GM E38 E67 E40 Kernel/Bootloader Development Extravaganza

Disassembly, Reassembly, Tools and devleopment. Going deep with Hardware and Software.
User avatar
Tre-Cool
Posts: 265
Joined: Tue Oct 16, 2012 12:17 pm
cars: VY SS UTE, VX Drag Car
Location: Perth
Contact:

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by Tre-Cool »

I have about 6 spare e38 ecu's. i normally pick them up from wrecked cars or people selling shit off.

Comes in handy with locked ecu's as i can get the car tuned while i wait for the original to unlock on the bench.

just a pia to swap out compared to the ls1's.
VX L67 Getrag
Posts: 2877
Joined: Sun Aug 02, 2009 9:16 pm
Location: Bayside, Melbourne, Victoria
Contact:

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by VX L67 Getrag »

I have a few E38 controllers, but not sure what a J device is(do you mean J2534?) I have a few I believe to choose from if you want me to do any testing!
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by Tazzi »

Tre-Cool wrote:I have about 6 spare e38 ecu's. i normally pick them up from wrecked cars or people selling shit off.

Comes in handy with locked ecu's as i can get the car tuned while i wait for the original to unlock on the bench.

just a pia to swap out compared to the ls1's.
They actually are hey. I programmed my ute as a G8 the other day... wasy the only thing which would program the slave OS using SPS and thought I bricked the damn thing since car no longer would start :lol:
Was actually because it needed a few relearns, but regardless.. its not fun pulling them out!
VX L67 Getrag wrote:I have a few E38 controllers, but not sure what a J device is(do you mean J2534?) I have a few I believe to choose from if you want me to do any testing!
AH yeah my bad, when I say J tools, Im referring to any J2534 complaint scantool.

Most people have them so makes it easier to program for. Although I have come across some tools which are a little picky with how connections are made but all 'main' common J tools would be suitable.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
VX L67 Getrag
Posts: 2877
Joined: Sun Aug 02, 2009 9:16 pm
Location: Bayside, Melbourne, Victoria
Contact:

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by VX L67 Getrag »

Yeah the best overall tool which has J2534 is the tactrix, the only issue I've had with it is when I install openECU it tries to tell it to forget about comport & use passthru & is a major PITA for some other software & figuring the easiest way to fix this is STILL an issue(I had BITbox on my pc teamviewer for 2 hours & they couldn't figure out how to get it back to standard comport).... anyway off track if you want me to test anything let me know.
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by Tazzi »

Yeah that is an odd issue.

Anyways back on topic. Something else Im not 100% certain on, is exiting out of the kernel. I assume I just do a BLR and it will exit?? or... it will just freak the fuck out?

I know ignition off/on will reset the unit.. but thats not really the greatest option for it all.

Thinking about it.. when running the kernel in the first place, commands are sent and then executed (Hence we an run the kernel), so... once would assume when you do a BLR, it 'should' pickup from where is started? But then that becomes rubbish if the flash has been completely changed.. So it would need to start from the beginning again.

Almost certain Im over thinking this. There will be an easier way.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
ejukated
Posts: 443
Joined: Wed Mar 04, 2009 8:52 pm

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by ejukated »

Tazzi wrote:I believe making it work with J-tools will be best, already have that stuff nailed down so its just a matter of actually sending a kernel and the rest should be fairly straight forward.
Anyone with a J tool and E38, will be needing some other to give it a whirl! Im yet to see a E38 with different flash memory, but might be best to get a tonne of reads to just be safe.

The flashchips support reporting back what they are. So, thatll be a quick way of getting the kernel to report to the scantool if its going to be supported or not.
I've got one of each service number used in the commodores and a Taxtrix if you need any testing
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by antus »

The older generation kernels set a status code and then enter an infinite loop to let the watchdog reset the pcm. The boot code checks the status byte and knows if the kernel reported a problem or not. Not sure what supposed to happen on the later generation though. Can you see any infinite loop?
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by Tazzi »

hm.... looks like it just fires off a final CAN frame then does nothing, just branches back to nothing (End of code), so it must just panic/end, and ecu restarts.??
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by antus »

Yeah so if there is a watchdog (there very likely is) and its not reset in that loop, the watchdog would issue the hardware reset when the code is stuck in an infinite loop.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: GM E38 Kernel/Bootloader Reverse Engineering Extravaganz

Post by Tazzi »

antus wrote:Yeah so if there is a watchdog (there very likely is) and its not reset in that loop, the watchdog would issue the hardware reset when the code is stuck in an infinite loop.
Going through the code, the WDT is not checked or modified in any way. So either the CPU realises it reaches the end of its code and then resets. Or, panics when nothing happens and restarts. Based on the logs, it appears to occur after a couple seconds.

Theres likely a smarter option to do, so will need to read through the reference manual more for the MPC562.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
Post Reply