Req: Help understanding bit offset to further reverse engineer BMW ME7.2 via IDA

Pages: [1]

« previous next »

Author

Topic: Req: Help understanding bit offset to further reverse engineer BMW ME7.2 via IDA (Read 2307 times)

zarboz

Newbie

Karma: +2/-0
Offline

Offline

Posts: 12

	Req: Help understanding bit offset to further reverse engineer BMW ME7.2 via IDA « on: January 25, 2019, 11:05:56 AM »

Hello Nefmoto users
I haven't given up on setting up tunes for my me7.2 quite yet I had found that the Audi uses the me7.1 which is nearly identical to the DME used in the 540i/x5/m62tu cars

I have also setup some dis assembly within IDA using x5 (me7.2 4.4 OLS/DAMOS) and an existing ida script ive found on the net. With this I was able to track back some maps and offsets in live code execution but was curious if anyone could potentially lend me anymore insight into how to track back words through IDA to track down my actual maps. I can see how they tie together in "live" execution of the software and can locate them in the hex code but don't exactly understand how to evaluate what format the information needs to be fed to the DME in

I am finding things like this:
Map 1x1 = Codeword in the diagnosis secondary air system
hex marker = 88 60 (found in my bin at offset 8614)

So if I want to disable the codeword diag SAP and the map is 1x1 do i change the bit post or pre the hex marker? (If I am making 0 sense please let me know)

So if the map is 1x1 and the Hex identifier is 2 bit sets (I think I have that wording proper) I might be thinking of Byte vs bit.... Is it the second bit set that is the map or the preceeding or post bit sets to control the map? Or is it just time for some trial and error?

here is the stuff I have collected thus far
https://github.com/zarboz/BMW-XDFs

here is the folder containing the OLS/Damos
https://github.com/zarboz/BMW-XDFs/tree/master/BMW%20ME7.2%20X5%204.4%20V8

any input would be gladly welcome. I don't know to much about tuning but am a software engineer so its just another kind of software to wrap my brain around. I have potentially identified a few maps but as its been -1/-5 degrees here I havent been out to install my backup DME to test any of the playing one could do in these maps

I have a few things collected in there including a a2l/damos for the DME in question as well as an OLS file for the DME in question. I don't speak german and have spent some time with google which has got me OK reading results.


« Last Edit: January 25, 2019, 12:18:46 PM by zarboz »	Logged

zarboz

Newbie

Karma: +2/-0
Offline

Offline

Posts: 12

	Re: Req: Help understanding bit offset to further reverse engineer BMW ME7.2 via IDA « Reply #1 on: January 25, 2019, 02:13:17 PM »

I have been reading more into the forums here and this is not relevant to the tune in question I have some deeper understanding as to how the immobilizer in my DME was defeated using a custom written ASM script that is called out to instead of the EWS (immobilizer) check.

Also helps me kind of wrap my head around how the bits translate into the language the DME speaks

I am trying to keep track of my progress in this forum as well as my Github in order to have an online reference or repository for those folks with enough google power to end up here in this forum post


	Logged

Pages: [1]

« previous next »

Jump to:

Navigation

Personal Tools

April 27, 2024, 02:36:14 PM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Navigation

Personal Tools

Search