E92 PCM Reverse Engineering

[ironduke]

Is echo turned on?? that might be why your seeing your write message 2 times..

[turbo_v6]

Is echo turned on?? that might be why your seeing your write message 2 times..

I'm not sure. I didn't turn it on that I'm aware of. I don't even know how I would do that.

[ironduke]

Is echo turned on?? that might be why your seeing your write message 2 times..

I'm not sure. I didn't turn it on that I'm aware of. I don't even know how I would do that.

Looked back and your using universal patcher logger.. Kurdo is the expert on that but I do not believe it turns loopback/echo on by default, at least with the gm mdi and the very limited testing I just did..

you could select LOOP_BACK in the config list and then click the plus sign next to it.. That will add LOOP_BACK = 1 to the configs line.. You could change that to a zero and try that???
I can do that and turn it on and make my logs look just like yours, but if I leave it turned off, or use the LOOP_BACK = 0 configs then I do not see my command repeated..

[kur4o]

If you just dealing with mode 23 and a single module, I suggest you switch to ISO15765 protocol.
That way tool will format all the message length for you, it will be much readable and faster too.

What tool you are using.
In j-console you can load a preset that is labeled iso15765, and connect with it.
Than when you send a message don`t use the byte length.
00 00 07 E0 [07] 23 40 00 00 00 00 06
07= byte length in raw CAN it is needed, on ISO15765 you can remove it and tool will add it and handle the 30 multiline.
WIth iso15765 send
00 00 07 E0 23 40 00 00 00 00 06
Here is example how vin request will look like in iso15765 protocol

13:50:15.728] 00 00 07 E0 1A 90
[13:50:15.750] 00 00 07 E8 5A 90 4B 4C 37 43 4A 4B 53 42 58 47 42 36 33 33 39 37 36

You get 1 long response for vin. Instead of fragmented multiline messages.

That message doubling could be some bug in program, Can you test with latest version on github.

[kur4o]

Here is a test script that should work in raw can mode, Some expected response count and timeouts are added at the end of requests.

Added also unlock logic, to poll the pcm in unlocked stage.

And screenshot how to load a presaved settings.

EDIT: not sure which algo pcm uses,
I set it at algo 192, table1 algo92, you can change it if not working, or send a pair for testing.

[ironduke]

just trying to assist. Valid E92 seed = 8D92 and key = 0D5C
2 byte E92 algo is table 01 algo 0x01
5 byte E92/E92a algo is table F1 algo 0x92

[kur4o]

Updated script with correct algo, thanks goes to ironduke for pointing it out.

[gmtech825]

interseting...I have seen the 7E0 07 AE 28 80 in logs but didn't know what it did

[turbo_v6]

If you just dealing with mode 23 and a single module, I suggest you switch to ISO15765 protocol.
That way tool will format all the message length for you, it will be much readable and faster too.

What tool you are using.

This is awesome! I can't believe I missed this. I was looking right at the ISO15765 Wiki page trying to understand how to send these messages and now I see that it's all done for you by the tool.

I'm using an Openport 2.0 device.

interseting...I have seen the 7E0 07 AE 28 80 in logs but didn't know what it did

Did I miss something? I'm not sure what this is referring to? If you have more insights I'm happy to learn more.

[Gatecrasher]

Did I miss something? I'm not sure what this is referring to? If you have more insights I'm happy to learn more.

My comment about the VIN change tool yesterday morning.