PCM Hammer P12 development
Re: PCM Hammer P12 development
I guess I need to watch the matrix ...
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
-
MudDuck514
- Posts: 400
- Joined: Wed Jul 05, 2017 8:30 am
- cars: 2001 Pontiac Grand AM SE
LD9 2.4l I4, 4T40E
2005 Chevrolet Venture
LA1 3400 V6, 4T65E - Location: North TX, USA
Re: PCM Hammer P12 development
Just know, there are FOUR movies in the series.Gampy wrote:I guess I need to watch the matrix ...
Mike
-
antus
- Site Admin
- Posts: 9008
- Joined: Sat Feb 28, 2009 8:34 pm
- cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B - Contact:
Re: PCM Hammer P12 development
The first one is still the best. The 4th one is worth a watch. 2 & 3... a bit meh.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
-
Thorwon
- Posts: 97
- Joined: Wed Jan 16, 2019 1:34 am
- cars: 2007 Hemi powered JKUR
1987 YJ
1955 CJ5
1988 MJ Comanche - Location: Commerce GA.
Re: PCM Hammer P12 development
Gampy wrote:I guess I need to watch the matrix ...
And remember " There is no spoon "
Bad things happen FAST!!!
-
B52Bombardier1
- Posts: 42
- Joined: Sun Jan 26, 2020 11:41 pm
- cars: 1970 Chevy El Camino with an LM7 modern GM engine.
2013 Chevrolet SS Camaro
Re: PCM Hammer P12 development
"Do you want the red pill or the blue pill . . . . . ???"
Rick
Rick
-
darkman5001
- Posts: 252
- Joined: Sat Dec 18, 2021 8:15 am
- cars: 2005 Yukon, 2004 Suburban, 2001 Tahoe, 2002 Envoy, 2006 Envoy, 2003 Lincoln LS
- Location: New Jersey, USA
Re: PCM Hammer P12 development
Okay I think I have done a successful eavesdrop session between my Tech2 and the soft bricked P12 PCM in an attempt to reflash it and capture the conversation between the Tech2 and the P12. I received the same error from the Tech2 as it's been giving me all this time, however I took a pic of the Tech2 screen and also saved this log. I need you guys to see if the eavesdrop session was successful. If it was then we should be able to see what is causing the flash to fail, but more importantly the factory programming kernel and who knows what else. Give it a look over and let me know.
- Attachments
-
- Tech2-P12 Programming attempt 1.txt
- (2.62 MiB) Downloaded 134 times
-
- IMG_7604.JPG (144.17 KiB) Viewed 2846 times
Re: PCM Hammer P12 development
Shh, don't bother me ... I'm on the couch wrapped up in an electric blanket with my bucket of Haagen Dazs Walnuts & Maple watching a marathon of, Who's The Boss! 
In the mean time my family (and all are here except one daughter) keeps touching my forehead looking for fever ... My TV is not on the Western Channel.
In the mean time my family (and all are here except one daughter) keeps touching my forehead looking for fever ... My TV is not on the Western Channel.
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Re: PCM Hammer P12 development
This the actual write loop ??
How does one find where sub_FF213C is called from ...
Code: Select all
ROM:00FF213C sub_FF213C:
ROM:00FF213C
ROM:00FF213C arg_0 = 4
ROM:00FF213C arg_4 = 8
ROM:00FF213C arg_8 = $C
ROM:00FF213C
ROM:00FF213C move.l d7,-(sp)
ROM:00FF213E move.l d5,-(sp)
ROM:00FF2140 move.l 8+arg_0(sp),d1 ; byte count
ROM:00FF2144 move.l 8+arg_4(sp),d7 ; source
ROM:00FF2148 move.l 8+arg_8(sp),d5 ; target
ROM:00FF214C movea.l d7,a0 ; source address
ROM:00FF214E movea.l d5,a1 ; target address
ROM:00FF2150 moveq #0,d5
ROM:00FF2152 tst.l d1
ROM:00FF2154 beq.w loc_FF2220 ; Byte count = 0
ROM:00FF2158 move.l a5,-(sp)
ROM:00FF215A move.l d6,-(sp)
ROM:00FF215C
ROM:00FF215C loc_FF215C: ; CODE XREF: sub_FF213C+DCj ; Begin write loop
ROM:00FF215C move.w #$AAAA,($AAA).w ; Command Amd Unlock
ROM:00FF2162 move.w #$5555,($554).w ; Command Amd Unlock
ROM:00FF2168 move.w #$A0A0,($AAA).w ; Command Amd Program
ROM:00FF216E move.w (a0),(a1) ; Write source to target
ROM:00FF2170 move.w (a0),d5 ;
ROM:00FF2172
ROM:00FF2172 loc_FF2172: ; CODE XREF: sub_FF213C+B8j ; Inner read / verify write loop
ROM:00FF2172 move.b #$55,(byte_FFFFFA55).w ; COPA
ROM:00FF2178 move.b #$AA,(byte_FFFFFA55).w ; COPA
ROM:00FF217E bset #7,(byte_FFFFFA21).w ; COPB
ROM:00FF2184 move.w (word_FFFFF762).w,d6
ROM:00FF2188 moveq #$21,d7
ROM:00FF218A add.w d6,d7
ROM:00FF218C cmp.w d6,d7
ROM:00FF218E bls.s loc_FF219A
ROM:00FF2190 movea.w #$F762,a5
ROM:00FF2194
ROM:00FF2194 loc_FF2194: ; CODE XREF: sub_FF213C+5Cj
ROM:00FF2194 cmp.w (a5),d7
ROM:00FF2196 bls.s loc_FF21AA
ROM:00FF2198 bra.s loc_FF2194
ROM:00FF219A ; ---------------------------------------------------------------------------
ROM:00FF219A
ROM:00FF219A loc_FF219A: ; CODE XREF: sub_FF213C+52j
ROM:00FF219A movea.w #$F762,a5
ROM:00FF219E
ROM:00FF219E loc_FF219E: ; CODE XREF: sub_FF213C+64j
ROM:00FF219E cmp.w (a5),d7
ROM:00FF21A0 bcs.s loc_FF219E
ROM:00FF21A2 movea.w #$F762,a5
ROM:00FF21A6
ROM:00FF21A6 loc_FF21A6: ; CODE XREF: sub_FF213C+6Cj
ROM:00FF21A6 cmp.w (a5),d7
ROM:00FF21A8 bhi.s loc_FF21A6
ROM:00FF21AA
ROM:00FF21AA loc_FF21AA: ; CODE XREF: sub_FF213C+5Aj
ROM:00FF21AA bclr #7,(byte_FFFFFA21).w ; COPB
ROM:00FF21B0 move.w (word_FFFFF762).w,d6
ROM:00FF21B4 moveq #$21,d7
ROM:00FF21B6 add.w d6,d7
ROM:00FF21B8 cmp.w d6,d7
ROM:00FF21BA bls.s loc_FF21C6
ROM:00FF21BC movea.w #$F762,a5
ROM:00FF21C0
ROM:00FF21C0 loc_FF21C0: ; CODE XREF: sub_FF213C+88j
ROM:00FF21C0 cmp.w (a5),d7
ROM:00FF21C2 bls.s loc_FF21D6
ROM:00FF21C4 bra.s loc_FF21C0
ROM:00FF21C6 ; ---------------------------------------------------------------------------
ROM:00FF21C6
ROM:00FF21C6 loc_FF21C6: ; CODE XREF: sub_FF213C+7Ej
ROM:00FF21C6 movea.w #$F762,a5
ROM:00FF21CA
ROM:00FF21CA loc_FF21CA: ; CODE XREF: sub_FF213C+90j
ROM:00FF21CA cmp.w (a5),d7
ROM:00FF21CC bcs.s loc_FF21CA
ROM:00FF21CE movea.w #$F762,a5
ROM:00FF21D2
ROM:00FF21D2 loc_FF21D2: ; CODE XREF: sub_FF213C+98j
ROM:00FF21D2 cmp.w (a5),d7
ROM:00FF21D4 bhi.s loc_FF21D2
ROM:00FF21D6
ROM:00FF21D6 loc_FF21D6: ; CODE XREF: sub_FF213C+86j
ROM:00FF21D6 move.w (a1),d6
ROM:00FF21D8 moveq #word_FFFFFF80,d7
ROM:00FF21DA and.b d5,d7
ROM:00FF21DC moveq #word_FFFFFF80,d0
ROM:00FF21DE and.b d6,d0
ROM:00FF21E0 eor.b d7,d0
ROM:00FF21E2 bne.s loc_FF21F0
ROM:00FF21E4 moveq #1,d5
ROM:00FF21E6 move.w (a0),d0
ROM:00FF21E8 cmp.w (a1),d0
ROM:00FF21EA beq.s loc_FF2212 ; Success
ROM:00FF21EC moveq #0,d5
ROM:00FF21EE bra.s loc_FF221C ; Failure
ROM:00FF21F0 ; ---------------------------------------------------------------------------
ROM:00FF21F0
ROM:00FF21F0 loc_FF21F0: ; CODE XREF: sub_FF213C+A6j
ROM:00FF21F0 btst #5,d6
ROM:00FF21F4 beq.w loc_FF2172 ; Read does not match Write, try again
ROM:00FF21F8 move.w (a1),d5
ROM:00FF21FA moveq #word_FFFFFF80,d0
ROM:00FF21FC and.b d5,d0
ROM:00FF21FE eor.b d7,d0
ROM:00FF2200 bne.s loc_FF220E
ROM:00FF2202 moveq #1,d5
ROM:00FF2204 move.w (a0),d0
ROM:00FF2206 cmp.w (a1),d0
ROM:00FF2208 beq.s loc_FF2212 ; Success
ROM:00FF220A moveq #0,d5
ROM:00FF220C bra.s loc_FF221C ; Failure
ROM:00FF220E ; ---------------------------------------------------------------------------
ROM:00FF220E
ROM:00FF220E loc_FF220E: ; CODE XREF: sub_FF213C+C4j
ROM:00FF220E moveq #0,d5
ROM:00FF2210 bra.s loc_FF221C ; Failure
ROM:00FF2212 ; ---------------------------------------------------------------------------
ROM:00FF2212
ROM:00FF2212 loc_FF2212: ; CODE XREF: sub_FF213C+AEj ; Success
ROM:00FF2212 ; sub_FF213C+CCj
ROM:00FF2212 addq.l #2,a1 ; next word target
ROM:00FF2214 addq.l #2,a0 ; next word source
ROM:00FF2216 subq.l #1,d1 ; decrease bytes left count
ROM:00FF2218 bne.w loc_FF215C ; If not last byte do it again
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Re: PCM Hammer P12 development
Code from pcm is used to upload block message. Based on some conditions, the pointers at ffff2000 are called when blcok is uploaded successfully, 3rd pointer is for the write loop. write loop is part of another subroutine so it is not called directly.
upload->call 3rd pointer->call program loop.
darkman5001,
you are trying to flash pcm with corrupted file. Last part of bin is FFs while there is some data in non corrupted file. The tech2 exits when Os is done, but checks that is good are not passed and it fails when you start caldata write.
It is either corrupted file are loaded to tech2 or the tech2 bugs out for some reason.
You can try using tech2 as passthrough and flash from tis2000 utility, or try reuploading flash files to tech2.
upload->call 3rd pointer->call program loop.
darkman5001,
you are trying to flash pcm with corrupted file. Last part of bin is FFs while there is some data in non corrupted file. The tech2 exits when Os is done, but checks that is good are not passed and it fails when you start caldata write.
It is either corrupted file are loaded to tech2 or the tech2 bugs out for some reason.
You can try using tech2 as passthrough and flash from tis2000 utility, or try reuploading flash files to tech2.
Re: PCM Hammer P12 development
I consider it rather strange that the Tech2 fails to write and neither can we ... We can get the chipid, erase a specified sector, we just cannot write.
They both leave the sector in the same condition, erased.
IMO, Something is odd.
I have done a little annotating as to how I interpret the above disassembly ... I haven't figure out all the timer stuff, not really a big deal, however I can see why it's done, there are several possible endless loops
There are multiple tests performed, I have not figured them all out yet, I know one is read and compare, I suspect there is a checksum, I'm sure I could figure out more if I spent more time with it.
kur4o,
I don't follow, we have control of the PCM (of 1 of the 2 MCU's), we are the program loop.
They both leave the sector in the same condition, erased.
IMO, Something is odd.
I have done a little annotating as to how I interpret the above disassembly ... I haven't figure out all the timer stuff, not really a big deal, however I can see why it's done, there are several possible endless loops
There are multiple tests performed, I have not figured them all out yet, I know one is read and compare, I suspect there is a checksum, I'm sure I could figure out more if I spent more time with it.
kur4o,
I don't follow, we have control of the PCM (of 1 of the 2 MCU's), we are the program loop.
Intelligence is in the details!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
It is easier not to learn bad habits, then it is to break them!
If I was here to win a popularity contest, their would be no point, so I wouldn't be here!