should see it running, it should be showing red (Sent) and green (received) data ...
Watch the lower Console pane for the word 'Done'
Select Button: Connect/Disconnect

Now scroll the log back to the very last red line and you should see something along the lines of (without my comments),
[TimeStamp] 6C 10 F0 27 01 <--- Request Seed
[TimeStamp] 6C F0 10 67 01 ?? ?? <--- PCM returned Seed, then the key is calculated from the seed
[TimeStamp] 6C 10 F0 27 02 ?? ?? <--- Key is sent to PCM
[TimeStamp] 6C F0 10 67 02 34 <--- Successful unlock!
You now have the Key ...

So, close Universal Patcher.

Open PCMHammer
Select device if required.
. Select Menu: Options
. Select: User Defined Key
Enter your key, select OK
. Select Menu: Tools
. Select: Read Entire PCM

See if that gets the read done for ya!

-Enjoy
Attachments
$10_brute_unlock_var_algo.txt
(417 Bytes) Downloaded 55 times
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer Release 021

Post by Gampy »

Hi all,

As Antus has let slip out, we (Antus and I) have been working on an Assembly Kernel for PCMHammer, this code was some test code that Antus left laying around, I stole it a couple of years ago and started teaching myself to write assembly (been reading for years), then I made the mistake? or purposly enticing? ;) posting of my success with it.

Well, it must have intrigued Antus for he asked to get involved in my project, he is light years better then I at assembly, so I gave him access to my repository and he took my work and ran with it creating a Loader Kernel!

Then I took his work, twisted it up and merged it into mine, I then merged it into PcmHacks Build system and fixed up PcmLibrary to support not only the new assembly Kernels, but also retain compatibility with the old C Kernels ... :)

So, we now have a Loader Kernel!
Hereinafter referred to as 'Loader'.

What does this Loader do for us, it allows us to get a larger Kernel onto PCM's like the P04, the P04 can take only 1 upload packet, getting a C kernel to fit in one packet for most low cost VCI's is next to impossible.
It can be done as I proved back in Jan 2020, it's just to simple with no room to grow ... It was clear to me we needed an Assembly Kernel, that is why I gave up on the P04 and the C Kernels, it was waste of time.

How this Loader works is, first of all it's tiny, just over 600 bytes, that means any VCI that can support 1024 byte packets can send it in one packet.
It is simple, it can respond to a Version Request, a Mode34 Request to Upload, and finally both Mode3600 Upload and Mode3680 Upload and Execute, that's it.

Now that it's on the PCM, we use it to receive a larger Kernel, then execute this larger Kernel once it's fully onboard.
The Loader memory space is returned to the system, to be used by the larger Kernel.

Now we'll (At least I will be) work on making these new assembly Kernels capable of writing to flash, I have done some of that code already, and I can steal Antus's Mode36 code, merging in with what I already have done in the flash department and we should have a Write Kernel!

This is not going to happen over night, but I assure you, it will have my undivided attention as full time as I possibly can manage!

Thanks to DWS, we now have BDM pinouts for the P04 so worrying about recovering during development is gone, unless we damage the chip.

The big cudo's go to Antus for doing most of the Assembly, it would have taken me a lot lot longer to get this far without his help!

Thank you Antus!

-Enjoy
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Post Reply