Page 23 of 35
Re: PCM Hammer Release 021
Posted: Thu Mar 16, 2023 9:48 am
by Tazzi
Looking through the debug log, I see the following:
[05:02:33:295] TX: 6D 10 F0 35 01 10 00 00 20 00
[05:02:33:296] Processing message
[05:02:33:296] Unable to process response: UnexpectedResponse 6D F0 10 36 01 10 00 00 10 - trimmed for size
[05:02:33:326] Processing message
[05:02:33:326] Unable to process response: UnexpectedResponse
8C F0 40 60
[05:02:33:327] Processing message
[05:02:33:330] Unable to process response: UnexpectedResponse
8C F0 60 60
This is indicating that other modules in the vehicle are still communicating. This is likely causing the problem with trying to read/write due to data collisions.
Modules such as radios are really bad for jut transmissiting without a care in the world, even if another module is already trying to send something
Re: PCM Hammer Release 021
Posted: Thu Mar 16, 2023 4:11 pm
by kur4o
TX: 6D 10 F0 35 01 10 00 00 [20] 00
I have seen this vpw bug before but with PCM. The other modules are actually picking [20] from this message as mode 20 being send
and reply
8c f0 40 60
and
8c f0 60 60
means They just got reset and start normal communication.
The origin of this bug is still unknown something with message buffering on hardware level or buffer clearing.
Re: PCM Hammer Release 021
Posted: Thu Mar 16, 2023 9:53 pm
by Vetteyog
Tazzi wrote:Looking through the debug log, I see the following:
[05:02:33:295] TX: 6D 10 F0 35 01 10 00 00 20 00
[05:02:33:296] Processing message
[05:02:33:296] Unable to process response: UnexpectedResponse 6D F0 10 36 01 10 00 00 10 - trimmed for size
[05:02:33:326] Processing message
[05:02:33:326] Unable to process response: UnexpectedResponse
8C F0 40 60
[05:02:33:327] Processing message
[05:02:33:330] Unable to process response: UnexpectedResponse
8C F0 60 60
This is indicating that other modules in the vehicle are still communicating. This is likely causing the problem with trying to read/write due to data collisions.
Modules such as radios are really bad for jut transmissiting without a care in the world, even if another module is already trying to send something
Thanks for all the help. When I was reading it, my truck was doing crazy stuff and I kinda thought that was goimg to be an issue. I'm going to build a bench harness and give it another try.
Re: PCM Hammer Release 021
Posted: Mon Mar 20, 2023 1:58 am
by Vetteyog
I built a bench harness, and successfully read my P10 pcm. It read fine, then I tried to swap in a different OS and it says there are bad segments in it so that's all the further I got with it.
Re: PCM Hammer Release 021
Posted: Tue Mar 21, 2023 12:11 am
by Gampy
I would not OS swap a P10 ... There just is not enough knowledge out there yet and it may produce a soft brick.
Awesome glad you got it to work!
-Enjoy
Re: PCM Hammer Release 021
Posted: Tue Mar 21, 2023 12:59 pm
by antus
Agree. What we do know there is a slave CPU, and we do know PCMHammer does not flash it. I did OS swap mine on the bench and it appeared to work, but the slave CPU code might not be compatible and some of the functionality might break when its in a car. A possible fix, like some people have had to do with some tools on E38 is reflash it with SPS after the update, and let SPS handle the slave CPU. But unless you need to change it and are prepared to put the time in to test and hopefully let us know, it's not recommended.
Re: PCM Hammer Release 021
Posted: Tue Mar 21, 2023 1:31 pm
by In-Tech
Hiya folks,
Are you saying PcmHammer can now read E38 or are we still talking p01, p59, p04, p10, e54?
I am still investigating how e38a/b/c, e39/a and e92/a still handles the slave modules. Sometimes SPS will re-write and sometimes it will skip it if it sees the same module number
Re: PCM Hammer Release 021
Posted: Tue Mar 21, 2023 2:10 pm
by In-Tech
Example code of dumping without a rom routine and toggled the i/o peripheral at address $51(in this application, not GM, and of course adjustable) and still jumped pages and addresses during the dump. You just have to write the packet so before it hits security, it changes addresses to continue the dump. I then made dumps of the security(another flash layer) so I could see what was allowed, then I changed the security bits so I could alter the read/write areas. I bet the 68332 will let me do some of my trickery
Then the MapRom, what a biatch
Is something like this small enough?
Code: Select all
B7514FADF5AE0A431100ADEA20001000ADE49825041100004310002000ADD7485A26F01000819D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9BA6552000ADC44AADB726FBA630B7473F48718092C647ADB23C4826F73C4726F3
The Atmel would watch for the 9d NOP packets and then calculate the timing
Re: PCM Hammer Release 021
Posted: Tue Mar 21, 2023 3:03 pm
by Gampy
In-Tech wrote:Are you saying PcmHammer can now read E38 or are we still talking p01, p59, p04, p10, e54?
We are talking about the P01, P59, P04, P10, E54 ... E38 speaks CAN, PcmHammer speaks VPW.
PcmHammer will likely never speak CAN ... We are talking P10 specifically in this case.
In-Tech wrote:Code: Select all
B7514FADF5AE0A431100ADEA20001000ADE49825041100004310002000ADD7485A26F01000819D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9BA6552000ADC44AADB726FBA630B7473F48718092C647ADB23C4826F73C4726F3
What is this string of hex ??
-Enjoy
Re: PCM Hammer Release 021
Posted: Wed Mar 22, 2023 2:17 pm
by In-Tech
Gampy wrote:In-Tech wrote:Are you saying PcmHammer can now read E38 or are we still talking p01, p59, p04, p10, e54?
We are talking about the P01, P59, P04, P10, E54 ... E38 speaks CAN, PcmHammer speaks VPW.
PcmHammer will likely never speak CAN ... We are talking P10 specifically in this case.
OK
In-Tech wrote:Code: Select all
B7514FADF5AE0A431100ADEA20001000ADE49825041100004310002000ADD7485A26F01000819D9D9D9D9D9D9D9D9D9D9D9D9D9D9D9BA6552000ADC44AADB726FBA630B7473F48718092C647ADB23C4826F73C4726F3
What is this string of hex ??
It's a dumping routine that toggles the I/O register for dumping only, when you know nothing about the routines or much about the contoller or its' flash. Once you can dump, you can find ROM routines to use to shrink the code smaller for dumping, then find rom routines for writing. 8 bit and some 16 bit, I have never played with 32 bit M68xxx. This was approx 25 years ago so my memory is vague. I might be able to find this one or similar that I commented as I went
-Enjoy