"preview" of source code to ecuflash, etc.

OpenECU software executables and source code

Moderator: Freon

"preview" of source code to ecuflash, etc.

Postby cboles » Sat Aug 27, 2005 8:46 am

I haven't had a lot of time lately to finish cleaning up the source code, but for those of you who are interested in how it works, here's a snapshot of the code very similar to the ecuflash.exe you are currently using. i'm going to be gone as of today for a week and a half, so i can't answer any questions about it until then. enjoy.

colby
Last edited by cboles on Wed Sep 07, 2005 10:34 am, edited 1 time in total.
cboles
Site Admin
 
Posts: 1233
Joined: Wed Dec 29, 2004 5:45 pm
Location: Seattle, WA

Postby richip » Sat Aug 27, 2005 9:02 am

Thanks, and have fun!
richip
 
Posts: 36
Joined: Sun Aug 07, 2005 8:33 am

Postby cboles » Wed Sep 07, 2005 10:43 am

...just got back from my trip. i grabbed an old zip file by accident that contained a bunch of random old source tidbits and not the ecuflash code. here it is:

colby
Attachments
sourcepreview.zip
(122.23 KiB) Downloaded 1712 times
cboles
Site Admin
 
Posts: 1233
Joined: Wed Dec 29, 2004 5:45 pm
Location: Seattle, WA

Specs?

Postby richip » Wed Sep 07, 2005 7:06 pm

Hi, Colby.

I've been going through the source code for your reflashing program and I'm just wondering where you got the specs from for programming the ECU in the way you did. The SSM protocol as used in programming the "denso" ECU is well-documented in http://www.brendan-stewart.com/other/subaruecu.htm, but I'm wondering where you got the information for communicating with the "kernel". I've trundled the forums here for any message header that begins with the "BE EF" signature that you used and can't find anything.

There's a lot of stuff going on here that I'm hoping to understand. Stuff like how the ECU selects which ECU program the port communicats with depending on which state (via communications baud rate). Did you reverse-engineer one of the flashing apps? Did you read up on this somewhere? In other words, where'd you get the information you used to write the OpenECU kernel?

Hoping you could share this information so we can truly have an openecu.org
richip
 
Posts: 36
Joined: Sun Aug 07, 2005 8:33 am

Postby cboles » Thu Sep 08, 2005 11:45 am

I wrote the kernel myself in C, then later rewrote it in assembly for compactness. Only the kernel code I wrote is executing once it is loaded, so the protocol is just made up, using a packet format I use in other microcontroller-type projects. I'll post the source for the kernel once I add some more comments to it.

Once you hace dissassembled a complete dump of the ECU code areas (including the TPU code), you can see what is required to get the ECU to load your kernel (including challenge-response queries in the 04/05 models, and checksumming of your kernel). You also have examples in that code of using the serial port and keeping the watchdog timer happy. The procedure for erasing and reflashing blocks of flash in the 68HC916Y5 is detail in the chip docs available on this site. I followed the manufacturer's procedure exactly.

Colby
cboles
Site Admin
 
Posts: 1233
Joined: Wed Dec 29, 2004 5:45 pm
Location: Seattle, WA

Postby richip » Thu Sep 08, 2005 3:07 pm

Thanks. That was most helpful.

I have an 05 Legacy GT. I'd like to dump the ECU's code blocks and disassemble it. Any tips on getting a dump out of it? I feel like I'm in a chicken & egg situation here.

Going through your code, you use the kernel to dump the CPU area (0x0 -> 0x1FFFF, 0x28000 -> 0x2FFFF) and TPU area (0x60000 -> 0x60FFF) using the kernel you uploaded. Is there no other way to get this code without using the kernel hack? My problem is that the models you have (wrx2002 and wrx2004) don't include my LGT2005, so I'm feeling antsy to try.

I'll give the other ROM files here a look. I've never done 68HC16 before, so at least it won't go to waste. You wouldn't happen to have a partially-commented disassembly of one of the ROMs, would you? :)
--

Richi
richip
 
Posts: 36
Joined: Sun Aug 07, 2005 8:33 am


Return to OpenECU Software

Who is online

Users browsing this forum: No registered users and 16 guests