Getting started with IDA and MED9.1

Pages: 1 2 [3] 4

« previous next »

Author

Topic: Getting started with IDA and MED9.1 (Read 58376 times)

Basano

Full Member

Karma: +90/-3
Offline

Offline

Posts: 192

	Re: Getting started with IDA and MED9.1 « Reply #30 on: October 16, 2014, 01:22:26 PM »

Quote from: ericpaulyoung on October 16, 2014, 12:26:27 PM

I found this a little confusing, so for those who need to know how to dump the user selected lines into a separate file.

Step 1. Open Jump->Jump To Address
2. Type 0x1C0000 and hit Enter
3. Alt+L (to mark start of selection)
4. Jump->Jump To Address
5. 0x1FFFFF and hit Enter
6. Place the cursor directly before RAM:00600000, and click (this should highlight all the lines you want)
7. Open File->Produce File->Create LST File
8. Enter the name of the file you want, and the location you want it, and hit Enter

You have just dumped the user selected area to a second file that you can then import as additional binary.

epy

I'll have a go at this tomorrow and see if I can nail it down for once and for all Grin


	Logged

ericpaulyoung

Full Member

Karma: +5/-0
Offline

Offline

Posts: 149

	Re: Getting started with IDA and MED9.1 « Reply #31 on: October 16, 2014, 05:01:52 PM »

Quote from: Basano on October 16, 2014, 01:18:12 PM

I think your axis is 0x1C333A.

There's a pattern to this. The registers that hold the maps and axis are normally very close together.

R3 - map location
R5 - y axis
R6 - x axis

So you found the map (which is loaded into R3). You've got one axis (which is loaded in R6). It's a pretty solid guess the other axis will be in R5. Have a look just before the map is loaded into R3 and you'll see R5. Follow R5 back a bit and you can see that R5 is 7F81FC. Just above where this is done is another line addi r3, r2, -0x6CB6

5C9FF0 - 0x6CB6 = 5C333A aka 1C333A

If anyone has too much time on their hands, attached is a doc explaining the conventions and usage of r3 and so on.

Roger that. Thank you, this is starting to (barely) make sense! Darn, and I thought it would be as easy as 3 steps:
Step 1. Open IDA and reverse engineer the ME9.1
Step 2. Use this knowledge to define all the maps in WinOLS and understand how to tune the files
Step 3. Make awesome Stage III+ tune for my car

I guess I was a bit off

epy


	Logged

Nottingham

Full Member

Karma: +13/-1
Offline

Offline

Posts: 204

	Re: Getting started with IDA and MED9.1 « Reply #32 on: October 19, 2014, 05:33:28 AM »

This is some great stuff here.

Basano is the best thing that happened to Nefmoto community atleast in MED9 wise Grin

With some scripting containing advanced filtering (map size and known ROM sub-region) you can find the critical maps in five minutes or so Shocked


	Logged

m_chieppa

Newbie

Karma: +0/-0
Offline

Offline

Posts: 11

	Re: Getting started with IDA and MED9.1 « Reply #33 on: October 21, 2014, 06:43:27 AM »

Thanks, I will try it.

Is it also possible to see how long the maps are is assembly? If a map is 8x8 or 16x1?

Quote from: Basano on October 16, 2014, 01:18:12 PM


	Logged

Basano

Full Member

Karma: +90/-3
Offline

Offline

Posts: 192

	Re: Getting started with IDA and MED9.1 « Reply #34 on: October 22, 2014, 03:23:13 AM »

I’m not sure if this answers your question, or perhaps you know it already, but have a search on ‘map descriptors’. The byte(s) at the beginning of an axis contain some information about the map itself.

Using your axis as an example:

0x1C333A - 08
0x1C3354 - 08

The first byte of each is 0x08. From this I surmise the map in question is an 8x8.

Here’s another example using KFLDIMX
0x1CF46E - 00 08
0x1CA306 - 00 10

(0x10 hex = 16 dec)

So this is a 8x16 map

Sometime it could be combined, e.g. LAMFA
0x1D6868 – 0F 06

(0x0F hex = 15 dec)

So this is a 15x6 map

There was a post on the forum very recently about map descriptors, with some links and reading, but I cannot find it at the moment!


	Logged

m_chieppa

Newbie

Karma: +0/-0
Offline

Offline

Posts: 11

	Re: Getting started with IDA and MED9.1 « Reply #35 on: October 22, 2014, 03:31:52 AM »

Thanks! I will take a look at it!

Quote from: Basano on October 22, 2014, 03:23:13 AM


« Last Edit: October 22, 2014, 05:11:26 AM by m_chieppa »	Logged

ericpaulyoung

Full Member

Karma: +5/-0
Offline

Offline

Posts: 149

	Re: Getting started with IDA and MED9.1 « Reply #36 on: February 25, 2015, 03:11:56 PM »

Has anybody made progress here? I am starting back into IDA on ME9 with the goal of getting a 5120 hack onto ME9.


	Logged

roman_tyk

Full Member

Karma: +0/-0
Offline

Offline

Posts: 87

	Re: Getting started with IDA and MED9.1 « Reply #37 on: January 04, 2016, 01:40:33 AM »

Guys, could you recommend any compiler enviromnent for PowerPc MPC582 MED9.1 ?


	Logged

dream3R

Hero Member

Karma: +18/-8
Offline

Offline

Posts: 1194

	Re: Getting started with IDA and MED9.1 « Reply #38 on: January 04, 2016, 03:44:43 PM »

Quote from: ericpaulyoung on February 25, 2015, 03:11:56 PM

Has anybody made progress here? I am starting back into IDA on ME9 with the goal of getting a 5120 hack onto ME9.

That should be fairly easy with the a2l. GGPVD will give you a headache

it's 5120 already lol


	Logged

How to work out values from an A2L

http://nefariousmotorsports.com/forum/index.php?topic=5525.msg52371#msg52371

Starting Rev's http://nefariousmotorsports.com/forum/index.php?topic=5397.msg51169#msg51169

noobs read this before asking http://nefariousmotorsports.com/forum/index.php?topic=9014.0title=

ORGORIGINAL 05 5120 creator for Volvo
ORIGINAL Datalogger (Freeware) Author
ORGINAL finder of the 'extra' torque' limits
I don't have ME7.01 A2L I just use ID

dream3R

Hero Member

Karma: +18/-8
Offline

Offline

Posts: 1194

	Re: Getting started with IDA and MED9.1 « Reply #39 on: January 04, 2016, 03:47:14 PM »

Quote from: m_chieppa on October 22, 2014, 03:31:52 AM

Thanks! I will take a look at it!

This isn't always true but it's nice when it is.


	Logged

How to work out values from an A2L

turbo944s2

Full Member

Karma: +1/-0
Offline

Offline

Posts: 59

	Re: Getting started with IDA and MED9.1 « Reply #40 on: June 03, 2016, 12:24:08 AM »

Using your guide I have gained access to the sub routines of my file. Thank you very much. I am having a hard time getting others IDB files to open unfortunately. I have tried different versions of ida and I've hit a brick wall. Any suggestions?


	Logged

turbo944s2

Full Member

Karma: +1/-0
Offline

Offline

Posts: 59

	Re: Getting started with IDA and MED9.1 « Reply #41 on: June 03, 2016, 12:39:10 AM »

Quote from: turbo944s2 on June 03, 2016, 12:24:08 AM

Nevermind, I found a version of 6.1 and it works. Thanks again.


	Logged

BMek

Newbie

Karma: +0/-0
Offline

Offline

Posts: 2

	Re: Getting started with IDA and MED9.1 « Reply #42 on: December 27, 2016, 01:04:37 PM »

Hello, i'm newest to coding with Ida, i'm interested to see how to add map switching in Med9 and also of course to know how the map structure and reference is.
Any one who want to help me?


	Logged

Praga

Full Member

Karma: +4/-3
Offline

Offline

Posts: 62

	Re: Getting started with IDA and MED9.1 « Reply #43 on: February 18, 2018, 09:29:27 PM »

Hello

Great topic. Thanks for sharing Basano & everyone else.

Was following it on my Seat Leon 2007 BWA file.

Does anyone know what this area is for in the file/disassembly ?

ROM:004067F4 .long 0x792A9A95, 0xC37971, 0x12CF4BA, 0x3A1611C3, 0xBACC3AD9, 0xF420B80F, 0xA616F1C7, 0x6C526101, 0x23415A63, 0xFE0A7B0C, 0x6A33F219, 0xA31371F3, 0x13FCF15F, 0x6E242943, 0x8F58CD39, 0xF5F87D5, 0xAA2FB6B6, 0x53D2E94F, 0x11161A73, 0xA0F7ABA2
ROM:004067F4 .long 0xC7CD2116, 0x7A36A28B, 0xB0C12FD2, 0x25FA214, 0x98A67E7, 0x7432FA12, 0xEB6C2420, 0xA7DAF5A7, 0xCED88055, 0x8F6B59C0, 0x2EACFEA, 0xBD6AEA95, 0x36EB234C, 0xDB44E62E, 0xF3CEC879, 0x32D388DA, 0x1FB5C777, 0x26DE87B8, 0x7C6B65D9, 0xB7979631
ROM:004067F4 .long 0x29E9A33F, 0x1DE479, 0x1ED4BED5, 0xB9FB9C14, 0xB2FBAED1, 0xB6A5644D, 0x17DBA9F7, 0x68FFE0BE, 0xDA1D9F17, 0x59D82ECD, 0x6615BE8C, 0xB369692B, 0x8043EDBD, 0xB8D92856, 0xCAD4539D, 0x49BAFE16, 0x421FCF2C, 0x618BFA01, 0xC22A80F6, 0x983627F9
ROM:004067F4 .long 0x80253C91, 0xA3920BAB, 0x8EEC1B22, 0xD1E02A10, 0x5987EBD7, 0x8D4F82ED, 0x2BABBB6B, 0xE17A0E55, 0xAB3853A7, 0xEFE74524, 0x5ABBB9DE, 0x78889A84, 0x16ECAB6E, 0x583CFC6A, 0x992F2944, 0x54D5617, 0xF815EA56, 0x15F10E99, 0x26DAE429, 0xB7CB884A
ROM:004067F4 .long 0x71E7C74B, 0x3769A24E, 0x24F81D8, 0x7DC63717, 0x6054B9F7, 0x8DC89EE3, 0xEBE1565B, 0x6C12A3A, 0x6310F7C5, 0xA4EFAA73, 0x61A37A7F, 0xC0FEE82E, 0xDA8C78E0, 0xCD832DD9, 0xA168C5CD, 0xDC81B92D, 0xE3FEF334, 0x17E64DB0, 0xABC3CE91, 0x470CA333
ROM:004067F4 .long 0x5E57DF6B, 0x503BF253, 0x3F06EBD5, 0xB1246DFA, 0xEA4A73F0, 0x765C3DD, 0xDA463366, 0x890A9FFE, 0xE54AA5EF, 0x8B082729, 0xBD547ECD, 0xFEC17E79, 0x6F8C2E51, 0xEC8544D2, 0xE6C56356, 0xFE0E1367, 0x670084C4, 0xF8010233, 0x14EA380C, 0x3A722482
ROM:004067F4 .long 0x6B5BDEB0, 0x3F5E0868, 0xC6D714BA, 0x1F303946, 0xDA0F3342, 0xF3FBD4A, 0x3B5FCFEB, 0xDE4D97ED, 0xD5503964, 0x77084775, 0x7215FFE9, 0x648A4773, 0x391069C1, 0x47DA8E45, 0x2A4CFCC0, 0x616B0F93, 0xA503F9C5, 0xD9A39D3, 0xE317DC3B, 0x443277C7
ROM:004067F4 .long 0x799BE09A, 0x18EAAFFC, 0xDA4977E5, 0x3BE3C44B, 0xD40BD42B, 0x782D1659, 0x10756408, 0x3741FF19, 0x94474E24, 0xFB865647, 0x43EEF8B1, 0xE5CEEEED, 0x590184EF, 0x31D816DF, 0xF2C64DA9, 0xB5CE1841, 0x82AD6CB7, 0x67C7BCFE, 0x5CD2377C, 0xD744C551
ROM:004067F4 .long 0x2D7DBF67, 0xAFB4703E, 0x80A35074, 0x38F2FA17, 0x3A65F2AB, 0xD5C419FA, 0x1D8EEC9E, 0x875C804F, 0x47163EED, 0x6AD95E4C, 0xB2A425C3, 0x35C5DD73, 0xB4069958, 0xBC96A511, 0x7FB9CF6F, 0x702F59BF, 0xA066B9D8, 0xDB5F17E3, 0x816083ED, 0x265EFA2E
ROM:004067F4 .long 0xE9291717, 0x9555001D, 0x79EC9848, 0x7D5867A, 0x2F03E880, 0x795DD2DA, 0xE570244A, 0x82D7871F, 0xD066253E, 0xD7192AF5, 0x4BFFF80, 0xC6664157, 0xED85833D, 0xBDECC909, 0xD56CBF33, 0xC246BC1E, 0x62547B27, 0xFAF99372, 0x17CABC6F, 0x25F9C02E
ROM:004067F4 .long 0xD0854268, 0x1E243249, 0x49EB0CFE, 0x5EC3D303, 0x968CD12A, 0x770E0B6A, 0xAAA4866D, 0x9BA73DD7, 0xD39BDD58, 0x151C4670, 0x3A86C205, 0xCC6703A6, 0x65A6DF9D, 0xC670CAB7, 0xB6E617D2, 0xA187EE2B, 0xEC5F0C64, 0x19ED3E58, 0x9FD59B9F, 0x874A84E0
ROM:004067F4 .long 0xC6395CD9, 0x5D36082F, 0x332725F7, 0xADB30C00, 0x136887E6, 0xA2AF50D8, 0x71704D24, 0xC3848E87, 0xB1DE0237, 0xB779FCAC, 0x18016A32, 0x3A41CF30
ROM:00406FF4 .long 0x414F0536, 0x2979B5C8, 0xA7EE92EC, 0x5A5A5A5A, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
ROM:00406FF4 .long 0xFFFFFFFF,

Thanks,

Praga


	Logged

gt-innovation

Sr. Member

Karma: +60/-91
Offline

Offline

Posts: 449

	Re: Getting started with IDA and MED9.1 « Reply #44 on: February 19, 2018, 03:01:15 AM »

Totally wrong way to grab that data and post it...

Use a screen grab while you are on the actual code. If you don`t understand check what everyone has done in the previous post.
What you got is just hex strings displayed as .long

I would suggest to practice your ida skills a little bit more and check the forum on previous posts on what has been done.

Posting your original file and describing what you are searching for is also a good thing.


	Logged

Pages: 1 2 [3] 4

« previous next »

Jump to:

Navigation

Personal Tools

November 22, 2024, 04:32:34 PM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Navigation

Personal Tools

Search