E92 PCM Reverse Engineering

[bubba2533]

Yeah, I don't have strong C# skills haha. I do feel like I could make it work, but I'm going to have to jump onto some C# coding classes as I only know what I've read in the PcmHacks repo and creating a simple web app to upload my kernel via J2534.

Now that you say all that I'd be willing to try to help (even though I might not be much help for a while) abstract the comms. I feel like if that was done there is a lot of ground work laid already that wouldn't have to be recreated.

[antus]

I am keen to get these assembly kernels finished for pcmhammer first, get the OSID lists for P04 and P08 and any others in to a good state, then we'll probably be able to do a release and start thinking about what comes next. If you want to start looking at can bus before then feel free to start a new thread and ask here, or send me PMs and we can get started on another branch. I have this E92 and an E38 on the bench I can develop and test against.

[gmtech825]

my coding skills are limited but I can usually figure things out eventually. I've been able to successfully create simple programs to talk back and forth with CAN modules. I feel like I do have a pretty good handle on CAN programming and Im willing to help out where I can. I have a pile of CAN ECMS under my bench as well.

[bubba2533]

I am keen to get these assembly kernels finished for pcmhammer first, get the OSID lists for P04 and P08 and any others in to a good state, then we'll probably be able to do a release and start thinking about what comes next. If you want to start looking at can bus before then feel free to start a new thread and ask here, or send me PMs and we can get started on another branch. I have this E92 and an E38 on the bench I can develop and test against.

Ok, that’s reasonable. I’ll start a new thread for this effort in the GM section.

[bubba2533]

Ok, so I've created a branch of PCM Hammer that can communicate with CAN ECU's (Discussion on that Here) and I was able to upload my kernel and read the ECU for the first time.

The kernel seems to be working quite good, but I've only tried it a few times so there could still be problems. I had a couple issues with it crashing the ECU part way through the reading, but I was able to figure it out.

I have some cleanup that I need to do with the kernel. I would like to try and move onto the flash programming, but I know that the CRC, checksum, or whatever is in this ECU will stop me in my tracks. This is the only ECU I have at the moment so I would like to keep it alive, so I'll start researching what needs to be done so that I don't brick it.

Ideally I would be able to find a way to recover it from a software brick of some sort, but I imagine I would have to solder to that board for that.

[ironduke]

I can and I'm sure others can give it a try on a bench E92.. For writing I am using the factory sps format and the aftermarket's appear to be doing the same.. In any case if your writing your own I would stick to doing something in the calibration section as if it does get bricked it can get fixed with gm sps or other software..

[In-Tech]

Hiya,
bubba and others here are bad tha fack ass. I used to write some pretty cool stuff in asm, but back in the day it was 8 bit(two way comm so I had to build cloak code) I believe it will still transfer. Yes, somewhere in the GM strategy it checks CVN's and other such things. The newer stuff is quite interesting. I haven't had any time to do much research and I suck. If I get into something like this, I tend to not sleep and not work on anything else until I completely understand Not conducive for life fun .
The newer stuff seems to have entry's upon boot that has a different security sector and has its own stack and separate "secure" ram.

[bubba2533]

The newer stuff seems to have entry's upon boot that has a different security sector and has its own stack and separate "secure" ram.

Interesting. Do you have any more information about any of that?

[In-Tech]

Hiya bubba,
At this point I monitored vpp against known stuff I monitored on the E92's I have read. I noticed there is quite a bit of activity on vpp and nothing on the "speaker" CAN with the newer stuff.

vpp can "show" you read and writes. It's a tough road.

20+ years ago in my iso7816 days, there were plenty of things I thought GM/Hughes were going to implement, and vi hola. (<<<<<mis-spelled on purpose for funny) in 2019+ they are doing it.

[bubba2533]

What is vpp?

I believe there was something on the the P01/P59 that related to flashing but I don't know if it's the same thing. Also I think it was only accessible from the PCB.