pcmhacking.net

You're the first person to try a full flash on a P59 so nothing about this is already known.

And I have no idea why it's blowing up on that line. That's weird.

My buddy owns a junkyard so Ive got access to all the pcms I can brick and avt 852. Is there a way software wise to put pcm into recovery. LS droid says they have like 4 dif recovery modes and can bring pcm back almost everytime.

Vampyre wrote:My buddy owns a junkyard so Ive got access to all the pcms I can brick and avt 852. Is there a way software wise to put pcm into recovery. LS droid says they have like 4 dif recovery modes and can bring pcm back almost everytime.

Flashing a calibration that has a bad checksum will put the PCM into a recovery mode that requires the pin-grounding trick to flash it again. I learned this the very first time I tried to use PCM Hammer in my Corvette. And that's why the app now validates checksums. I think the grounding is required because the bad checksum implies that the flash chip is defective, and GM would rather replace the PCM in that case.

Erasing the calibration block without rewriting it (leaving the whole thing as FF FF FF...) will put the PCM into a recovery mode that does not require the grounding trick, at least for the P01. P59s have two calibration blocks, and if I remember right, erasing one of them will require grounding, but the other won't.

In addition to the checksum, the operating system expects to see a magic number at a certain address - 0x4AFC at 0x1FFFE. If that's present, the PCM validates the checksum or assumes that the flash chip is bad. If the magic number is not present, the PCM assumes it just hasn't been given a calibration yet.

I don't know what the other recovery modes are. Probably only because I haven't gotten around to making the specific mistakes that trigger them.

NSFW wrote: Flashing a calibration that has a bad checksum will put the PCM into a recovery mode that requires the pin-grounding trick to flash it again. I learned this the very first time I tried to use PCM Hammer in my Corvette. And that's why the app now validates checksums. I think the grounding is required because the bad checksum implies that the flash chip is defective, and GM would rather replace the PCM in that case.

Erasing the calibration block without rewriting it (leaving the whole thing as FF FF FF...) will put the PCM into a recovery mode that does not require the grounding trick, at least for the P01. P59s have two calibration blocks, and if I remember right, erasing one of them will require grounding, but the other won't.

In addition to the checksum, the operating system expects to see a magic number at a certain address - 0x4AFC at 0x1FFFE. If that's present, the PCM validates the checksum or assumes that the flash chip is bad. If the magic number is not present, the PCM assumes it just hasn't been given a calibration yet.

I don't know what the other recovery modes are. Probably only because I haven't gotten around to making the specific mistakes that trigger them.

Which way sends the recovery-mode pings mentioned in Issue #114??

I think that was with an erased-but-not-programmed calibration block.

NSFW wrote:I think that was with an erased-but-not-programmed calibration block.

Thank you ...

On the Amd chip it's segment 0x10000, or calibration segment #2, it's the 64kb calibration segment.

If erased it repeatedly sends: 6CF010A20163

NSFW wrote:

Vampyre wrote:In addition to the checksum, the operating system expects to see a magic number at a certain address - 0x4AFC at 0x1FFFE. If that's present, the PCM validates the checksum or assumes that the flash chip is bad. If the magic number is not present, the PCM assumes it just hasn't been given a calibration yet.

Which OSes and P59/P01 is this in? I just checked my binaries that I pulled from my PCMs, and I don't have that number at that address in any of them... In my P59 it's just 0xFFFFFFF at that address and 0x00000000 in my P01

AFAIK its all of them. Heres those lines from a 2003 HSV P01 bin. Are you sure your looking in the right place? The OS bootloader uses it for those recovery modes so it should be there. The last 2 bytes of the calibration and os segment is what is checked, and 2 slightly different recovery modes are entered if either of them are missing.

antus wrote:AFAIK its all of them. Heres those lines from a 2003 HSV P01 bin. Are you sure your looking in the right place? The OS bootloader uses it for those recovery modes so it should be there. The last 2 bytes of the calibration and os segment is what is checked, and 2 slightly different recovery modes are entered if either of them are missing.

Code: Select all

0x0001FFF0 | 4A FC 4A FC 4A FC 4A FC 4A FC 4A FC 4A FC 4A FC | J.J.J.J.J.J.J.J.
0x0007FFF0 | FF FF FF FF FF FF FF FF FF FF FF FF FF FF 4A FC | ..............J.

Lol I was being an idiot and flipped the address and data around

When I first read it, I saw address of 0x4AFC. Doh. Late night stupidity