I couldn't find a way to comment on this so forgive me if this is the only way I could find.

I've been reading intently through your development and forum thread here: http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical-engineering

First and I want to thank you for undertaking these ventures into hacking these ecus. I don't even own a Toyota. I owned an sc400 a long time ago that's the closest I've been to being involved with the brand. I used to look up to Lextreme for inspiration back in those days. Lol I just like how you came such a long way with cracking these units(ecus). Unchartered territory. I noticed you haven't been active for a while. I wanted to see if there were any updates. I would surely hate to see this kind of development going dormant. I wish I could be involved and learn more about the basics. I'm just now getting into coding and the likes. A little late but never hurts to learn something new. Right now only thing I have to play with would be a 750i with a v12 that has twin DMEs. They are pretty much uncrackable so I'm dead locked with those. I should get rid of that asap. I also have a left over 2jz ecu from a lexus gs300 that caught on fire while I was driving it and eventually exploded. The ecu somehow made it under the molten carpet. I have that to tinker with although It is my understanding those are also pretty much uncrackable. There is however that 2jzduino project as a piggyback. So who knows. what do you suggest. Pointers? Links for sleepless months of reading? lol Where do I start.

Sorry for the Story Sparkie. Thanks again for all your hard work.

Wow! Thanks for reading! It's not a very popular project, so I don't get much feedback on it. With respect to your 2jz pcm, it should have a similar 64 pin denso processor inside - making it just as hackable as the 1uz pcm. What model year 2jz? if its too late then it will be related to the tlcs-9000 instead (ike later vvti UZ equipment). TLCS 9k information can be found here (and only here): https://archive.org/details/@oldtoshibaguy

And as for 2jzduino - I hate arduino with a passion, but that's just me. that project looks like a piggyback pcm, so you're not really getting deep into tuning anyways. It would be a good start for someone with no significant electrical experience.

as to where to get started, what is your level of electronic experience? if you're comfortable wiring up data busses, desoldering large ic's and digging through undocumented assembler you can just start to replicate what i've been doing. I bet even your bimmer ecu is crackable with time and effort (depending somewhat on year). If you have less electronics experience but still want to get into ecu programming a fully assembled solution with an open, documented code base like megasquirt might be more your speed.

stay in touch (maybe shoot me a picture of the inside of your bimmer ecu), I'm interested in your pcm hacking journey. also let me know if the repo doesnt cover anything it should-i've been ignoring this project as I'm working on building a robotics company with 2 of my peers.

On Fri 17/05/05 04:30 , JL01152 notifications@github.com sent:

I've been reading intently through your development and forum thread here: http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical -engineering[1]

First and I want to thank you for undertaking these ventures into hacking these ecus. I don't even own a Toyota. I owned an sc400 a long time ago that the closest I've been to being involved with the brand. I used to look up to Lextreme for inspiration back in those days. Lol I just like how you came such a long way with cracking these units(ecus). Unchartered territory. I noticed you haven't been active for a while. I wanted to see if there were any updates. I would surely hate to see this kind of development going dormant. I wish I could be involved and learn more about the basics. I'm just now getting into coding and the likes. A little late but never hurts to learn something new. Right now only thing I have to play with would be a 750i with a v12 that has twin DMEs. They are pretty much uncrackable so I'm dead locked with those. I should get rid of that asap. I also have a left over 2jz ecu from a lexus gs300 that caught on fire while I was driving it and eventually exploded. The ecu somehow made it under the molten carpet. I have that to tinker with although It is my understanding those are also pretty much uncrackable. There is however that 2jzduino project as a piggyback. So who knows. what do you suggest. Pointers? Links for sleepless months of reading? lol Where do I start.

Sorry for the Story Sparkie. Thanks again for all your hard work.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub [2], or mute the thread [3].

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepository","main_image_url":"https://cloud.githubusercontent.com/assets/14 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"DESCRIPTION","message":"Icouldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)"}],"action":{"name":"View Issue","url":"https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1"}}}

Links:

[1] http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical -engineering[2] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1 [3] https://github.com/notifications/unsubscribe-auth/AFdlWAEyjAVNf300xIrtMW8MY gT27wGEks5r2t4KgaJpZM4NRoNA

Hey Sparkie, thank you for the response. Well where do I start. You mean to tell me people are not showing you interest in your project? You've gotta be kidding me. I've been a long time lurker of the forums and try to read up anything interesting as far as these type of hacks. I must say I haven't seen many like yours. Very few with your skill set. I read up on a guy with from the Volkswagen world who switched over to the 2jz world by swapping one into a Volvo. That's if I recall correctly. His work was pretty impressive. But your work is something else entirely nothing short of freaking amazing. Not to stroke your ego but credit where it's due. As to my level of comfort with electronics lets just say it's embarrassing to say the least. The only thing I got good going for myself is that I'm a quick learner and do so very well on my own. I rather learn something new than watch TV. I forgot when was the last time I did that. Lol as for you hating the Arduino I can understand. But come on you gotta give me a break here I just started trying to learn this world of Integrated circuits and electronics like 6 months ago. I decided to catch up late in the game but I feel a lot more comfortable than at the level I started. As for the megasquirt. That was something I used to look into till I found out they are a little too restricted than what I’d like for something homemade. Idk I guess I’m just weird like that. Lol As for the 2jz ECU it was the older type with the distributor ignition. It was a 93’ gs300. I’ll have to dig it up out my pile of junk some where so I can take some pictures and share with you. I’m still very impressed with you being able to do something for the 1uz. The only ECU I was able to read about having successfully undergone any modification was one modified by a guy that goes by the name Harry Lemman I believe. Thought there weren’t many details on that. About the v12 ecus. I’m sure you should be some what familiar with the system or at least heard of it. These things are uncrackable. Nobody has been able to do anything with them. I believe a guy on BimmerForums by the name of DUMD has been able to flash the newer (97+) DMEs with his own maps. I don’t know how he was able to decipher the addresses as that has been untouched by anybody. So he must know what he’s doing. The older ECU pairs for the v12 (those found on the M70 V12) have long since been modded to accept chips and what not, not to mention the deletion of the drive by wire. The chips contained in my ecus are OTP but I guess “aren’t they all?” lol. I can’t wait to send you pictures so you can take a look for yourself if it’s possible. I’m more than willing to attempt to dump the roms and try to take in some assembly language. All I have seen in IDA pro has been a deep abyss of staggered flow graphs of jmp,mov, jne,jnz,cmp and the likes. Way over my head. Lol I must tell you thought that I’m thoroughly excited about you have accomplished with the underdog ecus for these Toyotas. You see where I’m from down here in the Dominican these things are ubiquitous. These small Toyota engines are seen like the Holy Grail of powertrains not at all in small part due to the fact that the cost is a major factor. To be able to tune these ecus here would be something huge. The only concern is that a lot of the cars here run on LPG as the main source of fuel. Gasoline is almost $5USD/Gal so a large percentage of the people resort to LPG as a source of fuel. They install converter kits for this. Fuel economy is better as in more bang for your buck.. so yea it’s favored. The up side that I can see is that the octane level is around 114 iirc. So there’s something to play with there. Anyway I really hate to bombard you with questions or writing you a small story for that matter. I definitely hope we stay in touch though. I’m really looking forward to seeing you further develop this ECU hacking venture. I’m also glad that you are starting your own robotics company. Cnc is another one of my many interests. I have the components to assemble a CNC machine eventually. All in due time. I was very interested in the painting robots such as those from Fanuc perhaps using roboDK . Interesting none-the-less. I suppose your robotics company is more along the lines of PLCs? Well that’s all I’m going to trouble you with for now. Here I included some pictures I have of the Lexus episode and some of the DMEs from when I had them open a while back. I’ll pull them out of the car and open them up again.

I will send the pictures staggered since its giving me a hard time sending them all at once. From: sparkiedkmailto:notifications@github.com Sent: Friday, May 5, 2017 10:18 AM To: sparkiedk/Toyota-PCM-hackingmailto:Toyota-PCM-hacking@noreply.github.com Cc: JL01152mailto:Jl01152@hotmail.com; Authormailto:author@noreply.github.com Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)

On Fri 17/05/05 04:30 , JL01152 notifications@github.com sent:

I've been reading intently through your development and forum thread here: http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical -engineering[1]

First and I want to thank you for undertaking these ventures into hacking these ecus. I don't even own a Toyota. I owned an sc400 a long time ago that the closest I've been to being involved with the brand. I used to look up to Lextreme for inspiration back in those days. Lol I just like how you came such a long way with cracking these units(ecus). Unchartered territory. I noticed you haven't been active for a while. I wanted to see if there were any updates. I would surely hate to see this kind of development going dormant. I wish I could be involved and learn more about the basics. I'm just now getting into coding and the likes. A little late but never hurts to learn something new. Right now only thing I have to play with would be a 750i with a v12 that has twin DMEs. They are pretty much uncrackable so I'm dead locked with those. I should get rid of that asap. I also have a left over 2jz ecu from a lexus gs300 that caught on fire while I was driving it and eventually exploded. The ecu somehow made it under the molten carpet. I have that to tinker with although It is my understanding those are also pretty much uncrackable. There is however that 2jzduino project as a piggyback. So who knows. what do you suggest. Pointers? Links for sleepless months of reading? lol Where do I start.

Sorry for the Story Sparkie. Thanks again for all your hard work.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub [2], or mute the thread [3]. * {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepository","main_image_url":"https://cloud.githubusercontent.com/assets/14 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"DESCRIPTION","message":"Icouldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)"}],"action":{"name":"View Issue","url":"https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1"}}}

Links:

[1] http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical -engineering[2] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1 [3] https://github.com/notifications/unsubscribe-auth/AFdlWAEyjAVNf300xIrtMW8MY gT27wGEks5r2t4KgaJpZM4NRoNA

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-299477038, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABU23XkdJHZ2Xu16-UIR8VzRC8QyNUHmks5r2y-6gaJpZM4NRoNA.

The arduino is excellent as an introductory to electronics and microprocessors, you fall exactly into the target market for that chip and I encourage you to use it. It seems like if people can use it as a piggyback ECM then certain things have improved since my last experience: I had some peers use it in the late 2000's and they couldn't get their code to execute serial or bit banging routines fast enough, 10's to 100's of milliseconds of delay for no rational reason; it made me drop it entirely as a "serious" platform. I also am not a fan of the way the programmer is abstracted from the hardware, I enjoy cryptic programming of registers using hex codes built up from specific bits - that's my old school training kicking in there. Keep up with the arduino, it will educate you well.

Now a '93 gs300 PCM is going to use exactly the same stuff my 1uz and redtop/blacktop units were using, all that documentation is applicable. It wouldn't be super hard to yank the chip and drop in the arduino instead (using lots of wires to adapt it) and drive all the signals with code you've writ on the arduino. you would have to yank the analog to digital converter as well - toyota used an external chip to sample Analog signals, it wasnt built into the micrprocessor. Of course you dont have an engine to ruin with it so you might not get much out of it when you're done.

Did some looking around on the BMW v12 ecus, looks like an OPT intel processor in a plcc68/84 package? One of the key730 devices might have given you an external eeprom to work with if they still existed? https://www.evc.de/en/product/keys/keys.asp Looks like if we can find enough documentation on the chip inside then we can hack together a solution for the bmw ecu's that resembles my toyota solution.

As for IDA, yeah, assembly is scary at first. It represents the actual funtions a processor can do; a function call like "printf()" is comprised of thousands to tens of thousands of these simple functions to manipulate the data inside the chip to get what you want. all processors are specified by a "programmers model" which tells you how the processor works at a base level, here's an example for one of the intel chips https://en.wikipedia.org/wiki/Intel_8085#Programming_model and here's a neat javascript simulator for an (invented) assembly language. note the output line resides at "232", simply an address. The majority of processors have peripherals mapped to memory locations inside the chip, these are call "special function registers" by some manufacturers and it's a minimum concept to learn : sometimes memory is memory, sometimes its a peripheral. https://schweigi.github.io/assembler-simulator/

On Sat 17/05/06 00:39 , JL01152 notifications@github.com sent:

Hey Sparkie, thank you for the response. Well where do I start. You mean to tell me people are not showing you interest in your project? You've gotta be kidding me. I've been a long time lurker of the forums and try to read up anything interesting as far as these type of hacks. I must say I haven't seen many like yours. Very few with your skill set. I read up on a guy with from the Volkswagen world who switched over to the 2jz world by swapping one into a Volvo. That's if I recall correctly. His work was pretty impressive. But your work is something else entirely nothing short of freaking amazing. Not to stroke your ego but credit where it's due. As to my level of comfort with electronics lets just say it's embarrassing to say the least. The only thing I got good going for myself is that I'm a quick learner and do so very well on my own. I rather learn something new than watch TV. I forgot when was the last time I did that. Lol as for you hating the Arduino I can understand. But come on you gotta give me a break here I just started trying to learn this world of Integrated circuits and electronics like 6 months ago. I decided to catch up late in the game but I feel a lot more comfortable than at the level I started. As for the megasquirt. That was something I used to look into till I found out they are a little too restricted than what I’d like for something homemade. Idk I guess I’m just weird like that. Lol As for the 2jz ECU it was the older type with the distributor ignition. It was a 93’ gs300. I’ll have to dig it up out my pile of junk some where so I can take some pictures and share with you. I’m still very impressed with you being able to do something for the 1uz. The only ECU I was able to read about having successfully undergone any modification was one modified by a guy that goes by the name Harry Lemman I believe. Thought there weren’t many details on that. About the v12 ecus. I’m sure you should be some what familiar with the system or at least heard of it. These things are uncrackable. Nobody has been able to do anything with them. I believe a guy on BimmerForums by the name of DUMD has been able to flash the newer (97+) DMEs with his own maps. I don’t know how he was able to decipher the addresses as that has been untouched by anybody. So he must know what he’s doing. The older ECU pairs for the v12 (those found on the M70 V12) have long since been modded to accept chips and what not, not to mention the deletion of the drive by wire. The chips contained in my ecus are OTP but I guess “aren’t they all?” lol. I can’t wait to send you pictures so you can take a look for yourself if it’s possible. I’m more than willing to attempt to dump the roms and try to take in some assembly language. All I have seen in IDA pro has been a deep abyss of staggered flow graphs of jmp,mov, jne,jnz,cmp and the likes. Way over my head. Lol I must tell you thought that I’m thoroughly excited about you have accomplished with the underdog ecus for these Toyotas. You see where I’m from down here in the Dominican these things are ubiquitous. These small Toyota engines are seen like the Holy Grail of powertrains not at all in small part due to the fact that the cost is a major factor. To be able to tune these ecus here would be something huge. The only concern is that a lot of the cars here run on LPG as the main source of fuel. Gasoline is almost $5USD/Gal so a large percentage of the people resort to LPG as a source of fuel. They install converter kits for this. Fuel economy is better as in more bang for your buck.. so yea it’s favored. The up side that I can see is that the octane level is around 114 iirc. So there’s something to play with there. Anyway I really hate to bombard you with questions or writing you a small story for that matter. I definitely hope we stay in touch though. I’m really looking forward to seeing you further develop this ECU hacking venture. I’m also glad that you are starting your own robotics company. Cnc is another one of my many interests. I have the components to assemble a CNC machine eventually. All in due time. I was very interested in the painting robots such as those from Fanuc perhaps using roboDK . Interesting none-the-less. I suppose your robotics company is more along the lines of PLCs? Well that’s all I’m going to trouble you with for now. Here I included some pictures I have of the Lexus episode and some of the DMEs from when I had them open a while back. I’ll pull them out of the car and open them up again. I will send the pictures staggered since its giving me a hard time sending them all at once. From: sparkiedk Sent: Friday, May 5, 2017 10:18 AM To: sparkiedk/Toyota-PCM-hacking Cc: JL01152; Author Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1) Wow! Thanks for reading! It's not a very popular project, so I don't get much feedback on it. With respect to your 2jz pcm, it should have a similar 64 pin denso processor inside - making it just as hackable as the 1uz pcm. What model year 2jz? if its too late then it will be related to the tlcs-9000 instead (ike later vvti UZ equipment). TLCS 9k information can be found here (and only here): https://archive.org/details/@oldtoshibaguy And as for 2jzduino - I hate arduino with a passion, but that's just me. that project looks like a piggyback pcm, so you're not really getting deep into tuning anyways. It would be a good start for someone with no significant electrical experience. as to where to get started, what is your level of electronic experience? if you're comfortable wiring up data busses, desoldering large ic's and digging through undocumented assembler you can just start to replicate what i've been doing. I bet even your bimmer ecu is crackable with time and effort (depending somewhat on year). If you have less electronics experience but still want to get into ecu programming a fully assembled solution with an open, documented code base like megasquirt might be more your speed. stay in touch (maybe shoot me a picture of the inside of your bimmer ecu), I'm interested in your pcm hacking journey. also let me know if the repo doesnt cover anything it should-i've been ignoring this project as I'm working on building a robotics company with 2 of my peers. On Fri 17/05/05 04:30 , JL01152 notifications@github.com sent:

I've been reading intently through your development and forum thread here:

http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical -engineering[1]

First and I want to thank you for undertaking these ventures into hacking these ecus. I don't even own a Toyota. I owned an sc400 a long time ago that the closest I've been to being involved with the brand. I used to look up to Lextreme for inspiration back in those days. Lol I just like how you came such a long way with cracking these units(ecus). Unchartered territory. I noticed you haven't been active for a while. I wanted to see if there were any updates. I would surely hate to see this kind of development going dormant. I wish I could be involved and learn more about the basics. I'm just now getting into coding and the likes. A little late but never hurts to learn something new. Right now only thing I have to play with would be a 750i with a v12 that has twin DMEs. They are pretty much uncrackable so I'm dead locked with those. I should get rid of that asap. I also have a left over 2jz ecu from a lexus gs300 that caught on fire while I was driving it and eventually exploded. The ecu somehow made it under the molten carpet. I have that to tinker with although It is my understanding those are also pretty much uncrackable. There is however that 2jzduino project as a piggyback. So who knows. what do you suggest. Pointers? Links for sleepless months of reading? lol Where do I start.

Sorry for the Story Sparkie. Thanks again for all your hard work.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub [2], or mute the thread [3]. *

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4

bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM-

hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepositor y","main_image_url":"https://cloud.githubusercontent.com/assets/14> 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":

"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin

GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"DESCRIPTION","message":"Icouldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)"}],"action":{"name":"View

Issue","url":"https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1"}}}

Links:

[1]

http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical -engineering[2] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1 [3]

https://github.com/notifications/unsubscribe-auth/AFdlWAEyjAVNf300xIrtMW8MY gT27wGEks5r2t4KgaJpZM4NRoNA

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. — You are receiving this because you commented. Reply to this email directly, view it on GitHub [1], or mute the thread [2].

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepository","main_image_url":"https://cloud.githubusercontent.com/assets/14 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"PERSON","message":"@JL01152in #1: Hey Sparkie, thank you for the response. Well where do I start. You mean to tell me people are not showing you interest in your project? You've gotta be kidding me. I've been a long time lurker of the forums and try to read up anything interesting as far as these type of hacks. I must say I haven't seen many like yours. Very few with your skill set. I read up on a guy with from the Volkswagen world who switched over to the 2jz world by swapping one into a Volvo. That's if I recall correctly. His work was pretty impressive. But your work is something else entirely nothing short of freaking amazing. Not to stroke your ego but credit where it's due. As to my level of comfort with electronics lets just say it's embarrassing to say the least. The only thing I got good going for myself is that I'm a quick learner and do so very well on my own. I rather learn something new than watch TV. I forgot when was the last time I did that. Lol as for you hating the Arduino I can understand. But come on you gotta give me a break here I just started trying to learn this world of Integrated circuits and electronics like 6 months ago. I decided to catch up late in the game but I feel a lot more comfortable than at the level I started. As for the megasquirt. That was something I used to look into till I found out they are a little too restricted than what I’d like for something homemade. Idk I guess I’m just weird like that. Lol As for the 2jz ECU it was the older type with the distributor ignition. It was a 93’ gs300. I’ll have to dig it up out my pile of junk some where so I can take some pictures and share with you. I’m still very impressed with you being able to do something for the 1uz. The only ECU I was able to read about having successfully undergone any modification was one modified by a guy that goes by the name Harry Lemman I believe. Thought there weren’t many details on that. About the v12 ecus. I’m sure you should be some what familiar with the system or at least heard of it. These things are uncrackable. Nobody has been able to do anything with them. I believe a guy on BimmerForums by the name of DUMD has been able to flash the newer (97+) DMEs with his own maps. I don’t know how he was able to decipher the addresses as that has been untouched by anybody. So he must know what he’s doing. The older ECU pairs for the v12 (those found on the M70 V12) have long since been modded to accept chips and what not, not to mention the deletion of the drive by wire. The chips contained in my ecus are OTP but I guess “aren’t they all?” lol. I can’t wait to send you pictures so you can take a look for yourself if it’s possible. I’m more than willing to attempt to dump the roms and try to take in some assembly language. All I have seen in IDA pro has been a deep abyss of staggered flow graphs of jmp,mov, jne,jnz,cmp and the likes. Way over my head. Lol I must tell you thought that I’m thoroughly excited about you have accomplished with the underdog ecus for these Toyotas. You see where I’m from down here in the Dominican these things are ubiquitous. These small Toyota engines are seen like the Holy Grail of powertrains not at all in small part due to the fact that the cost is a major factor. To be able to tune these ecus here would be something huge. The only concern is that a lot of the cars here run on LPG as the main source of fuel. Gasoline is almost $5USD/Gal so a large percentage of the people resort to LPG as a source of fuel. They install converter kits for this. Fuel economy is better as in more bang for your buck.. so yea it’s favored. The up side that I can see is that the octane level is around 114 iirc. So there’s something to play with there. Anyway I really hate to bombard you with questions or writing you a small story for that matter. I definitely hope we stay in touch though. I’m really looking forward to seeing you further develop this ECU hacking venture. I’m also glad that you are starting your own robotics company. Cnc is another one of my many interests. I have the components to assemble a CNC machine eventually. All in due time. I was very interested in the painting robots such as those from Fanuc perhaps using roboDK . Interesting none-the-less. I suppose your robotics company is more along the lines of PLCs? Well that’s all I’m going to trouble you with for now. Here I included some pictures I have of the Lexus episode and some of the DMEs from when I had them open a while back. I’ll pull them out of the car and open them up again.nnI will send the pictures staggered since its giving me a hard time sending them all at once.nFrom: sparkiedku003cmailto:notifications@github.comu003enSent: Friday, May 5, 2017 10:18 AMnTo: sparkiedk/Toyota-PCM-hackingu003cmailto:Toyota-PCM-hacking@noreply.github.c omu003enCc:JL01152u003cmailto:Jl01152@hotmail.comu003e; Authoru003cmailto:author@noreply.github.comu003enSubject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)nnWow! Thanks for reading! It's not a very popular project, so I don't get much feedback on it. With respect to your 2jz pcm, it should have a similar 64 pinndenso processor inside - making it just as hackable as the 1uz pcm. What model year 2jz? if its too late then it will be related to the tlcs-9000 instead (ikenlater vvti UZ equipment). TLCS 9k information can be found here (and only here):nhttps://archive.org/details/@oldtoshibaguynnAnd as for 2jzduino - I hate arduino with a passion, but that's just me. that project looks like a piggyback pcm, so you're not really getting deep intontuning anyways. It would be a good start for someone with no significant electrical experience.nnas to where to get started, what is your level of electronic experience? if you're comfortable wiring up data busses, desoldering large ic's and diggingnthrough undocumented assembler you can just start to replicate what i've been doing. I bet even your bimmer ecu is crackable with time and effort (dependingnsomewhat on year). If you have less electronics experience but still want to get into ecu programming a fully assembled solution with an open, documented codenbase like megasquirt might be more your speed.nnstay in touch (maybe shoot me a picture of the inside of your bimmer ecu), I'm interested in your pcm hacking journey. also let me know if the repo doesntncover anything it should-i've been ignoring this project as I'm working on building a robotics company with 2 of my peers.nnnnOn Fri 17/05/05 04:30 , JL01152 notifications@github.com sent:nu003e I've been reading intently through your development and forum threadnu003e here:nu003e http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical nu003e-engineering[1]nu003enu003e First and I want to thank you for undertaking these ventures intonu003e hacking these ecus. I don't even own a Toyota. I owned an sc400 anu003e long time ago that the closest I've been to being involved with thenu003e brand. I used to look up to Lextreme for inspiration back in thosenu003e days. Lol I just like how you came such a long way with crackingnu003e these units(ecus). Unchartered territory. I noticed you haven't beennu003e active for a while. I wanted to see if there were any updates. Inu003e would surely hate to see this kind of development going dormant. Inu003e wish I could be involved and learn more about the basics. I'm justnu003e now getting into coding and the likes. A little late but never hurtsnu003e to learn something new. Right now only thing I have to play withnu003e would be a 750i with a v12 that has twin DMEs. They are pretty muchnu003e uncrackable so I'm dead locked with those. I should get rid of thatnu003e asap. I also have a left over 2jz ecu from a lexus gs300 that caughtnu003e on fire while I was driving it and eventually exploded. The ecunu003e somehow made it under the molten carpet. I have that to tinker withnu003e although It is my understanding those are also pretty muchnu003e uncrackable. There is however that 2jzduino project as a piggyback.nu003e So who knows. what do you suggest. Pointers? Links for sleeplessnu003e months of reading? lol Where do I start.nu003enu003e Sorry for the Story Sparkie. Thanks again for all your hard work.nu003enu003e —nu003e You are receiving this because you are subscribed to this thread.nu003e Reply to this email directly, view it on GitHub [2], or mute thenu003e thread [3].nu003e *nu003e {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 nu003ebb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- nu003ehacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepositor y","main_image_url":"https://cloud.githubusercontent.com/assets/14nu003e3418/17495839/a5054eac-5d88-11e6-95fc- 7290892c7bb5.png","avatar_image_url": nu003e"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 nu003e1e6-9aed-b52498112777.png","action":{"name":"Openinnu003e GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" nu003e:{"snippets":[{"icon":"DESCRIPTION","message":"Icouldn't find a way to comment on this so forgive me if this is thenu003e only way I could find. (#1)"}],"action":{"name":"Viewnu003e Issue","url":"https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1"}}}n u003enu003eLinks:nu003e ------nu003e [1]nu003e http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical nu003e-engineering[2] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1nu003e [3]nu003e https://github.com/notifications/unsubscribe-auth/AFdlWAEyjAVNf300xIrtMW8MY nu003egT27wGEks5r2t4KgaJpZM4NRoNAnu003ennnnn—nYou are receiving this because you authored the thread.nReply to this email directly, view it on GitHubu003chttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issueco mment-299477038u003e,or mute the threadu003chttps://github.com/notifications/unsubscribe-auth/ABU23XkdJHZ2Xu 16-UIR8VzRC8QyNUHmks5r2y-6gaJpZM4NRoNAu003e.nn"}],"action":{"name":"ViewIssue","url":"https://github.com/sparkiedk/Toyota-PCM- hacking/issues/1#issu ecomment-299615321"}}} Links:

[1] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-29961 5321[2] https://github.com/notifications/unsubscribe-auth/AFdlWFgs8U-uEjREJOJv2xTX4 51auL0pks5r2_mZgaJpZM4NRoNA

The reason I sought out the Arduino is for the large support base and the many projects that people were conjuring up with them. I know that they are very limited in what they can do especially with their (simplified?) IDE. So the few hard core projects I have read about with these particular chips the creators do away with the IDE all together and program in raw C. I’m not sure if I have this right. There are some neat projects that can be done for a song with those boards and the support available to help you along is what has me looking in that direction for a way into electronics. You are beyond advanced so that is all trivial to you. Like I said I have years of catching up to do. I’m trying to learn registers now. I was given that suggestion as a starting point by someone on GitHub. For what it’s worth I’ve been hearing registers referenced and mentioned a lot as of late; I like when information cross checks and coincides with different sources. It makes me feel like I’m making some kind of progress in the right direction.

Now back to your response. I’m surprised to see that you suggest that an Arduino daughter board would be possible in lieu of the original microprocessor. Very interesting considering people pursuing this are going for the piggyback method intercepting signals. Either way if I do any modding to that ECU, which I DO look forward to, I would like it to be using your method you developed for the 1uz. Even if I don’t immediately have anything to test it on afterwards, it’ll serve as a practice platform to perform the various tasks of dumping the rom and getting acquainted with the hardware. Then it can eventually get tested with a donor. Shouldn’t be too hard to find out here.

The BMW. Well I pulled both the DMEs today. I will open them up tomorrow and take pictures hopefully with ambient daylight for clarity. The ECUs are identical. The only way to tell them apart at least for me is that if I plug them in inverted the immobilizer would not communicate with the proper ecu and It will not allow the key to be recognized. Of course inside the code will probably paint a clearer picture for you. And yes, You are right about the intel chips I believe. We will know for sure once I get some clear images tomorrow. Now for that 8051 link that you provided; is that to say that all intel chips use the same language so to speak? Even if different dialects? Somewhat like that link you provided on archive.org. I started reading that document and it seems like even though that information was for that specific chip I can still use that knowledge base for other chips with the same architecture. Please correct me if I’m wrong and bear with me on this I’m trying. Lol Thanks again for the references and pointing me in the right direction. I’ll have a try at that assembler simulator to get a feel for this low level processing.

I’ll keep you posted.

From: sparkiedkmailto:notifications@github.com Sent: Saturday, May 6, 2017 6:26 PM To: sparkiedk/Toyota-PCM-hackingmailto:Toyota-PCM-hacking@noreply.github.com Cc: Jorge Luismailto:Jl01152@hotmail.com; Authormailto:author@noreply.github.com Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)

On Sat 17/05/06 00:39 , JL01152 notifications@github.com sent:

Hey Sparkie, thank you for the response. Well where do I start. You mean to tell me people are not showing you interest in your project? You've gotta be kidding me. I've been a long time lurker of the forums and try to read up anything interesting as far as these type of hacks. I must say I haven't seen many like yours. Very few with your skill set. I read up on a guy with from the Volkswagen world who switched over to the 2jz world by swapping one into a Volvo. That's if I recall correctly. His work was pretty impressive. But your work is something else entirely nothing short of freaking amazing. Not to stroke your ego but credit where it's due. As to my level of comfort with electronics lets just say it's embarrassing to say the least. The only thing I got good going for myself is that I'm a quick learner and do so very well on my own. I rather learn something new than watch TV. I forgot when was the last time I did that. Lol as for you hating the Arduino I can understand. But come on you gotta give me a break here I just started trying to learn this world of Integrated circuits and electronics like 6 months ago. I decided to catch up late in the game but I feel a lot more comfortable than at the level I started. As for the megasquirt. That was something I used to look into till I found out they are a little too restricted than what I’d like for something homemade. Idk I guess I’m just weird like that. Lol As for the 2jz ECU it was the older type with the distributor ignition. It was a 93’ gs300. I’ll have to dig it up out my pile of junk some where so I can take some pictures and share with you. I’m still very impressed with you being able to do something for the 1uz. The only ECU I was able to read about having successfully undergone any modification was one modified by a guy that goes by the name Harry Lemman I believe. Thought there weren’t many details on that. About the v12 ecus. I’m sure you should be some what familiar with the system or at least heard of it. These things are uncrackable. Nobody has been able to do anything with them. I believe a guy on BimmerForums by the name of DUMD has been able to flash the newer (97+) DMEs with his own maps. I don’t know how he was able to decipher the addresses as that has been untouched by anybody. So he must know what he’s doing. The older ECU pairs for the v12 (those found on the M70 V12) have long since been modded to accept chips and what not, not to mention the deletion of the drive by wire. The chips contained in my ecus are OTP but I guess “aren’t they all?” lol. I can’t wait to send you pictures so you can take a look for yourself if it’s possible. I’m more than willing to attempt to dump the roms and try to take in some assembly language. All I have seen in IDA pro has been a deep abyss of staggered flow graphs of jmp,mov, jne,jnz,cmp and the likes. Way over my head. Lol I must tell you thought that I’m thoroughly excited about you have accomplished with the underdog ecus for these Toyotas. You see where I’m from down here in the Dominican these things are ubiquitous. These small Toyota engines are seen like the Holy Grail of powertrains not at all in small part due to the fact that the cost is a major factor. To be able to tune these ecus here would be something huge. The only concern is that a lot of the cars here run on LPG as the main source of fuel. Gasoline is almost $5USD/Gal so a large percentage of the people resort to LPG as a source of fuel. They install converter kits for this. Fuel economy is better as in more bang for your buck.. so yea it’s favored. The up side that I can see is that the octane level is around 114 iirc. So there’s something to play with there. Anyway I really hate to bombard you with questions or writing you a small story for that matter. I definitely hope we stay in touch though. I’m really looking forward to seeing you further develop this ECU hacking venture. I’m also glad that you are starting your own robotics company. Cnc is another one of my many interests. I have the components to assemble a CNC machine eventually. All in due time. I was very interested in the painting robots such as those from Fanuc perhaps using roboDK . Interesting none-the-less. I suppose your robotics company is more along the lines of PLCs? Well that’s all I’m going to trouble you with for now. Here I included some pictures I have of the Lexus episode and some of the DMEs from when I had them open a while back. I’ll pull them out of the car and open them up again. I will send the pictures staggered since its giving me a hard time sending them all at once. From: sparkiedk Sent: Friday, May 5, 2017 10:18 AM To: sparkiedk/Toyota-PCM-hacking Cc: JL01152; Author Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1) Wow! Thanks for reading! It's not a very popular project, so I don't get much feedback on it. With respect to your 2jz pcm, it should have a similar 64 pin denso processor inside - making it just as hackable as the 1uz pcm. What model year 2jz? if its too late then it will be related to the tlcs-9000 instead (ike later vvti UZ equipment). TLCS 9k information can be found here (and only here): https://archive.org/details/@oldtoshibaguy And as for 2jzduino - I hate arduino with a passion, but that's just me. that project looks like a piggyback pcm, so you're not really getting deep into tuning anyways. It would be a good start for someone with no significant electrical experience. as to where to get started, what is your level of electronic experience? if you're comfortable wiring up data busses, desoldering large ic's and digging through undocumented assembler you can just start to replicate what i've been doing. I bet even your bimmer ecu is crackable with time and effort (depending somewhat on year). If you have less electronics experience but still want to get into ecu programming a fully assembled solution with an open, documented code base like megasquirt might be more your speed. stay in touch (maybe shoot me a picture of the inside of your bimmer ecu), I'm interested in your pcm hacking journey. also let me know if the repo doesnt cover anything it should-i've been ignoring this project as I'm working on building a robotics company with 2 of my peers. On Fri 17/05/05 04:30 , JL01152 notifications@github.com sent:

I've been reading intently through your development and forum thread here:

http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical -engineering[1]

First and I want to thank you for undertaking these ventures into hacking these ecus. I don't even own a Toyota. I owned an sc400 a long time ago that the closest I've been to being involved with the brand. I used to look up to Lextreme for inspiration back in those days. Lol I just like how you came such a long way with cracking these units(ecus). Unchartered territory. I noticed you haven't been active for a while. I wanted to see if there were any updates. I would surely hate to see this kind of development going dormant. I wish I could be involved and learn more about the basics. I'm just now getting into coding and the likes. A little late but never hurts to learn something new. Right now only thing I have to play with would be a 750i with a v12 that has twin DMEs. They are pretty much uncrackable so I'm dead locked with those. I should get rid of that asap. I also have a left over 2jz ecu from a lexus gs300 that caught on fire while I was driving it and eventually exploded. The ecu somehow made it under the molten carpet. I have that to tinker with although It is my understanding those are also pretty much uncrackable. There is however that 2jzduino project as a piggyback. So who knows. what do you suggest. Pointers? Links for sleepless months of reading? lol Where do I start.

Sorry for the Story Sparkie. Thanks again for all your hard work.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub [2], or mute the thread [3]. *

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4

bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM-

hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepositor y","main_image_url":"https://cloud.githubusercontent.com/assets/14> 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":

"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin

GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"DESCRIPTION","message":"Icouldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)"}],"action":{"name":"View

Issue","url":"https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1"}}}

Links:

[1]

http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical -engineering[2] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1 [3]

https://github.com/notifications/unsubscribe-auth/AFdlWAEyjAVNf300xIrtMW8MY gT27wGEks5r2t4KgaJpZM4NRoNA

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. — You are receiving this because you commented. Reply to this email directly, view it on GitHub [1], or mute the thread [2]. * {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepository","main_image_url":"https://cloud.githubusercontent.com/assets/14 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"PERSON","message":"@JL01152in #1: Hey Sparkie, thank you for the response. Well where do I start. You mean to tell me people are not showing you interest in your project? You've gotta be kidding me. I've been a long time lurker of the forums and try to read up anything interesting as far as these type of hacks. I must say I haven't seen many like yours. Very few with your skill set. I read up on a guy with from the Volkswagen world who switched over to the 2jz world by swapping one into a Volvo. That's if I recall correctly. His work was pretty impressive. But your work is something else entirely nothing short of freaking amazing. Not to stroke your ego but credit where it's due. As to my level of comfort with electronics lets just say it's embarrassing to say the least. The only thing I got good going for myself is that I'm a quick learner and do so very well on my own. I rather learn something new than watch TV. I forgot when was the last time I did that. Lol as for you hating the Arduino I can understand. But come on you gotta give me a break here I just started trying to learn this world of Integrated circuits and electronics like 6 months ago. I decided to catch up late in the game but I feel a lot more comfortable than at the level I started. As for the megasquirt. That was something I used to look into till I found out they are a little too restricted than what I’d like for something homemade. Idk I guess I’m just weird like that. Lol As for the 2jz ECU it was the older type with the distributor ignition. It was a 93’ gs300. I’ll have to dig it up out my pile of junk some where so I can take some pictures and share with you. I’m still very impressed with you being able to do something for the 1uz. The only ECU I was able to read about having successfully undergone any modification was one modified by a guy that goes by the name Harry Lemman I believe. Thought there weren’t many details on that. About the v12 ecus. I’m sure you should be some what familiar with the system or at least heard of it. These things are uncrackable. Nobody has been able to do anything with them. I believe a guy on BimmerForums by the name of DUMD has been able to flash the newer (97+) DMEs with his own maps. I don’t know how he was able to decipher the addresses as that has been untouched by anybody. So he must know what he’s doing. The older ECU pairs for the v12 (those found on the M70 V12) have long since been modded to accept chips and what not, not to mention the deletion of the drive by wire. The chips contained in my ecus are OTP but I guess “aren’t they all?” lol. I can’t wait to send you pictures so you can take a look for yourself if it’s possible. I’m more than willing to attempt to dump the roms and try to take in some assembly language. All I have seen in IDA pro has been a deep abyss of staggered flow graphs of jmp,mov, jne,jnz,cmp and the likes. Way over my head. Lol I must tell you thought that I’m thoroughly excited about you have accomplished with the underdog ecus for these Toyotas. You see where I’m from down here in the Dominican these things are ubiquitous. These small Toyota engines are seen like the Holy Grail of powertrains not at all in small part due to the fact that the cost is a major factor. To be able to tune these ecus here would be something huge. The only concern is that a lot of the cars here run on LPG as the main source of fuel. Gasoline is almost $5USD/Gal so a large percentage of the people resort to LPG as a source of fuel. They install converter kits for this. Fuel economy is better as in more bang for your buck.. so yea it’s favored. The up side that I can see is that the octane level is around 114 iirc. So there’s something to play with there. Anyway I really hate to bombard you with questions or writing you a small story for that matter. I definitely hope we stay in touch though. I’m really looking forward to seeing you further develop this ECU hacking venture. I’m also glad that you are starting your own robotics company. Cnc is another one of my many interests. I have the components to assemble a CNC machine eventually. All in due time. I was very interested in the painting robots such as those from Fanuc perhaps using roboDK . Interesting none-the-less. I suppose your robotics company is more along the lines of PLCs? Well that’s all I’m going to trouble you with for now. Here I included some pictures I have of the Lexus episode and some of the DMEs from when I had them open a while back. I’ll pull them out of the car and open them up again.nnI will send the pictures staggered since its giving me a hard time sending them all at once.nFrom: sparkiedku003cmailto:notifications@github.comu003enSent: Friday, May 5, 2017 10:18 AMnTo: sparkiedk/Toyota-PCM-hackingu003cmailto:Toyota-PCM-hacking@noreply.github.c omu003enCc:JL01152u003cmailto:Jl01152@hotmail.comu003e; Authoru003cmailto:author@noreply.github.comu003enSubject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)nnWow! Thanks for reading! It's not a very popular project, so I don't get much feedback on it. With respect to your 2jz pcm, it should have a similar 64 pinndenso processor inside - making it just as hackable as the 1uz pcm. What model year 2jz? if its too late then it will be related to the tlcs-9000 instead (ikenlater vvti UZ equipment). TLCS 9k information can be found here (and only here):nhttps://archive.org/details/@oldtoshibaguynnAnd as for 2jzduino - I hate arduino with a passion, but that's just me. that project looks like a piggyback pcm, so you're not really getting deep intontuning anyways. It would be a good start for someone with no significant electrical experience.nnas to where to get started, what is your level of electronic experience? if you're comfortable wiring up data busses, desoldering large ic's and diggingnthrough undocumented assembler you can just start to replicate what i've been doing. I bet even your bimmer ecu is crackable with time and effort (dependingnsomewhat on year). If you have less electronics experience but still want to get into ecu programming a fully assembled solution with an open, documented codenbase like megasquirt might be more your speed.nnstay in touch (maybe shoot me a picture of the inside of your bimmer ecu), I'm interested in your pcm hacking journey. also let me know if the repo doesntncover anything it should-i've been ignoring this project as I'm working on building a robotics company with 2 of my peers.nnnnOn Fri 17/05/05 04:30 , JL01152 notifications@github.com sent:nu003e I've been reading intently through your development and forum threadnu003e here:nu003e http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical nu003e-engineering[1]nu003enu003e First and I want to thank you for undertaking these ventures intonu003e hacking these ecus. I don't even own a Toyota. I owned an sc400 anu003e long time ago that the closest I've been to being involved with thenu003e brand. I used to look up to Lextreme for inspiration back in thosenu003e days. Lol I just like how you came such a long way with crackingnu003e these units(ecus). Unchartered territory. I noticed you haven't beennu003e active for a while. I wanted to see if there were any updates. Inu003e would surely hate to see this kind of development going dormant. Inu003e wish I could be involved and learn more about the basics. I'm justnu003e now getting into coding and the likes. A little late but never hurtsnu003e to learn something new. Right now only thing I have to play withnu003e would be a 750i with a v12 that has twin DMEs. They are pretty muchnu003e uncrackable so I'm dead locked with those. I should get rid of thatnu003e asap. I also have a left over 2jz ecu from a lexus gs300 that caughtnu003e on fire while I was driving it and eventually exploded. The ecunu003e somehow made it under the molten carpet. I have that to tinker withnu003e although It is my understanding those are also pretty muchnu003e uncrackable. There is however that 2jzduino project as a piggyback.nu003e So who knows. what do you suggest. Pointers? Links for sleeplessnu003e months of reading? lol Where do I start.nu003enu003e Sorry for the Story Sparkie. Thanks again for all your hard work.nu003enu003e —nu003e You are receiving this because you are subscribed to this thread.nu003e Reply to this email directly, view it on GitHub [2], or mute thenu003e thread [3].nu003e *nu003e {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 nu003ebb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- nu003ehacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepositor y","main_image_url":"https://cloud.githubusercontent.com/assets/14nu003e3418/17495839/a5054eac-5d88-11e6-95fc- 7290892c7bb5.png","avatar_image_url": nu003e"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 nu003e1e6-9aed-b52498112777.png","action":{"name":"Openinnu003e GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" nu003e:{"snippets":[{"icon":"DESCRIPTION","message":"Icouldn't find a way to comment on this so forgive me if this is thenu003e only way I could find. (#1)"}],"action":{"name":"Viewnu003e Issue","url":"https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1"}}}n u003enu003eLinks:nu003e ------nu003e [1]nu003e http://www.dorikaze.net/showthread.php?41371-Funny-adventures-in-electrical nu003e-engineering[2] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1nu003e [3]nu003e https://github.com/notifications/unsubscribe-auth/AFdlWAEyjAVNf300xIrtMW8MY nu003egT27wGEks5r2t4KgaJpZM4NRoNAnu003ennnnn—nYou are receiving this because you authored the thread.nReply to this email directly, view it on GitHubu003chttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issueco mment-299477038u003e,or mute the threadu003chttps://github.com/notifications/unsubscribe-auth/ABU23XkdJHZ2Xu 16-UIR8VzRC8QyNUHmks5r2y-6gaJpZM4NRoNAu003e.nn"}],"action":{"name":"ViewIssue","url":"https://github.com/sparkiedk/Toyota-PCM- hacking/issues/1#issu ecomment-299615321"}}} Links:

[1] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-29961 5321[2] https://github.com/notifications/unsubscribe-auth/AFdlWFgs8U-uEjREJOJv2xTX4 51auL0pks5r2_mZgaJpZM4NRoNA

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-299669639, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABU23XzCOTz0JV3uf98Rv6nz5RjeDlBnks5r3POVgaJpZM4NRoNA.

I suggest pulling the original chip in favour of the arduino simply because if that's what you're comfortable with, that's what will get you the most gains - I do many simple projects with a PIC30 micro simple because I have several of them, and I've done lots of work with them in the past: its faster and easier for me to get the job done. In a production environment I'd have to make a trade study and choose an optimal processor but for one offs we get to do what we want. But lets try hacking the existing processor, it'll be more fun ;)

You're right about programming the arduino in C and ditching the IDE - they're atmel chips on a standard board, and the atmels are very capable processors. The migration from arduino to atmel is as simple as changing the IDE you use, arduino "language" is actually C, just made somewhat easier by the IDE and libraries they package with it. You can even use the atmel IDE to program your arduino in assembler!

I just threw in the programmers model for the 8051 because it was the first that popped up on google ;), however many intel chips are going to have similar architectures. You may find that yours is up or down a working register or index, and has or lacks some instructions relative to the 8051. Certainly it wont be as complicated as the x86 cores, however if you find your way to x86 assembly you will notice some similarities. The assembler simulator is going to give you a very good idea of how limited computers really are, and how much extra work a C compiler does for you - try writing a simple program where you implement an if () ... else ...; statement; it will get messy, here's an offhand plaintext example:

START: load variable into A compare A with constant jump if the comparison did not result in a 0 (all compares are subtractions) to ELSELABEL TRUE: (if the above conditional jump fails this block is executed) (...do something, like print to the output...) Jump to ENDIF ELSELABEL: (...do something else, like print something else to the output...) ENDIF: (...other stuff, not really important...)

note in the above that if the "jump to ENDIF" is not coded in both the true AND the false conditions will be executed when the condition is true. Worse yet is that when they program these ecu's sometimes they WANT that to happen, and it gets even more confusing until you sort out the logic. The good news is that if you become good at assembler you will have a skill few qualified engineers have, and you may be able to leverage it to your advantage. It's super useful when hacking ANYTHING, from cars to cellphones and video game consoles, computer BIOS's - you name it, they all run on the machine language at the lowest level. Even Java bytecode is a form of assembly language for a virtual processor.

I am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time you put them back in!

I will respond to your email a little later on in the day. I just wanted to send you the pictures I took of the DMEs. I tried to take good quality pictures for you to look over and analyze. Surely you will see things that are more familiar to you then they are to me. I must say though that my level of comfort around circuit boards and ICs has been ultimately higher than in previous times and I feel that it’s getting progressively better the more I read and study about electronics. Please forgive my enthusiasm of this all it’s just that this is something real big for me finally getting this involved and wanting to take this learning to the next level. I have since looked into he assembler simulator you suggested and please allow me to thank you for that. It is still all trying to sink in but it is an amazing visual on how assembly code operates. I’m sure it gets more complicated than that but that is something that helps me understand. Thank you for that. I’ve also been learning about registers and have gotten a better understanding on how those operate, though on a rudimentary level. I feel like I’m on the right track. So without further delay here are the pictures for you to pour over. Note I labeled the ECUs to differentiate the covers when I noticed , inadvertently, something I hadn’t noticed before. The ECUs are identical save for a number on the cover. As you can see one ends in 80 and the other ends in 86. Also do note how DME “1” looks to be in pretty bad shape internally as it looks water damaged, however it has no bearing on its functionality. I also included pictures of the old transmission control module that I replaced for a steptronic unit from Germany. The original TCM, or EGS as it is know in the bmw world, is of the regular automatic variety (no user input for gear selection). However, I have read that it maybe possible to reprogram these with the steptronic program from its aforementioned counterpart. I will have to provide you a link where they make mention of this. I noticed the Intel chip on that module so I cleaned it up a little and took pictures of it for curiosity’s sake. It looks to be in horrible shape but I believe I can clean it up with 99% alcohol and a new crystal and a dump may possible. If the pictures are not immediately available in the shared folder give it some time to fully upload.

https://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPK

PS: I’m reading the Toshiba document you facilitated. I’m trying to follow along the instruction set and I’m able to match the information to the blog for the assembler simulator. I’m thoroughly excited to see it all fitting into place. Insignificant to you I’m sure but something I’m really trying to make something out of.

From: sparkiedkmailto:notifications@github.com Sent: Saturday, May 6, 2017 9:41 PM To: sparkiedk/Toyota-PCM-hackingmailto:Toyota-PCM-hacking@noreply.github.com Cc: Jorge Luismailto:jl01152@hotmail.com; Authormailto:author@noreply.github.com Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)

I am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time you put them back in!

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-299676556, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABU23aE2RN0f9UMb7J0z_G4Nm1gjmyU1ks5r3SEwgaJpZM4NRoNA.

Awesome! We're gonna need some more pics too. A shot of the top of each board to give the OCD some context, and all the numbers on the big square ones are very important. I'm getting on a plane right now but I will be able to respond tonight. On Sun 17/05/07 13:43 , Jorge Luis notifications@github.com sent:

I will respond to your email a little later on in the day. I just wanted to send you the pictures I took of the DMEs. I tried to take good quality pictures for you to look over and analyze. Surely you will see things that are more familiar to you then they are to me. I must say though that my level of comfort around circuit boards and ICs has been ultimately higher than in previous times and I feel that it’s getting progressively better the more I read and study about electronics. Please forgive my enthusiasm of this all it’s just that this is something real big for me finally getting this involved and wanting to take this learning to the next level. I have since looked into he assembler simulator you suggested and please allow me to thank you for that. It is still all trying to sink in but it is an amazing visual on how assembly code operates. I’m sure it gets more complicated than that but that is something that helps me understand. Thank you for that. I’ve also been learning about registers and have gotten a better understanding on how those operate, though on a rudimentary level. I feel like I’m on the right track. So without further delay here are the pictures for you to pour over. Note I labeled the ECUs to differentiate the covers when I noticed , inadvertently, something I hadn’t noticed before. The ECUs are identical save for a number on the cover. As you can see one ends in 80 and the other ends in 86. Also do note how DME “1” looks to be in pretty bad shape internally as it looks water damaged, however it has no bearing on its functionality. I also included pictures of the old transmission control module that I replaced for a steptronic unit from Germany. The original TCM, or EGS as it is know in the bmw world, is of the regular automatic variety (no user input for gear selection). However, I have read that it maybe possible to reprogram these with the steptronic program from its aforementioned counterpart. I will have to provide you a link where they make mention of this. I noticed the Intel chip on that module so I cleaned it up a little and took pictures of it for curiosity’s sake. It looks to be in horrible shape but I believe I can clean it up with 99% alcohol and a new crystal and a dump may possible. If the pictures are not immediately available in the shared folder give it some time to fully upload. https://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPK PS: I’m reading the Toshiba document you facilitated. I’m trying to follow along the instruction set and I’m able to match the information to the blog for the assembler simulator. I’m thoroughly excited to see it all fitting into place. Insignificant to you I’m sure but something I’m really trying to make something out of. From: sparkiedk Sent: Saturday, May 6, 2017 9:41 PM To: sparkiedk/Toyota-PCM-hacking Cc: Jorge Luis; Author Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1) I suggest pulling the original chip in favour of the arduino simply because if that's what you're comfortable with, that's what will get you the most gains - I do many simple projects with a PIC30 micro simple because I have several of them, and I've done lots of work with them in the past: its faster and easier for me to get the job done. In a production environment I'd have to make a trade study and choose an optimal processor but for one offs we get to do what we want. But lets try hacking the existing processor, it'll be more fun ;) You're right about programming the arduino in C and ditching the IDE - they're atmel chips on a standard board, and the atmels are very capable processors. The migration from arduino to atmel is as simple as changing the IDE you use, arduino "language" is actually C, just made somewhat easier by the IDE and libraries they package with it. You can even use the atmel IDE to program your arduino in assembler! I just threw in the programmers model for the 8051 because it was the first that popped up on google ;), however many intel chips are going to have similar architectures. You may find that yours is up or down a working register or index, and has or lacks some instructions relative to the 8051. Certainly it wont be as complicated as the x86 cores, however if you find your way to x86 assembly you will notice some similarities. The assembler simulator is going to give you a very good idea of how limited computers really are, and how much extra work a C compiler does for you - try writing a simple program where you implement an if () ... else ...; statement; it will get messy, here's an offhand plaintext example: START: load variable into A compare A with constant jump if the comparison did not result in a 0 (all compares are subtractions) to ELSELABEL TRUE: (if the above conditional jump fails this block is executed) (...do something, like print to the output...) Jump to ENDIF ELSELABEL: (...do something else, like print something else to the output...) ENDIF: (...other stuff, not really important...) note in the above that if the "jump to ENDIF" is not coded in both the true AND the false conditions will be executed when the condition is true. Worse yet is that when they program these ecu's sometimes they WANT that to happen, and it gets even more confusing until you sort out the logic. The good news is that if you become good at assembler you will have a skill few qualified engineers have, and you may be able to leverage it to your advantage. It's super useful when hacking ANYTHING, from cars to cellphones and video game consoles, computer BIOS's - you name it, they all run on the machine language at the lowest level. Even Java bytecode is a form of assembly language for a virtual processor. I am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time you put them back in! — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. — You are receiving this because you commented. Reply to this email directly, view it on GitHub [1], or mute the thread [2].

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepository","main_image_url":"https://cloud.githubusercontent.com/assets/14 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"PERSON","message":"@JL01152in #1: I will respond to your email a little later on in the day. I just wanted to send you the pictures I took of the DMEs. I tried to take good quality pictures for you to look over and analyze. Surely you will see things that are more familiar to you then they are to me. I must say though that my level of comfort around circuit boards and ICs has been ultimately higher than in previous times and I feel that it’s getting progressively better the more I read and study about electronics. Please forgive my enthusiasm of this all it’s just that this is something real big for me finally getting this involved and wanting to take this learning to the next level. I have since looked into he assembler simulator you suggested and please allow me to thank you for that. It is still all trying to sink in but it is an amazing visual on how assembly code operates. I’m sure it gets more complicated than that but that is something that helps me understand. Thank you for that. I’ve also been learning about registers and have gotten a better understanding on how those operate, though on a rudimentary level. I feel like I’m on the right track. So without further delay here are the pictures for you to pour over. Note I labeled the ECUs to differentiate the covers when I noticed , inadvertently, something I hadn’t noticed before. The ECUs are identical save for a number on the cover. As you can see one ends in 80 and the other ends in 86. Also do note how DME “1” looks to be in pretty bad shape internally as it looks water damaged, however it has no bearing on its functionality. I also included pictures of the old transmission control module that I replaced for a steptronic unit from Germany. The original TCM, or EGS as it is know in the bmw world, is of the regular automatic variety (no user input for gear selection). However, I have read that it maybe possible to reprogram these with the steptronic program from its aforementioned counterpart. I will have to provide you a link where they make mention of this. I noticed the Intel chip on that module so I cleaned it up a little and took pictures of it for curiosity’s sake. It looks to be in horrible shape but I believe I can clean it up with 99% alcohol and a new crystal and a dump may possible. If the pictures are not immediately available in the shared folder give it some time to fully upload.nnhttps://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPKnnPS: I’m reading the Toshiba document you facilitated. I’m trying to follow along the instruction set and I’m able to match the information to the blog for the assembler simulator. I’m thoroughly excited to see it all fitting into place. Insignificant to you I’m sure but something I’m really trying to make something out of.nnFrom: sparkiedku003cmailto:notifications@github.comu003enSent: Saturday, May 6, 2017 9:41 PMnTo: sparkiedk/Toyota-PCM-hackingu003cmailto:Toyota-PCM-hacking@noreply.github.c omu003enCc:Jorge Luisu003cmailto:jl01152@hotmail.comu003e; Authoru003cmailto:author@noreply.github.comu003enSubject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)nnI suggest pulling the original chip in favour of the arduino simply because if that's what you're comfortable with, that's what will getnyou the most gains - I do many simple projects with a PIC30 micro simple because I have several of them, and I've done lots of work withnthem in the past: its faster and easier for me to get the job done. In a production environment I'd have to make a trade study and choosenan optimal processor but for one offs we get to do what we want. But lets try hacking the existing processor, it'll be more fun ;)nnYou're right about programming the arduino in C and ditching the IDE - they're atmel chips on a standard board, and the atmels are veryncapable processors. The migration from arduino to atmel is as simple as changing the IDE you use, arduino "language" is actually C, justnmade somewhat easier by the IDE and libraries they package with it. You can even use the atmel IDE to program your arduino in assembler!nnI just threw in the programmers model for the 8051 because it was the first that popped up on google ;), however many intel chips are goingnto have similar architectures. You may find that yours is up or down a working register or index, and has or lacks some instructionsnrelative to the 8051. Certainly it wont be as complicated as the x86 cores, however if you find your way to x86 assembly you will noticensome similarities. The assembler simulator is going to give you a very good idea of how limited computers really are, and how much extranwork a C compiler does for you - try writing a simple program where you implement an if () ... else ...; statement; it will get messy,nhere's an offhand plaintext example:nnSTART:nload variable into Ancompare A with constantnjump if the comparison did not result in a 0 (all compares are subtractions) to ELSELABELnTRUE: (if the above conditional jump fails this block is executed)n(...do something, like print to the output...)nJump to ENDIFnELSELABEL:n(...do something else, like print something else to the output...)nENDIF:n(...other stuff, not really important...)nnnote in the above that if the "jump to ENDIF" is not coded in both the true AND the false conditions will be executed when the condition isntrue. Worse yet is that when they program these ecu's sometimes they WANT that to happen, and it gets even more confusing until you sortnout the logic. The good news is that if you become good at assembler you will have a skill few qualified engineers have, and you may benable to leverage it to your advantage. It's super useful when hacking ANYTHING, from cars to cellphones and video game consoles, computernBIOS's - you name it, they all run on the machine language at the lowest level. Even Java bytecode is a form of assembly language for anvirtual processor.nnI am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time younput them back in!nnnnn—nYou are receiving this because you authored the thread.nReply to this email directly, view it on GitHubu003chttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issueco mment-299676556u003e,or mute the threadu003chttps://github.com/notifications/unsubscribe-auth/ABU23aE2RN0f9U Mb7J0z_G4Nm1gjmyU1ks5r3SEwgaJpZM4NRoNAu003e.nn"}],"action":{"name":"ViewIssue","url":"https://github.com/sparkiedk/Toyota-PCM- hacking/issues/1#issu ecomment-299722132"}}} Links:

[1] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-29972 2132[2] https://github.com/notifications/unsubscribe-auth/AFdlWH0Yq9OX1hNZ8nnoh1tbz vbIVdUSks5r3gLfgaJpZM4NRoNA

Great! Pictures are en route. Just check the link periodically as they are in the process of uploading. Have a safe flight. Careful with United lol.

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows 10

From: sparkiedkmailto:notifications@github.com Sent: Sunday, May 7, 2017 2:13 PM To: sparkiedk/Toyota-PCM-hackingmailto:Toyota-PCM-hacking@noreply.github.com Cc: Jorge Luismailto:Jl01152@hotmail.com; Authormailto:author@noreply.github.com Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)

I will respond to your email a little later on in the day. I just wanted to send you the pictures I took of the DMEs. I tried to take good quality pictures for you to look over and analyze. Surely you will see things that are more familiar to you then they are to me. I must say though that my level of comfort around circuit boards and ICs has been ultimately higher than in previous times and I feel that it’s getting progressively better the more I read and study about electronics. Please forgive my enthusiasm of this all it’s just that this is something real big for me finally getting this involved and wanting to take this learning to the next level. I have since looked into he assembler simulator you suggested and please allow me to thank you for that. It is still all trying to sink in but it is an amazing visual on how assembly code operates. I’m sure it gets more complicated than that but that is something that helps me understand. Thank you for that. I’ve also been learning about registers and have gotten a better understanding on how those operate, though on a rudimentary level. I feel like I’m on the right track. So without further delay here are the pictures for you to pour over. Note I labeled the ECUs to differentiate the covers when I noticed , inadvertently, something I hadn’t noticed before. The ECUs are identical save for a number on the cover. As you can see one ends in 80 and the other ends in 86. Also do note how DME “1” looks to be in pretty bad shape internally as it looks water damaged, however it has no bearing on its functionality. I also included pictures of the old transmission control module that I replaced for a steptronic unit from Germany. The original TCM, or EGS as it is know in the bmw world, is of the regular automatic variety (no user input for gear selection). However, I have read that it maybe possible to reprogram these with the steptronic program from its aforementioned counterpart. I will have to provide you a link where they make mention of this. I noticed the Intel chip on that module so I cleaned it up a little and took pictures of it for curiosity’s sake. It looks to be in horrible shape but I believe I can clean it up with 99% alcohol and a new crystal and a dump may possible. If the pictures are not immediately available in the shared folder give it some time to fully upload. https://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPK PS: I’m reading the Toshiba document you facilitated. I’m trying to follow along the instruction set and I’m able to match the information to the blog for the assembler simulator. I’m thoroughly excited to see it all fitting into place. Insignificant to you I’m sure but something I’m really trying to make something out of. From: sparkiedk Sent: Saturday, May 6, 2017 9:41 PM To: sparkiedk/Toyota-PCM-hacking Cc: Jorge Luis; Author Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1) I suggest pulling the original chip in favour of the arduino simply because if that's what you're comfortable with, that's what will get you the most gains - I do many simple projects with a PIC30 micro simple because I have several of them, and I've done lots of work with them in the past: its faster and easier for me to get the job done. In a production environment I'd have to make a trade study and choose an optimal processor but for one offs we get to do what we want. But lets try hacking the existing processor, it'll be more fun ;) You're right about programming the arduino in C and ditching the IDE - they're atmel chips on a standard board, and the atmels are very capable processors. The migration from arduino to atmel is as simple as changing the IDE you use, arduino "language" is actually C, just made somewhat easier by the IDE and libraries they package with it. You can even use the atmel IDE to program your arduino in assembler! I just threw in the programmers model for the 8051 because it was the first that popped up on google ;), however many intel chips are going to have similar architectures. You may find that yours is up or down a working register or index, and has or lacks some instructions relative to the 8051. Certainly it wont be as complicated as the x86 cores, however if you find your way to x86 assembly you will notice some similarities. The assembler simulator is going to give you a very good idea of how limited computers really are, and how much extra work a C compiler does for you - try writing a simple program where you implement an if () ... else ...; statement; it will get messy, here's an offhand plaintext example: START: load variable into A compare A with constant jump if the comparison did not result in a 0 (all compares are subtractions) to ELSELABEL TRUE: (if the above conditional jump fails this block is executed) (...do something, like print to the output...) Jump to ENDIF ELSELABEL: (...do something else, like print something else to the output...) ENDIF: (...other stuff, not really important...) note in the above that if the "jump to ENDIF" is not coded in both the true AND the false conditions will be executed when the condition is true. Worse yet is that when they program these ecu's sometimes they WANT that to happen, and it gets even more confusing until you sort out the logic. The good news is that if you become good at assembler you will have a skill few qualified engineers have, and you may be able to leverage it to your advantage. It's super useful when hacking ANYTHING, from cars to cellphones and video game consoles, computer BIOS's - you name it, they all run on the machine language at the lowest level. Even Java bytecode is a form of assembly language for a virtual processor. I am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time you put them back in! — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. — You are receiving this because you commented. Reply to this email directly, view it on GitHub [1], or mute the thread [2]. * {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepository","main_image_url":"https://cloud.githubusercontent.com/assets/14 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"PERSON","message":"@JL01152in #1: I will respond to your email a little later on in the day. I just wanted to send you the pictures I took of the DMEs. I tried to take good quality pictures for you to look over and analyze. Surely you will see things that are more familiar to you then they are to me. I must say though that my level of comfort around circuit boards and ICs has been ultimately higher than in previous times and I feel that it’s getting progressively better the more I read and study about electronics. Please forgive my enthusiasm of this all it’s just that this is something real big for me finally getting this involved and wanting to take this learning to the next level. I have since looked into he assembler simulator you suggested and please allow me to thank you for that. It is still all trying to sink in but it is an amazing visual on how assembly code operates. I’m sure it gets more complicated than that but that is something that helps me understand. Thank you for that. I’ve also been learning about registers and have gotten a better understanding on how those operate, though on a rudimentary level. I feel like I’m on the right track. So without further delay here are the pictures for you to pour over. Note I labeled the ECUs to differentiate the covers when I noticed , inadvertently, something I hadn’t noticed before. The ECUs are identical save for a number on the cover. As you can see one ends in 80 and the other ends in 86. Also do note how DME “1” looks to be in pretty bad shape internally as it looks water damaged, however it has no bearing on its functionality. I also included pictures of the old transmission control module that I replaced for a steptronic unit from Germany. The original TCM, or EGS as it is know in the bmw world, is of the regular automatic variety (no user input for gear selection). However, I have read that it maybe possible to reprogram these with the steptronic program from its aforementioned counterpart. I will have to provide you a link where they make mention of this. I noticed the Intel chip on that module so I cleaned it up a little and took pictures of it for curiosity’s sake. It looks to be in horrible shape but I believe I can clean it up with 99% alcohol and a new crystal and a dump may possible. If the pictures are not immediately available in the shared folder give it some time to fully upload.nnhttps://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPKnnPS: I’m reading the Toshiba document you facilitated. I’m trying to follow along the instruction set and I’m able to match the information to the blog for the assembler simulator. I’m thoroughly excited to see it all fitting into place. Insignificant to you I’m sure but something I’m really trying to make something out of.nnFrom: sparkiedku003cmailto:notifications@github.comu003enSent: Saturday, May 6, 2017 9:41 PMnTo: sparkiedk/Toyota-PCM-hackingu003cmailto:Toyota-PCM-hacking@noreply.github.c omu003enCc:Jorge Luisu003cmailto:jl01152@hotmail.comu003e; Authoru003cmailto:author@noreply.github.comu003enSubject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)nnI suggest pulling the original chip in favour of the arduino simply because if that's what you're comfortable with, that's what will getnyou the most gains - I do many simple projects with a PIC30 micro simple because I have several of them, and I've done lots of work withnthem in the past: its faster and easier for me to get the job done. In a production environment I'd have to make a trade study and choosenan optimal processor but for one offs we get to do what we want. But lets try hacking the existing processor, it'll be more fun ;)nnYou're right about programming the arduino in C and ditching the IDE - they're atmel chips on a standard board, and the atmels are veryncapable processors. The migration from arduino to atmel is as simple as changing the IDE you use, arduino "language" is actually C, justnmade somewhat easier by the IDE and libraries they package with it. You can even use the atmel IDE to program your arduino in assembler!nnI just threw in the programmers model for the 8051 because it was the first that popped up on google ;), however many intel chips are goingnto have similar architectures. You may find that yours is up or down a working register or index, and has or lacks some instructionsnrelative to the 8051. Certainly it wont be as complicated as the x86 cores, however if you find your way to x86 assembly you will noticensome similarities. The assembler simulator is going to give you a very good idea of how limited computers really are, and how much extranwork a C compiler does for you - try writing a simple program where you implement an if () ... else ...; statement; it will get messy,nhere's an offhand plaintext example:nnSTART:nload variable into Ancompare A with constantnjump if the comparison did not result in a 0 (all compares are subtractions) to ELSELABELnTRUE: (if the above conditional jump fails this block is executed)n(...do something, like print to the output...)nJump to ENDIFnELSELABEL:n(...do something else, like print something else to the output...)nENDIF:n(...other stuff, not really important...)nnnote in the above that if the "jump to ENDIF" is not coded in both the true AND the false conditions will be executed when the condition isntrue. Worse yet is that when they program these ecu's sometimes they WANT that to happen, and it gets even more confusing until you sortnout the logic. The good news is that if you become good at assembler you will have a skill few qualified engineers have, and you may benable to leverage it to your advantage. It's super useful when hacking ANYTHING, from cars to cellphones and video game consoles, computernBIOS's - you name it, they all run on the machine language at the lowest level. Even Java bytecode is a form of assembly language for anvirtual processor.nnI am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time younput them back in!nnnnn—nYou are receiving this because you authored the thread.nReply to this email directly, view it on GitHubu003chttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issueco mment-299676556u003e,or mute the threadu003chttps://github.com/notifications/unsubscribe-auth/ABU23aE2RN0f9U Mb7J0z_G4Nm1gjmyU1ks5r3SEwgaJpZM4NRoNAu003e.nn"}],"action":{"name":"ViewIssue","url":"https://github.com/sparkiedk/Toyota-PCM- hacking/issues/1#issu ecomment-299722132"}}} Links:

[1] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-29972 2132[2] https://github.com/notifications/unsubscribe-auth/AFdlWH0Yq9OX1hNZ8nnoh1tbz vbIVdUSks5r3gLfgaJpZM4NRoNA

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-299724027, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABU23SPEnG-wDwtN32XiiRWfmgoVhOB6ks5r3gnQgaJpZM4NRoNA.

Hey Sparkie,

My apologies for the original photo link not working. ICloud was giving me a ton of issues uploading the images. I spent most the day giving it the benefit of the doubt that it’ll eventually make the photos available to you. I finally decided to use google and all pictures where up in 15 minutes. Incredibly frustrating ordeal. In any event, I have the new link for you below. I will be modifying the titles of the images so that you know what ecu you are seeing at any given time. I’ll get back to you a little later on in the day.

https://drive.google.com/open?id=0B8B9KU68_i3vdmwtSm5pNzdlQWs

I will respond to your email a little later on in the day. I just wanted to send you the pictures I took of the DMEs. I tried to take good quality pictures for you to look over and analyze. Surely you will see things that are more familiar to you then they are to me. I must say though that my level of comfort around circuit boards and ICs has been ultimately higher than in previous times and I feel that it’s getting progressively better the more I read and study about electronics. Please forgive my enthusiasm of this all it’s just that this is something real big for me finally getting this involved and wanting to take this learning to the next level. I have since looked into he assembler simulator you suggested and please allow me to thank you for that. It is still all trying to sink in but it is an amazing visual on how assembly code operates. I’m sure it gets more complicated than that but that is something that helps me understand. Thank you for that. I’ve also been learning about registers and have gotten a better understanding on how those operate, though on a rudimentary level. I feel like I’m on the right track. So without further delay here are the pictures for you to pour over. Note I labeled the ECUs to differentiate the covers when I noticed , inadvertently, something I hadn’t noticed before. The ECUs are identical save for a number on the cover. As you can see one ends in 80 and the other ends in 86. Also do note how DME “1” looks to be in pretty bad shape internally as it looks water damaged, however it has no bearing on its functionality. I also included pictures of the old transmission control module that I replaced for a steptronic unit from Germany. The original TCM, or EGS as it is know in the bmw world, is of the regular automatic variety (no user input for gear selection). However, I have read that it maybe possible to reprogram these with the steptronic program from its aforementioned counterpart. I will have to provide you a link where they make mention of this. I noticed the Intel chip on that module so I cleaned it up a little and took pictures of it for curiosity’s sake. It looks to be in horrible shape but I believe I can clean it up with 99% alcohol and a new crystal and a dump may possible. If the pictures are not immediately available in the shared folder give it some time to fully upload. https://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPK PS: I’m reading the Toshiba document you facilitated. I’m trying to follow along the instruction set and I’m able to match the information to the blog for the assembler simulator. I’m thoroughly excited to see it all fitting into place. Insignificant to you I’m sure but something I’m really trying to make something out of. From: sparkiedk Sent: Saturday, May 6, 2017 9:41 PM To: sparkiedk/Toyota-PCM-hacking Cc: Jorge Luis; Author Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1) I suggest pulling the original chip in favour of the arduino simply because if that's what you're comfortable with, that's what will get you the most gains - I do many simple projects with a PIC30 micro simple because I have several of them, and I've done lots of work with them in the past: its faster and easier for me to get the job done. In a production environment I'd have to make a trade study and choose an optimal processor but for one offs we get to do what we want. But lets try hacking the existing processor, it'll be more fun ;) You're right about programming the arduino in C and ditching the IDE - they're atmel chips on a standard board, and the atmels are very capable processors. The migration from arduino to atmel is as simple as changing the IDE you use, arduino "language" is actually C, just made somewhat easier by the IDE and libraries they package with it. You can even use the atmel IDE to program your arduino in assembler! I just threw in the programmers model for the 8051 because it was the first that popped up on google ;), however many intel chips are going to have similar architectures. You may find that yours is up or down a working register or index, and has or lacks some instructions relative to the 8051. Certainly it wont be as complicated as the x86 cores, however if you find your way to x86 assembly you will notice some similarities. The assembler simulator is going to give you a very good idea of how limited computers really are, and how much extra work a C compiler does for you - try writing a simple program where you implement an if () ... else ...; statement; it will get messy, here's an offhand plaintext example: START: load variable into A compare A with constant jump if the comparison did not result in a 0 (all compares are subtractions) to ELSELABEL TRUE: (if the above conditional jump fails this block is executed) (...do something, like print to the output...) Jump to ENDIF ELSELABEL: (...do something else, like print something else to the output...) ENDIF: (...other stuff, not really important...) note in the above that if the "jump to ENDIF" is not coded in both the true AND the false conditions will be executed when the condition is true. Worse yet is that when they program these ecu's sometimes they WANT that to happen, and it gets even more confusing until you sort out the logic. The good news is that if you become good at assembler you will have a skill few qualified engineers have, and you may be able to leverage it to your advantage. It's super useful when hacking ANYTHING, from cars to cellphones and video game consoles, computer BIOS's - you name it, they all run on the machine language at the lowest level. Even Java bytecode is a form of assembly language for a virtual processor. I am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time you put them back in! — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. — You are receiving this because you commented. Reply to this email directly, view it on GitHub [1], or mute the thread [2]. * {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepository","main_image_url":"https://cloud.githubusercontent.com/assets/14 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"PERSON","message":"@JL01152in #1: I will respond to your email a little later on in the day. I just wanted to send you the pictures I took of the DMEs. I tried to take good quality pictures for you to look over and analyze. Surely you will see things that are more familiar to you then they are to me. I must say though that my level of comfort around circuit boards and ICs has been ultimately higher than in previous times and I feel that it’s getting progressively better the more I read and study about electronics. Please forgive my enthusiasm of this all it’s just that this is something real big for me finally getting this involved and wanting to take this learning to the next level. I have since looked into he assembler simulator you suggested and please allow me to thank you for that. It is still all trying to sink in but it is an amazing visual on how assembly code operates. I’m sure it gets more complicated than that but that is something that helps me understand. Thank you for that. I’ve also been learning about registers and have gotten a better understanding on how those operate, though on a rudimentary level. I feel like I’m on the right track. So without further delay here are the pictures for you to pour over. Note I labeled the ECUs to differentiate the covers when I noticed , inadvertently, something I hadn’t noticed before. The ECUs are identical save for a number on the cover. As you can see one ends in 80 and the other ends in 86. Also do note how DME “1” looks to be in pretty bad shape internally as it looks water damaged, however it has no bearing on its functionality. I also included pictures of the old transmission control module that I replaced for a steptronic unit from Germany. The original TCM, or EGS as it is know in the bmw world, is of the regular automatic variety (no user input for gear selection). However, I have read that it maybe possible to reprogram these with the steptronic program from its aforementioned counterpart. I will have to provide you a link where they make mention of this. I noticed the Intel chip on that module so I cleaned it up a little and took pictures of it for curiosity’s sake. It looks to be in horrible shape but I believe I can clean it up with 99% alcohol and a new crystal and a dump may possible. If the pictures are not immediately available in the shared folder give it some time to fully upload.nnhttps://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPKnnPS: I’m reading the Toshiba document you facilitated. I’m trying to follow along the instruction set and I’m able to match the information to the blog for the assembler simulator. I’m thoroughly excited to see it all fitting into place. Insignificant to you I’m sure but something I’m really trying to make something out of.nnFrom: sparkiedku003cmailto:notifications@github.comu003enSent: Saturday, May 6, 2017 9:41 PMnTo: sparkiedk/Toyota-PCM-hackingu003cmailto:Toyota-PCM-hacking@noreply.github.c omu003enCc:Jorge Luisu003cmailto:jl01152@hotmail.comu003e; Authoru003cmailto:author@noreply.github.comu003enSubject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)nnI suggest pulling the original chip in favour of the arduino simply because if that's what you're comfortable with, that's what will getnyou the most gains - I do many simple projects with a PIC30 micro simple because I have several of them, and I've done lots of work withnthem in the past: its faster and easier for me to get the job done. In a production environment I'd have to make a trade study and choosenan optimal processor but for one offs we get to do what we want. But lets try hacking the existing processor, it'll be more fun ;)nnYou're right about programming the arduino in C and ditching the IDE - they're atmel chips on a standard board, and the atmels are veryncapable processors. The migration from arduino to atmel is as simple as changing the IDE you use, arduino "language" is actually C, justnmade somewhat easier by the IDE and libraries they package with it. You can even use the atmel IDE to program your arduino in assembler!nnI just threw in the programmers model for the 8051 because it was the first that popped up on google ;), however many intel chips are goingnto have similar architectures. You may find that yours is up or down a working register or index, and has or lacks some instructionsnrelative to the 8051. Certainly it wont be as complicated as the x86 cores, however if you find your way to x86 assembly you will noticensome similarities. The assembler simulator is going to give you a very good idea of how limited computers really are, and how much extranwork a C compiler does for you - try writing a simple program where you implement an if () ... else ...; statement; it will get messy,nhere's an offhand plaintext example:nnSTART:nload variable into Ancompare A with constantnjump if the comparison did not result in a 0 (all compares are subtractions) to ELSELABELnTRUE: (if the above conditional jump fails this block is executed)n(...do something, like print to the output...)nJump to ENDIFnELSELABEL:n(...do something else, like print something else to the output...)nENDIF:n(...other stuff, not really important...)nnnote in the above that if the "jump to ENDIF" is not coded in both the true AND the false conditions will be executed when the condition isntrue. Worse yet is that when they program these ecu's sometimes they WANT that to happen, and it gets even more confusing until you sortnout the logic. The good news is that if you become good at assembler you will have a skill few qualified engineers have, and you may benable to leverage it to your advantage. It's super useful when hacking ANYTHING, from cars to cellphones and video game consoles, computernBIOS's - you name it, they all run on the machine language at the lowest level. Even Java bytecode is a form of assembly language for anvirtual processor.nnI am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time younput them back in!nnnnn—nYou are receiving this because you authored the thread.nReply to this email directly, view it on GitHubu003chttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issueco mment-299676556u003e,or mute the threadu003chttps://github.com/notifications/unsubscribe-auth/ABU23aE2RN0f9U Mb7J0z_G4Nm1gjmyU1ks5r3SEwgaJpZM4NRoNAu003e.nn"}],"action":{"name":"ViewIssue","url":"https://github.com/sparkiedk/Toyota-PCM- hacking/issues/1#issu ecomment-299722132"}}} Links:

[1] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-29972 2132[2] https://github.com/notifications/unsubscribe-auth/AFdlWH0Yq9OX1hNZ8nnoh1tbz vbIVdUSks5r3gLfgaJpZM4NRoNA

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-299724027, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABU23SPEnG-wDwtN32XiiRWfmgoVhOB6ks5r3gnQgaJpZM4NRoNA.

No worries, I'm working 14h days in New Jersey right now so I wont be as active on my computer.

On Mon 17/05/08 11:07 , Jorge Luis notifications@github.com sent:

Hey Sparkie, My apologies for the original photo link not working. ICloud was giving me a ton of issues uploading the images. I spent most the day giving it the benefit of the doubt that it’ll eventually make the photos available to you. I finally decided to use google and all pictures where up in 15 minutes. Incredibly frustrating ordeal. In any event, I have the new link for you below. I will be modifying the titles of the images so that you know what ecu you are seeing at any given time. I’ll get back to you a little later on in the day. https://drive.google.com/open?id=0B8B9KU68_i3vdmwtSm5pNzdlQWs From: sparkiedk Sent: Sunday, May 7, 2017 2:13 PM To: sparkiedk/Toyota-PCM-hacking Cc: Jorge Luis; Author Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1) Awesome! We're gonna need some more pics too. A shot of the top of each board to give the OCD some context, and all the numbers on the big square ones are very important. I'm getting on a plane right now but I will be able to respond tonight. On Sun 17/05/07 13:43 , Jorge Luis notifications@github.com sent:

I will respond to your email a little later on in the day. I just wanted to send you the pictures I took of the DMEs. I tried to take good quality pictures for you to look over and analyze. Surely you will see things that are more familiar to you then they are to me. I must say though that my level of comfort around circuit boards and ICs has been ultimately higher than in previous times and I feel that it’s getting progressively better the more I read and study about electronics. Please forgive my enthusiasm of this all it’s just that this is something real big for me finally getting this involved and wanting to take this learning to the next level. I have since looked into he assembler simulator you suggested and please allow me to thank you for that. It is still all trying to sink in but it is an amazing visual on how assembly code operates. I’m sure it gets more complicated than that but that is something that helps me understand. Thank you for that. I’ve also been learning about registers and have gotten a better understanding on how those operate, though on a rudimentary level. I feel like I’m on the right track. So without further delay here are the pictures for you to pour over. Note I labeled the ECUs to differentiate the covers when I noticed , inadvertently, something I hadn’t noticed before. The ECUs are identical save for a number on the cover. As you can see one ends in 80 and the other ends in 86. Also do note how DME “1” looks to be in pretty bad shape internally as it looks water damaged, however it has no bearing on its functionality. I also included pictures of the old transmission control module that I replaced for a steptronic unit from Germany. The original TCM, or EGS as it is know in the bmw world, is of the regular automatic variety (no user input for gear selection). However, I have read that it maybe possible to reprogram these with the steptronic program from its aforementioned counterpart. I will have to provide you a link where they make mention of this. I noticed the Intel chip on that module so I cleaned it up a little and took pictures of it for curiosity’s sake. It looks to be in horrible shape but I believe I can clean it up with 99% alcohol and a new crystal and a dump may possible. If the pictures are not immediately available in the shared folder give it some time to fully upload. https://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPK PS: I’m reading the Toshiba document you facilitated. I’m trying to follow along the instruction set and I’m able to match the information to the blog for the assembler simulator. I’m thoroughly excited to see it all fitting into place. Insignificant to you I’m sure but something I’m really trying to make something out of. From: sparkiedk Sent: Saturday, May 6, 2017 9:41 PM To: sparkiedk/Toyota-PCM-hacking Cc: Jorge Luis; Author Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1) I suggest pulling the original chip in favour of the arduino simply because if that's what you're comfortable with, that's what will get you the most gains - I do many simple projects with a PIC30 micro simple because I have several of them, and I've done lots of work with them in the past: its faster and easier for me to get the job done. In a production environment I'd have to make a trade study and choose an optimal processor but for one offs we get to do what we want. But lets try hacking the existing processor, it'll be more fun ;) You're right about programming the arduino in C and ditching the IDE - they're atmel chips on a standard board, and the atmels are very capable processors. The migration from arduino to atmel is as simple as changing the IDE you use, arduino "language" is actually C, just made somewhat easier by the IDE and libraries they package with it. You can even use the atmel IDE to program your arduino in assembler! I just threw in the programmers model for the 8051 because it was the first that popped up on google ;), however many intel chips are going to have similar architectures. You may find that yours is up or down a working register or index, and has or lacks some instructions relative to the 8051. Certainly it wont be as complicated as the x86 cores, however if you find your way to x86 assembly you will notice some similarities. The assembler simulator is going to give you a very good idea of how limited computers really are, and how much extra work a C compiler does for you - try writing a simple program where you implement an if () ... else ...; statement; it will get messy, here's an offhand plaintext example: START: load variable into A compare A with constant jump if the comparison did not result in a 0 (all compares are subtractions) to ELSELABEL TRUE: (if the above conditional jump fails this block is executed) (...do something, like print to the output...) Jump to ENDIF ELSELABEL: (...do something else, like print something else to the output...) ENDIF: (...other stuff, not really important...) note in the above that if the "jump to ENDIF" is not coded in both the true AND the false conditions will be executed when the condition is true. Worse yet is that when they program these ecu's sometimes they WANT that to happen, and it gets even more confusing until you sort out the logic. The good news is that if you become good at assembler you will have a skill few qualified engineers have, and you may be able to leverage it to your advantage. It's super useful when hacking ANYTHING, from cars to cellphones and video game consoles, computer BIOS's - you name it, they all run on the machine language at the lowest level. Even Java bytecode is a form of assembly language for a virtual processor. I am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time you put them back in! — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. — You are receiving this because you commented. Reply to this email directly, view it on GitHub [1], or mute the thread [2]. *

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4

bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM-

hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepositor y","main_image_url":"https://cloud.githubusercontent.com/assets/14> 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":

"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin

GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"PERSON","message":"@JL01152in #1: I will respond to your email a little later on in the day. I just wanted to send you the pictures I took of the DMEs. I tried to take good quality pictures for you to look over and analyze. Surely you will see things that are more familiar to you then they are to me. I must say though that my level of comfort around circuit boards and ICs has been ultimately higher than in previous times and I feel that it’s getting progressively better the more I read and study about electronics. Please forgive my enthusiasm of this all it’s just that this is something real big for me finally getting this involved and wanting to take this learning to the next level. I have since looked into he assembler simulator you suggested and please allow me to thank you for that. It is still all trying to sink in but it is an amazing visual on how assembly code operates. I’m sure it gets more complicated than that but that is something that helps me understand. Thank you for that. I’ve also been learning about registers and have gotten a better understanding on how those operate, though on a rudimentary level. I feel like I’m on the right track. So without further delay here are the pictures for you to pour over. Note I labeled the ECUs to differentiate the covers when I noticed , inadvertently, something I hadn’t noticed before. The ECUs are identical save for a number on the cover. As you can see one ends in 80 and the other ends in 86. Also do note how DME “1” looks to be in pretty bad shape internally as it looks water damaged, however it has no bearing on its functionality. I also included pictures of the old transmission control module that I replaced for a steptronic unit from Germany. The original TCM, or EGS as it is know in the bmw world, is of the regular automatic variety (no user input for gear selection). However, I have read that it maybe possible to reprogram these with the steptronic program from its aforementioned counterpart. I will have to provide you a link where they make mention of this. I noticed the Intel chip on that module so I cleaned it up a little and took pictures of it for curiosity’s sake. It looks to be in horrible shape but I believe I can clean it up with 99% alcohol and a new crystal and a dump may possible. If the pictures are not immediately available in the shared folder give it some time to fully upload.nnhttps://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPKnnPS: I’m reading the Toshiba document you facilitated. I’m trying to follow along the instruction set and I’m able to match the information to the blog for the assembler simulator. I’m thoroughly excited to see it all fitting into place. Insignificant to you I’m sure but something I’m really trying to make something out of.nnFrom: sparkiedku003cmailto:notifications@github.comu003enSent: Saturday, May 6, 2017 9:41 PMnTo:

sparkiedk/Toyota-PCM-hackingu003cmailto:Toyota-PCM-hacking@noreply.github.c omu003enCc:Jorge Luisu003cmailto:jl01152@hotmail.comu003e; Authoru003cmailto:author@noreply.github.comu003enSubject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)nnI suggest pulling the original chip in favour of the arduino simply because if that's what you're comfortable with, that's what will getnyou the most gains - I do many simple projects with a PIC30 micro simple because I have several of them, and I've done lots of work withnthem in the past: its faster and easier for me to get the job done. In a production environment I'd have to make a trade study and choosenan optimal processor but for one offs we get to do what we want. But lets try hacking the existing processor, it'll be more fun ;)nnYou're right about programming the arduino in C and ditching the IDE - they're atmel chips on a standard board, and the atmels are veryncapable processors. The migration from arduino to atmel is as simple as changing the IDE you use, arduino "language" is actually C, justnmade somewhat easier by the IDE and libraries they package with it. You can even use the atmel IDE to program your arduino in assembler!nnI just threw in the programmers model for the 8051 because it was the first that popped up on google ;), however many intel chips are goingnto have similar architectures. You may find that yours is up or down a working register or index, and has or lacks some instructionsnrelative to the 8051. Certainly it wont be as complicated as the x86 cores, however if you find your way to x86 assembly you will noticensome similarities. The assembler simulator is going to give you a very good idea of how limited computers really are, and how much extranwork a C compiler does for you - try writing a simple program where you implement an if () ... else ...; statement; it will get messy,nhere's an offhand plaintext example:nnSTART:nload variable into Ancompare A with constantnjump if the comparison did not result in a 0 (all compares are subtractions) to ELSELABELnTRUE: (if the above conditional jump fails this block is executed)n(...do something, like print to the output...)nJump to ENDIFnELSELABEL:n(...do something else, like print something else to the output...)nENDIF:n(...other stuff, not really important...)nnnote in the above that if the "jump to ENDIF" is not coded in both the true AND the false conditions will be executed when the condition isntrue. Worse yet is that when they program these ecu's sometimes they WANT that to happen, and it gets even more confusing until you sortnout the logic. The good news is that if you become good at assembler you will have a skill few qualified engineers have, and you may benable to leverage it to your advantage. It's super useful when hacking ANYTHING, from cars to cellphones and video game consoles, computernBIOS's - you name it, they all run on the machine language at the lowest level. Even Java bytecode is a form of assembly language for anvirtual processor.nnI am excited to see the pictures of the BMW ecu. make sure you label them with some marker if you want the car to start the first time younput them back in!nnnnn—nYou are receiving this because you authored the thread.nReply to this email directly, view it on

GitHubu003chttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issueco mment-299676556u003e,or mute the

threadu003chttps://github.com/notifications/unsubscribe-auth/ABU23aE2RN0f9U

Mb7J0z_G4Nm1gjmyU1ks5r3SEwgaJpZM4NRoNAu003e.nn"}],"action":{"name":"ViewIss ue","url":"https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issu ecomment-299722132"}}} Links:

[1]

https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-29972 2132[2]

https://github.com/notifications/unsubscribe-auth/AFdlWH0Yq9OX1hNZ8nnoh1tbz vbIVdUSks5r3gLfgaJpZM4NRoNA

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread. — You are receiving this because you commented. Reply to this email directly, view it on GitHub [1], or mute the thread [2].

{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 bb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- hacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepository","main_image_url":"https://cloud.githubusercontent.com/assets/14 3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url": "https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 1e6-9aed-b52498112777.png","action":{"name":"Openin GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" :{"snippets":[{"icon":"PERSON","message":"@JL01152in #1: Hey Sparkie,nnMy apologies for the original photo link not working. ICloud was giving me a ton of issues uploading the images. I spent most the day giving it the benefit of the doubt that it’ll eventually make the photos available to you. I finally decided to use google and all pictures where up in 15 minutes. Incredibly frustrating ordeal. In any event, I have the new link for you below. I will be modifying the titles of the images so that you know what ecu you are seeing at any given time. I’ll get back to you a little later on in the day.nnhttps://drive.google.com/open?id=0B8B9KU68_i3vdmwtSm5pNzdlQWsnnFrom: sparkiedku003cmailto:notifications@github.comu003enSent: Sunday, May 7, 2017 2:13 PMnTo: sparkiedk/Toyota-PCM-hackingu003cmailto:Toyota-PCM-hacking@noreply.github.c omu003enCc:Jorge Luisu003cmailto:Jl01152@hotmail.comu003e; Authoru003cmailto:author@noreply.github.comu003enSubject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment on this so forgive me if this is the only way I could find. (#1)nnnAwesome! We're gonna need some more pics too. A shot of the top of each board to give the OCD some context, and all the numbers on the big square ones arenvery important. I'm getting on a plane right now but I will be able to respond tonight.nOn Sun 17/05/07 13:43 , Jorge Luis notifications@github.com sent:nu003e I will respond to your email a little later on in the day. I justnu003e wanted to send you the pictures I took of the DMEs. I tried to takenu003e good quality pictures for you to look over and analyze. Surely younu003e will see things that are more familiar to you then they are to me. Inu003e must say though that my level of comfort around circuit boards andnu003e ICs has been ultimately higher than in previous times and I feel thatnu003e it’s getting progressively better the more I read and study aboutnu003e electronics. Please forgive my enthusiasm of this all it’s justnu003e that this is something real big for me finally getting this involvednu003e and wanting to take this learning to the next level. I have sincenu003e looked into he assembler simulator you suggested and please allow menu003e to thank you for that. It is still all trying to sink in but it is annu003e amazing visual on how assembly code operates. I’m sure it gets morenu003e complicated than that but that is something that helps me understand.nu003e Thank you for that. I’ve also been learning about registers and havenu003e gotten a better understanding on how those operate, though on anu003e rudimentary level. I feel like I’m on the right track. So withoutnu003e further delay here are the pictures for you to pour over. Note Inu003e labeled the ECUs to differentiate the covers when I noticed ,nu003e inadvertently, something I hadn’t noticed before. The ECUs arenu003e identical save for a number on the cover. As you can see one ends innu003e 80 and the other ends in 86. Also do note how DME “1” looks to benu003e in pretty bad shape internally as it looks water damaged, however itnu003e has no bearing on its functionality. I also included pictures of thenu003e old transmission control module that I replaced for a steptronic unitnu003e from Germany. The original TCM, or EGS as it is know in the bmw world,nu003e is of the regular automatic variety (no user input for gearnu003e selection). However, I have read that it maybe possible to reprogramnu003e these with the steptronic program from its aforementionednu003e counterpart. I will have to provide you a link where they makenu003e mention of this. I noticed the Intel chip on that module so I cleanednu003e it up a little and took pictures of it for curiosity’s sake. Itnu003e looks to be in horrible shape but I believe I can clean it up withnu003e 99% alcohol and a new crystal and a dump may possible. If thenu003e pictures are not immediately available in the shared folder give itnu003e some time to fully upload.nu003e https://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPKnu003e PS: I’m reading the Toshiba document you facilitated. I’m tryingnu003e to follow along the instruction set and I’m able to match thenu003e information to the blog for the assembler simulator. I’m thoroughlynu003e excited to see it all fitting into place. Insignificant to you I’mnu003e sure but something I’m really trying to make something out of.nu003e From: sparkiedknu003e Sent: Saturday, May 6, 2017 9:41 PMnu003e To: sparkiedk/Toyota-PCM-hackingnu003e Cc: Jorge Luis; Authornu003e Subject: Re: [sparkiedk/Toyota-PCM-hacking] I couldn't find anu003e way to comment on this so forgive me if this is the only way I couldnu003e find. (#1)nu003e I suggest pulling the original chip in favour of the arduino simplynu003e because if that's what you're comfortable with, that'snu003e what will getnu003e you the most gains

I do many simple projects with a PIC30 micronu003e simple because I have several of them, and I've done lots of worknu003e withnu003e them in the past: its faster and easier for me to get the job done.nu003e In a production environment I'd have to make a trade study andnu003e choosenu003e an optimal processor but for one offs we get to do what we want. Butnu003e lets try hacking the existing processor, it'll be more fun ;)nu003e You're right about programming the arduino in C and ditching thenu003e IDE - they're atmel chips on a standard board, and the atmels arenu003e verynu003e capable processors. The migration from arduino to atmel is as simplenu003e as changing the IDE you use, arduino "language" is actually C, justnu003e made somewhat easier by the IDE and libraries they package with it.nu003e You can even use the atmel IDE to program your arduino in assembler!nu003e I just threw in the programmers model for the 8051 because it wasnu003e the first that popped up on google ;), however many intel chips arenu003e goingnu003e to have similar architectures. You may find that yours is up or downnu003e a working register or index, and has or lacks some instructionsnu003e relative to the 8051. Certainly it wont be as complicated as the x86nu003e cores, however if you find your way to x86 assembly you will noticenu003e some similarities. The assembler simulator is going to give you anu003e very good idea of how limited computers really are, and how muchnu003e extranu003e work a C compiler does for you - try writing a simple program wherenu003e you implement an if () ... else ...; statement; it will get messy,nu003e here's an offhand plaintext example:nu003e START:nu003e load variable into Anu003e compare A with constantnu003e jump if the comparison did not result in a 0 (all compares arenu003e subtractions) to ELSELABELnu003e TRUE: (if the above conditional jump fails this block is executed)nu003e (...do something, like print to the output...)nu003e Jump to ENDIFnu003e ELSELABEL:nu003e (...do something else, like print something else to the output...)nu003e ENDIF:nu003e (...other stuff, not really important...)nu003e note in the above that if the "jump to ENDIF" is not coded in bothnu003e the true AND the false conditions will be executed when the conditionnu003e isnu003e true. Worse yet is that when they program these ecu's sometimesnu003e they WANT that to happen, and it gets even more confusing until younu003e sortnu003e out the logic. The good news is that if you become good at assemblernu003e you will have a skill few qualified engineers have, and you may benu003e able to leverage it to your advantage. It's super useful whennu003e hacking ANYTHING, from cars to cellphones and video game consoles,nu003e computernu003e BIOS's - you name it, they all run on the machine language atnu003e the lowest level. Even Java bytecode is a form of assembly languagenu003e for anu003e virtual processor.nu003e I am excited to see the pictures of the BMW ecu. make sure you labelnu003e them with some marker if you want the car to start the first time younu003e put them back in!nu003e —nu003e You are receiving this because you authored the thread.nu003e Reply to this email directly, view it on GitHub, or mute the thread.nu003e —nu003e You are receiving this because you commented.nu003e Reply to this email directly, view it on GitHub [1], or mute thenu003e thread [2].nu003e *nu003e {"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4 nu003ebb","name":"GitHub"},"entity":{"external_key":"github/sparkiedk/Toyota-PCM- nu003ehacking","title":"sparkiedk/Toyota-PCM-hacking","subtitle":"GitHubrepositor y","main_image_url":"https://cloud.githubusercontent.com/assets/14nu003e3418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url": nu003e"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-1 nu003e1e6-9aed-b52498112777.png","action":{"name":"Openinnu003e GitHub","url":"https://github.com/sparkiedk/Toyota-PCM-hacking"}},"updates" nu003e:{"snippets":[{"icon":"PERSON","message":"@JL01152in #1: I will respond to your email a little later on in the day. Inu003e just wanted to send you the pictures I took of the DMEs. I tried tonu003e take good quality pictures for you to look over and analyze. Surelynu003e you will see things that are more familiar to you then they are tonu003e me. I must say though that my level of comfort around circuit boardsnu003e and ICs has been ultimately higher than in previous times and I feelnu003e that it’s getting progressively better the more I read and studynu003e about electronics. Please forgive my enthusiasm of this all it’snu003e just that this is something real big for me finally getting thisnu003e involved and wanting to take this learning to the next level. I havenu003e since looked into he assembler simulator you suggested and pleasenu003e allow me to thank you for that. It is still all trying to sink in butnu003e it is an amazing visual on how assembly code operates. I’m sure itnu003e gets more complicated than that but that is something that helps menu003e understand. Thank you for that. I’ve also been learning aboutnu003e registers and have gotten a better understanding on how thosenu003e operate, though on a rudimentary level. I feel like I’m on thenu003e right track. So without further delay here are the pictures for younu003e to pour over. Note I labeled the ECUs to differentiate the coversnu003e when I noticed , inadvertently, something I hadn’t noticed before.nu003e The ECUs are identical save for a number on the cover. As you can seenu003e one ends in 80 and the other ends in 86. Also do note how DME “1”nu003e looks to be in pretty bad shape internally as it looks water damaged,nu003e however it has no bearing on its functionality. I also includednu003e pictures of the old transmission control module that I replaced for anu003e steptronic unit from Germany. The original TCM, or EGS as it is knownu003e in the bmw world, is of the regular automatic variety (no user inputnu003e for gear selection). However, I have read that it maybe possible tonu003e reprogram these with the steptronic program from its aforementionednu003e counterpart. I will have to provide you a link where they makenu003e mention of this. I noticed the Intel chip on that module so I cleanednu003e it up a little and took pictures of it for curiosity’s sake. Itnu003e looks to be in horrible shape but I believe I can clean it up withnu003e 99% alcohol and a new crystal and a dump may possible. If thenu003e pictures are not immediately available in the shared folder give itnu003e some time to fullynu003e upload.nnhttps://www.icloud.com/sharedalbum/#B0XGWZuqDGjxxPKnnPS:nu003e I’m reading the Toshiba document you facilitated. I’m trying tonu003e follow along the instruction set and I’m able to match thenu003e information to the blog for the assembler simulator. I’m thoroughlynu003e excited to see it all fitting into place. Insignificant to you I’mnu003e sure but something I’m really trying to make something outnu003e of.nnFrom: sparkiedku003cmailto:notifications@github.comu003enSent:nu003e Saturday, May 6, 2017 9:41 PMnTo:nu003e sparkiedk/Toyota-PCM-hackingu003cmailto:Toyota-PCM-hacking@noreply.github.c nu003eomu003enCc:Jorge Luisu003cmailto:jl01152@hotmail.comu003e;nu003e Authoru003cmailto:author@noreply.github.comu003enSubject: Re:nu003e [sparkiedk/Toyota-PCM-hacking] I couldn't find a way to comment onnu003e this so forgive me if this is the only way I could find. (#1)nnInu003e suggest pulling the original chip in favour of the arduino simplynu003e because if that's what you're comfortable with, that's what willnu003e getnyou the most gains - I do many simple projects with a PIC30 micronu003e simple because I have several of them, and I've done lots of worknu003e withnthem in the past: its faster and easier for me to get the jobnu003e done. In a production environment I'd have to make a trade study andnu003e choosenan optimal processor but for one offs we get to do what wenu003e want. But lets try hacking the existing processor, it'll be more funnu003e ;)nnYou're right about programming the arduino in C and ditching thenu003e IDE - they're atmel chips on a standard board, and the atmels arenu003e veryncapable processors. The migration from arduino to atmel is asnu003e simple as changing the IDE you use, arduino "language" is actually C,nu003e justnmade somewhat easier by the IDE and libraries they package withnu003e it. You can even use the atmel IDE to program your arduino innu003e assembler!nnI just threw in the programmers model for the 8051nu003e because it was the first that popped up on google ;), however manynu003e intel chips are goingnto have similar architectures. You may findnu003e that yours is up or down a working register or index, and has ornu003e lacks some instructionsnrelative to the 8051. Certainly it wont be asnu003e complicated as the x86 cores, however if you find your way to x86nu003e assembly you will noticensome similarities. The assembler simulatornu003e is going to give you a very good idea of how limited computers reallynu003e are, and how much extranwork a C compiler does for you - try writing anu003e simple program where you implement an if () ... else ...; statement;nu003e it will get messy,nhere's an offhand plaintext example:nnSTART:nloadnu003e variable into Ancompare A with constantnjump if the comparison didnu003e not result in a 0 (all compares are subtractions) to ELSELABELnTRUE:nu003e (if the above conditional jump fails this block is executed)n(...donu003e something, like print to the output...)nJump tonu003e ENDIFnELSELABEL:n(...do something else, like print something else tonu003e the output...)nENDIF:n(...other stuff, not really important...)nnnotenu003e in the above that if the "jump to ENDIF" is not coded in both the truenu003e AND the false conditions will be executed when the condition isntrue.nu003e Worse yet is that when they program these ecu's sometimes they WANTnu003e that to happen, and it gets even more confusing until you sortnoutnu003e the logic. The good news is that if you become good at assembler younu003e will have a skill few qualified engineers have, and you may benablenu003e to leverage it to your advantage. It's super useful when hackingnu003e ANYTHING, from cars to cellphones and video game consoles,nu003e computernBIOS's - you name it, they all run on the machine languagenu003e at the lowest level. Even Java bytecode is a form of assemblynu003e language for anvirtual processor.nnI am excited to see the picturesnu003e of the BMW ecu. make sure you label them with some marker if you wantnu003e the car to start the first time younput them back in!nnnnn—nYou arenu003e receiving this because you authored the thread.nReply to this emailnu003e directly, view it onnu003e GitHubu003chttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issueco nu003emment-299676556u003e,or mute thenu003e threadu003chttps://github.com/notifications/unsubscribe-auth/ABU23aE2RN0f9U nu003eMb7J0z_G4Nm1gjmyU1ks5r3SEwgaJpZM4NRoNAu003e.nn"}],"action":{"name":"ViewIss ue","url":"https://github.com/sparkiedk/Toyota-PCM-nhacking/issues/1#issunu 003eecomment-299722132"}}}nu003e Links:nu003e ------nu003e [1]nu003e https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-29972 nu003e2132[2]nu003e https://github.com/notifications/unsubscribe-auth/AFdlWH0Yq9OX1hNZ8nnoh1tbz nu003evbIVdUSks5r3gLfgaJpZM4NRoNAnu003ennnnn—nYou are receiving this because you authored the thread.nReply to this email directly, view it on GitHubu003chttps://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issueco mment-299724027u003e,or mute the threadu003chttps://github.com/notifications/unsubscribe-auth/ABU23SPEnG-wDw tN32XiiRWfmgoVhOB6ks5r3gnQgaJpZM4NRoNAu003e.nn"}],"action":{"name":"ViewIssue","url":"https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issu ecomment-299893885"}}} Links:

[1] https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issuecomment-29989 3885[2] https://github.com/notifications/unsubscribe-auth/AFdlWEO8Fu7W0ysodez8qWyhz P-gVJbHks5r3y_OgaJpZM4NRoNA

Hi Sparkiedk,

I've been reading through your development a well. I find it very interesting and informative as I'm just a guy with some interest with very very limited programming experience. I also wanted to thank you for your efforts, as it has inspired me to do a little deeper digging and have been using your work to assist me with the disassembly of my cpu.

I just wanted to share a little about my on going project which your work has inspired, which may or may not be of interest to you.

I stumbled across your about 12 months ago after researching my Mazda PCM. It uses a Denso D151801-2002 CPU and board architecture is very similar to the Toyota boards, even down the the IAC and injector drivers and the D151801-0490 knock cpu. The control system operates very closely to TCCS. I have started fumbling my way through IDA with your Denso Disassembly plugin. Some of it is making sense and some seems to pull up locations outside of the bin sizing, given the Mazda eproms only go up to 03FFF.

As the early Mazda CPU's seem to operate solely in 7mode, the mapping locations are a lot easier to locate. I've been using WinOLS to find map locations and have found Open and closed loop fuel maps, ignition table, EGR mapping and what looks to be cold start tables. I have verified ignition and fuel tables with TunerPro and a Moates Ostrich emulator. I stumbled across some old data referencing load cut and can verify it works, but I can not find the location in the disassembly. I'm still working on finding the opcode (along with rev limit and injector scaling) which may take a while.

As I mentioned earlier, I thought you may get a kick out others appreciating your work and what it has inspired.

Cheers

Scott

seems i got a similar ecu with a 97cw42af . google resualts got me here and to the tpm97 cpu data sheet and the TLCS9000 info you link to. Wanted to ask some info and help if you would.

Scott: great to hear! keep on pluggin away at it.

eXric: yeah, I'd love to offer some pointers. What would you like to know?

Thanks for the quick response. Is it better to go bdm or obd2? Seems like bdm route has more control. right now i am trying to use a CANable device it is a version of CANtact and it works with the CAN bus, when it works. right now it seems the device is broke. When it works I was going to try it as a sniffer and flash reader/flash programmer. It might be compatible with openocd that can do a bdm jtag connection. thou the board does not seem to have an obvious bdm or jtag. Was wondering if I can send you some pictures and maybe you can see something that i am missing.

Wow, yeah you've got a far newer generation of ECU than I've been playing with. Send me any pictures you want, we can see what the options are - and I'll learn some new things in the process.

chips text img_20180426_121253 I found the PDF tmp97c241 that show a similar chip as a possible start point. Found this file TLCS9000_instman that seems to be over my head but helpfull. Found a small file that looks like a ad that has some basic chip specs for the 97CW42AF

Well, if that ECU is anything like the other denso ECUs I've played with getting the code out and modified is quite the process. There's no way to modify mask ROM, you can only trick the ecu into running external code, and ask it to read out its own mask rom and then use the code you read out as the start point for modifications. Adding complications here is that no one has written assembler/disassembler tools for the TLCS9000 series of chips (not public domain ones anyways).

The micro there definitely has 120 pins, and the oscillator is in the right place for that datasheet to get you going.

To make the micro run external code you'll have to desolder it and attach it to a custom board you make to run your custom code. I can't find any of my pictures of the breadboard setups - just imagine a half working rats nest of wires.

I've never had a CAN interface on one of these yet, what do you get from it? I doubt this micro has flash memory (too expensive, too new) so you probably cant change much, and certainly nothing permanently.

As an update, I have a 1999 1UZ VVTI PCM here (thanks M!) and I've desoldered the cpu and starting poking at it.

Unfortunately the mode selection pins do not do what I expected of them and code dumps/external running is a harder task than anticipated and suggested here.

So an update regarding the same chip I have in the 1uz vvti pcm:

The chip is a D151807-4070, which is a Toshiba TMP97PW42AF (128 kilobytes ROM, 6 kilobytes RAM, 24 timer output channels!!!!). this is an OTP micro that has a PROM emulation mode (Probably emulates a TC5710000 EPROM like the TMP95). Toshiba made an adapter specifically to program this chip, the part number for that adapter is BM11140. I've found similar adapters but not this one. I will follow up with toshiba themselves in the new week, my other contacts at programmer manufacturers came up empty handed.

Also of interest, this person depotted one: https://www.drive2.ru/b/488936604149219472/

Hello, I am glad to see that you have made a recent update. I was led here by your thread on dorikaze.net.

For a few years, I've worked with the Toyota Denso Canbus ECU's and now turning my attention to the Toshiba-based K-line ECU's.

The engine applications that interest me are the 3s and zz families.

I am posting to show support and offer encouragement. I know that it gets very lonely doing this work. I am mostly a software analyst type with rudimentary hardware skills so I don't think there is anything I can do to contribute directly to your efforts at this stage - but if there is, I would view it as a privilege to be able to help in any way.

Frank.

Thanks for the encouragement! Hopefully I can get the data off these older chips and then perhaps I'll hit you up for some insight as to writing a disassembler/IDA/Ghidra plugin for a completely unknown microcontroller.

Hey, I join you guys as I am in the same boat, my interest is in 3uz, 2jz but mostly in is200/1gfe ECUs as there is more needs with all those turbo/supercharger builds. In my research I found a few forum topics that gave me interesting info, and I can see famillar names ending here.

I'm the most interested in the tuning part, but as there is no solutions yet for is200 ECUs, I have to dig into it myself. As for 3uz and 2jz I know there is already solutions, but they are based on ecu updates for USDM market, wich I'm not keen to flash into EUDM ecus. So I would like to dump these ECUs as well. I've been working with WinOLS for the past few weeks to understand DENSOs coding, finding maps, and making ECU definitions wich is really enjoying ! I already have everything needed to flash, Openport 2.0 and PCMFlash.

Now for the bad bits, I'm not a hardware guy, but I like to learn, this is a lot to take in but I'm not giving up (yet). I bought an ECU from a TOYOTA 1.8 VVTI engine, it has a JTAG port on it. My goal is to try dump it's memory, learn the process to hopefully do the same on earlier ECUs that doesn't have JTAG port. I'm able to de-solder chips etc.

I found a few website showing how to dump memory via JTAG, with different modules and software. There isn't a lot of options now as I've found a lot of them are out of stock, but I found Bus Pirate for sale in my country, I'm not sure what software I'll be using yet, OpenOCD or UrJTAG, I'll probablt try both.

Here is some pictures of the IS200 ECU i'm most interested in, I've read somewhere that these chips can't be dumped, I don't understand why but this could be because I'm not a hardware guy...

I found a few website showing how to dump memory via JTAG, with different modules and software. There isn't a lot of options now as I've found a lot of them are out of stock, but I found Bus Pirate for sale in my country, I'm not sure what software I'll be using yet, OpenOCD or UrJTAG, I'll probablt try both.

Here is some pictures of the IS200 ECU i'm most interested in, I've read somewhere that these chips can't be dumped, I don't understand why but this could be because I'm not a hardware guy...

Hi there Stuffcc. I can't comment on the tools you mentioned as I am not familiar with their use or their capabilities. For reading from the jtag port I've had success with Toyota Lexus Flasher. I know that others use Alientech or derivatives of this tool.

The ECU that you pictured is based on the Toshiba processors with the mask ROM. Your question about reading these is answered in the most recent ports by Sparkiedk (April 28 2018, April 28 and July 9 of this year). He outlines the possible tools and process - but no indication of success yet. If anyone succeeds, this would be a very long-awaited first for this series of ECU.

sparkiedk / Toyota-PCM-hacking

I couldn't find a way to comment on this so forgive me if this is the only way I could find. #1

Links:

Links:

Links:

Links:

Mb7J0z_G4Nm1gjmyU1ks5r3SEwgaJpZM4NRoNAu003e.nn"}],"action":{"name":"ViewIss ue","url":"https://github.com/sparkiedk/Toyota-PCM-hacking/issues/1#issu ecomment-299722132"}}} Links: