Page 11 of 56
Re: PCM Hammer fails on P12
Posted: Fri Feb 25, 2022 3:35 pm
by antus
try this payload
Code: Select all
start:
wait01:
bsr.w ResetWatchdog
bsr.w WasteTime
jmp.s wait01
WasteTime:
nop
nop
nop
nop
rts
ResetWatchdog:
move.b #0x55, (0xFFFA55).l | Reset COP1
move.b #0xAA, (0xFFFA55).l
bclr #7, (0xFFFA21).l | Reset COP2
bset #7, (0xFFFA21).l
rts
.end
Re: PCM Hammer fails on P12
Posted: Fri Feb 25, 2022 5:06 pm
by Tazzi
Antus, is that code not assuming FA21 already has bit 7 enabled? Might be better using the eori.b command instead.
Re: PCM Hammer fails on P12
Posted: Fri Feb 25, 2022 5:13 pm
by antus
Thats what I use in my other kernels for ls1-flash free, cut down so its just the delay and watchdog code, updated to the addresses to what should suit here. I think getting rid of compiler weirdness from c and using bare bones known good asm was worth a try.
Re: PCM Hammer fails on P12
Posted: Fri Feb 25, 2022 7:13 pm
by Gampy
12587603 has bclr/bset, FFFF0000 disassembly is bset/bclr.
Have not ripped the bin posted by darkman5001 apart yet ... However if someone that has, searches for $AAAA and finds,
Code: Select all
move.w #$AAAA,(a4)
move.w #$5555,(a5)
move.w #$A0A0,(a4)
Just below that a little should be the COPs.
What it looks like In 12587603,
Code: Select all
move.b #$55,($FFFFFA27).w ; 'U' ; COPA
move.b #$AA,($FFFFFA27).w ; COPA
bclr #7,($FFFFD006).w ; COPB
bset #7,($FFFFD006).w ; COPB
What order is it ... bset/bclr or bclr/bset.
I'll take odds 10 to 1 on a beer that it dies, just like the simplest C with COPs.
What is expected, how will we (or the tester) know what's happened ... It does not complete, therefor there is no completion ack sent.
Wouldn't it be better to have a loop that lives longer then the COP timeout, but not to long, then exit, thus returning an ack, thus we know the scratch is working.
Re: PCM Hammer fails on P12
Posted: Fri Feb 25, 2022 8:24 pm
by Gampy
And to advance my ASM skills, does this do that ??
Edit; I'm no math genius, is 1000 enough to out live the COP timeout ... Now that I think about it, it probably should be like 3000 (>2500) ??
Code: Select all
start:
clr.w %d0
wait01:
bsr.w ResetWatchdog
bsr.w WasteTime
addq.w #1, %d0
cmpi.w #1000, %d0
beq.w Exit1
jmp.s wait01
WasteTime:
nop
nop
nop
nop
rts
ResetWatchdog:
move.b #0x55, (0xFFFA55).l | Reset COP1
move.b #0xAA, (0xFFFA55).l
bclr #7, (0xFFFA21).l | Reset COP2
bset #7, (0xFFFA21).l
rts
Exit1:
.end
It's back ... I do not know for sure how to just end the routine/program and return to the caller!
I don't want to reset, I don't want to rts, I have no way to test ATM ... working on that ASAP!
I took it down posted it back, it's not going to do harm, just educate!
Re: PCM Hammer fails on P12
Posted: Sat Feb 26, 2022 12:09 am
by darkman5001
Has anyone been able to decompile the bin of the flash chip that I uploaded?
Re: PCM Hammer fails on P12
Posted: Sat Feb 26, 2022 1:05 am
by Gampy
I have not tried yet, been a rough morning ...
Try the two posted bin files.
Re: PCM Hammer fails on P12
Posted: Sat Feb 26, 2022 3:48 am
by ironduke
darkman5001 wrote:Has anyone been able to decompile the bin of the flash chip that I uploaded?
I took a quick peek of the one antus fixed..
Something seems off to me..
The OS looks ok but the OS has the other segments addresses right in the beginning.. The ones I read do not match up. Secondly if you take the vin that's there and go to tis2web and pull up the calibration info the cal id's aren't there anywhere never mind at the beginning of the segment location that the OS pints to for that segment like they usually are..
Gotta say, I don't do much work on the older, pretty much just E38 and E92 but I do see similarities across ecu's including the OS "header" having addresses forthe rest of the segments.. Those addresses in your bin make sense, just the data at the locations don't..
Please whomever feel free to correct me if I am incorrect, this is just my thoughts.. I am sure I am using the wrong terminology, spelling, and thought process, lol..
Re: PCM Hammer fails on P12
Posted: Sat Feb 26, 2022 3:57 am
by turbo_v6
I'm attempting to disassemble the one antus posted. It seems like it worked, but it is very different from the P01/P59 OS's that I've disassembled.
There seem to be a lot of NOP's throughout.
I'll look a little more but I haven't found what Gampy was looking for, but I found this that looks similar:
Code: Select all
move.b #$55,(byte_FFFA55).w
move.b #$AA,(byte_FFFA55).w
eori.b #$80,(byte_FFFA21).w
Not sure exactly what else I should be looking for, but I can keep looking if that's not right.
Re: PCM Hammer fails on P12
Posted: Sat Feb 26, 2022 4:37 am
by Gampy
I ain't no genius at this disassembly stuff ... I'm stumbling like an old man!
Seems y'all got me beat ...
Using CPU32, based 0x0/1m, what RAM base/size ??
I did repost my hack of Antus's assembly, it can't hurt, only educate ...