I appreciate the dive into Ghidra - I'm taking a reverse engineering class this semester at uni so it's interesting to see how the tools I'm familiar with are used in a cool practical application that I am interested in. How ridiculous that the car manufactures don't just give us the option to do it ourselves!
Thanks for posting this. I’m too busy to watch now but I can’t wait to learn this. I already know how to patch OBDI but want to learn the LS logic. If you are monetized turn on super thanks so I can make a donation.
Just an FYI for those that are unaware. The 4.3l V6 uses the SAME P01/P59 PCM as the LS series V8s. ALL of the FWD V6 through around 2005, and F-Body V6, PCMs are P04 models, and are NOT the same.
There is a commented disassembly on Pcmhackers that will be extremely useful for finding routines. I'm glad there is more work being done on this. I think there could be a more plebian real time and faster logging solution for people with $80 dongles to bridge a gap between $500 real time boards. For example if you gutted the PIDs you could store two sequentially and double the speed. I'm positive the baud over OBDII can be increased. The PCM also listens for commands, you can have 2axis fuel and spark modifiers in the ram that get changed in real time. Maybe a max of +-4 degrees in 2 2d tables, load and RPM. There is definitely a place for RT boards, especially for devs. The ability to flash an experimental ROM in seconds and read the ram is invaluable. I'm interested to see what this processor can do. I've seen the 8086 in 80's/90's so full of commands it was lagging past 4k rpm.
this was exactly what i was looking for! thank you for the istructive video , im gonna try do this with an honda cbr 1000rr bike (exclusively for track usage)
so, I've started looking into this again, for one of my crappy V6 projects, and for my own personal improvement/learning experience. My understanding is that you have a wideband directly input into your 0411 on your Synoma, is that the case? did you do that using otherwise unused code in the bin file? I noticed the PID list you linked to had PID's for WBO2, were you able to track that to something useful in the stock program?
@@turbov6 10-4, that's more or less what I was expecting to hear, I thought maybe the OEM's used widebands on the PCM's during engine development or something maybe, and there might be cool stuff hidden deeper in the code. I also kinda figured if it was there, someone probably would have already exploited it commercially by now.
wow great video. im super new to this stuff and i am tired of sending files to russian dudes and paying them to tune the car or make monitors ready and dtc off. Big learning curve for me, since i know nothing about coding and only how to read and write the ecu lol. Do they make reference manuals for all ecu architectures or is it somewhat universal?
Sick, new version, same instructions, 4 errors "can't read language" "uncaught exception" "can't read language spec" and "error importing file". Fucking wonderful, as if it wasn't going to be tedious enough to do what I installed it for, now I have to troubleshoot some... probably edge case horseshit.
@@turbov6My mistake, its +ORC , I was trying to find the original articles from the 90's but its getting harder and harder to find them. Basically its one of the pioneers of hacking . en.wikipedia.org/wiki/Old_Red_Cracker . Looks like he died from mysterious cause.... Didn't know that.
I appreciate the dive into Ghidra - I'm taking a reverse engineering class this semester at uni so it's interesting to see how the tools I'm familiar with are used in a cool practical application that I am interested in. How ridiculous that the car manufactures don't just give us the option to do it ourselves!
Definitely interested in learning more! Thank you for showing us this much!
Thanks for posting this. I’m too busy to watch now but I can’t wait to learn this. I already know how to patch OBDI but want to learn the LS logic. If you are monetized turn on super thanks so I can make a donation.
Just an FYI for those that are unaware. The 4.3l V6 uses the SAME P01/P59 PCM as the LS series V8s. ALL of the FWD V6 through around 2005, and F-Body V6, PCMs are P04 models, and are NOT the same.
There is a commented disassembly on Pcmhackers that will be extremely useful for finding routines.
I'm glad there is more work being done on this. I think there could be a more plebian real time and faster logging solution for people with $80 dongles to bridge a gap between $500 real time boards. For example if you gutted the PIDs you could store two sequentially and double the speed. I'm positive the baud over OBDII can be increased. The PCM also listens for commands, you can have 2axis fuel and spark modifiers in the ram that get changed in real time. Maybe a max of +-4 degrees in 2 2d tables, load and RPM.
There is definitely a place for RT boards, especially for devs. The ability to flash an experimental ROM in seconds and read the ram is invaluable.
I'm interested to see what this processor can do. I've seen the 8086 in 80's/90's so full of commands it was lagging past 4k rpm.
He probably did this disassembly...
@@highlanderc He didn't, it was made ~4 years ago by someone that doesn't post a lot anymore.
Great content, very well organized and easy to follow even for the beginner. Subbed
this was exactly what i was looking for! thank you for the istructive video , im gonna try do this with an honda cbr 1000rr bike (exclusively for track usage)
How did it go?
Very interesting bro
Thanks for this. Would love a follow up if you're still planning one.
How would I go about acquiring the bin files from an ECU?
For this style ECU PCM Hammer can be used and you would also need a compatible cable to connect the OBD2 port to a computer.
If im doing the swap from black box how do i download a base toon can i download the file off the black box
Genial
so, I've started looking into this again, for one of my crappy V6 projects, and for my own personal improvement/learning experience. My understanding is that you have a wideband directly input into your 0411 on your Synoma, is that the case? did you do that using otherwise unused code in the bin file? I noticed the PID list you linked to had PID's for WBO2, were you able to track that to something useful in the stock program?
I reused some code in the stock pcm for the closed loop wideband control. This pcm doesn’t come with a wideband so that PID doesn’t work.
@@turbov6 10-4, that's more or less what I was expecting to hear, I thought maybe the OEM's used widebands on the PCM's during engine development or something maybe, and there might be cool stuff hidden deeper in the code. I also kinda figured if it was there, someone probably would have already exploited it commercially by now.
wow great video. im super new to this stuff and i am tired of sending files to russian dudes and paying them to tune the car or make monitors ready and dtc off. Big learning curve for me, since i know nothing about coding and only how to read and write the ecu lol.
Do they make reference manuals for all ecu architectures or is it somewhat universal?
“I’m not the best C programer” while I’m watching this with my lower jaw dropped looking stupid AF lol.
Sick, new version, same instructions, 4 errors "can't read language" "uncaught exception" "can't read language spec" and "error importing file". Fucking wonderful, as if it wasn't going to be tedious enough to do what I installed it for, now I have to troubleshoot some... probably edge case horseshit.
Yep, newest version of Ghidra is fucked up.
p̴r̴o̴m̴o̴s̴m̴ 🤩
Great stuff!! Have you ever read +ORC reverse eng. articles? Ever heard of him? o_O
No I haven’t. Where can I find that?
@@turbov6My mistake, its +ORC , I was trying to find the original articles from the 90's but its getting harder and harder to find them. Basically its one of the pioneers of hacking . en.wikipedia.org/wiki/Old_Red_Cracker . Looks like he died from mysterious cause.... Didn't know that.