Page 3 of 4
Re: Reverse Engineering 12587603
Posted: Sun May 10, 2020 8:08 am
by Vampyre
might your anonymous friend have any data for p04s, ive spent last few days labeling the bin in ghidra from a the data in tinytuner and it doesnt have near all of them
Re: Reverse Engineering 12587603
Posted: Mon May 18, 2020 8:12 am
by Highlander
roughneck427 wrote:6960 OS was an update for the 7603 as well. There were no vehicles with the 6960 OS that had a 4l80. I have cut the trans and trans diag and speedo segments in hex from the 7603 and put them in the 6960 and it worked fine. I see this more for guys using other tuning suites that would have to pay for credits to change the OS. I have tested the same method on a 99 calibration as well. As long as the segment length is the same size you can plug it in.
I also tested this same method on E38. On swaps the speedo on the scanner will read 158mph for an E38 auto trans calibration. I cut the system segment from a manual car and plugged it in a truck auto calibration and it fixed the speedo issue these were non matching OS. Again on this the segment length was the same so the file size never changed
It reads 158 because the ECM is expecting the Speed from the bus and its not there. Or at least the validity of it.
Re: Reverse Engineering 12587603
Posted: Thu Jul 09, 2020 2:51 am
by ColPaul
NSFW wrote:I was sent a file containing addresses, names, and some comments for what appears to be the entire calibration segment. It's kind of amazing. I'm guessing somebody went dumpster-diving outside a GM building 15+ years ago and hit the jackpot. I won't mention any names, but the person who sent it can chime in if they choose to.
Last night I made a script that turns it into an IDC file (12587603.csv.idc), and just now I added the CSV, IDC, and PS1 files to the GitHub repo linked in the first post of this thread, plus a re-generated ASM file.
Merging this with your own work might be tricky. I wanted to preserve the table names from my existing IDA project, since they came from an XDF, have mixed-case names (GM was really fond of ALL_CAPS_EVERYWHERE), and the names include row/column info, etc, so here's what I did:
1) Dump my existing IDA project to an IDC file (temp.idc).
2) Run 12587603.csv.idc
3) Run temp.idc
So now I have XDF-based names for everything that was in the XDF, and GM's names for everything else.
You can sorta get a sense of what's going on in lots of arbitrary sections of code now, just by looking at the names of the parameters that are referenced. I don't have any great new discoveries to share, but with this info I'm pretty sure it's going to be a whole lot easier to discover anything you want.
NSFW would you share the file, maybe on your Github repository or even here? I'm working on using your info from 12587603 to create an XDF for 12592618. I just set up a Ghidra-Server repository if anyone is interested in helping.
Re: Reverse Engineering 12587603
Posted: Tue Jul 21, 2020 4:36 am
by turbo_bu
NSFW, any chance you could share the file with the names / addresses? I am working on an older disassembly and would like to compare it with what I have been able to find.
Re: Reverse Engineering 12587603
Posted: Tue Jul 21, 2020 1:29 pm
by aaronc7
https://github.com/LegacyNsfw/12587603
I used it to help map some flex fuel tables, thank you whoever shared the data!
Re: Reverse Engineering 12587603
Posted: Wed Jul 22, 2020 2:41 am
by turbo_bu
I saw the assembly file that NSFW merged, but it is a little difficult to follow. I was hoping that he could share the raw information so I can try to map it against an older disassembly I originally started on years ago.
Re: Reverse Engineering 12587603
Posted: Wed Jul 22, 2020 8:50 am
by antus
Its just addresses and names, no more. Its all in the csv and also the idc file and you can load idc in to your ida disassembly of the matching os to annotate it then go from there. Or if your no using ida script something to use the csv.
Re: Reverse Engineering 12587603
Posted: Sun Aug 16, 2020 1:37 pm
by NSFW
Sorry for the delay! As antus said, the CSV file is the "raw information" you're looking for:
https://github.com/LegacyNsfw/12587603/ ... 587603.csv
Re: Reverse Engineering 12587603
Posted: Sun Oct 04, 2020 11:50 am
by roughneck427
This is the 7603 os dtc lookup table axis. You have to view in 16 hi low hex and skip 2 bytes to populate the axis properly . If someone wants to add to IDA script for dtc look up table address is 87F74. Disregard I have the axis as the map it was easier for me to shift and move things toggle in hex and 2d mode
.
Re: Reverse Engineering 12587603
Posted: Mon Nov 02, 2020 4:32 pm
by antus
NSFW wrote:12587603 is the P59 operating system that is available in pretty much every combination of throttle and transmission, so I think it's the one to focus on for P59 hacking.
So I opened one in IDA Pro and did the following:
* Used DzidaV8's XDF to label a bunch of tables and constants
* Used the table of PIDs in the bin file to label the functions that handle those PIDs.
* Disasssembled everything I could.
Then I exported an IDC file for anyone who wants a head start digging into it with IDA.
Then I exported an ASM file for anyone who wants to get pitch in and doesn't have IDA.
When Ghidra supports the table-lookup opcodes, I'll find a way to convert the IDC file into something that Ghidra can support, and that will make this easier (and so much cheaper) for everyone.
https://github.com/LegacyNsfw/12587603
I just found this document describing how to add a new CPU to Ghidra. I dont know if it shows anything that would help add the missing opcodes?
https://docs.google.com/presentation/d/ ... fTHRfvVSYo
I'll add a local mirror here incase it goes away.