Is it possible to view the assembly code for our cars or is it just the .bin files that we can look at and manipulate?
I remember writing some assembly code for a motorola 6800 and then compiling it to .bin for a class.. but I didn't know if it was possibly to go backwards and look at the assembly code from a .bin.
I've briefly done some of this stuff in school and am trying to get more into how automotive computers really work and operate and of course how to back hack them too.
I'd really like to learn more about how these definition files and the original coding was done to make it all work.
Highlander 12-15-2004, 12:44 AM Is it possible to view the assembly code for our cars or is it just the .bin files that we can look at and manipulate?
I remember writing some assembly code for a motorola 6800 and then compiling it to .bin for a class.. but I didn't know if it was possibly to go backwards and look at the assembly code from a .bin.
I've briefly done some of this stuff in school and am trying to get more into how automotive computers really work and operate and of course how to back hack them too.
I'd really like to learn more about how these definition files and the original coding was done to make it all work.
You will need IDA to disassemble.
Got any links or more info?
I'm dying to get deeper into this and make some real world use of my education.
I setup freeware IDA but it only had intel processors...
A '94 Z28 has a Motorola 68HC11 correct? Does the full version of IDa support this and how much is the software?
Highlander 12-16-2004, 01:38 AM you can use the tunercat's disassembler..
you can use the tunercat's disassembler..
I've tried using that one but I keep getting start address too big. I can't get anything sensible out of it. Any help on that?
Buttercup 12-16-2004, 07:10 PM I've tried using that one but I keep getting start address too big. I can't get anything sensible out of it. Any help on that?
There are two flashproms in the PCM, E side and T side. The .bin files that you see are the two images conveniently joined together. Split the file in half and disassemble each side individually.
Ok thanks, now i'm getting somewhere.
I opened it up and it goes up to 20000(hex). So do I split it right at 10000?
How do you differentiate between E and T?
Can you paste the disassembled code together and assemble it to .bin and it still come out correct?
Oh and does the default settings for tunercat dis. read the entire "half" file or do you have to designate what line it reads to? I noticed I couldn't put 10,000 into the end address line but if I left the setting as default it would disassemble. I'm trying to figure out if it's getting the entire file or not.
95Blackhawk 12-17-2004, 10:44 AM GL on this. I have looked into manipulation if the hex code, but it was beyond me. I used TC's disassembler.
The problem I came up with was when I would change one parameter, more than 1 parameter in the hex code would change and I could not figure out how to tell what the other's relevance was.
Keep us informed.
Well, for starters I just want good clean assembly code that I can extract information from. I've worked with the 6800 code so I'm going to read up on the 68HC11, which I've started to do.. and that gives some good insight as to what's really happening. The code itself gives a lot more clues than a hex readout would.
My main problem right now is that I want to be sure I'm getting good data to start with so that when I manipulate it later I can compare the differences in the machine code. So anyone that has pulled what they know to be complete and good assembly code if you can assist me that would be great. Btw, what are you all using to view the .bin files. I pulled it up in visual studio at home and that's where I saw the 20k lines and was able to split it into two files.
Also, I'm wondering if anybody has ever used a simulator for the processor? That might be cool to load up and debug with a simulator/emulator.
In case anyone is wondering, ultimately I want to be able to look at the assembly code and know what each section represents so that I can write in my own algorithms and just have commented assembly code that I can look at. Assembly just seems so much more intuitive and "basic" or sequential, that changes are easy to trace and understand. I've found some examples of where they've commented throughout the assembly but it's for older vehicles. I want to do it for the f-body.
Overall I just think it's a lot easier to learn when it relates to something practical and would give me a big advantage when I get back to my classes in school. Plus it's car stuff so it's a lot cooler than just doing it in school.
So.... If there are any other hardcore "geeks" out there that are into this stuff I'd like to chat on IM or something and see about doing something usefull with this stuff. I've got a cool software idea too that might be practical for the average tuner and I don't think it's available yet.
AIM: onestar220
Buttercup 12-20-2004, 03:48 PM Ok thanks, now i'm getting somewhere.
I opened it up and it goes up to 20000(hex). So do I split it right at 10000?
How do you differentiate between E and T?
I haven't used Tunercat's disassembler so I can't help you much there.
Each side is 64KB so, yes, split it exactly in half.
On a .bin file the first half ($00000 to $0ffff) is the "t" side and the second half is the "e" side. If you are using an .lt1 file this is reversed.
SABLT194 12-25-2004, 05:38 AM Guys, Here's a link to Christian Millard's site. He has disassembled and hacked these PCM's. He's a knowledgeable guy and is on the board from time to time. Take a look at his website for lots of valueable information and maybe drop him an Email about what your trying to do.
http://www.carprogrammer.com/Z28/PCM/disassembly/
Steve
Wow there's a lot of different things on that site to read. Thanks!
Do you know his name here on CZ28?
SABLT194 12-27-2004, 03:47 PM His screen name is Cmillard on this forum. He doesn't post too much any more cause I think he's pretty busy with work and all.
Buttercup 12-27-2004, 05:16 PM Wow there's a lot of different things on that site to read. Thanks!
Do you know his name here on CZ28?
I'm sure Christian will pop his head in here and give credit to the guy that actually did that disassembly ;)
That looks like the work of "Da Wagon". Not sure if Christian took it any further or not.
Highlander 12-27-2004, 06:23 PM cmillard is his name i think.
Looks like some good stuff. Has anyone ever disected or mapped out the pcm circuit board to see what pins go to what and how it translates to the sensors?
If some gifted EE and Computer Engineer could work together to make an emulator for the PCM circuit board and sensors you could pretty well map out the entire code line by line and run simulations for various sensor settings. That would be hardcore cool. Just input sensor readings and predict what changes would result with tune changes. You could really fine tune down to every last sensor reading.
We run emulators in school and it makes learning a lot faster than trying to run real life simulations and risk ruining hardware or worse in the case of cars.. an engine. I've built various computer circuits on simulators and run assembly on emulators too but I don't know enough about all that EE stuff yet to figure out the circuit board on the PCM.
I may have to buy an extra pcm someday and bring it to school with me to find some EE guys that need a challenge :)
|