openecu.org

i don't even know do i need to ask if i missed something:) so having an obd2 diagnostics cable and kwp2000 program i can download my flash too? and uploading?

is there maybe a damos file or plugin for hyundai for any program out there ready?

12x16 timing maps?

what do we need to pull the info off the ecu?

all i got is the elmscan hardware.

Alright. So Pewp and I now have the ROM and can view the HEX code. Now what? Is there a nice tutorial somewhere that will help explain what we're looking for, so we can attempt to contribute in some way?

And Freon... you've got a YM.

You can browse around and look for patterns and likely find a few 3D maps. I use Ecuedit. Put it in 1byte and 2byte modes, scroll up and down, change the "row length" if you spot anything. I was able to find a small handful of maps, like what I assume is the main timing map, but nothing terribly useful so far.

Here's what the timing map looks like:
http://freon.shackspace.com/car/ecu%20a ... ronign.png

If I change the row length to 12, it looks even more obvious.

I tried to disassemble it but no dice. I'm not sure the processors I'm trying to use are correct (Siemens C166, C167, etc), but I'm not terribly skilled at disassembly to begin with.

Well that's easy enough... but I suppose I'm trying to take it to the next level.

I've been studying some of the maps (and the HEX data and XML code) from your BIN and description file you posted up on NT.com, and even noticed that you apparently wrote a basic description file for that timing map. I'm just trying to determine from what I currently have to look at how you did that, and how you decided exactly where it started and ended?

I'm assuming this is the "disassembly" portion of it? Forgive me if I'm way off base, but I'm a noob to all this...

Also - could you post up that defs file, so I can look at it as well?

Another thing (adding to this as I go along - LOL). I'm assuming that setting it to 12 rows (as suggested) is where you came up with the 12x16 map? Just guessing as when I do so, that's the data block dimensions of the gradient in question.

If I'm correct on this theory, take a look at 0A953 on an 8 row, 1 bit setup. It looks like there are 8 consecutive (and similar) 8x8 maps there (although I have no clue what they may be.

Can someone send me what we have so far?

I am assuming this is from pewps v6 ecu? Do we have one for an i4 yet?

USe the demo version of winols. It can be found at www.evc.de

From winols, open up the bin file that is posted.

The software will automatically detect possible maps. Make sure to enable the "Statistical Map Search" function from the config window.

Double click on the possible map address posted in this thread (9D4C)- you will see a nice 3d timing graph.

Problem, I still have not figured out how to make sense of the axis values.

Question : How do I do a rom dump on the HYUNDAI ECUs. What is the software/hardware needed.

thanks sly. i didnt see the files posted up. I didn't realize i had HTML turned off by default in my profile.

and the 2 labeled axis are just the memory location and the value stored there.

Freon i'm pretty sure the processor is C176CR although i'm not inclined in reverse engineering, it's what Colby told me earlier. anyways i have a full version of WinOLS, and i have a new i4 file , that was given to me by ukrainian guys, who pulled the ecu dump. i don't know what did they do to download it , but they left alone the tries to correct it for the client. so i have the unmodified version.
http://www.napkinripcord.com/ecuroms/5WY1689.ORI
thanks for pewp for hosting

anyone heard from cboles on this? i sent a PM to him a few weeks ago asking about the ecu i sent him with no responses.

bump

So what's the name of the program you have to upload to the flash before downloading?

Since this ECU has a separate memmory chip, it is easy to read/write the contents once you have removed the chip.
Most tuners solder an adaptor so that you can remove the chip easily and make alterations to your program.

This is how they've managed to read eprom contents.
Reading/flashing through OBD is described in the KWP2000 protocol. But each ecu model/software revision/brand has its own seed keys, so it takes a while before they are unlocked.

Denso Ecus do not store their contents into a separate chip, so we can only program them through OBD or try on-board flashing utilities which require serious electronic skills (ie Colby).

I am not really sure if the openport cables can support kwp2000 or kwp2000 over CAN, so we might be needing new tools.