Page 1 of 1
update on my work
Posted:
Mon May 02, 2005 11:45 amby cboles
I just wanted to let everyone know that I'm currently working on a reflashing kernel for the '02 WRX, and things are going well. Once that is done, I'll do one for the '04 WRX also. The kernel will allow you to read blocks of memory, checksum blocks, and reflash blocks. Initially, the greatest utility will be in just reading out the memory so that we can build up a library of all the versions of ECU code out there. From there we can flash to any other version, or begin modifying the code / data using incremental patches.
Colby
Posted:
Mon May 02, 2005 12:16 pmby NeverLies
Nice news !! Did not get enough information right now to write the software needed to be injected in ECU to dump and flash it
Posted:
Mon May 02, 2005 2:37 pmby crazymikie
That's awesome news!
Please drop me an email if you need any help. I can't wait to start ripping into this stuff
Mike
Posted:
Tue May 03, 2005 4:07 amby Spiider
Cool, this is great news. Once its complete I can dump a good number of different ecu's for the database.
Posted:
Tue May 03, 2005 8:44 pmby cboles
What ECU's do you have access to? WRX 2002/3/4/5? STI? etc?
Posted:
Wed May 04, 2005 12:02 amby calvinc
I have immediate permanent access to a 2005 Impreza STi (AUS/SA spec), send it on...
Posted:
Wed May 04, 2005 3:40 amby Spiider
Anything that comes into my friends shop.
He mostly does Subaru aftermarket performance work, he did my JDM STi twinscroll full swap into my '02. Lots of stock Subaru's, but also all kinds of tuned ecu's as well.
Posted:
Wed May 04, 2005 12:26 pmby NeverLies
Can do it also on some ECU, WRX02, 03, STI8.
Posted:
Mon May 09, 2005 3:00 amby NeverLies
So Colby, do you get any news ? What have you used to modify kernel software ? any linked documentation present here or some more ?
Please give us some details or you will finish to do the work totally on your own
Posted:
Mon May 09, 2005 7:16 amby cboles
First I wrote a dissasembler module for the HC16 that runs in IDA Pro 4.7, then I looked through the code of the 02 WRX and found the the boot loader for the reflashing kernel. The boot loader is in the 0x60000 TPU code memory area. The kernels it loads are weakly encrypted. Then I set about writing a small kernel to allow us to read memory, do quick CRC checksums, and erase / reflash blocks of memory. I wrote that kernel in C so that it would be easier for everyone to read, but the demoware C compiler I'm using (Cosmic) is pretty dismal in it's optimizations for code size / efficiency. I'm going back now and re-doing at least parts of the code in assembly.
Posted:
Mon May 09, 2005 7:25 amby NeverLies
OK, sounds good
Does the default boot loader is readable through standard SSM ? Can it be read without any modifications ? Can you publish this code ?
I've already used Cosmic also for HC11 and it was not so optimised. Need to redo also some asm code manually
Posted:
Sun May 15, 2005 9:21 amby NeverLies
Some news on the dump ?
Posted:
Thu Jun 02, 2005 8:16 amby NeverLies
So Colby, have you done some good works on this part
Are you able to extract ROM files ?
Posted:
Thu Jun 02, 2005 5:09 pmby west_minist
subscribed
Posted:
Thu Jun 02, 2005 6:04 pmby twg
i have access to 2004 Forester XT ECU and 2004 USDM STI ECU