|
Title: Disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 SW0002) Post by: automan001 on April 02, 2015, 12:18:32 PM I'm starting this topic for my collegues and friends who wants to have a quick start to begin disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 and SW0002)
Here is a link to pre-loaded IDA file (for HN2 SW0002): https://drive.google.com/file/d/0B0z1E_9eZCvMUUdNNDN3RkJmbVU/view?usp=sharing You will need an IDA 5.5.0.925t to load the project Me 7.5 has following memory (segment) organization: 000000-007FFF 32K boot rom 008000-00DFFF MEM_EXT (380000 ... 383FFF are remapped as 008000...00BFFF) 00E000-00E7FF 2K XRAM 00E800-00EEFF Reserved 00EF00-00EFFF CAN1 00F000-00F1FF 512b E_SFR 00F200-00F5FF Reserved 00F600-00FDFF 2K IRAM 00FE00-00FFFF 512b SFR 380000-387FFF 32K Ram Physical present 388000-38FFFF ? 800000-80FFFF 64K Bottom Block 810000-81FFFF 64K Cal Tables 820000-900000 1M ECU Flash ROM resident code To convert 38xxxx address into xxxx address and vice versa you will need a formula which i successfully use, specially for you I've attached my address_calc.xls In the yellow column you enter value and in the green column you get result. For example conversion from 0x38XXXX to 0xXXX and vice versa for many has always been an issue, but there is Excel which easily solves it. IDA was downloaded from here, its translated from my native language https://translate.google.com/translate?hl=ru&sl=ru&tl=en&u=http%3A%2F%2Frutracker.org%2Fforum%2Fviewtopic.php%3Ft%3D2537609 I can reupload it on google drive and send you the link, just send me PM. You can also find the version of IDA on other sites/in other torrents. When you open the .ida project you will se something like in the pictures below. And then you will get an idea how to continue exploring the unknown space of assembly code ;) Inside the folder you have hn2.ecu and HN2_map_list.csv files for reference. Also you have already opened the same bin in WinOls to see how this correlates to your maps. Then you use the address calculator to find match between ECU and WinOls addresses... Maps are here http://nefariousmotorsports.com/forum/index.php?topic=576.15 Title: Re: Disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 SW0002) Post by: masterj on April 03, 2015, 01:23:56 AM Have you defined whole file? :o Now that's a commitment...
Title: Re: Disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 SW0002) Post by: tbm on April 03, 2015, 05:35:10 AM Thanks a lot Mate! You've done a greatest job!
Title: Re: Disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 SW0002) Post by: roman_tyk on October 04, 2015, 11:00:07 AM Could someone tell me why after loading this idb project into my IDA, i don't have such nice blue comments like author of this thread? (like in attached png files, for example KFMIOP_T_166ECh i don't have it ;().
Title: Re: Disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 SW0002) Post by: Ionut on October 07, 2015, 01:27:45 PM Loaded project in IDA 6 and all informations are there.
Great job ! Title: Re: Disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 SW0002) Post by: ddillenger on October 07, 2015, 08:10:43 PM Could someone tell me why after loading this idb project into my IDA, i don't have such nice blue comments like author of this thread? (like in attached png files, for example KFMIOP_T_166ECh i don't have it ;(). Because you didn't write them? You think IDA does everything? Title: Re: Disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 SW0002) Post by: adam- on October 08, 2015, 01:21:42 AM I'm gonna use this to help start making a 5120 hacked 0001 file, hopefully.
Title: Re: Disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 SW0002) Post by: _Bubik on December 07, 2022, 03:11:07 AM Is here anyone, which can reload that ida preload file on the top for me?
Thank you |