openecu.org

Forums for ECU reverse engineering and modification
http://forums.openecu.org/

Initial IAM Value

http://forums.openecu.org/viewtopic.php?f=3&t=344

Page 1 of 1

Initial IAM Value

PostPosted: Fri Mar 03, 2006 7:02 am
by Jeramie
Not sure if this is the right forum (Couldn't really find one that fit). Just wondering if anyone knows how to change the ECU's initial IAM value? Thanks

PostPosted: Fri Mar 03, 2006 8:32 am
by NeverLies
You need to find the adress of this parameter in your ROM and no way to go except dissassembling ;)
Do you know the adress in RAM of IAM for your car ? If so, dissassemble your ROM with IDA and look for reference to this RAM adress, you should find quite fast the initial IAM parameter adress.

PostPosted: Fri Mar 03, 2006 8:40 am
by Jeramie
Good point. I dunno why I didn't think of that, I'll give it a try. Thanks for the input!

PostPosted: Fri Mar 03, 2006 10:12 am
by Kha0S
Jeramie wrote:Good point. I dunno why I didn't think of that, I'll give it a try. Thanks for the input!


Looks like the one for the A4SG900C is at 0x2A2AC... haven't tested it yet, though. :D

PostPosted: Fri Mar 03, 2006 11:30 am
by NeverLies
Right ;) If we use 0x20124 as IAM adress in RAM while monitoring (as laready published by some US users), we can find some routines managing IAM in the AF421 code like this one:

PostPosted: Fri Mar 03, 2006 11:37 am
by Jeramie
Wow you guys are quick.

To bad we don't have the same ecus :(

Hopefully I will get around to "trying" to take a look. IDApro is not exactly intuitive. :lol:

PostPosted: Fri Mar 03, 2006 11:40 am
by Kha0S
Jeramie wrote:Wow you guys are quick.

To bad we don't have the same ecus :(

Hopefully I will get around to "trying" to take a look. IDApro is not exactly intuitive. :lol:


Jeramie --

What CalID are you running, and what's your IAM address?

I can pull it up in IDA and look for candidates for initial IAM.

PostPosted: Fri Mar 03, 2006 11:53 am
by Jeramie
Kha0S wrote:
Jeramie wrote:Good point. I dunno why I didn't think of that, I'll give it a try. Thanks for the input!


Looks like the one for the A4SG900C is at 0x2A2AC... haven't tested it yet, though. :D


Are you planning on testing?

PostPosted: Fri Mar 03, 2006 11:58 am
by Jeramie
Kha0S wrote:
Jeramie wrote:Wow you guys are quick.

To bad we don't have the same ecus :(

Hopefully I will get around to "trying" to take a look. IDApro is not exactly intuitive. :lol:


Jeramie --

What CalID are you running, and what's your IAM address?

I can pull it up in IDA and look for candidates for initial IAM.



AH792
A4TF500F

http://forums.openecu.org/viewtopic.php?t=94
Thats my image.


IAM 0x020120

Thanks, I eperciate it!

PostPosted: Fri Mar 03, 2006 12:58 pm
by Kha0S
Looks like 0x2998D. Can't guarantee it, but try it out. Change it, flash, and pull IAM to see if it's changed.

PostPosted: Fri Mar 03, 2006 1:04 pm
by Jeramie
Cool, I'll give it a try and see what happens. Thanks for your help.


Heads up I sent you a PM.

PostPosted: Sat Mar 04, 2006 8:57 am
by Jeramie
I got a chance to edit the hex and flash the image and it work perfectly. 8) 8)


AH792
A4TF500F

Inital IAM Address = 0x2998D
All times are UTC - 8 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/