PCM Hammer Release 021

They go by many names, P01, P59, VPW, '0411 etc. Also covering E38 and newer here.
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: PCM Hammer Release 021

Post by Tazzi »

Looking through the debug log, I see the following:

[05:02:33:295] TX: 6D 10 F0 35 01 10 00 00 20 00
[05:02:33:296] Processing message
[05:02:33:296] Unable to process response: UnexpectedResponse 6D F0 10 36 01 10 00 00 10 - trimmed for size
[05:02:33:326] Processing message
[05:02:33:326] Unable to process response: UnexpectedResponse 8C F0 40 60
[05:02:33:327] Processing message
[05:02:33:330] Unable to process response: UnexpectedResponse 8C F0 60 60

This is indicating that other modules in the vehicle are still communicating. This is likely causing the problem with trying to read/write due to data collisions.
Modules such as radios are really bad for jut transmissiting without a care in the world, even if another module is already trying to send something :lol:
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: PCM Hammer Release 021

Post by kur4o »

TX: 6D 10 F0 35 01 10 00 00 [20] 00

I have seen this vpw bug before but with PCM. The other modules are actually picking [20] from this message as mode 20 being send
and reply
8c f0 40 60
and
8c f0 60 60

means They just got reset and start normal communication.

The origin of this bug is still unknown something with message buffering on hardware level or buffer clearing.
User avatar
Vetteyog
Posts: 41
Joined: Thu Dec 01, 2022 3:11 am
cars: 2001 Chevrolet Corvette Convertible
2004 GMC Envoy XL

Re: PCM Hammer Release 021

Post by Vetteyog »

Tazzi wrote:Looking through the debug log, I see the following:

[05:02:33:295] TX: 6D 10 F0 35 01 10 00 00 20 00
[05:02:33:296] Processing message
[05:02:33:296] Unable to process response: UnexpectedResponse 6D F0 10 36 01 10 00 00 10 - trimmed for size
[05:02:33:326] Processing message
[05:02:33:326] Unable to process response: UnexpectedResponse 8C F0 40 60
[05:02:33:327] Processing message
[05:02:33:330] Unable to process response: UnexpectedResponse 8C F0 60 60

This is indicating that other modules in the vehicle are still communicating. This is likely causing the problem with trying to read/write due to data collisions.
Modules such as radios are really bad for jut transmissiting without a care in the world, even if another module is already trying to send something :lol:
Thanks for all the help. When I was reading it, my truck was doing crazy stuff and I kinda thought that was goimg to be an issue. I'm going to build a bench harness and give it another try.
User avatar
Vetteyog
Posts: 41
Joined: Thu Dec 01, 2022 3:11 am
cars: 2001 Chevrolet Corvette Convertible
2004 GMC Envoy XL

Re: PCM Hammer Release 021

Post by Vetteyog »

I built a bench harness, and successfully read my P10 pcm. It read fine, then I tried to swap in a different OS and it says there are bad segments in it so that's all the further I got with it.
User avatar
Gampy
Posts: 2331
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer Release 021

Post by Gampy »

I would not OS swap a P10 ... There just is not enough knowledge out there yet and it may produce a soft brick.

Awesome glad you got it to work!

-Enjoy
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: PCM Hammer Release 021

Post by antus »

Agree. What we do know there is a slave CPU, and we do know PCMHammer does not flash it. I did OS swap mine on the bench and it appeared to work, but the slave CPU code might not be compatible and some of the functionality might break when its in a car. A possible fix, like some people have had to do with some tools on E38 is reflash it with SPS after the update, and let SPS handle the slave CPU. But unless you need to change it and are prepared to put the time in to test and hopefully let us know, it's not recommended.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
In-Tech
Posts: 779
Joined: Mon Mar 09, 2020 4:35 pm
Location: California

Re: PCM Hammer Release 021

Post by In-Tech »

Hiya folks,
Are you saying PcmHammer can now read E38 or are we still talking p01, p59, p04, p10, e54?
I am still investigating how e38a/b/c, e39/a and e92/a still handles the slave modules. Sometimes SPS will re-write and sometimes it will skip it if it sees the same module number :(
In-Tech
Posts: 779
Joined: Mon Mar 09, 2020 4:35 pm
Location: California

Re: PCM Hammer Release 021

Post by In-Tech »

Example code of dumping without a rom routine and toggled the i/o peripheral at address $51(in this application, not GM, and of course adjustable) and still jumped pages and addresses during the dump. You just have to write the packet so before it hits security, it changes addresses to continue the dump. I then made dumps of the security(another flash layer) so I could see what was allowed, then I changed the security bits so I could alter the read/write areas. I bet the 68332 will let me do some of my trickery :thumbup: Then the MapRom, what a biatch :wall:

Is something like this small enough? :punk: :mrgreen:

Code: Select all

B7514FADF5AE0A431100ADEA20001000ADE49825041100004310002000ADD7485A26F01000819D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9BA6552000ADC44AADB726FBA630B7473F48718092C647ADB23C4826F73C4726F3
The Atmel would watch for the 9d NOP packets and then calculate the timing :afro:
User avatar
Gampy
Posts: 2331
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer Release 021

Post by Gampy »

In-Tech wrote:Are you saying PcmHammer can now read E38 or are we still talking p01, p59, p04, p10, e54?
We are talking about the P01, P59, P04, P10, E54 ... E38 speaks CAN, PcmHammer speaks VPW.
PcmHammer will likely never speak CAN ... We are talking P10 specifically in this case.
In-Tech wrote:

Code: Select all

B7514FADF5AE0A431100ADEA20001000ADE49825041100004310002000ADD7485A26F01000819D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9BA6552000ADC44AADB726FBA630B7473F48718092C647ADB23C4826F73C4726F3
What is this string of hex ??

-Enjoy
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
In-Tech
Posts: 779
Joined: Mon Mar 09, 2020 4:35 pm
Location: California

Re: PCM Hammer Release 021

Post by In-Tech »

Gampy wrote:
In-Tech wrote:Are you saying PcmHammer can now read E38 or are we still talking p01, p59, p04, p10, e54?
We are talking about the P01, P59, P04, P10, E54 ... E38 speaks CAN, PcmHammer speaks VPW.
PcmHammer will likely never speak CAN ... We are talking P10 specifically in this case. OK
In-Tech wrote:

Code: Select all

B7514FADF5AE0A431100ADEA20001000ADE49825041100004310002000ADD7485A26F01000819D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9BA6552000ADC44AADB726FBA630B7473F48718092C647ADB23C4826F73C4726F3
What is this string of hex ?? It's a dumping routine that toggles the I/O register for dumping only, when you know nothing about the routines or much about the contoller or its' flash. Once you can dump, you can find ROM routines to use to shrink the code smaller for dumping, then find rom routines for writing. 8 bit and some 16 bit, I have never played with 32 bit M68xxx. This was approx 25 years ago so my memory is vague. I might be able to find this one or similar that I commented as I went

-Enjoy
Post Reply