Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: code dumping question


Veteran Member

Status: Offline
Posts: 58
Date:
code dumping question


I was wondering how long does it usually take to dump the whole ecu? Im using tera term and log the code as I am typing this post. All I see on the screen right now is a bunch of letters and numbers. I was just wondering if that is correct? I know long lines of FFFFFFFFFF means lost of connection.

__________________


Guru

Status: Offline
Posts: 964
Date:

You should be getting lines like this....

S21400033000002800000028320000286400002896EC
S214000340000028D400002906000029380000296A89
S2140003500000299C000029D000002A0400002A186A
S21400036000002A6000002A9400002AC800002ADC48
S21400037000002B1000002B4600002B8400002BB43E
S21400038000002C08FFFFFFFFFFFFFFFFFFFFFFFF40
S214000390FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF68
S2140003A0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF58
S2140003B0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF48
S2140003C0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF38
S2140003D0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF28
S2140003E0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF18
S2140003F0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF08


As long as each line starts S214 your good. You need to capture 16,000+ of these lines so it takes about 90 mins.

There many be lines with lots of FFFF in them but they should still start S214.

The S214 is a header. Next comes the address in the example above that would be 0003F0. You need to read the code till the address gets to 03FFF0. Each line only contains 16 bytes of data and you need to read out 256k bytes.

__________________


Veteran Member

Status: Offline
Posts: 58
Date:

thanks again ridgeracer.

__________________


Veteran Member

Status: Offline
Posts: 58
Date:

Im still capturing data, it has not stop. Is been about 6 hours already. All the code lines do start with s214. Does the BST program stop when it reaches the end of the memory addresses or does it keep looping? Im dumping a 07 gsxr600 ecu.

-- Edited by jayknight at 16:30, 2008-11-19

__________________


Veteran Member

Status: Offline
Posts: 72
Date:

The 06/07 GSX-R 600/750 use a SH7054F with 384k.
You have to read until 0x5FFFF.

This takes about 2 1/2 hours.
The last line you need in your capture file begins with S21405FFF0.
You can delete all following lines.

__________________


Guru

Status: Offline
Posts: 964
Date:

jayknight wrote:

Im still capturing data, it has not stop. Is been about 6 hours already. All the code lines do start with s214. Does the BST program stop when it reaches the end of the memory addresses or does it keep looping? Im dumping a 07 gsxr600 ecu.

-- Edited by jayknight at 16:30, 2008-11-19



Depends which version your using. What address line is it currently on?

The first version I posted was suppossed to stop at 03FFFF but had a bug in it. If your ECU is the 7054 as mentioned above you will need to modify the code so it goes up to 05FFFF.

'sequence thru the data
'
' addr  0000:0000 - 003F:FFFF
'

A28=0
A24=0

FOR A20 = 0 TO 3
  FOR A16 = $0 TO $F
    FOR A12 = $0 TO $F
      FOR A8 = $0 TO $F
        FOR A4 = $0 TO $F
          DEBUG "S214"                  'start of record + len of addr, data , checksum  = 3 + 16 + 1 =0x14
          DEBUG HEX A20,HEX A16,HEX A12,HEX A8,HEX A4,"0"  '3 byte addr
          chksum = $14 + (A20 * 16) + A16 + (A12 * 16) + A8 + (A4 * 16)
          FOR A0 = $0 TO $F STEP 4
              GOSUB Get32               'get 4 hex bytes as ascii
              chksum = chksum + (D28 * 16) + D24 + (D20 * 16) + D16 + (D12 * 16) + D8 + (D4 * 16) + D0
          NEXT
          chksum = chksum ^ %11111111   'ones complement of chksum
          IF chksum < 16 THEN DEBUG "0" 'hex outputs 0x0F as just "F", adds the leading zero
          DEBUG HEX chksum, CR,LF                   'end of a line
        NEXT
      NEXT
    NEXT
  NEXT
NEXT

The first FOR line, FOR A20 = 0 to 3; change the 3 to a 5.

Also make sure it says GOTO quit after the last NEXT.

 



__________________


Veteran Member

Status: Offline
Posts: 58
Date:

currently at: S2141B5E40FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42


' addr 0000:0000 - 003F:FFFF -----> ' addr 0000:0000 - 005F:FFFF

and

FOR A20 = 0 TO 3 -----> FOR A20 = 3 TO 5

is that correct?

-- Edited by jayknight at 17:55, 2008-11-19

__________________


Veteran Member

Status: Offline
Posts: 58
Date:

here's the whole code for you to see if there is something wrong.

' {$STAMP BS2}
' {$PBASIC 2.5}

' AUD port via PBasic BS2
' Marlin Bially 3-18-08
'
'
'Address Nibbles
A0 VAR Nib
A4 VAR Nib
A8 VAR Nib
A12 VAR Nib
A16 VAR Nib
A20 VAR Nib
A24 VAR Nib
A28 VAR Nib

'Data Nibbles
D0 VAR Nib
D4 VAR Nib
D8 VAR Nib
D12 VAR Nib
D16 VAR Nib
D20 VAR Nib
D24 VAR Nib
D28 VAR Nib

chksum VAR Byte

PAUSE 5000

OUTL =255 'preset all high
DIRL =0 'set all input


'Clock 0
'Set all high including reset which starts AUD port
'
'OUTL = 255
DIRL = 255 'set all output and high
LOW 5 'set clock low
PAUSE 1 '1mS
HIGH 5 'clock hi
PAUSE 1 '1ms



'sequence thru the data
'
' addr 0000:0000 - 005F:FFFF
'

A28=0
A24=0

FOR A20 = 3 TO 5
FOR A16 = $0 TO $F
FOR A12 = $0 TO $F
FOR A8 = $0 TO $F
FOR A4 = $0 TO $F
DEBUG "S214" 'start of record + len of addr, data , checksum = 3 + 16 + 1 =0x14
DEBUG HEX A20,HEX A16,HEX A12,HEX A8,HEX A4,"0" '3 byte addr
chksum = $14 + (A20 * 16) + A16 + (A12 * 16) + A8 + (A4 * 16)
FOR A0 = $0 TO $F STEP 4
GOSUB Get32 'get 4 hex bytes as ascii
chksum = chksum + (D28 * 16) + D24 + (D20 * 16) + D16 + (D12 * 16) + D8 + (D4 * 16) + D0
NEXT
chksum = chksum ^ %11111111 'ones complement of chksum
IF chksum

__________________


Guru

Status: Offline
Posts: 964
Date:

Well first off I would save the file you have so far. What you want is probably already in your file. It just never stopped and kept on going way past what you needed to  1B5E40.

If you just delete everything after line S21405FFFF.... ( around 24,576 lines down ) it should be good. If you want to zip it up and send it to me I'll take a look at it for you and see if it looks good.

As for the code changes  every thing after an ' is a comment and has no actual effect on the code so technically you want to change

' addr 0000:0000 - 005F:FFFF

to keep your notes on what the software does current but it is not required.

On the other line FOR A20 3 to 5 I should have been more clear. I meant change the 3 to a 5. It should read 

FOR A20 0 to 5




__________________


Veteran Member

Status: Offline
Posts: 58
Date:

thanks again.

__________________


Veteran Member

Status: Offline
Posts: 58
Date:

What is the average size of the bin file after dumping it?

__________________


Veteran Member

Status: Offline
Posts: 72
Date:

If you delete all after after line S21405FFFF.... it should have 1104 kb.
Could I please also have a copy of it per Email?
Thanks

__________________


Veteran Member

Status: Offline
Posts: 58
Date:

ridgeracer and blackgixxer what are your email addresses? Blackgixxer, have you written a def file for romraider before?

__________________


Veteran Member

Status: Offline
Posts: 72
Date:

my email is blacktriple(at)gmx.de.
Sorry I donīt have a definition file for the 600, but I want to see if there is something similar to the 1000.

__________________


Guru

Status: Offline
Posts: 964
Date:

My email is   ecu.mbially@olympus.net

Just to clarify things what the BS2 is outputing that you captured is a Motorola S19 file which is a text format that describes the binary contents of the ECU. It dates from the bad old days before the internet when you had to transmit files as text over modems.

The s19 file can be converted to a binary file or .bin that is exactly like the raw data in the ECU memory. The size of a binary file image of a CPU with 393,216 bytes of flash is 393,216.

The s19 file on the other hand takes 40+ text chars to describe 16 bytes so it is about 400% larger than the binary version.

__________________


Veteran Member

Status: Offline
Posts: 58
Date:

Im using tera term to log the rom as it is being output. I have the option to save it as a .bin file as it outputs. Which is the option i chosen. Is there another way? After I added the GOTO quit code to the end of the last NEXT. The rom is still dumping and its reaching 1.2mbs.

-- Edited by jayknight at 23:40, 2008-11-19

__________________


Guru

Status: Offline
Posts: 964
Date:

Saving it as binary should be fine. Just rename it to something.s19 when done.

What does the s214 line address read now? It should be under 2 Mb when it finishes

Did you save your last file? If so you should be able to edit it with Notepad if it was not to huge.



__________________


Veteran Member

Status: Offline
Posts: 58
Date:

I saved my first dump but is well over 5mbs. I cant SSH into my home pc right now, I will try again later.

__________________


Veteran Member

Status: Offline
Posts: 58
Date:

The the bin just reached 2 mbs

__________________


Guru

Status: Offline
Posts: 964
Date:

If the lines read S21406 or greater I would just stop it now.

__________________


Guru

Status: Offline
Posts: 964
Date:

jayknight wrote:

ridgeracer and blackgixxer what are your email addresses? Blackgixxer, have you written a def file for romraider before?




 I have a software utility posted on the forum that will automatically generate a base definition.

bin2xml thread



__________________
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard