I am going to reply to this, just because its what i've been working on in the past week. And i am by far no expert at all, just a beginner!

First and foremost, you need a flash readout(probably a ktag). Once you have that, you need to disassemble it. I've tried IDA pro, and wasn't to keen on it(probably because i didn't know how to use it), i moved over to Ghidra and haven't looked back. Load it up into ghidra, and analyze it and just start poking around(note to help, base address is 0x80000000). I had a few ram addresses and tables already defined when i started looking, such as RPM, TPS, etc and main afr, timing, etc and so on, so i moved to that address and defined those and then searched the binary for references to that address.

Ultimately in the end, I've done nothing but just messing around searching addresses, etc. If you are able to log ram addresses it will help greatly. I am able to and can load up to 256 bytes at a time, run the vehicle and log it. This helps when searching for the raw ADC values from an input pin, etc.

Datasheets also help, if its a tricore its probably a TC1797 so load up the data sheet. See what you can find for a damos/a2l etc but you most likely wont find anything of value unless you wanna pay a bunch.

One final note, there is a thread here about disassembling a MED/EDC17 that's over 5 pages long and has good information in it regarding the calling to configuration(parameter) tables etc. This helped me tremendously when figuring out how the tables were addressed/called.