Re: Reverse engineering a 411 operating system
Posted: Thu Feb 14, 2019 6:18 pm
Please start a new thread for the E66 / E67 stuff.
pcmhacking.net
Electronic Fuel Injection - Developement & Tuning
https://pcmhacking.net/forums/
Reverse engineering a 411 operating system
Page 3 of 3
Re: Reverse engineering a 411 operating system
Posted: Fri Feb 15, 2019 9:41 am
Ahh yeah sorry, I just saw other thing's could be seen when doing the 411 loading so I hoped it may lead to something with the other controllers but sorry for the hijack!
Re: Reverse engineering a 411 operating system
Posted: Sat Feb 23, 2019 7:38 am
Is it possible to get someone with repo access to DE-encrypt:
12202088 - 2001 512k.xdf
12208322 - 2001 512k.xdf
The rest already are.
Thus the next poor soul to trying to use NSFW's powershell scripts doesn't get so discombobulated.
Thank you
12202088 - 2001 512k.xdf
12208322 - 2001 512k.xdf
The rest already are.
Thus the next poor soul to trying to use NSFW's powershell scripts doesn't get so discombobulated.
Thank you
Re: Reverse engineering a 411 operating system
Posted: Sat Feb 23, 2019 1:30 pm
After figuring out the xdf was encrypted, the next issue came with Convert-XdfToIdc.ps1 script on osid 12208322, it's having trouble with some tables.
Errounous lines in the created .idc:Obviously they are missing the adddress, mmedaddress of EMBEDDEDDATA is missing from the xdf's.
I know just simple basics of xml, so any suggestions would be appreciated.
Thanks
Errounous lines in the created .idc:
Code: Select all
MakeNameEx(, "CurveTable 8 Rows Calibration Segment Information", nameFlags);
MakeNameEx(, "CurveTable 8 Rows Checksum Information", nameFlags);
.
.
.
MakeNameEx(, "CurveTable 5 Rows D1201 - Transmission Gear Ratios", nameFlags);
I know just simple basics of xml, so any suggestions would be appreciated.
Thanks
Re: Reverse engineering a 411 operating system
Posted: Sun Feb 24, 2019 5:19 am
Looks like the ps1 script needs to check that the address is non-empty before it writes a MakeNameEx. Until that gets fixed, just remove those lines from the IDC script. The segment informatino and checksum information isn't very useful in IDA anyway.
It looks like the author of the XDF set out to find the gear ratios, but didn't actually find them. So remove that line too. Maybe try to find them yourself?
If you find them in another OS first (using an XDF that has them defined properly) then that will probably give you some hints about where to look in this OS.
It looks like the author of the XDF set out to find the gear ratios, but didn't actually find them. So remove that line too. Maybe try to find them yourself?
If you find them in another OS first (using an XDF that has them defined properly) then that will probably give you some hints about where to look in this OS.Re: Reverse engineering a 411 operating system
Posted: Mon Feb 25, 2019 9:28 pm
Identifying the known leaves the unknown to be identified ...
Gear ratios are there and appear to be done the same as others I checked ... I dunno know, Greek to me.
Gear ratios are there and appear to be done the same as others I checked ... I dunno know, Greek to me.
Code: Select all
<XDFTABLE uniqueid="0x7DD5" flags="0x30">
<title>D1201 - Transmission Gear Ratios</title>
<description>Transmission Gear Ratios.
*** applicable to 4L60E or 4L80E transmissions only ***</description>
<CATEGORYMEM index="0" category="14" />
<XDFAXIS id="x" uniqueid="0x0">
<EMBEDDEDDATA mmedelementsizebits="16" mmedmajorstridebits="-32" mmedminorstridebits="0" />
<units>Ratio</units>
<indexcount>1</indexcount>
<datatype>0</datatype>
<unittype>0</unittype>
<DALINK index="0" />
<LABEL index="0" value="0.00" />
<MATH equation="X">
<VAR id="X" />
</MATH>
</XDFAXIS>
<XDFAXIS id="y" uniqueid="0x0">
<EMBEDDEDDATA mmedelementsizebits="16" mmedmajorstridebits="-32" mmedminorstridebits="0" />
<units>Gear</units>
<indexcount>5</indexcount>
<outputtype>4</outputtype>
<datatype>0</datatype>
<unittype>0</unittype>
<DALINK index="0" />
<LABEL index="0" value="1st" />
<LABEL index="1" value="2nd" />
<LABEL index="2" value="3rd" />
<LABEL index="3" value="4th" />
<LABEL index="4" value="Reverse" />
<MATH equation="X">
<VAR id="X" />
</MATH>
</XDFAXIS>
<XDFAXIS id="z">
<EMBEDDEDDATA mmedelementsizebits="16" mmedrowcount="5" mmedmajorstridebits="0" mmedminorstridebits="0" />
<decimalpl>3</decimalpl>
<min>0.000000</min>
<max>8.000000</max>
<outputtype>1</outputtype>
<MATH equation="X">
<VAR id="X" />
</MATH>
<MATH row="1" col="1" equation="X/4096">
<VAR id="X" type="address" address="0x18A36" sizeinbits="16" />
</MATH>
<MATH row="2" col="1" equation="X/4096">
<VAR id="X" type="address" address="0x18A38" sizeinbits="16" />
</MATH>
<MATH row="3" col="1" equation="X/4096">
<VAR id="X" type="address" address="0x18AF6" sizeinbits="16" />
</MATH>
<MATH row="4" col="1" equation="X/4096">
<VAR id="X" type="address" address="0x18AF8" sizeinbits="16" />
</MATH>
<MATH row="5" col="1" equation="X/4096">
<VAR id="X" type="address" address="0x18A3A" sizeinbits="16" />
</MATH>
</XDFAXIS>
</XDFTABLE>
Re: Reverse engineering a 411 operating system
Posted: Tue Mar 05, 2019 3:13 pm
I've never used powershell. Can somebody help out an idiot and tell me what I'm doing wrong.
1. Open powerwheel command
2. Naviagte to script directory and run (I moved them to the same directory.)
I get a bunch of these errors:
1. Open powerwheel command
2. Naviagte to script directory and run
Code: Select all
.\Generate-PidLabels.ps1 .\PidList.txtI get a bunch of these errors:
Code: Select all
Cannot index into a null array.
At C:\Users\brand\Desktop\12593358-master\Scripts\Generate-PidLabels.ps1:29 char:2
+ $functionAddress += $bytes[$start+7]
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArrayRe: Reverse engineering a 411 operating system
Posted: Wed Mar 06, 2019 2:02 am
I am a Powershell dummy as well ...
However, if you were to hit CTRL-C just after you invoke the script, you may very well see that it cannot find the bin or the pidlist ...
I do not know how to properly fix this yet, the hack is to edit Generate-PidLabels.ps1 and change the following two lines to include the full path and filename ...
They should both be command line parameters, Powershell has that functionality built in, it should be simple to do as well as add some simple error checking that the files exist before continuing.
As soon as the vampire leaves I'll look into this ...
[edit]
Figured it out while waiting for the vampire to show up ...
Make the following changes:
Then it's use would be:
However, if you were to hit CTRL-C just after you invoke the script, you may very well see that it cannot find the bin or the pidlist ...
I do not know how to properly fix this yet, the hack is to edit Generate-PidLabels.ps1 and change the following two lines to include the full path and filename ...
Code: Select all
$bytes = [System.IO.File]::ReadAllBytes("12593358.bin")
$lines = [IO.File]::ReadAllLines(".\pidlist.txt")
As soon as the vampire leaves I'll look into this ...
[edit]
Figured it out while waiting for the vampire to show up ...
Make the following changes:
Code: Select all
-param($Path)
+param([string]$Bin, [string]$Pidlist)
-$bytes = [System.IO.File]::ReadAllBytes("12593358.bin")
+$bytes = [System.IO.File]::ReadAllBytes($Bin)
-$lines = [IO.File]::ReadAllLines(".\pidlist.txt")
+$lines = [IO.File]::ReadAllLines($Pidlist)
Code: Select all
.\Generate-PidLabels.ps1 -Bin <Full path and filename to bin> -Pidlist <Full path and filename to PidList.txt> | Out-File <Output filename.idc> -Encoding ASCII
Re: Reverse engineering a 411 operating system
Posted: Sun Mar 10, 2019 5:47 pm
The efilive guys have made it pretty clear that they are not going to update or add additional functions to their custom os line for the ls1b ecu, but it might be worth checking with them about using it as a base to further add functions or modify existing code.