toxictuning
Newbie
Karma: +0/-0
 Offline
Posts: 4
|
 |
« on: July 05, 2023, 03:09:10 PM »
|
|
|
Hey Everyone, On my quest to removing the 2550mbar limit on MED9.1, I found a method thats rather simple which is helping me get there... Thanks to Basano for the following guides which was used. #1 MED9.1 IDA Setup : http://nefariousmotorsports.com/forum/index.php?topic=6834.0#2 MED9.1 Measuring Blocks : http://nefariousmotorsports.com/forum/index.php?topic=5941.0title=I am using 8P0907115H 0261S02342 387951, together with 8P0907115H_with_MB.idb from Link #2 So using WinOLS and looking at KFMWNTK, line 115 we can assume if we are correct so far, that 004C is to requested boost, then referring back to the internal variables found at 0xA7906 , you see that 004C is found at 9DC0, now open your windows calculator in programmer mode, input 4C, and you will find 4C hex is 76 in decimal.... Now going into the FR document page 4453, we see that 76 is infact plsol, now remember the IDA project has an offset 400000 because its loaded at that.... So the full asm address is 0x00039DC0, if you read Link #2, just note that the KP im attaching has that part removed, after adding the offset we get 0x00439DC0, Open IDA, Press G, Jump to ROM:00439DC0 and you should find yourself at plsol calculation. There might be more variables required to get it reading above 2550 but this post is not dedicated to that. Disclaimer : I have not completed the solution yet so I could be wrong in some parts. Attached is a KP in WinOLS 5 Format |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #1 on: July 05, 2023, 03:19:32 PM »
|
|
|
You seem very confused. The diagnostic output has nothing to do with with the 2560 internal boost request limit in the ecu.
|
|
|
|
|
Logged
|
|
|
|
toxictuning
Newbie
Karma: +0/-0
Offline
Posts: 4
|
|
« Reply #2 on: July 05, 2023, 03:29:22 PM »
|
|
|
You seem very confused. The diagnostic output has nothing to do with with the 2560 internal boost request limit in the ecu.
Just trying to find my way to a solution, but whats your take on the variable locations? Maybe it could help someone in another way. |
|
|
|
|
Logged
|
|
|
|
elias
Full Member
Karma: +17/-3
Offline
Posts: 59
|
|
« Reply #3 on: July 06, 2023, 01:52:27 AM »
|
|
|
Your approach wont get you far. Variable "Locations" is only a first small part of your journey. You need more than that to implement that feature.
I would do following:
1. Read the FR to figure out where the Limit might be implemented. Maybe there is a hint somewhere hidden in the 10k pages. You need to understand how the ECU is using the Maps anyway to be able to modify its behaviour.
2. Start with the 8p Rom which, which is completely documented(a2l, winols + matching binary). You can find it here in the forum. You dont need to figure out variables there, as they are clearly documented in the a2l.
3. Research the Code with Ghidra/IDA. Basanos Tutorials are only a start, they wont help you finding the corresponding spot where this "limit" is implemented. They just a general hint how Basano did his tasks.
4. Do a lot try/error by trying to find the code which is responsible for this functionality.
Hint: It may take weeks/months to figure it out how its implemented, even for someone who has experience. Not worth mentioning the modifiying process. It may involve a lot of work to "remove" this limit - depending on the implementation. There might be changes needed in 200+ places or only a small instruction change somewhere. Nobody knows as nobody done this before.
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #4 on: July 06, 2023, 02:34:32 AM »
|
|
|
Nobody knows as nobody done this before. It has been done over 10 years ago... |
|
|
|
|
Logged
|
|
|
|
|
|
jacktfsi
Jr. Member
Karma: +18/-0
Offline
Posts: 44
|
|
« Reply #6 on: July 07, 2023, 02:53:37 AM »
|
|
|
Hint, find where plsol_w is calculated and it’s just a case of creating a 3D map that adds x amount on top of the original plsol_w request.
It’s just a bit of simple maths to get around the limit. For example 2560*16/13=3150mbar
Then you just need to use this new scaled plsol_w in place of the original boost request in LDRPID and create measuring blocks for it so you can log specified.
There’s obviously more to it than what I’ve told you but it’s a good start and I’m not going to hold your hand but this ways worked for me for years and I’ve used it up to 3500mbar.
This is a hack and not necessarily the way it should be done so that’s just a disclaimer.
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #7 on: July 07, 2023, 09:12:52 AM »
|
|
|
ps_w is still 2560, so yeah that's a pretty shit hack  It also requires scaling the whole ECU to shit so load isn't too high. |
|
|
|
|
Logged
|
|
|
|
jacktfsi
Jr. Member
Karma: +18/-0
Offline
Posts: 44
|
|
« Reply #8 on: July 08, 2023, 12:48:28 PM »
|
|
|
Very true, only reason I did it is just for some simple closed loop boost control above 2560mbar and I was being lazy - it’s got its drawbacks for sure a better method is to probably see how pvdk_w is 5120 and replicate this on requested boost. I just never got round to doing it this way.
It was quick and relatively simple for the hack and works well enough I guess.
All good learning.
|
|
|
|
|
Logged
|
|
|
|
|
matchew
|
|
« Reply #9 on: July 08, 2023, 04:23:34 PM »
|
|
|
So as long as you think boost is controlled above the ECU limit, fuel and ignition among other things all go to shit, thats ok?
You'll learn the hard way buy hey learnings learning.
|
|
|
|
|
Logged
|
|
|
|
jacktfsi
Jr. Member
Karma: +18/-0
Offline
Posts: 44
|
|
« Reply #10 on: July 09, 2023, 02:32:54 PM »
|
|
|
So as long as you think boost is controlled above the ECU limit, fuel and ignition among other things all go to shit, thats ok?
You'll learn the hard way buy hey learnings learning.
Lol, who said I didn’t rescale load axis so timing and fuelling is ok? All I had to do was increase load axis as you normally would to increase load request and all relevant axis and then it works as normal. Plsol_w is now 5120 so kfldimx works as I wanted it too. There’s definitely nothing breaking and it’s a damn sight better than running open loop like most do - but I might just do the rest as it’s been a while since I’ve modified this patch. Nothing like a bit of constructive criticism to put a rocket up your arse and make you do things properly. |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #11 on: July 09, 2023, 02:49:25 PM »
|
|
|
Lol, who said I didn’t rescale load axis so timing and fuelling is ok? Except it's not ok, the ECU can not calculate actual load above 2560 mbar properly, because ps_w is still 2560. Axis has nothing to do with it when load gets maxed. And unless you massively underscale the MAF it does, which then completely fucks the torque calculation, so have fun with DSG. The only thing in the ECU that is 5120 is the pressure before throttleplate. Absolutely everything else is still 2560, everything that has to do with load. So your entire thing is just pointless. You can just as well re-scale the pressure sensor linearization and the MAF. The result is equally bad/hacky. |
|
|
|
« Last Edit: July 09, 2023, 02:54:45 PM by prj »
|
Logged
|
|
|
|
jacktfsi
Jr. Member
Karma: +18/-0
Offline
Posts: 44
|
|
« Reply #12 on: July 09, 2023, 03:13:55 PM »
|
|
|
Except it's not ok, the ECU can not calculate actual load above 2560 mbar properly, because ps_w is still 2560.
I’ll be fixing this, just had a quick read of fr as it’s been a while since I’ve looked into this but yes your are right. I remember having to limit load axis to around 220% as rl_w would be capped due to the ps_w being 2560 still. I’ll revisit this and try get it working as intended, thanks for poking me with this - it’ll give me something to play with over the next weekend or so. |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #13 on: July 09, 2023, 03:37:39 PM »
|
|
|
I remember having to limit load axis to around 220% as rl_w would be capped due to the ps_w being 2560 still. What does the AXIS have to do with it? Once you hit 2560 ps_w the load gets pegged in the ECU. It means the timing gets pegged, and it stops calculating the amount of fuel to inject correctly. It's flying blind at that point. There's no difference to it between 2560 or 3560, it will inject the exact same amount of fuel and run the exact same timing in both cases. It's not some quick fix, the entire thing needs to be rescaled, and there's way more shit to rescale than in ME7. MED9.1.2 has more stuff at 5120 than 9.1, but even that does not work past 2560 properly, load stops being calculated correctly and gets softcapped, and fuel trim runs away. |
|
|
|
|
Logged
|
|
|
|
jacktfsi
Jr. Member
Karma: +18/-0
Offline
Posts: 44
|
|
« Reply #14 on: July 09, 2023, 03:46:49 PM »
|
|
|
What does the AXIS have to do with it?
Once you hit 2560 ps_w the load gets pegged in the ECU. It means the timing gets pegged, and it stops calculating the amount of fuel to inject correctly.
It's flying blind at that point. There's no difference to it between 2560 or 3560, it will inject the exact same amount of fuel and run the exact same timing in both cases.
It's not some quick fix, the entire thing needs to be rescaled, and there's way more shit to rescale than in ME7.
MED9.1.2 has more stuff at 5120 than 9.1, but even that does not work past 2560 properly, load stops being calculated correctly and gets softcapped, and fuel trim runs away.
That’s exactly what I meant by my previous comment, that timing and injection would both be pegged once that 2560mbar limit is hit. So I meant that to have better resolution I’d scale the axis to up to 220% load as from what I’d noticed this is around where rl_w would be capped. past this point it is useless with 5120 though you’d be able to have full control like you do below the 2560mbar. Yes I also remember it being a big job and that’s why I never did it properly - it’s no minor feat to make this ecu 5120 |
|
|
|
« Last Edit: July 09, 2023, 03:50:33 PM by jacktfsi »
|
Logged
|
|
|
|
|
