NefMoto

Hello guys,

first thread here, so please be easy on me :)

My car is equipped with a M54 BMW engine, which uses the Siemens MS43 ecu. I´m an automotive engineer with some natural instinct to try to understand whats it all about, but my experience with processors is somewhat limited. I know there is a damos file flying around and i know the softwareversion its coming with it wrong. So i figured out which softwareversion it was build with and its working well.

In that Damos file, DTC´s are covered, but it doesn´t make sense to me. I´ll try to explain it with some screenshots, i think thats easier for all.
(http://abload.de/img/asap2demo_dtc_overvie2bsgd.png)

If we open the damos file and the corresponding software, we find DTC area from 0x70130 to 0x7064C, 16 bit. the hex entries in that area seem to be the p-codes, e.g. cat efficiency bank one is located at 0x70188 and shows a hex value of 0x0421, which is Warm Up Catalyst Efficiency Below Threshold (Bank 1). So that makes perfectly sense.

What i don´t really understand is, why are there 4 times the same entries? Every errorcode is duplicated 3 times, to an overall of 4 times.

Sometimes, the entries in those 4 dtc "sub-areas" are equal and sometimes the are completely different, with some strange entries, e.g. 0x70258 (idle speed actuator). It has entries of 1507 and 1508, which perfectly matches the P-Code table: P1507 Idle Speed Control Valve Open Solenoid Control Circuit Signal Low; P1508 Idle Speed Control Valve Opening Solenoid Control Open Circuit

But, why is the first entry at 0x70258 "D506", as there is obviously no P-Code with PD506 listed?

I´ve already tried zeroing those areas, but it didn´t work out.

anyone able and willing to have a look at?

Guys,

i don´t want anyone to do all the work... I´d just like to get some hints :)
I know the processor is "Infineon SAK-C167CR-" and flash is 29F400.

Is there anyone willing to just tell me how to start with ida-pro 6.1?

which dtc are you trying to delete exactly?

I´m trying to suppress variable intake manifold as i would likee to redesign the intake manifold. Nevertheless, every other dtc would be helpfull, as i think its "just" understanding the suppressing method?

In particular case, i get the following error message an 0x7c (124) seems to be the corresponding error code at this list:

http://www.endtuning.com/bmwcodes.html#MS41

http://www.romraider.com/forum/viewtopic.php?f=42&t=8749&start=120

im not really sure, but im thinking your table may start around 798AC. x14 width.

i have a moderate interest in this as ive done some ms43 files but no dtc removal.

Sadly that region is part of the wall film correction fators, its a 8x8 table starting at 0x798AA

yea, i checked closer later and had my doubts. it wasnt defined in any of the ols fies i checked.

How do i read the irom from C167 processor? I have a benchtable with k-line adaptor and minimon. which pin do i need to ground?

Alright, got it sorted out and infact it was easier then feared.

so, i have the IRom and i have the Flashcontent from 29F400. Is there anything else needed or can i just go to ida and use the flash with offset like in minimon?

it'd be great if you could post HOW you sorted it out, that way the next person wondering has a leg up.

yes, because im still very interested in this.

Erm, i guess its described more then often how to get the iROM of a processor? Right now i haven´t done any spectacular things. I´m just trying to learn how to disassemble the files.

Even chinese Piasini can read it.

But I'm not sure internal ROM is very important, if I'm right external ROM offset is 0x0 and all needed SFRs are there. At least in the case of MS42.

what do you mean by SFR? anymore info on MS42?

MS43 have all programm in flash.  Not like me7.1, which have some code in processor. You can read full flash from ms43 using boot mode. Email me and i'll send you soft for boot mode reading...

Thanks, but i´ve read full flash from bootmode and from programmer. Problem is, what to do next? ;) I´ve been playing with IDApro, but i don´t think it makes much sense by now.

First of all, what you want to do?

Understand MS43 :) I´m dreaming of throttle-blip at downshifts (like SMG) and no-lift shift at upshifts  :D

https://www.youtube.com/watch?v=UwhL_CrzFb8&feature=share