Results 1 to 4 of 4

Thread: LS1 Hacks

  1. #1
    Fuel Injected!
    Join Date
    Mar 2013
    Posts
    1,470

    LS1 Hacks

    This thread is for all gearheads that needs more indepth knowledge for all the ls1 PCMs ranging from 1997 to 2007 in different configuration and styles.
    They are known with different names and can be divided by years range and flash size. Even they have multiple different OS the code in them is very similar, for example the Spark calculation routine, tables size and scalars are almost identical in all PCMs, just the newer ones have more stuff added, like extra table or scalar.

    I hope all the known info can be gather here as one big vault for the future hacking of these controllers and unlocking the hidden potential GM left on the table. Reverse engineering the hardware and full disassembly are first on the list. Full list of all unused pins and linking them to ram address will open the door for pcm control of external relays and adding more sensors.

    Segment swaps are another interesting unexplored area that will be unlocked with the release of the android read/write app.

    What needs to be done after free read/write is available.

    A small universal checksum app that will work with any bin and OS will be the best route. I got all the info, and a short write up how to do checksum will follow.

    Open source tunning tool similar to the tinytuner. XDFs can work but making an xdf for all the different OS and configuration is waste of time. Filling and maintaining database with OS number and tables` start address is much easier to do.


    High speed logging tool utilizing the built in GM dynamic PID request. In that mode the pcm continuosly dumps upto 8 channels containing 6 bytes of data each and a request of 2 more channels can be sent for less critical parameters. Unfortunatelly elm devices has very stupid limitations that prohibit the use of this mode, the port is closed on the first response received, so they can`t monitor continuos dump of data. A j-2534 tool or AVT are the only option for now.


    For the very start of it, here are some basic disassemblies I have for 03 vette and 04 yukon. Most of the important stuff is labelled but still there is alot of work needed. A complete list of gm PIDs is a must. I have some files from unknown sources but can`t share for now. But will be glad to post info on any pid needed.
    Attached Files Attached Files

  2. #2
    Fuel Injected!
    Join Date
    Mar 2013
    Posts
    1,470
    Some updates for the 7603 OS
    Attached Files Attached Files

  3. #3
    Electronic Ignition!
    Join Date
    Jan 2019
    Age
    39
    Posts
    14
    Great work kur4o!!! Really interested in the data logging for better tuning. Also a way to tune without having multiple XDFs for different OSs

  4. #4
    Fuel Injected!
    Join Date
    Jan 2018
    Posts
    57
    I have a very primitive logging app that uses dynamic PIDs, pretty much how kur4o described, it's included in the PCM Hammer zip file. There are 2 big issues with it right now thoug

    1) It does not (yet) have any UI for choosing parameters to log, so you have to edit an XML file to change parameters.

    2) It can easily log standard PIDs for any GenIII GM vehicle (well, if editing XML is "easy") but a lot of the parameters that are interesting for logging need to be reverse-engineered for each different OS. The values exist in RAM but it takes work to find the address and the formula to convert the value to units that make sense.

    I've been working on finding stuff in 12593358 because it's what came with my car, and I didn't know any better. :)

    If anyone out there is familiar with IDA Pro, or is looking to get started, I think the world would really appreciate having logging parameters and addresses for:
    - 12212156, because that particular P01 operating system is available with every combination of DBW/DBC and MT/AT.
    - 12216125, because that particular P01 supports flexfuel (not sure which throttles or transmissions it supports, though)
    - 12587603, because that P59 operating system supports flexfuel and all combinations of throttles, transmissions.

    Rather than disassembling every OS GM ever made, I think we should focus on those three. I'm going to switch my car over to a P59 with 12587603 this fall.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •