Most VPW type GM PCMs have a bootloader with build in functionality to see if the flash memory is corrupt or requires first time programming on the production line when the PCM starts up. This feature can be abused to hack around the software lock in the operating system for read and write operations. It is often used to fix a corrupted PCM when the seed is damaged. I'll add to this list over time.
What is happening? The flash memory has a an address bus with a number of pins which the CPU uses to ask the flash to respond with the data at a given address. The data bus is pulled high, meaning by default each pin as a value of '1'. When the CPU wants to set an address bit to 0 it will put a ground signal on the pin, which changes the state to a '0'. In this case we are using a physical wire to put the ground state on the pin. The pin is Address pin A12.This means that memory reads where Address pin 12 is a '1' (which is all addresses above the boot sector) will instead get a '0' in that location and read from a different address. This means 2 things. Firstly the operating system code that runs above this address will crash due to the CPU reading the wrong opcodes. The PCM has protection against this kind of corruption (known as the watchdog, or sometimes COP - Computer Operating Properly). So the watch dog wont get updated as it does every couple of milliseconds during normal operation, and it hardware resets the PCM. Next the bootloader initialises the PCM. It is at the start of the chip, so all of its code is below the section where A12 matters, so it runs properly. Then it looks for the 'calibration OK' signature at the end of the calibration segement, and the 'OS OK' signature at the end of the OS segment. One or both of these are affected by A12 being forced to 0, so the bootloader sees a (temporary) problem and does not hand off to the operating system. Instead it opens the door for remote programming to recover the system. This all happens quicker than we humans can move, so all we need to do is connect the end of a wire to ground, then touch the other end of the wire to the pin in the picture, and the PCM will reboot in to recovery ready for PCM Hammer (or other software) to begin a recovery read or write operation. The moment we lift our wire off the flash is operating normally again, so a read bin will be able to read the entire flash correctly, or write it correctly.
P01:
P04
Black Box (4 pin)
These PCMs are believed to have it, but we still need to gather the documentation. If you have that information let us know.
E54
P10
P12
