PCM Hammer P12 development

They go by many names, P01, P10, P12, P59, E38, VPW, '0411 etc.
Post Reply
User avatar
Tazzi
Posts: 3550
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:
Contact Tazzi

Re: PCM Hammer fails on P12

Post by Tazzi »

I dont see an issue with that... maybe add a couple dozen nops inbetween it?
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
Top
User avatar
Gampy
Posts: 2332
Joined: Sat Dec 15, 2018 7:38 am

Re: PCM Hammer fails on P12

Post by Gampy »

I have one out for testing that has a half dozen nop's between COP2 bset and bclr ...
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
Top
User avatar
Tazzi
Posts: 3550
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:
Contact Tazzi

Re: PCM Hammer fails on P12

Post by Tazzi »

Gampy wrote:I have one out for testing that has a half dozen nop's between COP2 bset and bclr ...
hmmm... wonder if theres a timer thats needing to be reset?? I feel like I came across this with the E40 stuff.... (which uses the same cpu)
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
Top
User avatar
antus
Site Admin
Posts: 9014
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:
Contact antus

Re: PCM Hammer fails on P12

Post by antus »

you might need to define them volatile so the compiler doesnt optimise them out thinking they are no-ops as you dont read them back. That will depend on compiler flags though. Disassemble your own code to see what actually came out of the compiler to validate function. Or, write the payload in assembler.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Top
User avatar
Tazzi
Posts: 3550
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:
Contact Tazzi

Re: PCM Hammer fails on P12

Post by Tazzi »

Looking at the processor data sheet, FA21 is port E output data register. Possibly if this is not being 'flicked' at the correct rate, this could be triggering something else to reset?
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
Top
kur4o
Posts: 1044
Joined: Sun Apr 10, 2016 9:20 pm

Re: PCM Hammer fails on P12

Post by kur4o »

Gampy wrote:In that FFFF0000 disassembly, where is the entry point, is it FF2000, so sub_FFFF2404 is the first code ran ??
There is no entry point. The pcm calls the subrutines pointers that are at the very start of ffff2000, depending on what data is sent to pcm.
Top
kur4o
Posts: 1044
Joined: Sun Apr 10, 2016 9:20 pm

Re: PCM Hammer fails on P12

Post by kur4o »

Pcm uses this line extensively, which is slightly different than bset and bclr.

eori.b #$80,(byte_FFFFFA21).w

With bset and bclr there is some timer code involved and reading some registers.
Top
User avatar
antus
Site Admin
Posts: 9014
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:
Contact antus

Re: PCM Hammer fails on P12

Post by antus »

eori is exclusive or, immediate. $80 is 1000 0000 eg bit 7. So each successive call like that will toggle bit 7 the other way, and leave the other bits untouched.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Top
User avatar
Tazzi
Posts: 3550
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:
Contact Tazzi

Re: PCM Hammer fails on P12

Post by Tazzi »

kur4o wrote:Pcm uses this line extensively, which is slightly different than bset and bclr.

eori.b #$80,(byte_FFFFFA21).w

With bset and bclr there is some timer code involved and reading some registers.
The timer is what Im worried about, I believe its be used in relations to interrupts firing thus might need to be manipulated?
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
Top
User avatar
antus
Site Admin
Posts: 9014
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:
Contact antus

Re: PCM Hammer fails on P12

Post by antus »

toggling all bits on one register and bit 7 on another is consistent with other m68k pcms. I think the second one could be an external hardware watchdog. That'd make more sense than being 2 performing exactly the same function on the same silicon, so if that register maps to a hardware port it would make sense. I guess you'd be able to see it on a logic analyzer if you could connect to the right pin.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
Top
Post Reply

Return to “GM LS1 512Kbyte and 1Mbyte and newer”