Title: EDC15 multimap
Post by: nihalot on May 29, 2017, 03:35:05 PM
Hope this helps anyone, although there doesnt seem to be much interest in this ECU... Follow my other post and disable the checksums first. 1st step is to find how the CANBUS is handled. There is a buffer in RAM in which the messages are stored before they are transmitted. On edc15, finding the buffer is easy. Example: Search for sequence of bytes: 0x280 or 0x288 or any other CAN id used by the ecu... This will point you to the code which handles canbus: ROM:00094156 mov r5, #280h
ROM:0009415A mov CAN_280, r5 ;CAN_280- RAM buffer handling id -0x280
ROM:0009415E movb rl4, #8
ROM:00094160 movb byte_C743, rl4
ROM:00094164 mov r4, #288h
ROM:00094168 mov CAN_288, r4
ROM:0009416C movb rl4, #8
ROM:0009416E movb byte_C74F, rl4
ROM:00094172 mov r4, #380h
ROM:00094176 mov CAN_380, r4
ROM:0009417A movb rl4, #8
ROM:0009417C movb byte_C75B, rl4
ROM:00094180 mov r4, #480h Now that you've found the CAN buffer, refer to the FR CAN section. Below, Ive shown the CANBUS buffer handling id 0x280 in my file. MEM_EXT:0000C744 CAN_280: ds 2 ; DATA XREF: ROM:0009415A�w
MEM_EXT:0000C746 byte_C746: ds 1 ; DATA XREF: ROM:000945DC�w
MEM_EXT:0000C746 ; ROM:0009463E�w ...
MEM_EXT:0000C747 byte_C747: ds 1 ; DATA XREF: ROM:0009468A�w
MEM_EXT:0000C747 ; ROM:0009475E�w
MEM_EXT:0000C748 can_nmot_low: ds 1 ; DATA XREF: ROM:0009468E�w
MEM_EXT:0000C748 ; ROM:00094788�w
MEM_EXT:0000C749 can_nmot_high: ds 1 ; DATA XREF: ROM:00094692�w
MEM_EXT:0000C749 ; ROM:00094790�w
MEM_EXT:0000C74A byte_C74A: ds 1 ; DATA XREF: ROM:00094696�w
MEM_EXT:0000C74A ; ROM:00094814�w ...
MEM_EXT:0000C74B byte_C74B: ds 1 ; DATA XREF: ROM:loc_948A0�w
MEM_EXT:0000C74B ; ROM:000948CA�w
MEM_EXT:0000C74C byte_C74C: ds 1 ; DATA XREF: ROM:00094D2E�w
MEM_EXT:0000C74C ; ROM:loc_94DB6�w
MEM_EXT:0000C74D byte_C74D: ds 1 ; DATA XREF: ROM:0009469E�w
MEM_EXT:0000C74D ; ROM:000947E6�w
MEM_EXT:0000C74E byte_C74E: ds 1 ; DATA XREF: ROM:000945C0�w
MEM_EXT:0000C74F byte_C74F: ds 1 ; DATA XREF: ROM:0009416E�w
To use the rpm gauge for showing the present map(or any other parameter like boost, SOI,etc), you'll have to modify the subroutine writing to bytes 3 and 4 of the CAN id 0x280. ROM:00094780 calls 9, sub_94002
ROM:00094784 add r0, #4
ROM:00094786 mov r9, r4
ROM:00094788 movb can_nmot_low, rl4
ROM:0009478C mov r4, r9
ROM:0009478E ashr r4, #8
ROM:00094790 movb can_nmot_high, rl4
ROM:00094794 mov r1, word_C420
ROM:00094798 add r1, word_C426
ROM:0009479C cmp r1, word_F962
ROM:000947A0 jmpr cc_SGE, loc_947A6
ROM:000947A2 mov r9, r1
ROM:000947A4 jmpr cc_UC, loc_947AA
r4 contains the actual RPM. We will modify this vaue to whatever we want; to show the map selected in our case. I inserted my call at 94784, to my routine. Its upto you to decide where to insert this call, but make sure you dont change the original logic. Next step is to take inputs like clutch, brake or cruise control. This can also be inferenced from the CAN buffer. example: id 0x280, byte 0, bit 4 is B_kuppl(clutch pedal). Find the code which writes to this bit, and you will find B_kuppl ROM:00094EBC movb rl4, word_C49A+1
ROM:00094EC0 jmpr cc_NZ, loc_94ED0
ROM:00094EC2 mov r4, word_14D6
ROM:00094EC6 movb rl5, [r4]
ROM:00094EC8 jmpr cc_NZ, loc_94ED0
ROM:00094ECA movb rl4, #8
ROM:00094ECC orb byte_C746, rl4
As seen in above code, 0xC94B contains the status of the clutch pedal. But this is not the global variable. I suppose, this is a temporary RAM address to which the clutch switch status is copied when this subroutine starts(so that as long as the subroutine is still being executed, any change in the clutch status will not be updated. Otherwise, it's possible that at the start of the subroutine the status of the clutch is different from that when the subroutine ends, resulting in unpredictable behaviour) Find the global variable by searching for xrefs to 0xc94b ROM:0009433E movb rl2, byte_C370
ROM:00094342 movb word_C49A+1, rl2
0xc370 is the global variable for B_kuppl. Repeat this for other variables you want to use(cruise control status is on id 0x388/0x38A and brake pedals on 0x288) Now, for mapswitching, you need to change the DPP's Each datablock is referred using DPP0, DPP1 and DPP2. DPP3 is used for CAN. datablock 1: DPP0- 0x34 DPP1- 0x35 DPP2- 0x36 datablock 2: DPP0- 0x38 DPP1- 0x39 DPP2- 0x3A datablock 3: DPP0- 0x3C DPP1- 0x3D DPP2- 0x3E This is the code I use for switching between maps and displaying boost on RPM gauge. $MOD167 ; Define C167 mode
$SEGMENTED ; Segemented memory mode
$CASE ; Symbols case sensitive
$include (reg167.inc)
NAME MINIMON
ASSUME DPP3:system
StackData0 SECTION DATA SYSSTACK ; Data Section to reserve
; Stack-Memory
DSB 20H ; 32 Byte
StackData0 ENDS ; End of Dummy-Section
DriverCode0 SECTION CODE PUBLIC 'CDRIVER'
DriverProc PROC FAR
mov r4, 0xc036 ;boost
shl r4,#2
movb rl1,0xc370 ;b_kuppl
jnb r1.0, needle
movb rl1,0xc379 ;cc_cancel toggle button
jnb r1.0, xyz
movb rl1,#1
movb 0xc76e,rl1 ;cc_off debounce
jmpr cc_uc, needle
xyz:
movb rl1,0xc76e
jmpr cc_z, needle
movb rl1,#0
movb 0xc76e,rl1
movb rl1,0xc76f ;delay counter
jmpr cc_nz, dpp
movb rl1,#0x7f ; initialize delay counter so that r4 isnt updated by the ECU for atleast ~ 40ms * 0x7F= 5080ms ~ 5sec
movb 0xc76f,rl1
jmpr cc_uc, needle
dpp:
cmp dpp0,#0x3c
jmpr cc_eq, dppl
mov dpp0,#0x3c
mov dpp1,#0x3d
mov dpp2,#0x3e
jmpr cc_uc,needle
dppl:
mov dpp0,#0x34
mov dpp1,#0x35
mov dpp2,#0x36
needle:
mov rl1,0xc76f
jmpr cc_z,end1
subb rl1,#1
mov 0xc76f,rl1
cmp dpp0,#0x3c
jmpr cc_ne, n1
mov r4,#0x2ee0
jmpr cc_uc, end1
n1:
mov r4,#0x3e80
end1:
add r0,#4
mov r9,r4
rets
DriverProc ENDP
DriverCode0 ENDS
END
I suggest writing your own code, as mine can be a bit difficult to follow :P Basically, my code does this: - check if clutch is pressed, if yes then continue. - check if cruice control cancel button is pressed. If yes, store 1 in a free ram byte ( lots of free ram in this ECU, 0xC820-0xC82F is free on all the edc15's I've worked on, enough for our small subroutine) and exit the subroutine This is done to "debounce" the button press (as long as the button is pressed, no change will take place) - check if the "debounce" ram byte is 1, if yes, set it to 0 and switch maps( by changing the DPP's) - To display the map selected understand how the rpm is displayed on the instrument cluster. Lets say you want the rpm needle to show 2000rpm. There is a factor of 4. So the transmitted CAN message for rpm is 2000*4= 8000 which corresponds to 0x1F40 in hex All we need to do is replace the value in r4 with the value you want to display. - Setup a counter for displaying the selected map. This is necessary because replacing r4 with the desired value once is not enough. The main loop takes around 40ms to execute. So after 40ms r4 will get overwritten by RPM and the needle will not show the value you wanted it to show. Look at my code for a better understanding... Compile using Uvision or a compiler of your choice. Load the output hex file into Winols, search where your code begins, and copy it to a free space in your flash. Then insert a call to your new function. I chose to insert my call at 0x94784(0x14784 in WinOLS) Free space in my file - 0x1A000 which translates to 0x9A000 Hence, opcode for call: DA 09 00 A0 I will be posting a part 2 showing how you can save the selected datablock over ignition cycles. PS: @nyet, I'm inspired by your views, hence making my work open source :) I encourage everyone else to share too. This community is too secretive, although there are a few who do share! Together we can beat the corporates ;)
Title: Re: EDC15 multimap
Post by: ReproLogic on May 29, 2017, 05:25:32 PM
Thank you for share your job, im interested in learn the ASM code, but Im a noob in this things.
I'll be here reading you.
Title: Re: EDC15 multimap
Post by: lepatron972 on May 30, 2017, 02:15:43 AM
Hope this helps anyone, although there doesnt seem to be much interest in this ECU... Follow my other post and disable the checksums first. 1st step is to find how the CANBUS is handled. There is a buffer in RAM in which the messages are stored before they are transmitted. On edc15, finding the buffer is easy. Example: Search for sequence of bytes: 0x280 or 0x288 or any other CAN id used by the ecu... This will point you to the code which handles canbus: ROM:00094156 mov r5, #280h
ROM:0009415A mov CAN_280, r5 ;CAN_280- RAM buffer handling id -0x280
ROM:0009415E movb rl4, #8
ROM:00094160 movb byte_C743, rl4
ROM:00094164 mov r4, #288h
ROM:00094168 mov CAN_288, r4
ROM:0009416C movb rl4, #8
ROM:0009416E movb byte_C74F, rl4
ROM:00094172 mov r4, #380h
ROM:00094176 mov CAN_380, r4
ROM:0009417A movb rl4, #8
ROM:0009417C movb byte_C75B, rl4
ROM:00094180 mov r4, #480h Now that you've found the CAN buffer, refer to the FR CAN section. Below, Ive shown the CANBUS buffer handling id 0x280 in my file. MEM_EXT:0000C744 CAN_280: ds 2 ; DATA XREF: ROM:0009415A�w
MEM_EXT:0000C746 byte_C746: ds 1 ; DATA XREF: ROM:000945DC�w
MEM_EXT:0000C746 ; ROM:0009463E�w ...
MEM_EXT:0000C747 byte_C747: ds 1 ; DATA XREF: ROM:0009468A�w
MEM_EXT:0000C747 ; ROM:0009475E�w
MEM_EXT:0000C748 can_nmot_low: ds 1 ; DATA XREF: ROM:0009468E�w
MEM_EXT:0000C748 ; ROM:00094788�w
MEM_EXT:0000C749 can_nmot_high: ds 1 ; DATA XREF: ROM:00094692�w
MEM_EXT:0000C749 ; ROM:00094790�w
MEM_EXT:0000C74A byte_C74A: ds 1 ; DATA XREF: ROM:00094696�w
MEM_EXT:0000C74A ; ROM:00094814�w ...
MEM_EXT:0000C74B byte_C74B: ds 1 ; DATA XREF: ROM:loc_948A0�w
MEM_EXT:0000C74B ; ROM:000948CA�w
MEM_EXT:0000C74C byte_C74C: ds 1 ; DATA XREF: ROM:00094D2E�w
MEM_EXT:0000C74C ; ROM:loc_94DB6�w
MEM_EXT:0000C74D byte_C74D: ds 1 ; DATA XREF: ROM:0009469E�w
MEM_EXT:0000C74D ; ROM:000947E6�w
MEM_EXT:0000C74E byte_C74E: ds 1 ; DATA XREF: ROM:000945C0�w
MEM_EXT:0000C74F byte_C74F: ds 1 ; DATA XREF: ROM:0009416E�w
To use the rpm gauge for showing the present map(or any other parameter like boost, SOI,etc), you'll have to modify the subroutine writing to bytes 3 and 4 of the CAN id 0x280. ROM:00094780 calls 9, sub_94002
ROM:00094784 add r0, #4
ROM:00094786 mov r9, r4
ROM:00094788 movb can_nmot_low, rl4
ROM:0009478C mov r4, r9
ROM:0009478E ashr r4, #8
ROM:00094790 movb can_nmot_high, rl4
ROM:00094794 mov r1, word_C420
ROM:00094798 add r1, word_C426
ROM:0009479C cmp r1, word_F962
ROM:000947A0 jmpr cc_SGE, loc_947A6
ROM:000947A2 mov r9, r1
ROM:000947A4 jmpr cc_UC, loc_947AA
r4 contains the actual RPM. We will modify this vaue to whatever we want; to show the map selected in our case. I inserted my call at 94784, to my routine. Its upto you to decide where to insert this call, but make sure you dont change the original logic. Next step is to take inputs like clutch, brake or cruise control. This can also be inferenced from the CAN buffer. example: id 0x280, byte 0, bit 4 is B_kuppl(clutch pedal). Find the code which writes to this bit, and you will find B_kuppl ROM:00094EBC movb rl4, word_C49A+1
ROM:00094EC0 jmpr cc_NZ, loc_94ED0
ROM:00094EC2 mov r4, word_14D6
ROM:00094EC6 movb rl5, [r4]
ROM:00094EC8 jmpr cc_NZ, loc_94ED0
ROM:00094ECA movb rl4, #8
ROM:00094ECC orb byte_C746, rl4
As seen in above code, 0xC94B contains the status of the clutch pedal. But this is not the global variable. I suppose, this is a temporary RAM address to which the clutch switch status is copied when this subroutine starts(so that as long as the subroutine is still being executed, any change in the clutch status will not be updated. Otherwise, it's possible that at the start of the subroutine the status of the clutch is different from that when the subroutine ends, resulting in unpredictable behaviour) Find the global variable by searching for xrefs to 0xc94b ROM:0009433E movb rl2, byte_C370
ROM:00094342 movb word_C49A+1, rl2
0xc370 is the global variable for B_kuppl. Repeat this for other variables you want to use(cruise control status is on id 0x388/0x38A and brake pedals on 0x288) Now, for mapswitching, you need to change the DPP's Each datablock is referred using DPP0, DPP1 and DPP2. DPP3 is used for CAN. datablock 1: DPP0- 0x34 DPP1- 0x35 DPP2- 0x36 datablock 2: DPP0- 0x38 DPP1- 0x39 DPP2- 0x3A datablock 3: DPP0- 0x3C DPP1- 0x3D DPP2- 0x3E This is the code I use for switching between maps and displaying boost on RPM gauge. $MOD167 ; Define C167 mode
$SEGMENTED ; Segemented memory mode
$CASE ; Symbols case sensitive
$include (reg167.inc)
NAME MINIMON
ASSUME DPP3:system
StackData0 SECTION DATA SYSSTACK ; Data Section to reserve
; Stack-Memory
DSB 20H ; 32 Byte
StackData0 ENDS ; End of Dummy-Section
DriverCode0 SECTION CODE PUBLIC 'CDRIVER'
DriverProc PROC FAR
mov r4, 0xc036 ;boost
shl r4,#2
movb rl1,0xc370 ;b_kuppl
jnb r1.0, needle
movb rl1,0xc379 ;cc_cancel toggle button
jnb r1.0, xyz
movb rl1,#1
movb 0xc76e,rl1 ;cc_off debounce
jmpr cc_uc, needle
xyz:
movb rl1,0xc76e
jmpr cc_z, needle
movb rl1,#0
movb 0xc76e,rl1
movb rl1,0xc76f ;delay counter
jmpr cc_nz, dpp
movb rl1,#0x7f ; initialize delay counter so that r4 isnt updated by the ECU for atleast ~ 40ms * 0x7F= 5080ms ~ 5sec
movb 0xc76f,rl1
jmpr cc_uc, needle
dpp:
cmp dpp0,#0x3c
jmpr cc_eq, dppl
mov dpp0,#0x3c
mov dpp1,#0x3d
mov dpp2,#0x3e
jmpr cc_uc,needle
dppl:
mov dpp0,#0x34
mov dpp1,#0x35
mov dpp2,#0x36
needle:
mov rl1,0xc76f
jmpr cc_z,end1
subb rl1,#1
mov 0xc76f,rl1
cmp dpp0,#0x3c
jmpr cc_ne, n1
mov r4,#0x2ee0
jmpr cc_uc, end1
n1:
mov r4,#0x3e80
end1:
add r0,#4
mov r9,r4
rets
DriverProc ENDP
DriverCode0 ENDS
END
I suggest writing your own code, as mine can be a bit difficult to follow :P Basically, my code does this: - check if clutch is pressed, if yes then continue. - check if cruice control cancel button is pressed. If yes, store 1 in a free ram byte ( lots of free ram in this ECU, 0xC820-0xC82F is free on all the edc15's I've worked on, enough for our small subroutine) and exit the subroutine This is done to "debounce" the button press (as long as the button is pressed, no change will take place) - check if the "debounce" ram byte is 1, if yes, set it to 0 and switch maps( by changing the DPP's) - To display the map selected understand how the rpm is displayed on the instrument cluster. Lets say you want the rpm needle to show 2000rpm. There is a factor of 4. So the transmitted CAN message for rpm is 2000*4= 8000 which corresponds to 0x1F40 in hex All we need to do is replace the value in r4 with the value you want to display. - Setup a counter for displaying the selected map. This is necessary because replacing r4 with the desired value once is not enough. The main loop takes around 40ms to execute. So after 40ms r4 will get overwritten by RPM and the needle will not show the value you wanted it to show. Look at my code for a better understanding... Compile using Uvision or a compiler of your choice. Load the output hex file into Winols, search where your code begins, and copy it to a free space in your flash. Then insert a call to your new function. I chose to insert my call at 0x94784(0x14784 in WinOLS) Free space in my file - 0x1A000 which translates to 0x9A000 Hence, opcode for call: DA 09 00 A0 I will be posting a part 2 showing how you can save the selected datablock over ignition cycles. PS: @nyet, I'm inspired by your views, hence making my work open source :) I encourage everyone else to share too. This community is too secretive, although there are a few who do share! Together we can beat the corporates ;) Hi, it's good to ask to share, but the people who spent the hours developing the soft you do not associate them with your post. You do not believe, Basano shared his own on MED9, but you have not done the biggest on the edc15, do not forget to specify that the edc16 is in the pipes. They are things done in secret because it takes a lot of time and not many people in the professional world get into it. It is better to be sincere and impartial with all those who have worked on it.
Title: Re: EDC15 multimap
Post by: nihalot on May 30, 2017, 02:24:08 AM
Hi, it's good to ask to share, but the people who spent the hours developing the soft you do not associate them with your post. You do not believe, Basano shared his own on MED9, but you have not done the biggest on the edc15, do not forget to specify that the edc16 is in the pipes. They are things done in secret because it takes a lot of time and not many people in the professional world get into it. It is better to be sincere and impartial with all those who have worked on it.
I've given credit where credits due. Check my checksum disable post. I don't think I said anywhere in my posts that I've done ground breaking work. I've just posted my findings in a humble way. Thanks for undermining my work though.
Title: Re: EDC15 multimap
Post by: nihalot on May 30, 2017, 02:31:20 AM
Also,
There are so many other communities, working together, sharing their findings, improving on others work. ios jailbreak, nintendo, xbox, playstation hacks come to mind.
Please dont reply if you dont have anything productive to say.
Keep your secrets, there are others willing to share :)
Title: Re: EDC15 multimap
Post by: prj on May 30, 2017, 11:58:10 PM
Hi, it's good to ask to share, but the people who spent the hours developing the soft you do not associate them with your post. You do not believe, Basano shared his own on MED9, but you have not done the biggest on the edc15, do not forget to specify that the edc16 is in the pipes. They are things done in secret because it takes a lot of time and not many people in the professional world get into it. It is better to be sincere and impartial with all those who have worked on it.
How about you crawl back under the rock you came out from? Your bullshit is not welcome here. This ECU is 20 years old and you are a lunatic. @nihalot gj. Map switching is a lot easier to do on EDC15/16, because many of them have inherent multi-bank support. The thing posted that is of most value here is the CAN handling code.
Title: Re: EDC15 multimap
Post by: lepatron972 on May 31, 2017, 01:01:37 AM
How about you crawl back under the rock you came out from? Your bullshit is not welcome here.
This ECU is 20 years old and you are a lunatic.
@nihalot gj.
Map switching is a lot easier to do on EDC15/16, because many of them have inherent multi-bank support.
The thing posted that is of most value here is the CAN handling code.
You make me laugh, I do not tell bullshit, the CAN code that is welcome, it does not take it out of his hat and was not the only one working on the MINIMOM posted requests it from where it comes from. Certainly they have 20 years map switch, on edc15 as edc16 my buddy bump on it for 4 years. Therefore, I find it unfavorable, even partial disclosure of this long work. With VCDS on switch the map but to the cruse controlled and rotating motor, it is recent. I could even make you see conversation screenshots with IDA exchange or even it asks sharing for edc16. After each his way of seeing.
Title: Re: EDC15 multimap
Post by: prj on May 31, 2017, 01:29:40 AM
You make me laugh, I do not tell bullshit, the CAN code that is welcome, it does not take it out of his hat and was not the only one working on the MINIMOM posted requests it from where it comes from. Certainly they have 20 years map switch, on edc15 as edc16 my buddy bump on it for 4 years. Therefore, I find it unfavorable, even partial disclosure of this long work. With VCDS on switch the map but to the cruse controlled and rotating motor, it is recent.
I could even make you see conversation screenshots with IDA exchange or even it asks sharing for edc16. After each his way of seeing.
If it takes you 4 years to write map switch for EDC15/EDC16 you have no business in this industry. I could do EDC16 map switch in a day, a few at most. Also, no one cares what you think is favorable or not. Stop spamming your BS in this thread.
Title: Re: EDC15 multimap
Post by: nihalot on May 31, 2017, 01:33:39 AM
You make me laugh, I do not tell bullshit, the CAN code that is welcome, it does not take it out of his hat and was not the only one working on the MINIMOM posted requests it from where it comes from. Certainly they have 20 years map switch, on edc15 as edc16 my buddy bump on it for 4 years. Therefore, I find it unfavorable, even partial disclosure of this long work. With VCDS on switch the map but to the cruse controlled and rotating motor, it is recent.
I could even make you see conversation screenshots with IDA exchange or even it asks sharing for edc16. After each his way of seeing.
I worked with john9357. I can send you screenshots too, of him asking me for help. As soon as edc15 multimap was realised, he started selling it, not asking me about it or anything. He was working on it since past 4 years like you said. HE contacted ME on nefmoto last year, and we worked on it. 4 years no multimap. Contacts me last year, multimap done. Doesnt take a genius to figure out, no? He was stuck at some things, and I helped. In the process I learned a lot too. You want screenshots? I asked him for help with edc16, which he ignored. Convenient, no? I can show screenshots too.
Title: Re: EDC15 multimap
Post by: lepatron972 on May 31, 2017, 01:58:38 AM
We are not professionals and it is annoying that some working partners share some things without consultation. The code not 4 years of work I know, we have our working group on our forum. One thing is sure the following you will see it from afar. Because we feel betrayed by you
Title: Re: EDC15 multimap
Post by: nihalot on May 31, 2017, 02:07:15 AM
We are not professionals and it is annoying that some working partners share some things without consultation. The code not 4 years of work I know, we have our working group on our forum. One thing is sure the following you will see it from afar. Because we feel betrayed by you
Huh? You have no right to feel betrayed. If anything, y'all betrayed me. Why should I consult him or anyone before sharing? He surely didnt consult me before selling it. Also, if you thought i was a "working partner" why not share edc16 related work? So much bs...
Title: Re: EDC15 multimap
Post by: lepatron972 on May 31, 2017, 02:27:14 AM
If the biggest comes from you, our help will not be useful, so no need to give you more info. I wish you all the best. Go good road mister indian.
Title: Re: EDC15 multimap
Post by: nihalot on May 31, 2017, 02:31:27 AM
Ah, classic. Resort to racism :)
Title: Re: EDC15 multimap
Post by: lepatron972 on May 31, 2017, 02:46:24 AM
I'm black where is racism?
It is like my colleagues who call me DOUDOU
Title: Re: EDC15 multimap
Post by: nihalot on May 31, 2017, 03:06:13 AM
I'm black where is racism?
It is like my colleagues who call me DOUDOU
Xenophobe then. Take your spam to your forum. Im sure the mods or others in the community dont like this. Especially since you refuse to share. This forum has a very basic motto. Share. Clearly doesnt match your or your "working partners" ideology.
Title: Re: EDC15 multimap
Post by: lepatron972 on May 31, 2017, 03:27:16 AM
Immediately the big words, without argument and wanting to monetize the knowledge of others, I am black and Indian Caribbean, native fwi. Before treating people without knowing or unless you deny your person do not give me any unfounded qualifier. I wish you much courage and success in your journey.
Regards
Title: Re: EDC15 multimap
Post by: nihalot on May 31, 2017, 03:33:43 AM
wanting to monetize the knowledge of others
LOL. You clearly insinuated something with "mister indian". Whatever it was, its not appreciated. Goodbye.
Title: Re: EDC15 multimap
Post by: lepatron972 on May 31, 2017, 03:41:39 AM
LOL.
You clearly insinuated something with "mister indian".
Whatever it was, its not appreciated.
Goodbye.
I did not think you were obtuse, I am jovial and teasing nothing more it was a wink at the worst but I am neither racist nor xenophob from where my amazement. it does not matter. Good progress. You will get there I am convinced kisses Regards
Title: Re: EDC15 multimap
Post by: spacey3 on May 31, 2017, 03:48:17 AM
We are not professionals and it is annoying that some working partners share some things without consultation. The code not 4 years of work I know, we have our working group on our forum. One thing is sure the following you will see it from afar. Because we feel betrayed by you
Why on earth are you on this forum? You feel it's acceptable to come to a place where everyone shares their work and knowledge, yet give nothing back and keep everything you've learnt to yourself and your other little forum...? As has already been said by prj, this isn't ground breaking stuff! Anyone with some knowledge and experience can do it relatively easily, nihalot has simply made it slightly easier and given some inspiration for the less knowledgeable, and more importantly, SHARED! A man can only attain knowledge with the help of those who possess it. This must be understood from the very beginning. One must learn from him who knows. (George Ivanovich Gurdjieff) Let me ask... Where did you get your knowledge on this subject from the very beginning? I can guarantee much of it was FREELY from others.
Title: Re: EDC15 multimap
Post by: lepatron972 on May 31, 2017, 04:20:38 AM
Sharing is not the problem, it is the method used. It even offered money to have a code it's not our kind, we made workgroups, to unlock the vcds display no matter the value, iq boost etc ... edc16 edc15 we work on edc17 This for large preparations. Our dissatisfaction is that if the work is done to several why share without consultation?
Title: Re: EDC15 multimap
Post by: nihalot on May 31, 2017, 04:28:16 AM
Sharing is not the problem, it is the method used. It even offered money to have a code it's not our kind, we made workgroups, to unlock the vcds display no matter the value, iq boost etc ... edc16 edc15 we work on edc17 This for large preparations. Our dissatisfaction is that if the work is done to several why share without consultation?
I'm not in the habit of consulting someone who doesnt consult me, and then ignores me when I ask for help. He felt it was ok to sell the work in which i had a contribution, without consulting. I felt it ok to post, without consulting.
Title: Re: EDC15 multimap
Post by: prj on May 31, 2017, 05:33:08 AM
we made workgroups, to unlock the vcds display no matter the value, iq boost etc ... edc16 edc15 we work on edc17 This for large preparations. Workgroups? Are you f... kidding me? I did 2.5 years ago in ONE day incl. posting exactly how to do it: http://www.ecuconnections.com/forum/viewtopic.php?f=2&t=28762 (http://www.ecuconnections.com/forum/viewtopic.php?f=2&t=28762) I've obviously done it on 15 and 17 as well. I was going to give you the benefit of doubt, but it seems you guys are just really bad at this. Wash your dirty laundry somewhere else. 4 years for map switch... lol.
Title: Re: EDC15 multimap
Post by: aef on May 31, 2017, 05:49:59 AM
(http://rs61.pbsrc.com/albums/h52/Ti42/Smilies/popcorn.gif~c200)
Title: Re: EDC15 multimap
Post by: nihalot on May 31, 2017, 07:02:10 AM
@nihalot gj.
Map switching is a lot easier to do on EDC15/16, because many of them have inherent multi-bank support.
The thing posted that is of most value here is the CAN handling code.
Yep, it is not difficult to implement on edc15. Edc16, i cant say because i havent done yet... Maybe if i had it on a bench, I'd have better chances :) If anyone is willing to share, how the canbus works on edc16, that would be great. Me7/me9 i have done. I see there isnt a how-to for me7. If there's interest, I dont mind posting a how to... Regards
Title: Re: EDC15 multimap
Post by: Khendal on May 31, 2017, 09:09:02 AM
Yep, it is not difficult to implement on edc15.
Edc16, i cant say because i havent done yet... Maybe if i had it on a bench, I'd have better chances :)
If anyone is willing to share, how the canbus works on edc16, that would be great.
Me7/me9 i have done. I see there isnt a how-to for me7. If there's interest, I dont mind posting a how to...
Regards
Knowledge on Me7 and MED9 ...are always appreciate :)
Title: Re: EDC15 multimap
Post by: spacey3 on June 01, 2017, 02:11:03 AM
Knowledge on Me7 and MED9 ...are always appreciate :)
+1 :D
Title: Re: EDC15 multimap
Post by: prenis on August 14, 2017, 02:15:17 AM
Knowledge on Me7 and MED9 ...are always appreciate :)
+1
Title: Re: EDC15 multimap
Post by: unk972 on December 28, 2017, 02:43:15 AM
Hello,
Thank for you sharing about the EDC15 multimap! I'm trying to learn to make it but it's difficult to me without a step by step :(
Title: Re: EDC15 multimap
Post by: Tatan974 on April 03, 2018, 11:01:11 AM
Hi, Thank you for this post ! I'm testing your code and it's works ;D But I need your help. I want to use rpm gauge without the multimap switch. I'm inject this code : mov r4, 0xc036 ;boost
shl r4,#2
jmpr cc_uc, needle
needle:
mov r4,#0x2ee0
rets But it's don't works :( PS : Sorry i'm novice in the dessasembly i'm don't understand the instruction very well... but I'm here to try to understand
Title: Re: EDC15 multimap
Post by: Tatan974 on April 03, 2018, 11:39:49 AM
So i'm continue the test I'm inject this code : mov r4, 0xc036 ;boost
shl r4,#2
jnb r1.0, needle
jnb r1.0, xyz
jmpr cc_uc, needle
xyz:
movb rl1,0xc76e
jmpr cc_z, needle
movb rl1,#0
movb 0xc76e,rl1
movb rl1,0xc76f ;delay counter
movb rl1,#0x7f ; initialize delay counter so that r4 isnt updated by the ECU for atleast ~ 40ms * 0x7F= 5080ms ~ 5sec
movb 0xc76f,rl1
jmpr cc_uc, needle
needle:
mov rl1,0xc76f
jmpr cc_z,end1
subb rl1,#1
mov 0xc76f,rl1
jmpr cc_ne, n1
mov r4,#0x2ee0
jmpr cc_uc, end1
n1:
mov r4,#0x3e80
end1:
add r0,#4
mov r9,r4
rets it seems worked : (https://image.noelshack.com/minis/2018/14/2/1522780728-boost.png) (https://www.noelshack.com/2018-14-2-1522780728-boost.jpg) (https://image.noelshack.com/minis/2018/14/2/1522780744-20180403-223035.png) (https://www.noelshack.com/2018-14-2-1522780744-20180403-223035.jpg) Someone can check the code and tell me if there are any instructions in excess?
Title: Re: EDC15 multimap
Post by: ovidiumarin on December 15, 2018, 04:11:49 AM
So i'm continue the test
I'm inject this code :
it seems worked :
(https://image.noelshack.com/minis/2018/14/2/1522780728-boost.png) (https://www.noelshack.com/2018-14-2-1522780728-boost.jpg)
(https://image.noelshack.com/minis/2018/14/2/1522780744-20180403-223035.png) (https://www.noelshack.com/2018-14-2-1522780744-20180403-223035.jpg)
Someone can check the code and tell me if there are any instructions in excess?
Nicely done! Can you help me get the correct IDA settings ?
Title: Re: EDC15 multimap
Post by: Rocknsock on September 30, 2019, 02:16:52 AM
Hello,
Can someone help me how to compile asm code to hex?
Thanks
|