PCM Hammer P12 development

They go by many names, P01, P10, P12, P59, E38, VPW, '0411 etc.
Post Reply
User avatar
Gampy
Posts: 2332
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer fails on P12

Post by Gampy »

The Build.cmd system included with the PCMHacks suite allows you to dump the intermediate assembly using option -d ... Just type,
Build.cmd -h
In the PCMHacks suite kernel directory to see all it's options! (the .cmd is important)

The first Empty routine (this one completed successfully) was,

Code: Select all

Disassembly of section .kernel_code:

00ff2000 <KernelStart>:
  ff2000:	4e75           	rts
	...

Disassembly of section .text:

12340000 <_start>:
12340000:	4e75           	rts
12340002:	0000 4743      	orib #67,%d0
12340006:	433a 2028      	chkl %pc@(12342030 <_start+0x2030>),%d1
1234000a:	474e           	.short 0x474e
1234000c:	5529 2034      	subqb #2,%a1@(8244)
12340010:	2e38 2e30      	movel 2e30 <KernelStart-0xfef1d0>,%d7
Test 3 out now ...

Code: Select all

Disassembly of section .kernel_code:

00ff2000 <KernelStart>:
  ff2000:	4eb9 00ff 2008 	jsr ff2008 <ScratchWatchdog>
  ff2006:	4e75           	rts

00ff2008 <ScratchWatchdog>:
  ff2008:	203c 00ff fa55 	movel #16775765,%d0
  ff200e:	2040           	moveal %d0,%a0
  ff2010:	10bc 0055      	moveb #85,%a0@
  ff2014:	203c 00ff fa55 	movel #16775765,%d0
  ff201a:	2040           	moveal %d0,%a0
  ff201c:	10bc ffaa      	moveb #-86,%a0@
  ff2020:	223c 00ff fa21 	movel #16775713,%d1
  ff2026:	203c 00ff fa21 	movel #16775713,%d0
  ff202c:	2040           	moveal %d0,%a0
  ff202e:	1010           	moveb %a0@,%d0
  ff2030:	0200 007f      	andib #127,%d0
  ff2034:	2041           	moveal %d1,%a0
  ff2036:	1080           	moveb %d0,%a0@
  ff2038:	223c 00ff fa21 	movel #16775713,%d1
  ff203e:	203c 00ff fa21 	movel #16775713,%d0
  ff2044:	2040           	moveal %d0,%a0
  ff2046:	1010           	moveb %a0@,%d0
  ff2048:	0000 ff80      	orib #-128,%d0
  ff204c:	2041           	moveal %d1,%a0
  ff204e:	1080           	moveb %d0,%a0@
  ff2050:	4e75           	rts

Disassembly of section .text:

12340000 <_start>:
12340000:	4e75           	rts
12340002:	0000 4743      	orib #67,%d0
12340006:	433a 2028      	chkl %pc@(12342030 <_start+0x2030>),%d1
1234000a:	474e           	.short 0x474e
1234000c:	5529 2034      	subqb #2,%a1@(8244)
12340010:	2e38 2e30      	movel 2e30 <KernelStart-0xfef1d0>,%d7
Test 4 out now ...

Code: Select all

Disassembly of section .kernel_code:

00ff2000 <KernelStart>:
  ff2000:	4eb9 00ff 2008 	jsr ff2008 <ScratchWatchdog>
  ff2006:	4e75           	rts

00ff2008 <ScratchWatchdog>:
  ff2008:	203c 00ff fa55 	movel #16775765,%d0
  ff200e:	2040           	moveal %d0,%a0
  ff2010:	10bc 0055      	moveb #85,%a0@
  ff2014:	203c 00ff fa55 	movel #16775765,%d0
  ff201a:	2040           	moveal %d0,%a0
  ff201c:	10bc ffaa      	moveb #-86,%a0@
  ff2020:	223c 00ff fa21 	movel #16775713,%d1
  ff2026:	203c 00ff fa21 	movel #16775713,%d0
  ff202c:	2040           	moveal %d0,%a0
  ff202e:	1010           	moveb %a0@,%d0
  ff2030:	0200 007f      	andib #127,%d0
  ff2034:	2041           	moveal %d1,%a0
  ff2036:	1080           	moveb %d0,%a0@
  ff2038:	4e71           	nop
  ff203a:	4e71           	nop
  ff203c:	4e71           	nop
  ff203e:	4e71           	nop
  ff2040:	4e71           	nop
  ff2042:	4e71           	nop
  ff2044:	223c 00ff fa21 	movel #16775713,%d1
  ff204a:	203c 00ff fa21 	movel #16775713,%d0
  ff2050:	2040           	moveal %d0,%a0
  ff2052:	1010           	moveb %a0@,%d0
  ff2054:	0000 ff80      	orib #-128,%d0
  ff2058:	2041           	moveal %d1,%a0
  ff205a:	1080           	moveb %d0,%a0@
  ff205c:	4e75           	rts

Disassembly of section .text:

12340000 <_start>:
12340000:	4e75           	rts
12340002:	0000 4743      	orib #67,%d0
12340006:	433a 2028      	chkl %pc@(12342030 <_start+0x2030>),%d1
1234000a:	474e           	.short 0x474e
1234000c:	5529 2034      	subqb #2,%a1@(8244)
12340010:	2e38 2e30      	movel 2e30 <KernelStart-0xfef1d0>,%d7
I'll work on the contributed thoughts ... And spend some time in the disassembly.
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Top
User avatar
Gampy
Posts: 2332
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer fails on P12

Post by Gampy »

Both last tests were successful, I've sent another with a delayed loop scratching the dog, that has a half dozen nop's in between COP2 bset and bclr, that should live for ~20 seconds.

Code: Select all

Disassembly of section .kernel_code:

00ff2000 <KernelStart>:
  ff2000:	598f           	subql #4,%sp
  ff2002:	4297           	clrl %sp@
  ff2004:	6008           	bras ff200e <KernelStart+0xe>
  ff2006:	4eb9 00ff 2078 	jsr ff2078 <LongSleepWithWatchdog>
  ff200c:	5297           	addql #1,%sp@
  ff200e:	7031           	moveq #49,%d0
  ff2010:	b097           	cmpl %sp@,%d0
  ff2012:	6cf2           	bges ff2006 <KernelStart+0x6>
  ff2014:	588f           	addql #4,%sp
  ff2016:	4e75           	rts

00ff2018 <WasteTime>:
  ff2018:	4e71           	nop
  ff201a:	4e71           	nop
  ff201c:	4e71           	nop
  ff201e:	4e71           	nop
  ff2020:	4e75           	rts

00ff2022 <ScratchWatchdog>:
  ff2022:	203c 00ff fa55 	movel #16775765,%d0
  ff2028:	2040           	moveal %d0,%a0
  ff202a:	10bc 0055      	moveb #85,%a0@
  ff202e:	203c 00ff fa55 	movel #16775765,%d0
  ff2034:	2040           	moveal %d0,%a0
  ff2036:	10bc ffaa      	moveb #-86,%a0@
  ff203a:	223c 00ff fa21 	movel #16775713,%d1
  ff2040:	203c 00ff fa21 	movel #16775713,%d0
  ff2046:	2040           	moveal %d0,%a0
  ff2048:	1010           	moveb %a0@,%d0
  ff204a:	0200 007f      	andib #127,%d0
  ff204e:	2041           	moveal %d1,%a0
  ff2050:	1080           	moveb %d0,%a0@
  ff2052:	4e71           	nop
  ff2054:	4e71           	nop
  ff2056:	4e71           	nop
  ff2058:	4e71           	nop
  ff205a:	4e71           	nop
  ff205c:	4e71           	nop
  ff205e:	223c 00ff fa21 	movel #16775713,%d1
  ff2064:	203c 00ff fa21 	movel #16775713,%d0
  ff206a:	2040           	moveal %d0,%a0
  ff206c:	1010           	moveb %a0@,%d0
  ff206e:	0000 ff80      	orib #-128,%d0
  ff2072:	2041           	moveal %d1,%a0
  ff2074:	1080           	moveb %d0,%a0@
  ff2076:	4e75           	rts

00ff2078 <LongSleepWithWatchdog>:
  ff2078:	518f           	subql #8,%sp
  ff207a:	42af 0004      	clrl %sp@(4)
  ff207e:	6018           	bras ff2098 <LongSleepWithWatchdog+0x20>
  ff2080:	4eba ffa0      	jsr %pc@(ff2022 <ScratchWatchdog>)
  ff2084:	4297           	clrl %sp@
  ff2086:	6006           	bras ff208e <LongSleepWithWatchdog+0x16>
  ff2088:	4eba ff8e      	jsr %pc@(ff2018 <WasteTime>)
  ff208c:	5297           	addql #1,%sp@
  ff208e:	7009           	moveq #9,%d0
  ff2090:	b097           	cmpl %sp@,%d0
  ff2092:	6cf4           	bges ff2088 <LongSleepWithWatchdog+0x10>
  ff2094:	52af 0004      	addql #1,%sp@(4)
  ff2098:	0caf 0000 270f 	cmpil #9999,%sp@(4)
  ff209e:	0004 
  ff20a0:	6fde           	bles ff2080 <LongSleepWithWatchdog+0x8>
  ff20a2:	508f           	addql #8,%sp
  ff20a4:	4e75           	rts

Disassembly of section .text:

12340000 <_start>:
12340000:	4e75           	rts
12340002:	0000 4743      	orib #67,%d0
12340006:	433a 2028      	chkl %pc@(12342030 <_start+0x2030>),%d1
1234000a:	474e           	.short 0x474e
1234000c:	5529 2034      	subqb #2,%a1@(8244)
12340010:	2e38 2e30      	movel 2e30 <KernelStart-0xfef1d0>,%d7
I wanna see this live so bad I'm going bananas, I just hope I don't slip on the peel ... :roll:
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Top
User avatar
Gampy
Posts: 2332
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer fails on P12

Post by Gampy »

Bummer, it did not live.

Going to have to add some complexity!

Edit;
kur4o,

That disassembly, what is it, what is it's purpose in life ... PM me if you want.
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Top
User avatar
Tazzi
Posts: 3552
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:
Contact Tazzi

Re: PCM Hammer fails on P12

Post by Tazzi »

Bugger, I'll see if I cant get my hands on a GM write kernel and check if theres something not missing.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
Top
darkman5001
Posts: 252
Joined: Sat Dec 18, 2021 8:15 am
cars: 2005 Yukon, 2004 Suburban, 2001 Tahoe, 2002 Envoy, 2006 Envoy, 2003 Lincoln LS
Location: New Jersey, USA

Re: PCM Hammer fails on P12

Post by darkman5001 »

Guys, I finally got my chip adapters and was able to pull the flash. Let me know if any of you are able to read it.
Attachments
AM29BL802CB@SOP56.BIN
(1 MiB) Downloaded 141 times
Top
User avatar
Gampy
Posts: 2332
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer fails on P12

Post by Gampy »

Awesome!

Might I make a suggestion ... The filename, add the OsID and family (P12) to it, it's reported as: 12606400
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Top
darkman5001
Posts: 252
Joined: Sat Dec 18, 2021 8:15 am
cars: 2005 Yukon, 2004 Suburban, 2001 Tahoe, 2002 Envoy, 2006 Envoy, 2003 Lincoln LS
Location: New Jersey, USA

Re: PCM Hammer fails on P12

Post by darkman5001 »

Gampy wrote:Awesome!

Might I make a suggestion ... The filename, add the OsID to it, it's reported as: 12606400

Good idea. Were you able you read it at all?
Top
User avatar
antus
Site Admin
Posts: 9017
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:
Contact antus

Re: PCM Hammer fails on P12

Post by antus »

Thanks! The file looks correct. Can see the right file structure and it looks like all data lines and address lines were well connected and the data does not look damaged.
It did need 'a' and 'b' bytes swapped. Ive applied this and now it loads correctly in ida.
Attachments
p12 12606400 am29bl802cb@sop56_fixed.bin
(1 MiB) Downloaded 123 times
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Top
darkman5001
Posts: 252
Joined: Sat Dec 18, 2021 8:15 am
cars: 2005 Yukon, 2004 Suburban, 2001 Tahoe, 2002 Envoy, 2006 Envoy, 2003 Lincoln LS
Location: New Jersey, USA

Re: PCM Hammer fails on P12

Post by darkman5001 »

Greetings Antus. I am still trying to figure out how I might read the bin of the flash that I saved. How can I read it?
Top
User avatar
Gampy
Posts: 2332
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer fails on P12

Post by Gampy »

antus wrote:It did need 'a' and 'b' bytes swapped. Ive applied this and now it loads correctly in ida.
The m68k is big endian ... I thought IDA did the byte swap, maybe that is why my m68k disassemblies turn out like crap.
darkman5001 wrote:Greetings Antus. I am still trying to figure out how I might read the bin of the flash that I saved. How can I read it?
If you're talking about disassembling it, most use either IDA Pro or Ghidra.
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Top
Post Reply

Return to “GM LS1 512Kbyte and 1Mbyte and newer”