Pages: [1]
Author Topic: MEG1.1 IROM Dump - need to check  (Read 1782 times)
nighthunter
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 19


« on: December 03, 2018, 01:35:30 AM »

Hi friends.
Today after reversing the PCB, its time to make CPU dump. Ive dumped the C167CR with minimon. Can someone take a look on it and tell if the data are valid? Dumped from 0-7FFF;
Logged
360trev
Full Member
***

Karma: +21/-1
Offline Offline

Posts: 130


« Reply #1 on: December 21, 2018, 06:56:08 AM »

Well its definitely looking good IROM dump.

Q. Can you also upload the firmware too. Usually they are a mirror of the 1st 32kbytes of firmware (but ofcourse not every variant is like that)... Has all the boot loader jumps, signatures and is C167 code...

Would be a great guide to document exactly what you did to help others. Very few guides explain how to dump IROM and not a single guide on here.
Logged
nighthunter
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 19


« Reply #2 on: January 01, 2019, 10:56:49 AM »

Hi,
firstly happy New year to all Nefmoto readers. Yes i will definitively write an guide, but for now im running out of time. This was the first attempt to read it out.
I have plenty of these Ecus here from the types 0261 205 004, 0261 205 005 and 0261 205 006. I am reversing the PCBs layer by layer (yes i grind it down to internal layers) and they seems to have only minor differences, one thing i noted, that some of them - 004 and 005 are using the C167 with internal ROM as stated on the package marking, but 006 is stated that is an C167 romless, but i didnt yeat read it as i was last 3 weeks laying sick :-(.
My guess it that the marking is just an camouflage and i also read out some ROM.
Q.: Btw, is there an abitiy to inject code to RAM and run if from specific location in MINIMON, or breakpoint the current loaded code ie running the ecu and halt on breakpoint?
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.014 seconds with 16 queries. (Pretty URLs adds 0s, 0q)