PCM hacking 101 - The step by step approach
#51
Member
iTrader: (1)
Join Date: Dec 2011
Location: under the hood of my car in Massachusetts
Posts: 179
Likes: 0
Received 0 Likes
on
0 Posts
Car: 92 rs daily driver work in progress
Engine: 3.1 , 204/214 cam
Transmission: 700 r-4, b& m megashifter
Axle/Gears: I want a posi with rear discs
Re: PCM hacking 101 - The step by step approach
ok damn, long read and what I got out of it is...... if I do an ls swap, I want you hacking my computer.
#52
Supreme Member
iTrader: (1)
Join Date: Jan 2002
Location: garage
Posts: 4,432
Likes: 0
Received 1 Like
on
1 Post
Engine: 3xx ci tubo
Transmission: 4L60E & 4L80E
Re: PCM hacking 101 - The step by step approach
Old thread. Looks like these tools may be worth a try.
Disassembler:
Updated IRA
http://aminet.net/package/dev/asm/ira
Assembler:
VASM
http://sun.hasenbraten.de/vasm/
Disassembler:
Updated IRA
http://aminet.net/package/dev/asm/ira
Assembler:
VASM
http://sun.hasenbraten.de/vasm/
#53
Junior Member
Join Date: Mar 2009
Location: SC
Posts: 89
Likes: 0
Received 0 Likes
on
0 Posts
Car: '82 Camaro
Engine: 355
Transmission: T56
Axle/Gears: 4th Gen 10 Bolt, 4.10
Re: PCM hacking 101 - The step by step approach
Thanks for posting those up junkcltr. Have you tried that disassembler yet? I've been looking for one as well to decompile a later green/blue connector pcm .bin file, but have had trouble locating a disassembly and can't splurge currently on IDA Pro.
#54
Re: PCM hacking 101 - The step by step approach
This is very difficult, I wish it was explained more? Why the need to pull the flash chip off the board? Can't you use a known good bin file? I have bins from the GM SPS, they are the same as what hpt uses, or efi live.
If I load these into ida I setup the Processor as moto 68330 there isn't a 68332, so is 68330 normal, there is lots of setting and options, no clue what to set them all for? am I creating ram or rom? I get a error message saying it doesn't know ere the start address of the code is? How do I find that, what exact settings do I input into IDA?
Also IRA, and dsm68 do not work just a black screen opens for half a sec, then tis gone?? Very frustrated!
If I load these into ida I setup the Processor as moto 68330 there isn't a 68332, so is 68330 normal, there is lots of setting and options, no clue what to set them all for? am I creating ram or rom? I get a error message saying it doesn't know ere the start address of the code is? How do I find that, what exact settings do I input into IDA?
Also IRA, and dsm68 do not work just a black screen opens for half a sec, then tis gone?? Very frustrated!
#56
Re: PCM hacking 101 - The step by step approach
Here is a 99 vortec file 4.3L V6 automatic is this all I need to dissemble?
Looking at it in hex, Id guess 0x400 to be the start of the machine code, and 0x668co to be the end? But how do I implement this into IDA to read the disassembly?
Looking at it in hex, Id guess 0x400 to be the start of the machine code, and 0x668co to be the end? But how do I implement this into IDA to read the disassembly?
#57
Re: PCM hacking 101 - The step by step approach
OK figured it out? press C at 0x04 and it starts decompiling, but I don't see any text to the right like you have, just move, push and numbers
Why don't I see anything like this construct idle rpm error, and all those actual numbers that make more sense?
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
; Construct idle RPM error term
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
;
LAB_2197:
CLR.L D3 ;Preclear D3
MOVE EXT_1460.W,D3 ;Load D3 with desired idle speed
Why don't I see anything like this construct idle rpm error, and all those actual numbers that make more sense?
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
; Construct idle RPM error term
;~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
;
LAB_2197:
CLR.L D3 ;Preclear D3
MOVE EXT_1460.W,D3 ;Load D3 with desired idle speed
#60
Re: PCM hacking 101 - The step by step approach
Ok I got Tos and St emulator running TTdigger, can figure out how to opne a file with ttdigger? Do I have to rename my bin file to .st, or .idx? I tired that, still cant seem to get it to work?
I get error stop and cant find OSVARS.RA whenever I try to to open anything with TTdigger?
I get error stop and cant find OSVARS.RA whenever I try to to open anything with TTdigger?
#62
Supreme Member
iTrader: (2)
Join Date: Jan 2005
Location: Hurst, Texas
Posts: 9,982
Received 385 Likes
on
329 Posts
Car: 1983 G20 Chevy
Engine: 305 TPI
Transmission: 4L60
Axle/Gears: 14 bolt with 3.07 gears
Re: PCM hacking 101 - The step by step approach
I used Tunercats to segment swap a 4L80E transmission segment from a 2000 5.7 Experess van into a 2000 C1500 4.3 truck PCM that the owner had swapped a 4L80E into and tried to use the 4L60E tuning with a relay added to the system. Long story short it did not work out correctly with the relay, but worked well after the segment swap.
#63
Member
Join Date: Mar 2002
Location: Boston, MA
Posts: 271
Likes: 0
Received 0 Likes
on
0 Posts
Car: 1987 Corvette
Engine: Modified L98
Transmission: DN 4+3
Axle/Gears: 3.07
Re: PCM hacking 101 - The step by step approach
Sorry for the thread necropsy, but what an awesome thread.
Does a full assembly dump of any $6E bin exist?
A few years ago I went through a ABTB_HAC.SRC dump I have of a $32B to expand the TunerCat (and TunerPro) definition file for my '87 Corvette. I'd kind of like to look at maybe moving to $6E, but my car still has the Doug Nash 4+3 so I'd lose some functionality. I'm a bit curious if some of the same tables that control the OD on the transmission still exist in the 6E BINs even though they'd probably be purposed only for Automatics.
Does a full assembly dump of any $6E bin exist?
A few years ago I went through a ABTB_HAC.SRC dump I have of a $32B to expand the TunerCat (and TunerPro) definition file for my '87 Corvette. I'd kind of like to look at maybe moving to $6E, but my car still has the Doug Nash 4+3 so I'd lose some functionality. I'm a bit curious if some of the same tables that control the OD on the transmission still exist in the 6E BINs even though they'd probably be purposed only for Automatics.
#64
Junior Member
Join Date: Jun 2006
Location: Poland
Posts: 3
Likes: 0
Received 0 Likes
on
0 Posts
Car: '88 Firebird
Engine: 305 TBI
Transmission: TH700R4
Axle/Gears: GM 3.23 TORSEN
Re: PCM hacking 101 - The step by step approach
There's 6E disassembly attached. Also, have a look at the XDF I did for 6E, it's quite complete, but it's missing some parameters in transmission section of calibration.
I remember that there were some strange manual trans parameters in hac, probably for 4+3 OD, but not defined clearly. If you add the 4+3 parameters, please share your findings.
I remember that there were some strange manual trans parameters in hac, probably for 4+3 OD, but not defined clearly. If you add the 4+3 parameters, please share your findings.
Last edited by dzida; 07-07-2017 at 04:39 AM.
#65
Member
Join Date: Mar 2002
Location: Boston, MA
Posts: 271
Likes: 0
Received 0 Likes
on
0 Posts
Car: 1987 Corvette
Engine: Modified L98
Transmission: DN 4+3
Axle/Gears: 3.07
Re: PCM hacking 101 - The step by step approach
There's 6E disassembly attached. Also, have a look at the XDF I did for 6E, it's quite complete, but it's missing some parameters in transmission section of calibration.
I remember that there were some strange manual trans parameters in hac, probably for 4+3 OD, but not defined clearly. If you add the 4+3 parameters, please share your findings.
I remember that there were some strange manual trans parameters in hac, probably for 4+3 OD, but not defined clearly. If you add the 4+3 parameters, please share your findings.
Thank you! I don't know if I'll get around to it quickly, but will be sure to follow-up if I find anything interesting.
#66
Re: PCM hacking 101 - The step by step approach
Hello all fellow hackers I'm trying to find a 4.3L auto bin file for a 98 black box does anyone have one plz trying to tune my 97 but need a bin as my 98 black box has a 5.7 file on it know Thx
#68
Re: PCM hacking 101 - The step by step approach
Sorry to resurrect an old thread, but I'm hoping that @dimented24x7 or someone else can help me reverse a P59 OS (). I posted the text output of Ghidra disassembler at https://github.com/ColPaulR/GM-Gen-3..._4L60E.bin.txt. Looking at the vector table, INT3 appears to be the IRQ that is different than the rest. I assume that the MC68HC58 IRQ is tied to IRQ3. If so, the interrupt routine starts at 0x0005c4. Using the above and some comments from another commented disassembled OS at https://github.com/LegacyNsfw/125933....annotated.asm, I have been adding comments. Can anyone help me better understand what the code I'm calling void LVL3_FUNCTION(void) does? That is address space 0x0005C4 through RTE at 0x0006A0.
#69
Re: PCM hacking 101 - The step by step approach
ColPaul did you pm him directly about this or on http://www.gearhead-efi.com/ a guy LTR he is also very good at this
Last edited by Bill Hagan; 02-02-2020 at 07:34 PM. Reason: Add Name
Thread
Thread Starter
Forum
Replies
Last Post
odddoylerules
DIY PROM
6
06-01-2007 12:09 AM