john9357
Full Member
Karma: +10/-1
Offline
Posts: 54
|
|
« Reply #225 on: January 08, 2016, 04:55:30 AM »
|
|
|
The proc is a c167cr-lm (in the dump 417f we can see that). the c167cr-lm is romless version.
|
|
« Last Edit: January 08, 2016, 05:22:19 AM by john9357 »
|
Logged
|
|
|
|
DT
Full Member
Karma: +20/-1
Offline
Posts: 184
|
|
« Reply #226 on: January 08, 2016, 05:03:48 AM »
|
|
|
The proc is a c167cr-lm (in the dump 1733D we can see that). the c167cr-lm is romless version.
Ok, nice to know but that means there is something else that indicate code that jmp to asciidata and to numerous places not correctly aligned into subroutines or even calls to middle of opcodes
|
|
|
Logged
|
|
|
|
DT
Full Member
Karma: +20/-1
Offline
Posts: 184
|
|
« Reply #227 on: January 08, 2016, 06:53:29 AM »
|
|
|
that helped, 1733d was a JMPR from what I could see in instruction set manual (no IDA available where I'm at) Yeah I've seen the ASCII cr-lm but had forgot it.
john9357: Do you stumble upon the same CALLS to faulty locations when you work with the file?
|
|
« Last Edit: January 08, 2016, 03:09:06 PM by DT »
|
Logged
|
|
|
|
dream3R
|
|
« Reply #228 on: January 08, 2016, 08:21:46 AM »
|
|
|
needs decompiled again with right proc selected imo, I'll do it in 5 minutes later when I am home. Makes sense now.
|
|
|
Logged
|
|
|
|
dream3R
|
|
« Reply #229 on: January 08, 2016, 08:26:49 AM »
|
|
|
Well it's not IDA that claims it is a function, IDA only try to present it as a function since there is a legit call to the byte. IDA can't know that there is ASCII on the destination of the calls. AutoIT scripts or even Perl scripts often result in much that is not correct too. I'm wondering if the layout of read from the ECU is bad or if there is an internal ROM in the C167 that is used at lower 32k in certain situations. But sure it could be my lack of knowledge of C167 code too. IDA assumes with a calls the destination is a function I guess.
|
|
|
Logged
|
|
|
|
dream3R
|
|
« Reply #230 on: January 08, 2016, 02:49:25 PM »
|
|
|
Can't find that proc in my iDA version.
|
|
|
Logged
|
|
|
|
DT
Full Member
Karma: +20/-1
Offline
Posts: 184
|
|
« Reply #231 on: January 08, 2016, 03:07:54 PM »
|
|
|
Can't find that proc in my iDA version.
Would not help, i can't see any important differences in -lm from the c167cr-sr available in IDA. You can edit an IDA file to get specific settings for this cpu but even if we were to change memory mapping of segments and such it would not help since the mapping is done in 64kb segments which I would assume to include destination of mapping. And I've already checked various alternative places for the address where ascii is. Not helping.
|
|
|
Logged
|
|
|
|
fknbrkn
Hero Member
Karma: +185/-23
Offline
Posts: 1454
mk4 1.8T AUM
|
|
« Reply #232 on: January 08, 2016, 03:10:23 PM »
|
|
|
we`ve now testing a little ecu tweak which is sending some altered data into can-bus. (see pic) and there is a noticeful difference (ive used this only in one map in my multimap routine, so its 2-click switching between normal operation and this tweak) rear wheels moving faster than front lol btw there is wheel speeds from ABS can-data available in ecu more testing is needed to collect some data and optimal settings
|
|
|
Logged
|
|
|
|
dream3R
|
|
« Reply #233 on: January 08, 2016, 03:15:08 PM »
|
|
|
Would not help, i can't see any important differences in -lm from the c167cr-sr available in IDA. You can edit an IDA file to get specific settings for this cpu but even if we were to change memory mapping of segments and such it would not help since the mapping is done in 64kb segments which I would assume to include destination of mapping. And I've already checked various alternative places for the address where ascii is. Not helping.
Sorry I must have misunderstood your earlier reply.
|
|
|
Logged
|
|
|
|
DT
Full Member
Karma: +20/-1
Offline
Posts: 184
|
|
« Reply #234 on: January 08, 2016, 03:33:24 PM »
|
|
|
we`ve now testing a little ecu tweak which is sending some altered data into can-bus. (see pic) and there is a noticeful difference (ive used this only in one map in my multimap routine, so its 2-click switching between normal operation and this tweak) rear wheels moving faster than front lol btw there is wheel speeds from ABS can-data available in ecu more testing is needed to collect some data and optimal settings I thought about piggibacking the Haldex with help of the ME7 last year, shouldn't be too hard. But I dropped the idea since it might be a bad idea in dangerous situations. (think ESP and such)
|
|
|
Logged
|
|
|
|
fknbrkn
Hero Member
Karma: +185/-23
Offline
Posts: 1454
mk4 1.8T AUM
|
|
« Reply #235 on: January 08, 2016, 03:53:04 PM »
|
|
|
I thought about piggibacking the Haldex with help of the ME7 last year, shouldn't be too hard. But I dropped the idea since it might be a bad idea in dangerous situations. (think ESP and such)
yes. thats why i wrote custom routine to use it only in one of maps in multimap routine also with changed KLDMASRL. supasport mode )) we drove it allday (-12c and wet/snowy roads) and has no negative intervention from ESP system. but not tested it yet in really bad situations
|
|
|
Logged
|
|
|
|
DT
Full Member
Karma: +20/-1
Offline
Posts: 184
|
|
« Reply #236 on: January 08, 2016, 04:49:43 PM »
|
|
|
yes. thats why i wrote custom routine to use it only in one of maps in multimap routine also with changed KLDMASRL. supasport mode )) we drove it allday (-12c and wet/snowy roads) and has no negative intervention from ESP system. but not tested it yet in really bad situations Well the problem is not when you are out playing, the problem might be at 120km/h in heavy highway traffic when you go from high load to brake or such. But sure it could work well.
|
|
|
Logged
|
|
|
|
aef
|
|
« Reply #237 on: January 09, 2016, 04:50:29 AM »
|
|
|
Mechanically there is no way the rear wheels would spin faster as the front wheels. There is no gearbox thing in the haldex. The only situation i could imagine is your abs/esp/eds is breaking your front wheels.
|
|
|
Logged
|
|
|
|
fknbrkn
Hero Member
Karma: +185/-23
Offline
Posts: 1454
mk4 1.8T AUM
|
|
« Reply #238 on: January 09, 2016, 06:33:51 AM »
|
|
|
Mechanically there is no way the rear wheels would spin faster as the front wheels. There is no gearbox thing in the haldex. The only situation i could imagine is your abs/esp/eds is breaking your front wheels.
nope i accidentally swapped front-rear wheels variables such a fool
|
|
|
Logged
|
|
|
|
DT
Full Member
Karma: +20/-1
Offline
Posts: 184
|
|
« Reply #239 on: January 09, 2016, 07:31:41 AM »
|
|
|
Mechanically there is no way the rear wheels would spin faster as the front wheels. There is no gearbox thing in the haldex. The only situation i could imagine is your abs/esp/eds is breaking your front wheels.
Lets not bring that discussion up again, it's 15 years old. Besides your assumption about brakes is just as dumb. :-) Rear axle cannot spin faster only transfer more torque than front. I thought fukenbroken was experimenting with and injecting new can wheel speed data trying to fool haldex lock point. Back to topic (since this is about reading/writing haldex ECU): Where is ccyberwing?
|
|
« Last Edit: January 09, 2016, 07:35:54 AM by DT »
|
Logged
|
|
|
|
|