hadvw Posted June 2, 2017 Share Posted June 2, 2017 Cool.. That seems related to how adjusting the "calculated torque" tables will cause the TCU to shift with higher line pressure/faster. Link to comment Share on other sites More sharing options...
nightfire37 Posted June 4, 2017 Share Posted June 4, 2017 roadie, i think i had a little ah ha moment. For the ID, it might be 410 because the hex values match to the link i shared Link to comment Share on other sites More sharing options...
nightfire37 Posted June 4, 2017 Share Posted June 4, 2017 Found more info on our transmission. Not sure if its relevant but has tons of juicy info https://www.google.com/url?sa=t&source=web&rct=j&url=https://subarufanclub.cz/wiki/_media/techdata/5at_auto_trans.pdf&ved=0ahUKEwjNlcTgy6TUAhVMMyYKHa-dCzA4HhAWCC4wAg&usg=AFQjCNFfVWHbAFEQN8OTXHARCiFyW7J3dw&sig2=T7Czvzm1v30DO20muaCoRg Link to comment Share on other sites More sharing options...
roadie08 Posted June 4, 2017 Share Posted June 4, 2017 roadie, i think i had a little ah ha moment. For the ID, it might be 410 because the hex values match to the link i shared Yeah. I saw that the second byte at 410 was increasing while I accelerated. Link to comment Share on other sites More sharing options...
roadie08 Posted June 4, 2017 Share Posted June 4, 2017 (edited) Hooked up a spare TCU to see what would happen on the canbus. http://i.imgur.com/EwEI9vC.jpg?1 Didnt expect this, maybe something was wrong. Had to select "listen only" in settings instead of "active" as last time in the car. Will have to try "listen only" in the car to verify. Period=0 ? http://i.imgur.com/AYTlNmV.png Edited June 4, 2017 by roadie08 Link to comment Share on other sites More sharing options...
utc_pyro Posted June 7, 2017 Author Share Posted June 7, 2017 '05 USDM ROM is up thanks to the OP donors that bought the thing, ClimberD, and Sasha. http://www.romraider.com/forum/viewtopic.php?f=40&t=13725&p=128168#p128168 Link to comment Share on other sites More sharing options...
nightfire37 Posted June 8, 2017 Share Posted June 8, 2017 Sick. Now im assuming we can edit anything we want on it now? Link to comment Share on other sites More sharing options...
utc_pyro Posted June 9, 2017 Author Share Posted June 9, 2017 Sick. Now im assuming we can edit anything we want on it now? Not untill you fire up IDA or a hex editor and see if you can find anything. There are also online disassembaly programs that support this CPU if you don't want to deal with the cost or hassle of setting up IDA. Link to comment Share on other sites More sharing options...
ClimberDHexMods Posted June 9, 2017 Share Posted June 9, 2017 Amazing work being done here, very impressive. Hope you guys get pretty far into disassembly. [CENTER][B][I] Front Limited Slip Racing Differentials for the 5EAT now available for $1895 shipped, please inquire for details! [/I][/B][/CENTER] Link to comment Share on other sites More sharing options...
nightfire37 Posted June 10, 2017 Share Posted June 10, 2017 Not untill you fire up IDA or a hex editor and see if you can find anything. There are also online disassembaly programs that support this CPU if you don't want to deal with the cost or hassle of setting up IDA. which cpu is it so I know what im looking for. Im going toi see if I can find some hex editor that supports our cpu. so far I am able to open the files but from there i dont know since I know nothing when it comes to programing Link to comment Share on other sites More sharing options...
roadie08 Posted June 10, 2017 Share Posted June 10, 2017 (edited) '05 USDM ROM is up thanks to the OP donors that bought the thing, ClimberD, and Sasha. http://www.romraider.com/forum/viewtopic.php?f=40&t=13725&p=128168#p128168 Found some SSM commands BF, A0, A8, B0, B8.... and 81,83,27? 00026580 push lr 00026582 push R10 00026584 push R9 00026586 push R8 00026588 add3 R10, fp, #-0x2EF8 0002658C ldi8 R9, #0 0002658E ldi8 R8, #0 00026590 bl.s sub_266E8 || nop 00026594 ldub R0, @(4, R10) 00026598 ldi16 R1, #0xBF ; '+' 0002659C beq R0, R1, loc_265E0 000265A0 ldi16 R1, #0xA0 ; 'á' 000265A4 beq R0, R1, loc_265E0 000265A8 ldi16 R1, #0xA8 ; '¿' 000265AC beq R0, R1, loc_265E0 000265B0 ldi16 R1, #0xB0 ; '¦' 000265B4 beq R0, R1, loc_265E0 000265B8 ldi16 R1, #0xB8 ; '©' 000265BC beq R0, R1, loc_265E0 000265C0 ldi16 R1, #0x81 ; 'ü' 000265C4 beq R0, R1, loc_265E0 000265C8 ldi16 R1, #0x83 ; 'â' 000265CC beq R0, R1, loc_265E0 000265D0 ldi8 R1, #0x27 ; ''' || nop 000265D4 beq R0, R1, loc_265E0 000265D8 ldi8 R1, #0x10 || nop 000265DC bne R0, R1, loc_26680 Edited June 10, 2017 by roadie08 Link to comment Share on other sites More sharing options...
roadie08 Posted June 10, 2017 Share Posted June 10, 2017 which cpu is it so I know what im looking for. Im going toi see if I can find some hex editor that supports our cpu. so far I am able to open the files but from there i dont know since I know nothing when it comes to programing m32r Link to comment Share on other sites More sharing options...
nightfire37 Posted June 11, 2017 Share Posted June 11, 2017 roadie, you have ubuntu on any of your computers? for the life of me i cannot try to disassemble the .bins into plain text so we can read them. ive looked at this website which is an evo forum and they have already disassembled the code. take a look for yourself and see https://www.evolutionm.net/forums/ecuflash/564101-rom-disassembly-raw-text-file.html Link to comment Share on other sites More sharing options...
roadie08 Posted June 11, 2017 Share Posted June 11, 2017 roadie, you have ubuntu on any of your computers? for the life of me i cannot try to disassemble the .bins into plain text so we can read them. ive looked at this website which is an evo forum and they have already disassembled the code. take a look for yourself and see https://www.evolutionm.net/forums/ecuflash/564101-rom-disassembly-raw-text-file.html Havent tried that, but onlinedissasembler will probably have similar output. Link to comment Share on other sites More sharing options...
nightfire37 Posted June 11, 2017 Share Posted June 11, 2017 I used onlinedissassembler and got it "i think". I have them zipped in txt for anyone to download and read. Maybe I am missing something but I know nothing about programming unfortunately. Just trying to help where I can. https://drive.google.com/open?id=0B9qp4YbNuuXzUzZJODR4dE9iNW8 Link to comment Share on other sites More sharing options...
nightfire37 Posted June 11, 2017 Share Posted June 11, 2017 One thing is that if we can identify where the unique address is for the rom we could use ecuflash and view some stuff in there Link to comment Share on other sites More sharing options...
roadie08 Posted June 11, 2017 Share Posted June 11, 2017 (edited) One thing is that if we can identify where the unique address is for the rom we could use ecuflash and view some stuff in there I think the ecuid is at 802A to 802E 0000802A .byte 0x91 0000802B .byte 0xFE 0000802C .byte 0x20 0000802D .byte 0x71 0000802E .byte 0 Edited June 11, 2017 by roadie08 Link to comment Share on other sites More sharing options...
nightfire37 Posted June 11, 2017 Share Posted June 11, 2017 I think the ecuid is at 802A to 802E 0000802A .byte 0x91 0000802B .byte 0xFE 0000802C .byte 0x20 0000802D .byte 0x71 0000802E .byte 0 I dont think that worked but probably doing it wrong. see if you can use other tuners and get some data off it. Hopefully shooting for a some graph or editable fields Link to comment Share on other sites More sharing options...
nightfire37 Posted June 13, 2017 Share Posted June 13, 2017 Roadie, just curious as to what you found on the rom raider forums. What is it? Link to comment Share on other sites More sharing options...
roadie08 Posted June 14, 2017 Share Posted June 14, 2017 Roadie, just curious as to what you found on the rom raider forums. What is it? 25A7C I think its where the SSM response message is put together. Link to comment Share on other sites More sharing options...
utc_pyro Posted June 20, 2017 Author Share Posted June 20, 2017 (edited) Finally back in country and have access to a real computer. Roadie: Are you digging into 91FE207100? Edited June 20, 2017 by utc_pyro Link to comment Share on other sites More sharing options...
roadie08 Posted June 20, 2017 Share Posted June 20, 2017 Roadie: Are you digging into 91FE207100? I have looked at the rom in winols demo but dont understand the table layout... Also trying to connect directly to the mcu in bootmode but no luck yet. Link to comment Share on other sites More sharing options...
roadie08 Posted July 11, 2017 Share Posted July 11, 2017 Dont know if I get it into bootmode correctly. Power on -> pull mod0 high -> pull reset low Then reset should go high as in normal mode but it does not. I can pull it high but not sure if thats correct. Any ideas? Link to comment Share on other sites More sharing options...
Impreza41 Posted July 16, 2017 Share Posted July 16, 2017 Reading through the entire thread just now, no one has cracked the requested upshift delay yet? Link to comment Share on other sites More sharing options...
roadie08 Posted August 17, 2017 Share Posted August 17, 2017 (edited) Reading through the entire thread just now, no one has cracked the requested upshift delay yet? No, I dont think so.. Edited August 17, 2017 by roadie08 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now