Title: Concept of bootloader JTag BDM Post by: devy on September 09, 2020, 01:31:35 PM Hello!
Can somebody explain to me what bootloading means and how it works? There are tools that can read e.g. Renesas SH705x chips. But this is limited to certain car manufacturers and/or ECU brands? Why? If bootloading means uploading a code to the ram of chip which allows to read the flash content....this should work always? regardless of what the data is on the chip and what brand it is? Okay some use CAN protocol and some dont. Or is there a unique security wall that has to be cracked for each type? I mean a SH705x can be found in hitachi ECU, denso ECUs, keihin ECUs, and much more.... Title: Re: Concept of bootloader JTag BDM Post by: xXxCryxXx on September 09, 2020, 01:33:46 PM With Bootloader aka Bootmode you dont increase the Flash Counter while OBD2 Flash doese increase your Flashcounter and if the Flashcounter Limit is Reachd you wont be able to upload a file anymore
Gesendet von meinem SM-N975F mit Tapatalk Title: Re: Re: Concept of bootloader JTag BDM Post by: xXxCryxXx on September 09, 2020, 02:18:23 PM Hello! Bootmode works as his name is you trigger the Mikroprozessor Startup and after that it starts to flash your Maps inside the ecu in you flash or what ever you get.... after a successful writing it reboots your ECU with a crc Command like "trigger signal" then the whole ECU is starting up till your Programmcode is loaded ..... it is like Windows First -> BIOS , then -> Systemparameters, -> then load all maps and sensors then -> init Sensor's and Actors and wait for response thats the ecu startup work i know that happens in microseconds but just to discribe how .... and the bootmode is the bios in this caseCan somebody explain to me what bootloading means and how it works? There are tools that can read e.g. Renesas SH705x chips. But this is limited to certain car manufacturers and/or ECU brands? Why? If bootloading means uploading a code to the ram of chip which allows to read the flash content....this should work always? regardless of what the data is on the chip and what brand it is? Okay some use CAN protocol and some dont. Or is there a unique security wall that has to be cracked for each type? I mean a SH705x can be found in hitachi ECU, denso ECUs, keihin ECUs, and much more.... Gesendet von meinem SM-N975F mit Tapatalk Title: Re: Concept of bootloader JTag BDM Post by: d3irb on September 09, 2020, 05:52:36 PM Very broad question but I see where you're going.
With older CPUs when you see the ability to write a CPU family for one vendor and not others, usually the issue is simply that the pins or memory layout need to be adapted to the different ECU brands, or that not all of the "same CPU" are the exact same CPU - for example, if a different flash chip is used or different pins are used to bring up a part of the board. In the case of "SH705x" I think this is what's going on for you, depending on the vendor and chip revision, different pins are used for serial comms (I think some chips use UART0 and some use UART1 for example?) and there are different flash sizes / layouts at play. With some newer CPUs, yes, sometimes the mask ROM is customized by manufacturer, and even the first stage of the bootloader / Mask ROM or SBOOT has some kind of security system that needs to be cracked on a per-manufacturer basis. And in some cases with BDM, which is a bit of a different beast because it's generally handled by a monitor firmware that runs on the application CPU, the application software itself can actually tamper with the interface and prevent or alter its use. Title: Re: Concept of bootloader JTag BDM Post by: devy on September 09, 2020, 11:39:54 PM Very broad question but I see where you're going. With older CPUs when you see the ability to write a CPU family for one vendor and not others, usually the issue is simply that the pins or memory layout need to be adapted to the different ECU brands, or that not all of the "same CPU" are the exact same CPU - for example, if a different flash chip is used or different pins are used to bring up a part of the board. In the case of "SH705x" I think this is what's going on for you, depending on the vendor and chip revision, different pins are used for serial comms (I think some chips use UART0 and some use UART1 for example?) and there are different flash sizes / layouts at play. With some newer CPUs, yes, sometimes the mask ROM is customized by manufacturer, and even the first stage of the bootloader / Mask ROM or SBOOT has some kind of security system that needs to be cracked on a per-manufacturer basis. And in some cases with BDM, which is a bit of a different beast because it's generally handled by a monitor firmware that runs on the application CPU, the application software itself can actually tamper with the interface and prevent or alter its use. Hey thanks for info! okay this would explain why many flashing tools are so limited. I found a flasher that claims to read and write SH705x on board / in circuit with 512kb or 1064kb memory size. Manufacturer says Hitachi ECU work but has no info for other brands. With a look on what you wrote above I think that this flasher will probably not work e.g. on a Denso ECU with SH705x, even if the pinout is done correctly...? Title: Re: Re: Concept of bootloader JTag BDM Post by: devy on September 09, 2020, 11:58:41 PM Bootmode works as his name is you trigger the Mikroprozessor Startup and after that it starts to flash your Maps inside the ecu in you flash or what ever you get.... after a successful writing it reboots your ECU with a crc Command like "trigger signal" then the whole ECU is starting up till your Programmcode is loaded ..... it is like Windows First -> BIOS , then -> Systemparameters, -> then load all maps and sensors then -> init Sensor's and Actors and wait for response thats the ecu startup work i know that happens in microseconds but just to discribe how .... and the bootmode is the bios in this case Gesendet von meinem SM-N975F mit Tapatalk thats a good comparison! So you think the same SH7055 hardware can have various "bios-codes" and therefore every version of it needs an extra bootloader code...? Title: Re: Re: Re: Concept of bootloader JTag BDM Post by: xXxCryxXx on September 10, 2020, 12:07:41 AM thats a good comparison! So you think the same SH7055 hardware can have various "bios-codes" and therefore every version of it needs an extra bootloader code...? Sorry thats a thing that i dont know |