NefMoto > Technical > Reverse Engineering > Need help with DQ250 reverse
Pages: [1]
« previous next »
Author Topic: Need help with DQ250 reverse  (Read 997 times)
fknbrkn
Hero Member
*****

Karma: +185/-21
Offline Offline

Posts: 1445


mk4 1.8T AUM
« on: September 21, 2024, 06:59:36 AM »
Sooo i have no background in DQ operations and also hw for reading ram so im intuitive here

I want to manage input torque limiter, as i read somewhere its limited at 450 in code and also 410nm diagnostic limit? Thats all input

So i start with the ida/ghidra and a bit stuck in addressing mode

Lets take 02E300051C as fully defined and mmr_MMaxGetriebeschutz_ko limiter as example  @80031744
Ive got no xrefs so dealing with the pointers
Code:
copyMotormomentMapsToRam:               ; CODE XREF: copyMapsToRam+C2↓p
PFLASH:80069648                 movh.a          a4, #@HIS(unk_D0005D2C)
PFLASH:8006964C                 movh.a          a15, #@HIS(qword_8003164C)
PFLASH:80069650                 mov32           d4, #0x110
PFLASH:80069654                 lea             a4, [a4]@LOS(unk_D0005D2C)
PFLASH:80069658                 lea             a15, [a15]@LOS(qword_8003164C)
PFLASH:8006965C                 st16.a          [a4], a15
PFLASH:8006965E                 j32             subb_mapPtrToRam

This code make pointer(?) to 8003164C (start of section) to D0005D2C with length of section = 0x110

Code:
void FUN_80069648(void)

{
  DAT_d0005d2c = 0x8003164c;
  FUN_800aaa9c(&DAT_d0005d2c, 0x110);
  return;
}

void FUN_800aaa9c(undefined4 *param_1,undefined4 param_2)

{
  undefined4 *puVar1;
  int iVar2;
  int iVar3;
  
  puVar1 = (undefined4 *)DAT_d0005fa0;
  iVar3 = DAT_d0005fa4;
  if (12 < (uint)(iVar3 - (int)puVar1)) {
    *puVar1 = param_1;
    puVar1[1] = param_2;
    puVar1[2] = *param_1;
    DAT_d0005fa0 = puVar1 + 3;
  }
  iVar2 = DAT_d0005fa0;
  DAT_d0005bd8 = iVar3 - iVar2;
  return;
}

Doesnt look like copy code so i think its pointer but duno why it uses array length
0x80031A3A(start of section) - 0x8003164c (map address) gives 0xF8 or [7C] index in array

it brings me to this routine

Code:
  
  sVar5 = DAT_d0002d8c;
  local_c = (short **)&DAT_d0005d2c;
  psVar16 = (short *)DAT_d0005d2c;
  sVar9 = psVar16[0x77];
  local_4 = (int)(short)(sVar5 + sVar9);
....
....
local_8 = &ram_getriebeschutzMoment;
  ram_getriebeschutzMoment = psVar16[0x7c];
  if (((psVar16[0x7f] & 0b1000000000000000U) == 0) || (local_4 <= psVar16[0x7c])) {
    if ((short)(sVar9 + sVar5 + 300) < psVar16[0x7c]) {
      uVar8 = DAT_d0005d50;
      DAT_d0005d50 = uVar8 & 0x7fff;
    }
  }
  else {
    uVar8 = DAT_d0005d50;
    DAT_d0005d50 = uVar8 | 0x8000;
  }

the psVar16[0x77] is the mmr_MVorhaltGetriebeschutz_ko if im not mistaken
psVar16[0x7f] is the mmr_freigabe_ko_Befuellfunktion which is 0xEF in this file

so i can translate this into:

if ( !mmr_freigabe_ko_Befuellfunktion.15 || (mmr_MVorhaltGetriebeschutz_ko + inputTorque(?)) <= mmr_MMaxGetriebeschutz_ko)
{
  if mmr_MVorhaltGetriebeschutz_ko + inputTorque(?) + 300 < mmr_MMaxGetriebeschutz_ko
  {
      uVar8 = DAT_d0005d50; //filtered input torque?
      DAT_d0005d50 = uVar8 & 0x7fff // limited to 32767?
  }
}
else {
    uVar8 = DAT_d0005d50;
    DAT_d0005d50 = uVar8 | 0x8000; //
  }
i believe this routine convert value to signed


Could someone confirm im on the right way and wtf is that +300 offset  Roll Eyes
Or maybe some input? I was try to find can-bus messages as the input to my research but no luck here
Logged
prj
Hero Member
*****

Karma: +1069/-476
Offline Offline

Posts: 6011
« Reply #1 on: September 21, 2024, 07:10:10 AM »
There is no such limits that you are talking about.
Diagnostic limit, you can rescale if you like.

Clutch torque has a hard limit, but 410 or 450 is not it.
Logged
PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
fknbrkn
Hero Member
*****

Karma: +185/-21
Offline Offline

Posts: 1445


mk4 1.8T AUM
« Reply #2 on: September 21, 2024, 07:20:07 AM »
Quote from: prj on September 21, 2024, 07:10:10 AM
There is no such limits that you are talking about.
Diagnostic limit, you can rescale if you like.

Clutch torque has a hard limit, but 410 or 450 is not it.

iirc its 600nm
What is the right way if i want to increase pressure without fckup ikp adaptation?
Should i search for the 600nm hardcode cap and raise it a bit (with cal changes ofc) or its a more complex way?
Or its better to go with some kind of torque-to-pressure tricks?
« Last Edit: September 21, 2024, 07:22:26 AM by fknbrkn » Logged
prj
Hero Member
*****

Karma: +1069/-476
Offline Offline

Posts: 6011
« Reply #3 on: September 21, 2024, 10:35:12 AM »
It's not 600nm, it's 32767, and think about what the scalar is.
But 600nm is good to stop if you have stock input shaft because you will snap it in half.

First make sure you are even hitting the max clutch torque, and make sure you are reporting correct torque to the TCU.
And even if you mess with adaptations then it's not good (or you have to mess so much that it will drive like shit at part throttle).
Logged
PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
fknbrkn
Hero Member
*****

Karma: +185/-21
Offline Offline

Posts: 1445


mk4 1.8T AUM
« Reply #4 on: September 25, 2024, 01:45:42 AM »
Quote from: prj on September 21, 2024, 10:35:12 AM
It's not 600nm, it's 32767, and think about what the scalar is.
But 600nm is good to stop if you have stock input shaft because you will snap it in half.

First make sure you are even hitting the max clutch torque, and make sure you are reporting correct torque to the TCU.
And even if you mess with adaptations then it's not good (or you have to mess so much that it will drive like shit at part throttle).

I mean the clutch torque
Logged
prj
Hero Member
*****

Karma: +1069/-476
Offline Offline

Posts: 6011
« Reply #5 on: September 25, 2024, 06:23:43 AM »
Quote from: fknbrkn on September 25, 2024, 01:45:42 AM
I mean the clutch torque

I told you what the max is ffs Cheesy
Logged
PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
prj
Hero Member
*****

Karma: +1069/-476
Offline Offline

Posts: 6011
« Reply #6 on: November 12, 2024, 10:03:29 AM »
Quote from: fknbrkn on September 25, 2024, 01:45:42 AM
I mean the clutch torque

Here's the patch for max clutch torque if you didn't figure it out yet:
https://tools.vehical.net/DQ250Patch

P.S.
Clutch torque has nothing to do with the torque you transmit from the engine.
It is internally back calculated torque. It's done by multiplying the clutch pressure with the clutch roughness constant. So no matter what you do with torque, you're still going to hit this limiter, and the gearbox always knows the real torque for the same reason.
The only workaround for this is fudging the adaptation values, but that makes the transmission run too much pressure all the time and it's really not ideal, because you're fudging them super hard as the pressure hits a wall from 500+ clutch torque without the patch.
« Last Edit: November 12, 2024, 10:24:06 AM by prj » Logged
PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
fknbrkn
Hero Member
*****

Karma: +185/-21
Offline Offline

Posts: 1445


mk4 1.8T AUM
« Reply #7 on: November 12, 2024, 11:08:15 AM »
Quote from: prj on November 12, 2024, 10:03:29 AM
Here's the patch for max clutch torque if you didn't figure it out yet:
https://tools.vehical.net/DQ250Patch

P.S.
Clutch torque has nothing to do with the torque you transmit from the engine.
It is internally back calculated torque. It's done by multiplying the clutch pressure with the clutch roughness constant. So no matter what you do with torque, you're still going to hit this limiter, and the gearbox always knows the real torque for the same reason.
The only workaround for this is fudging the adaptation values, but that makes the transmission run too much pressure all the time and it's really not ideal, because you're fudging them super hard as the pressure hits a wall from 500+ clutch torque without the patch.

we have now run adaption trick but thats a silly way and im still want to figure it up by myself
without a2l and hardware ))
anyway thanks for the link
and btw do the vcds value able to run over 500 or its a diagnostic limits also?
Logged
prj
Hero Member
*****

Karma: +1069/-476
Offline Offline

Posts: 6011
« Reply #8 on: November 12, 2024, 11:18:08 AM »
Quote from: fknbrkn on November 12, 2024, 11:08:15 AM
we have now run adaption trick but thats a silly way and im still want to figure it up by myself
without a2l and hardware ))
anyway thanks for the link
and btw do the vcds value able to run over 500 or its a diagnostic limits also?

IIRC on Fxx/Exx you have diag limit and on MQB you don't have. But I might remember that wrong.
I think easiest way to buy the patch for 200 one time and then you know how to do it on every DQ250 gearbox after that.

At least if somebody offered me the solution for that money when I was developing this patch 10 years ago I would have taken it in one nanosecond, because it took me some time to understand what is going on.
The patch is quite simple, just tedious as there's over a dozen places that need to be modded.
Logged
PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Navigation
Personal Tools
  • November 14, 2024, 10:15:32 AM
  • Welcome, Guest. Please login or register.
    Did you miss your activation email?

    Login with username, password and session length
Search
 
Advanced Search
About Disclaimer
All Rights Reserved 2010 Nefarious Motosports
Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.04 seconds with 17 queries. (Pretty URLs adds 0s, 0q)