Disassembly guide: Difference between revisions
(Created page with "== Getting started == Engine control unit (ECU) contains a set of instructions which we can call a program. This program dictates how the ECU processes the information (inputs, outputs, maps, etc.). It's actually possible to edit the program to add, remove, or edit features, although it's not always an easy process. Since the code source is proprietary code to Bosch, we have to disassemble the compiled code to alter it. For this, we can use a disassembly tool that will...") |
|||
Line 1: | Line 1: | ||
== Getting started == | == Getting started == | ||
Engine control unit (ECU) contains a set of instructions which we | Engine control unit (ECU) contains a set of instructions which we call a program. This program dictates how the ECU processes the information (inputs, outputs, maps, etc.). It's actually possible to edit the program to add, remove, or edit features, although it's not always an easy process. | ||
Since the code | Since the source code is proprietary code to Bosch, we have to disassemble the compiled code to alter it. For this, we can use a disassembly tool that will convert the compiled file into assembly code. | ||
Among those tools, you could use: | Among those tools, you could use: | ||
* [https://hex-rays.com/IDA-pro/ IDA Pro] | * [https://hex-rays.com/IDA-pro/ IDA Pro] | ||
* [https://ghidra-sre.org/ Ghirda] (open-source) | * [https://ghidra-sre.org/ Ghirda] (open-source) | ||
== Disassembling the ME17.5 == | == Disassembling the ME17.5 == | ||
{{Note|note-reminder|This guide cover IDA, but configuration should be very similar on Ghirda}} | {{Note|note-reminder|This guide cover IDA, but configuration should be very similar on Ghirda}} | ||
Line 33: | Line 31: | ||
At this point, the project is created but no instructions are defined. For this, we can select the whole PFLASH section (only section that interest us) | At this point, the project is created but no instructions are defined. For this, we can select the whole PFLASH section (only section that interest us) | ||
To convert to instructions, you can click on this icon or you can press ''C'' | To convert to instructions, you can click on this icon or you can press ''C'' | ||
[[File:Ida code.png|255x255px]] | [[File:Ida code.png|255x255px]] |
Revision as of 12:29, 1 November 2022
Getting started
Engine control unit (ECU) contains a set of instructions which we call a program. This program dictates how the ECU processes the information (inputs, outputs, maps, etc.). It's actually possible to edit the program to add, remove, or edit features, although it's not always an easy process.
Since the source code is proprietary code to Bosch, we have to disassemble the compiled code to alter it. For this, we can use a disassembly tool that will convert the compiled file into assembly code.
Among those tools, you could use:
Disassembling the ME17.5
Launch IDA, click on "New" and select your file (flash memory, micro-controller)
Set "Processor type" to "Infineon TRICORE [TRICORE]"
Check "Create ROM section", use 0x80000000 for "ROM start address" and "Loading address". We got this information from the memory_segment information on the definition file (.a2l)
Select the device name (processor) of your ECU according to your revision:
ME17.5: tc1766
ME17.5.6: tc1767
At this point, the project is created but no instructions are defined. For this, we can select the whole PFLASH section (only section that interest us)
To convert to instructions, you can click on this icon or you can press C
A window prompt, you can click "Force"
Congratulations! Your project is now ready. You can use the a2lextract tool to get some RAM variables address (be aware of possible offset). Refer to the MED17.5 funktionsrahmen and the Tricore instruction set