pcmhacking.net

Hi ! I've found here thread about mpc555 reverse engineering. My car is equipped with mpc555 & am29bl802 like delco. When I load flash dump into ida, it won't recognize and show me ppc code Probably I need to set rom start address or maybe something else ....
PS. Firmware dump is in attachment.

Load it as powerpc/big endian, then choose mpc5xx, other than that defaults are fine.

Can't find where to choose mpc5xx. File is loaded as ppc (big endian), but nothing was analyzed
http://prntscr.com/99voqu

Maybe your copy of ida is too old? 6.6 is OK.

load file -> stock.bin -> as binary file. processor type = powerpc big endian [PPC] -> OK
Do you want to change processor type to PPC? -> Yes
Disassembly memory organization -> OK (change when you figure more out later)
Choose the device name -> mpc5xx -> OK
Loaded information type -> OK

Yes !! Downloaded 6.6 and there is such dialog ! Now code is analyzed.
Thank you !

What are you looking to do with this?

antus wrote:Maybe your copy of ida is too old? 6.6 is OK.

load file -> stock.bin -> as binary file. processor type = powerpc big endian [PPC] -> OK
Do you want to change processor type to PPC? -> Yes
Disassembly memory organization -> OK (change when you figure more out later)
Choose the device name -> mpc5xx -> OK
Loaded information type -> OK

Code: Select all

ROM:00000000 # Processor       : PPC
ROM:00000000 # Target assembler: GNU Assembler
ROM:00000000 # Byte sex        : Big endian
ROM:00000000 # MMIO Base        : 0x00000000
ROM:00000000 # SIMD Instructions: SPE
ROM:00000000 # Processor Profile: Embedded

Good morning and happy new year,

may i bother you with some similar question? I have an ecu with mpc55x, too. I read the ecu and got 1mb flash file, one 448kb file (maybe internal) and another 1kb file (95xx). I do have a corresponding damos file which lists the memory layout. I´m a bit familiar with IDA working on C16x controller, but that is a whole different layout.
I read abut SDA and TOC, but i couldn´t find a lsi r2 or lsi r13 instruction. Does that mean there is no SDA/TOC needed? How would i deal with the additional flash files?

Any hints are highly appreciated.

I dont really understand your question, but I think you would load the first bin, then go file->load->additional binary file and load the other files in the location they would exist in the PCM memory space.