posted June 08, 2006 07:59 PM
Edited By: blitzkrieg on 13 Jun 2006 17:30
Edit: Sorry responding to an idiot (BF). Didn't mean to get offtrack...
____________
"BTW....You need to get a girlfriend who's last name isn't .jpg"
posted June 08, 2006 11:43 PM
well good then RR....i'll be waiting for the results...anything else you want from the manual just let me know.....
____________
2005 ZX-12R,Arata Full Ti, PC3,Gillis
Rearsets,Muzzy Velocity Stacks,BMC
Race filters.One Crazy 12
posted June 09, 2006 04:49 AM
Sorry Fish, this is my last post in this thread.
That Congresswoman's picture,
I was saying hi to Vince, who doesn't go over to the smackhouse by way of reference to a huge debate at planet org. that went on for days about racial profiling that he was heavily involved in, as was I, but under a different name "Jet"
I have successfully downloaded the entire code out of the ECU. I wrote some software to grab the RS-232 data from my interface and save it as motorola .s19 files and also to generate a hex dump text file. It's not much to look at. Just lines and lines like this...
The first column is address, center columns data in hex, end column is the ASCII text equivalent of the data. Makes it easy to identify any embedded text in the code.
So all this data goes through three different hardware interfaces and is converted between several different formats. So not knowing what is suppossed to be there how do I know if I have valid data? Well I scanned through all the hex dump files and found this...
The next step is to run the code through a disassembler to convert it to human readable mneumonics. Here is an example output of such a program (link is pro version). If you check the link you'll see that they really went to a lot of trouble to make disassembling programs easier.
Too bad they didn't check with BlewFord before they wasted all that time designing a product for doing something impossible :P
Of course that program is $800+ I'm trying to find a shareware / freeware one. There are some freeware ones that don't specifically support this CPU but allow the user to define custom CPUs which I guess is better than writing one from scratch.
posted June 11, 2006 09:03 PM
Edited By: fish_antlers on 3 Dec 2006 18:42
I isolated the area of the code I believe to be the 'MAP' sections. I converted them to bitmaps where each 0-255 value has been converted to a different color or gray scale pixel. Its 160 bytes by 160 lines Staring at a bunch of numbers really doesn't click with our brains, we are much better at pattern recongnition in pictures.
There are obvious repeating patterns but if you zoom in you will see that each group is slightly different. The bottom group is skewed because its verticle interval is not a multiple of 8. I should be able to tweak it. It looks like there are actually several maps being used.
I didn't enlarge them because I wanted to keep the orginal scale of one data point per pixel. The first one is a false color image that makes the patterns stand out. The second is a gray scale black = 00 white = 255
If you copy them and then open them in a graphics program like Paint you can zoom in on them. At some point I'm going to try to change them into a 3d topo image
Needs a life
Miles to go before I sleep....
Posts: 10623
posted June 13, 2006 04:21 AM
quote: Like Tuusinii said. I ahd the high alltitude ecu installed on my bike also, and the mileage did not reset.
...mee too...
____________ “We sleep safe in our beds because rough men
stand ready in the night to visit violence on those
who would do us harm.”
-George Orwell
Needs a life
Miles to go before I sleep....
Posts: 10623
posted June 13, 2006 04:52 AM
quote:
quote: In english please...
Inside the ECU is a virtual room, a library. There are 1024 books in this library. Each book has 1024 pages. In 48 or fewer of these books is written all the secrets of the ECU. All the rest of the books are either blank or have random charcters on the pages. I can't get in the front door of the library, in fact I don't even know where it is, what kind of door it is, or how its locked.
I found a back door in the alley and next to the door is an intercom. When I push the button the janitor answers. His initials are BDM. He is not very bright and doesn't know anything about the front door either. But he can read and said that he would read me any page from any book over the intercom. So if I ask him what it says in book 564 on page 339 he will read it to me.
Now some where in this library in addition to the secrets of the ECU are the secrets of the library itself including where the front door is, what kind of lock it has, and the home number of the librarian. I just need to find the right page and I would rather not look at them all. I found out that BDM not only has access to the shelves but to the librarian's desk.
The first question I plan to ask him is which book is on the librarian's desk right now and what page is it turned to. That should give me a clue where to start.
...you're freaking me out...
____________ “We sleep safe in our beds because rough men
stand ready in the night to visit violence on those
who would do us harm.”
-George Orwell
Needs a life
Miles to go before I sleep....
Posts: 10623
posted June 13, 2006 05:05 AM
Edited By: worm~hole on 13 Jun 2006 06:14
quote:
quote:Perhaps Doug Meyer needs some advice on chain lube? SHIT, dripping with fucking EGO.
Blueford, take a deep breath, relax, and try reading my post again. The context of the Doug Meyer quote is that I needed advice like the red wire is usually positive as much as Doug Meyer would need advice about anything to do with motorcycles let alone chain lube. I would never presume to tell Mr. Meyer anything.
quote:If he had the right disassembler and he received the code, so what? It not going to say "this does this" "this is for the stupid button" 01000101110001111000001010101011001010.
If you were talking about some windows code you might be right. The binary does not contain any labels, variable names, or comments. When the code says take a number, add 5 to it, and store it over here you have no way of knowning what the original number is suppossed to represent, why its adding 5 instead of say 10, or why it stored it where it did. It could be the number of hit points in a game of Quake or the number of seconds till the ICBMs launch
But this is Firmware, not software. The power MOSFETs that fire the injectors are physically connected to a pin on the CPU. That pin has an address in the cpu that never changes. I can tell by looking at the circuit that when you write a 1 to that address the injector opens, when you write a 0 it closes. When I see that address in the code I know it is injector code and I can tell when the code wants the injector on and when it wants it off. I don't need it to 'say' anything. Same goes for the ignition coils, and all the sensors TPS, air temp, bike down, gear position etc.
Without the ECU board the code would be nearly impossible to decipher. The software was written to run the board and board therefore restricts and defines the software's function. The ECU board itself is the Rosetta stone to the code's secrets
quote: THIS IS ABOUT RIDGY'S EGO
Duh! I'm not doing it for money. Why else would I do it but for bragging rights and the respect of my peers. How am I different from the guys who take their bikes to the Salt Flats and try to be the fastest, or the guy who goes to the drag strip and tries to be the quickest and then comes here and posts his time slip? We all do it for the challenge, to be the first, and yes to gain the recognition of our peers.
Do you go to concerts Blueford and not clap for the musicians because you don't want to inflate their egos? Do you sit there and grumble how dare they go out in public and show off their talents? We applaud them for their talents and because they share them with us. Yes they get their egos stroked, but I get to hear their glorious music. I think it's a fair trade. I get some atta-boys and you all get a programmable ECU.
You would think me a better man for doing this and keeping it all a secret to myself? Or perhaps its my anti-capitalist attitude you resent...my giving away valuable knowledge for mere recognition instead of money. How twisted of me.
The truth is that desiring recognition for ones accomplishments is human nature, we all do it. Go look in the mirror Blueford. You are always showing off your talents and trying to get attention around here. It's too bad your only talent is being an asshole.
...this is the best reply ever about anything as it pertains to bf...heading over to the smackhouse ____________ “We sleep safe in our beds because rough men
stand ready in the night to visit violence on those
who would do us harm.”
-George Orwell
I discovered today that the ECU CPU is not a private labeled MC68HC916R1. While the physical package and pinouts all appear to be the same I just discovered that this CPU has 64k of Flash, the R1 only has 48K. It is definetly some sort of MC68HC916 variant. These CPUs are modular. They are all a mix of Core, RAM, FLASH, IO etc. The ECU CPU's feature list just doesn't match any commercially available part # I can find.
This is not real bad news but it will make things a bit more complicated later on. I'm going to have to try to piece together from several different CPU datasheets what exactly it's doing.
Hey, the good news is it has 64K
I should of figured this out Sunday when I was converting the map page to a bitmap. A little voice in my head said, I thought the map was 16k and the code was 32k. Then later when I was disassembling the code the voice said I though the code was 16k and the map 32k. As it turns out they are both 32k for a total of 64k
I didn't figure this out until I started disassembling the code. I found a 68HC16 disassembler that offered a crippled demo version that only disassembles a couple hundred lines at a time and only outputs to the screen. I captured the screens and pasted the fragments together to make a complete listing.
On the topic of reprogramming the ECU there is What I think, What I know, and What I can prove. So far I have been hovering between think and know. Now that I have the listing I should be able to find out for sure. One of the first things I searched it for were refrences to the FLASH control registers. I found them but they were controlling FLASH the -R1 chip doesn't have. Thats when the little voice in my head finally made sense. Its a 64k chip, and not an -R1.
But finding the wrong Flash registers was better than not finding any. I haven't totally gone throught it but there is code that changes the FLASH read/write/verify registers. This is just one more item to check off on my List of Things You Would Expect To Find in a programable ECU.
Well thats about it for this week. Time to go back to paying the rent.
BTW Anyone who is really really bored out there who knows how to read assembly listings and a datasheet and wants to help generate a symbol table, label the subroutines and calls, and fill in comments let me know. The listing, minus the MAP data comes out to about 9800 lines of code.
posted June 13, 2006 05:11 PM
not really. you can disassemble it to assembly, but beyond that there are any number of languages it could be compiled from (tho i would guess C/C++ is the most likely possibility). It _may_ conceivably be possible to find out what higher level language it was compiled from by looking for a particular sequence that only one particular compiler produces, but it such sequences even exist is uncertain. Moreover, who's to say this wasn't actually written in assembly? i know tha twas the approach i took the last (and only) time i programmed a motorola chip cause it produced a program that was SO much more efficient (smaller and quicker) than what a compiler produced.
RR, i'll be glad to help reading code but it will almost certainly be a week or 2 before i could touch it as my schedule is just too packed right now. not sure how long you expect this process to last, but should it be that long, i'll do what i can.
Needs a life
Full throttle!
Posts: One MEEEEEELLION
posted June 16, 2006 07:10 AM
Freek - I would be pretty certain, given the limited space, that it was written directly in assembly. That doesn't mean that it wasn't first written in C, tested on a simulator, then written to the CPU's flash.
____________
82 Gpz750, 84 Ninja 900, 2000 ZX12R (Muzzy Big Bore Kit), *another* 2000 ZX12R (Muzzy custom stroke crank 1341cc motor), 2004 ZZR1200, 2005 ZX10R, 2007 ZX14, 2008 Concours 14, 2014 Versys 650, 2014 Yamaha WR450F, 2015 Ninja H2
posted June 17, 2006 06:36 AM
Edited By: ridgeracer on 17 Jun 2006 07:40
Having seen the code it seems pretty obvious to me it was generated from a higher level language compiler, and not a very good one I might add. Take a look at the following example; a simple subroutine that uses the value of a timer register to determine whether to set (5Vdc) or clear (0Vdc) IO Port F bit 1 (cpu pin 82)
(I added the underscores to maintain the column spacing since the board kills extra whitespace chars)
Notice that half the registers it stacks are not even used by the routine. Second it sets the extended Y register to the same value 3 times and the Y register to the same value twice. This is typical compiler behaviour. Every time the C code refrences an extended location it sets the extended register, sets the pointer, accesses the location. It is not smart enough to recognize that the previous location used the same settings so it redundantly issues them again.
Also most of the LDYs were unnecessary. CTM7 (0xFF900) and SCIM2 (0xFFA00) are both in the same 16 bit space and their locations are being accessed using a 16bit offset index command why not just set Y = 0x0000, once, and then use LDE $F91A,Y and STAA $FA05,Y ? It was written in assembly it would look like this with 6 fewer lines or about 30% smaller
As for the 'small' size fo the code space in the ECU requiring it be written directly in assembly I would disagree. Its a factor of the size and the amount of code you need. I use C source all the time to write code for platforms with as little as 4k of code space and I seldom use half the available space. Of course I do use CodeWarrior which is a lot more effcient at compiling than whatever these guys used.
Lets face it an ECU isn't exactly a guidance system for a mars rover.
posted June 19, 2006 12:38 PM
Edited By: VincentHill on 19 Jun 2006 13:39
quote:
quote:
quote:Perhaps Doug Meyer needs some advice on chain lube? SHIT, dripping with fucking EGO.
Blueford, take a deep breath, relax, and try reading my post again. The context of the Doug Meyer quote is that I needed advice like the red wire is usually positive as much as Doug Meyer would need advice about anything to do with motorcycles let alone chain lube. I would never presume to tell Mr. Meyer anything.
quote:If he had the right disassembler and he received the code, so what? It not going to say "this does this" "this is for the stupid button" 01000101110001111000001010101011001010.
If you were talking about some windows code you might be right. The binary does not contain any labels, variable names, or comments. When the code says take a number, add 5 to it, and store it over here you have no way of knowning what the original number is suppossed to represent, why its adding 5 instead of say 10, or why it stored it where it did. It could be the number of hit points in a game of Quake or the number of seconds till the ICBMs launch
But this is Firmware, not software. The power MOSFETs that fire the injectors are physically connected to a pin on the CPU. That pin has an address in the cpu that never changes. I can tell by looking at the circuit that when you write a 1 to that address the injector opens, when you write a 0 it closes. When I see that address in the code I know it is injector code and I can tell when the code wants the injector on and when it wants it off. I don't need it to 'say' anything. Same goes for the ignition coils, and all the sensors TPS, air temp, bike down, gear position etc.
Without the ECU board the code would be nearly impossible to decipher. The software was written to run the board and board therefore restricts and defines the software's function. The ECU board itself is the Rosetta stone to the code's secrets
quote: THIS IS ABOUT RIDGY'S EGO
Duh! I'm not doing it for money. Why else would I do it but for bragging rights and the respect of my peers. How am I different from the guys who take their bikes to the Salt Flats and try to be the fastest, or the guy who goes to the drag strip and tries to be the quickest and then comes here and posts his time slip? We all do it for the challenge, to be the first, and yes to gain the recognition of our peers.
Do you go to concerts Blueford and not clap for the musicians because you don't want to inflate their egos? Do you sit there and grumble how dare they go out in public and show off their talents? We applaud them for their talents and because they share them with us. Yes they get their egos stroked, but I get to hear their glorious music. I think it's a fair trade. I get some atta-boys and you all get a programmable ECU.
You would think me a better man for doing this and keeping it all a secret to myself? Or perhaps its my anti-capitalist attitude you resent...my giving away valuable knowledge for mere recognition instead of money. How twisted of me.
The truth is that desiring recognition for ones accomplishments is human nature, we all do it. Go look in the mirror Blueford. You are always showing off your talents and trying to get attention around here. It's too bad your only talent is being an asshole.
...this is the best reply ever about anything as it pertains to bf...heading over to the smackhouse
You gotta luv this guy! I almost yelled out this was so good! Actually as Bear says, 1/2 Ass Hole because a Whole one is worth something! ____________
Made History @ Daytona and still one fast old man!!
All times are America/Va [ This thread is 39 pages long: 1 - 45678910 - 10> - 39Next» ]
HOME
NEW TOPIC
posted June 08, 2006 07:59 PM
Edited By: 
posted June 12, 2006 05:26 PM
Last guidance system I mucked around in was for a UGM-73A. 
