Since I have begun my attempts at writing a kernel for reading/writing the SH2 TCM I have discovered something. I mean it was written in the fenugrec kernel but still. SH7055 has 2 variants, SH7055S(180nm) and SH7055(350nm) which is the original Hitachi SH7055.
The IDA 7.7 CPU processor definitions for SH7055 assume the newer variant and labels everything according to it, but for flashing purposes there are massive differences, the 350nm old-gen MCU does not have the FKEY register, while the new one does.
In my excavation of the Denso SBL I saw it accessing address FFFFE803 which is forbidden according to the new variant, but perfectly fine for the old variant because the register is quite different, which led to me to believe that IDA cannot differentiate between the two.
The Temic 29.1 features the newer-style SH7055S which is easily seen by it accessing the FKEY register in the ROM, which IDA correctly identifies and complete lack of FFFFE803 which is the old-style Erase block register 2.
Just something for people to take in mind when going down this path.
Vida CEM swapping
Ok, I got the pin into VDASH and tried to program new key but it errors out https://pasteboard.co/Qav2CwI4nob6.png
Read immo does something but still errors out on program new key.
Car has currently no working keys, but i bought a new master key from volvo so can turn the ignition lock.
Can the IMMO pin be extracted out of the flash dump?
Read immo does something but still errors out on program new key.
Car has currently no working keys, but i bought a new master key from volvo so can turn the ignition lock.
Can the IMMO pin be extracted out of the flash dump?
-
Dudde
- Posts: 64
- Joined: 22 January 2020
- Year and Model: 2005 V70 and more
- Location: Finland
- Has thanked: 14 times
- Been thanked: 17 times
sebs wrote: ↑24 Sep 2024, 02:39 Ok, I got the pin into VDASH and tried to program new key but it errors out https://pasteboard.co/Qav2CwI4nob6.png
Read immo does something but still errors out on program new key.
Car has currently no working keys, but i bought a new master key from volvo so can turn the ignition lock.
Can the IMMO pin be extracted out of the flash dump?
Where are you located? I can program key for you
I want to still try some things around before I suck it up and walk back to volvo and order the Ignition key application and remote key application. First time I tried to program the key with vida I only ordered the Ignition key program and was unable to program it. Apparently you need the Remote key application too...Dudde wrote: ↑24 Sep 2024, 06:33sebs wrote: ↑24 Sep 2024, 02:39 Ok, I got the pin into VDASH and tried to program new key but it errors out https://pasteboard.co/Qav2CwI4nob6.png
Read immo does something but still errors out on program new key.
Car has currently no working keys, but i bought a new master key from volvo so can turn the ignition lock.
Can the IMMO pin be extracted out of the flash dump?
Where are you located? I can program key for you
But anyway now that I have the cem pin is there another way to add a new key than the legit vida way or VDASH that keeps failing for me?
-
dikidera
- Posts: 1304
- Joined: 15 August 2022
- Year and Model: S60 2005
- Location: Galaxy far far away
- Has thanked: 67 times
- Been thanked: 175 times
Whilst waiting for a TCM, I decided I wanted to dump my DIM cluster, unfortunately it appears the DIM firmware does not have the B4 checksum command, what a bummer.
I will have to see if A7 or BB will work.
In the meantime I have been lightly studying the 68HC12 DT128A datasheet to figure out more about how the MCU works, it's paging, but it's the ISA itself that bothers me so much.
Goal is language change and enabling instant fuel consumption and average fuel consumption for the BIFUEL model. They likely didn't enable them for the bi-fuel models as the values were polluted by running the car in gas and petrol mode, but this is a non-issue.
I will have to see if A7 or BB will work.
In the meantime I have been lightly studying the 68HC12 DT128A datasheet to figure out more about how the MCU works, it's paging, but it's the ISA itself that bothers me so much.
Goal is language change and enabling instant fuel consumption and average fuel consumption for the BIFUEL model. They likely didn't enable them for the bi-fuel models as the values were polluted by running the car in gas and petrol mode, but this is a non-issue.
-
al1Volvo
- Posts: 34
- Joined: 22 March 2024
- Year and Model: Volvo V50 2011
- Location: France
- Has thanked: 3 times
- Been thanked: 13 times
Have you tried my tool ? I was able to dump the DIM with it but yes, without the B4 command while uploading the SBL, after the SBL is running, the checksum are verified.
-
dikidera
- Posts: 1304
- Joined: 15 August 2022
- Year and Model: S60 2005
- Location: Galaxy far far away
- Has thanked: 67 times
- Been thanked: 175 times
Oh so the B4 command is only enabled when an SBL is running(DIM)? Very different behaviour from literally the rest of the modules. I am very surprised Volvo did not implement their protocol behavior to be the same across all of them.
-
al1Volvo
- Posts: 34
- Joined: 22 March 2024
- Year and Model: Volvo V50 2011
- Location: France
- Has thanked: 3 times
- Been thanked: 13 times
No, from what I suppose, B4 command is only working on High speed CAN devices, for example CEM 0x50, CEM on low speed CAN at 0x40 isn't working with B4 command, this is the same for DIM. That's my finding. My SBL is implementing the B4 command once it is loaded and running
-
- Similar Topics
- Replies
- Views
- Last post
-
- 1 Replies
- 6431 Views
-
Last post by RickHaleParker
-
- 5 Replies
- 8699 Views
-
Last post by forumoto