Results 1 to 6 of 6

Thread: E40 ECM disassembly and reflash project

  1. #1
    Fuel Injected!
    Join Date
    Jan 2012
    Location
    Poland
    Posts
    147

    E40 ECM disassembly and reflash project

    Hi all!

    Since I have E40 PCM powered car I was thinking about opening the platform for open source flashing. Recently I have started the disassembly work on a Impala LS4 bin file I found here.

    E40 ECM has both J1850 VPW and GM High-Speed LAN (500kbps CAN, 29bit ID) capabilities, and from what I already decoded both are used by the bootloader. Looks like simmilar approach as in 0411 style PCMs is needed to transfer reflash kernel, as there is no reflash code in there.

    If anyone wants to chime in and help then it would be great. I have done a lot of work disassembling LT1 and LS1 PCMs, but here the code is much more complicated with heavy pointer usage, most likely Delphi has switched to higher level language like C++ developing E40 code.

    For now, feel free to have a look at and comment about the code I disassembled so far.
    Attached Files Attached Files
    Last edited by dzidaV8; 09-09-2019 at 10:51 PM.

  2. #2
    Fuel Injected!
    Join Date
    Jan 2018
    Posts
    57
    There might be a reflash routine in the operating system, to store check-engine-light codes. I didn't realize that about 411 PCMs until we already had 411 flashing working, but the code gave me a rough idea of what the P59 flash code would have to do.

    (P59 flashing is still not working reliably but it's still on the to-do list. First I have to figure out how to unbrick both of my bench PCMs.)

    If the E40 supports the same J1850 messages that the 411 uses to upload and execute a flash kernel, then it would probably make sense to extend PCM Hammer to support it. CAN would allow for much faster reflashes but for CAn it would make more sense to fork PCM Hammer than to just extend it. But it would probably still be easier than starting from scratch.
    Last edited by NSFW; 10-07-2019 at 12:44 AM.

  3. #3
    Fuel Injected!
    Join Date
    Jan 2018
    Posts
    57
    I'm not able to open that IDB file because I'm using a relatively old version of IDA.
    If you can export it to an IDC file (script) that will probably work for me.
    Thanks!

  4. #4
    Fuel Injected!
    Join Date
    Jan 2012
    Location
    Poland
    Posts
    147
    I made some progress on the E40 code. I think I've found built in block reflash routines starting at 0xEA0E4. From the commands there I think the flash chip is 29F800 series. Have a look at .idc file attached.
    Attached Files Attached Files
    Last edited by dzidaV8; 10-09-2019 at 10:39 PM.

  5. #5
    Fuel Injected!
    Join Date
    Jan 2018
    Posts
    57
    You found a lot of good stuff in there! I agree, that does look like reflash code. The magic numbers in the chunk at EA1F8 looks pretty familiar.

    If the same commands over the VPW bus can be used to upload a kernel, it should be straightforward to add support for this in PCM Hammer - assuming we can get the PCM Hammer kernel to support the flash chip. I think it's the same chip used in the P59, and I was able to flash the P59 on my desk once, but I bricked it on the next attempt - and then bricked the 2nd that I bought to experiment with, so something definitely isn't right about the existing flash code.

    The new kernel code in the GitHub project has been updated, so what's there now is what has been included in the releases. If you can spare some time to look over the AMD flash code (flash-amd.c) I'd love to know if you see anything suspicious.

  6. #6
    Where you able to develop an xdf for the 12604792?

Similar Threads

  1. Looking for a disassembly of 12613246 OS Green Blue PCM
    By james_adams2006 in forum GM EFI Systems
    Replies: 5
    Last Post: 02-19-2021, 04:51 PM
  2. 411 disassembly help
    By iblackford in forum OBDII Tuning
    Replies: 11
    Last Post: 12-18-2015, 06:35 PM
  3. OBDII PCM Reflash
    By EagleMark in forum EFI Tune
    Replies: 0
    Last Post: 04-08-2013, 06:59 PM
  4. EE$ disassembly and some other stuff
    By Rocko350 in forum GM EFI Systems
    Replies: 1
    Last Post: 01-06-2013, 01:55 PM
  5. Confusion - Reflash 95 LT1
    By Dailydriver in forum GM EFI Systems
    Replies: 7
    Last Post: 01-15-2012, 10:43 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •