Vida CEM swapping

[dikidera]

Well, first, provided you have a J2534 dll that exports the known functions you need to import the DLL via LoadLibraryA, then you need to call GetProcAddress to load the necessary functions, taking care that the typedefs match the appropriate function.

From then it's probably only a matter of using them in the right order.

It has been a while since I did any driver development(both kernel and userspace) on Windows and function hooking(detours was the best).

[Treur]

Is it possible for any of you programmers in this thread to help me out?
I promise at the end of my project there will be a sweet surprise for end users but I need help or some pointers on the following:

Using Visual Studio 2022 C++, I want to use dice J2534 commands, can anyone point me in the direction of how to do this?
What do I need to import etc?
I know SDA has a sample project but it doesn't explain much.
If I do a driver function extraction on known apps that work with dice I don't see the dice drivers getting loaded.

I know some of you have made apps for dice reading and flashing, you don't have to give me a step by step but some good pointers would do the trick.

Thank you all

About driver - Do you see the gopher? I don't either. But it's there!

You need load library, that support dice, or write your own one. Then select device from system register, connect channel, set filters.......

[vtl]

Well, first, provided you have a J2534 dll that exports the known functions you need to import the DLL via LoadLibraryA, then you need to call GetProcAddress to load the necessary functions, taking care that the typedefs match the appropriate function.

From then it's probably only a matter of using them in the right order.

It has been a while since I did any driver development(both kernel and userspace) on Windows and function hooking(detours was the best).

That's a good start: https://github.com/hackingvolvo https://hackingvolvo.blogspot.com Many of us are there in this thread because of Olaf.

[dikidera]

Me as well. I only started because of Olaf.

My first foray was attempting to write a Windows to Raspberry proxy via the Sardine dll. It would've acted as a proxy between vida and my Raspberry. I gave up because of latency.

[Treur]

vtl, what you think about STM32H743VGT6 MCU? I want to try to port your cracker to this one.

[vtl]

vtl, what you think about STM32H743VGT6 MCU? I want to try to port your cracker to this one.

As long as it runs at ~200MHz and has built-in (in SOC, not over SPI) CAN controllers it will do it.

[Treur]

vtl, what you think about STM32H743VGT6 MCU? I want to try to port your cracker to this one.

As long as it runs at ~200MHz and has built-in (in SOC, not over SPI) CAN controllers it will do it.

480Mhz, 2CANFD

[dikidera]

I spent several days not understanding why my single stepping code was not working correctly.

Then it occurred to me. When issuing a BDM GO command, there is no interface by which I resume automatically control of the BDM target. It took me days to realize this for some reason. Apparently the way I must do it, is I must monitor IFETCH or IPIPE line and BDM the target which means careful timing is required, from issuing BDM GO command to entering BDM mode.

[Treur]

I spent several days not understanding why my single stepping code was not working correctly.

Then it occurred to me. When issuing a BDM GO command, there is no interface by which I resume automatically control of the BDM target. It took me days to realize this for some reason. Apparently the way I must do it, is I must monitor IFETCH or IPIPE line and BDM the target which means careful timing is required, from issuing BDM GO command to entering BDM mode.

Why Reinvent the Wheel? Get Arduino and Code from CKaev

[dwappertam]

Considering I am also working on an MC683XX chip, I used this Arduino library https://github.com/psobot/arduino-coldfire-bdm

It won't work out of the box as it uses Python 3.6 features which have been disabled in Python 3.7 and onwards, specifically nullcontext from contextlib package. However the code itself is useable.

The 28f400 is a standard memory chip, has nothing to do with K-line or whatever. The only caveat with the 28X, 29X chips is that they do not use any sort of serial communication but each data and address pin needs to be connected for a total of 32(maybe 33) pins, which is why BDM helps here. I have been crazy enough to solder 32 pins however and successfully read a 29LV200BC chip off a Denso board with an Arduino.

You are lucky to have such easy access to those chips.

--------------------------------------------------------------------------


Wel yes and no, got lucky because i now have de chips that i can read , and yes tahs true , yet the thing is , i recenty had te get a spare cem due to mecannics that are not knowing sh#t of electronics. So that was Cem 1. Got it replaced and programed ,after that the car acted wierd , wouldnt start or windows wouldnt open or it started but abs ligjt csme on. So it got me to the point that the cozt of replacing even to fix it would be to costly for my s60 early 2001 , after i heard from the motons i had to once replace it again i started to read my self up so i can either fix it myself or at least replacr clone and back it up, keep in mind i am learning on ths spot . no knoledge of programming, yet i am starting to understand more and more .arduino code and use of it day by day . cause this sh#t is expensif after a wile.