ฝัง
- เผยแพร่เมื่อ 7 ม.ค. 2024
- Next video How to find EGT, MAF, ECT, sensor scalers. Denso sh7058 and 55
• How to find EGT, MAF, ...
This video is mostly about using winols, but does dip into how GHIDRA helped identifying map sizes and properties. it is a denso SH-7058 ECU that I cannot purchase maps or damos for. I am using GHIDRA and winols too reverse engineer the ecu. finding maps, scalers switches, and DTCS.
there will be following videos on how to use these maps too find scalers, and conditions to run and set DTC's - ยานยนต์และพาหนะ
dude this is really interesting, there is such limited information on the denso ecu's! i've also got the SH7058 in my truck, so would be super keen to see more of this content, would definitely help a lot of people! I've liked and subscribed, kudos mate!
Thanks for the comment. Yeah I’ll keep making them!
legend bro, appreciate you!!@@GHIDRAuto
Except and I don't mean it as disrespect, but his methodology is flawed and these are neither dtcs nor anything dtc related. He isn't analyzing the code but making erroneous conclusions and assumptions that are not based on any analysis. Denso ecus like bosch most often use factors and none are applied here making these values useless. I didn't want to be harsh, I don't want be harsh, but I told the dude a few times that these videos are completely wrong and it's not how any of this works. I spent one year reverse engineering a Denso ecu to get a solid understanding of what and where the maps are , what the factors are and creating my own winols file. One...year of my time. I also never used the decompiler, those can be misleading.
In the video we see him converting hex values to raw decimal values which can be anything but not as they appear.
Again, I am not trying to be a douche, just trying to point out these issues. You can consider the videos misleading at this point. If you need information on Denso I can help somewhat.
So yes, the only way to understand what the values are, is to see what the surrounding code does. To first figure out which memory address corresponds to what. And how the value is represented.
For instance for some Denso ECUs the RPM is stored in memory in raw form and needs to be multiplied by 0,1953125 to get the actual value.
0x8000 = 32768. 32768 * 0,1953125 = 6400. You will not see the RPM value used in raw form ever. The alternative is (RPM * 12800)/65535. These factors WILL differ from ECU to ECU.
Sometimes ECT(coolant temp) will also require not just a factor, but then also substracting a number. Such as ((ECT raw value )*160/255)-40.
So again, the information in the videos is misleading, it has nothing to do with DTCs or temperatures. Go to github and look at romraider subaru definitions, they are in XML and have formulas inside to convert the RAW sensors values to voltage, temperature whatever. They all do. Example : The formula is (raw value) * 0,01933677
So again I am not trying to be a douche but pointing out the logical fallacy of the video. And if the poster of the videos tries flashing any changes he makes right now, he will end up bricking his ECU at best and destroying his engine at the worst.
Look no further than the video segment at 1:11 where he incorrectly assumes that the values he sees are DTCs. First notice how the table of data has repeating numbers. You won't see that in actual DTC codes, each value will be unique and not repeat. This is wrong, those are not DTCs but random values which without analyzing what references them and HOW the instructions process the data, cannot be inferred what they mean. They could even be executable code(unlikely), they could be map data, but certainly NOT DTCs!!
@@farmdve “These arnt dtcs.” It’s my truck, I have tested it. You are wrong.
My Suzuki sidekick Ecu with an (Mitsubishi) sh7055 processor I am having a hard time with. I have asked for help in private message, you have not responded.
“Rpm is never raw value” in my denso sh7055 and my denso sh7058 Ecu it is. There are loads of maps that are using x and y as 32bit full float values. And again in almost every function, they use floating point numbers (raw value). You are wrong.
The reason why there are multiples of the same dtcs listed is because this Ecu has different organized sets of functions that deal with different types of dtcs. However all of them call on this dtc map with a decimal value. Ie 16 being the 16th place in the dtc map. No function has the same dicimal value (I have no idea why) if three functions call the same dtc, said dtc is listed three times in order for each function to have its own decimal value 16, 17, and 18 may be 0401. You are wrong. lol I even found the map(the same length as the dtc map) that sets priority level of said dtc’s this isn’t hard man it’s just time consuming.
I don’t understand why you are taking so much interest in “telling the world” I am wrong when you clearly have never even tuned an Ecu with full float 32bit normalizers in their maps. That’s wild man. Something tells me you own a tuning platform and are trying to convince people that this is harder than it is.
You seem like someone who knows a lot about tuning. I have only been doing this for a year….but again you are …. Well ….. you fill I. The blank.
All fucking around aside, I could use some help. I think my next project on these two ecus. Is getting them too ram dump,DRM,mode 23. You say you are willing to help, you can clearly see I’m trying to help the community. Put your time where your mouth is, let’s OS patch this bitch and get her too dump some ram…… or are you just a troll?
I dig the traffic. And I appreciate you as a person and your interest in my project.
It’s cool when people have the balls too call someone out. Helps the community as a whole
Im tuner i have swiftec and winols i litterly do understand dtc switches and dtc lables but doing it with ghidra very cool using my experience made find them wirh only eyes so this things is really fun
Nice!! I have only been working on this stuff for around 1.5 years. Ghidra for 6 months. My personal truck has very limited support that I could find. I did find a mappack on stageX ai, but they had many mislabeled maps. Trying too change boost and it was my rail pressure instead. 275800-6704.
That is what made me start using ghidra
Thanks, very interesting!
Thanks for the comment man.
Can this be used to reverse engineer the conditions for setting a specific DTC? If so - how? Could you make a video on it?
That is a good idea. I have already touched on that a little, but I will take some time for that specifically. In the mean time Have you watched the video in this link all the way through? this will inadvertently show you how to find conditions to set. How to find EGT, MAF, ECT, sensor scalers. Denso sh7058 and 55
th-cam.com/video/jRo1wr7o80g/w-d-xo.html
Mate i liked you video wanna learn more about those things i m tuner
Good to hear. Thank you for the comment! I am sure I could learn a lot from you too! Make some videos
Good Job bruh, very nice, but i dont Understand
Thanks man
This hit make me wanna quit learning reverse engineering and stick to c++. This is very impressive but i dont understand asything. Wtf are dtcs, WinOle, what am i being shown? I only know how to do some basic crackmes 😭
lol this is a cars Ecu. Yeah man learn c++ I use chatgpt becuase I’m a dumbass and don’t know c++. Gooogle man. This is your cars Ecu.
@@GHIDRAuto thank for the reply. I am good in c++ (thank God at least that, usually work with Windows API). What youre doing is wayyy more impressive. Also thanks for explaining 😁
I’m sure I could learn alot from you. Someone with your expertise would be leaps and bounds ahead of me!
@@GHIDRAuto Haha, never 😂. Its always fun to learn something new tho, and I find RE so entertaining. The average person has no idea hew wide the Technology department is. By the way, do you have any onher socials ? 😁
Yeah for sure. Social media? Reddit is ghidrauto, none of my other socials have too do with this stuff.