I'm starting this topic for my collegues and friends who wants to have a quick start to begin disassembling 1.8T 20V HN1 and HN2 Box (06A906032HN SW0001 and SW0002)
Here is a link to pre-loaded IDA file (for HN2 SW0002):
https://drive.google.com/file/d/0B0z1E_9eZCvMUUdNNDN3RkJmbVU/view?usp=sharingYou will need an IDA 5.5.0.925t to load the project
Me 7.5 has following memory (segment) organization:
000000-007FFF 32K boot rom
008000-00DFFF MEM_EXT (380000 ... 383FFF are remapped as 008000...00BFFF)
00E000-00E7FF 2K XRAM
00E800-00EEFF Reserved
00EF00-00EFFF CAN1
00F000-00F1FF 512b E_SFR
00F200-00F5FF Reserved
00F600-00FDFF 2K IRAM
00FE00-00FFFF 512b SFR
380000-387FFF 32K Ram Physical present
388000-38FFFF ?
800000-80FFFF 64K Bottom Block
810000-81FFFF 64K Cal Tables
820000-900000 1M ECU Flash ROM resident code
To convert 38xxxx address into xxxx address and vice versa you will need a formula which i successfully use, specially for you I've attached my address_calc.xls
In the yellow column you enter value and in the green column you get result. For example conversion from 0x38XXXX to 0xXXX and vice versa for many has always been an issue, but there is Excel which easily solves it.
IDA was downloaded from here, its translated from my native language
https://translate.google.com/translate?hl=ru&sl=ru&tl=en&u=http%3A%2F%2Frutracker.org%2Fforum%2Fviewtopic.php%3Ft%3D2537609I can reupload it on google drive and send you the link, just send me PM. You can also find the version of IDA on other sites/in other torrents.
When you open the .ida project you will se something like in the pictures below.
And then you will get an idea how to continue exploring the unknown space of assembly code
Inside the folder you have hn2.ecu and HN2_map_list.csv files for reference. Also you have already opened the same bin in WinOls to see how this correlates to your maps. Then you use the address calculator to find match between ECU and WinOls addresses... Maps are here
http://nefariousmotorsports.com/forum/index.php?topic=576.15