NefMoto

Hello,
sorry if I make mistakes in english I'm french

I would like to disassemble the code of a bosch MP3.2 calculator
this calculator is used on peugeot turbo petrol engines before 2000

it's the first time I do this job

I think I managed to properly disassemble my file, but I would still like someone to confirm if I'm on the right track

and know once I'm at this point if there are any specific advice as to which function is what

thanks.

I have a question about axes signaturebytes and ram addresses?

for example I know that on this ecu the rpm axis is signed 3B, the manifold pressure is 43, water temperature is 3A ...

and sometimes in assembly code there are ram addresses that carry the same values:



Is there a relationship?

http://m232.org (http://m232.org)

Download my commented M2.3.2 disassembly from github, it will answer a lot of your questions ;)

Hello PRJ,

I saw part of your work this afternoon on the S2 forum, I was registering to contact you!

thank you for your help, I'm going to read  ;)

is the .idb file to open?

because i have ida pro v6.1 which tells me "file too recent"

and ida freeware v7.0.1 which does not seem to want to open it ...

thanks.

Well then you need newer IDA Pro, V7 or V7.1 at the very least.

if it is not too complicated could you post a text version or other extention of this file?

I have a hard time finding on the net a more recent version of ida,

it does not pose any problem to me to pay licenses for software like winols that I use every day,

but not for a software of which I do not know how to use still and i which maybe not re-use...

thanks.

Hello

In 0261200809.asm file, code_6234 seems to be main loop.

Hello Alex,

please, did you figure it out ? I'm also trying to disassemble MP3.2 ecu, but no luck. Do you have any new info ?

I didn’t keep trying to disassemble, but when I have a little more time ahead of me I will get back to it

I was just curious if you've found anything new. I'm currently trying to figure out maps, but it is slow and difficult task for me, when I see those things for first time. Yet I'm trying my best, I would love to keep MP3.2 on TCT engine without moving on speeduino.

You can find maps with your eyes closed in those old Motronics.
Or at least I can.
Without any disassembly whatsoever.

And if you want to know how something works the functions are so simple, you can just work it out from the asm.

Nr1 is to define the "common" functions. Like multiplication, subtraction, addition, shifting, map lookup and so on and so forth, after that the code becomes very simple to read.
As I said already before, download my IDA database, it is pretty generously labeled. If you have any RE experience this should not take you long.

Truth be told, when I started with this back in 2010, then it did take me a few years to figure out most of the parts of the ECU and start writing my own code, logger etc.

Alright, I'll look into it ! Thank you

I hate to be so stupid but can you give me a link to the .i64 disassembly?
Or do you just have the 32 bit disassemble.

Why would you need 64 bit IDA to disassemble a 8 bit uC?
64 bit IDA is only needed if you want to disassemble x64 or other 64 bit processors. There is no reason to use it otherwise.

Idapro 64 refers to the disassembler application itself - that it executes in 64 bit mode and like the older idapro 32 which executes in 32 bit mode, they can both analyze many ROMs ,8bit,16 bit,32bit etc
The disassembly datebase is .idb  from the older idapro which I believe is no longer supported. The new 64 bit program stores the disassembly as .i64 file

Hello everyone,

coming back to project after a long time, had to postpone research. As prj said, you can find maps in old motronics with closed eyes. I've learned how to do it, so now I have 178 maps, but labelled with unknown axis descriptors. Any ideas how to find names for axis descriptors, for Motronic MP3.2, 2.0 Turbo ?

Take my ida database, use it as a reference.
Disassemble your file, and look at the code, and find similarities to my ida db.

The older Motronic ECU's are all very similar.

maybe this will help you. remember, when you see all the code like mov   MD1, B its read backwards from right to left. move B to MD1.

PRJ is right. even the RAM and how its populated is almost always the same or extremely similar. one thing thats i found is always the same is some of the math code itself. bosch did a lot of copy and paste in a sense with code when they made all these ECU's regardless of who it was made for. i have found identical code and functions when crossing audi M2.3.2 with BMW, porsche and even fiat ECU's. enough similarities that i can use M2.3.2 as the base than through comparison figure out the others. my suggestion is to figure out how to populate the RAM as much as possible in disassembly. the more you have detailed in RAM the easier it becomes to follow code and see what its doing.