dude this is really interesting, there is such limited information on the denso ecu's! i've also got the SH7058 in my truck, so would be super keen to see more of this content, would definitely help a lot of people! I've liked and subscribed, kudos mate!
Except and I don't mean it as disrespect, but his methodology is flawed and these are neither dtcs nor anything dtc related. He isn't analyzing the code but making erroneous conclusions and assumptions that are not based on any analysis. Denso ecus like bosch most often use factors and none are applied here making these values useless. I didn't want to be harsh, I don't want be harsh, but I told the dude a few times that these videos are completely wrong and it's not how any of this works. I spent one year reverse engineering a Denso ecu to get a solid understanding of what and where the maps are , what the factors are and creating my own winols file. One...year of my time. I also never used the decompiler, those can be misleading. In the video we see him converting hex values to raw decimal values which can be anything but not as they appear. Again, I am not trying to be a douche, just trying to point out these issues. You can consider the videos misleading at this point. If you need information on Denso I can help somewhat. So yes, the only way to understand what the values are, is to see what the surrounding code does. To first figure out which memory address corresponds to what. And how the value is represented. For instance for some Denso ECUs the RPM is stored in memory in raw form and needs to be multiplied by 0,1953125 to get the actual value. 0x8000 = 32768. 32768 * 0,1953125 = 6400. You will not see the RPM value used in raw form ever. The alternative is (RPM * 12800)/65535. These factors WILL differ from ECU to ECU. Sometimes ECT(coolant temp) will also require not just a factor, but then also substracting a number. Such as ((ECT raw value )*160/255)-40. So again, the information in the videos is misleading, it has nothing to do with DTCs or temperatures. Go to github and look at romraider subaru definitions, they are in XML and have formulas inside to convert the RAW sensors values to voltage, temperature whatever. They all do. Example : The formula is (raw value) * 0,01933677 So again I am not trying to be a douche but pointing out the logical fallacy of the video. And if the poster of the videos tries flashing any changes he makes right now, he will end up bricking his ECU at best and destroying his engine at the worst. Look no further than the video segment at 1:11 where he incorrectly assumes that the values he sees are DTCs. First notice how the table of data has repeating numbers. You won't see that in actual DTC codes, each value will be unique and not repeat. This is wrong, those are not DTCs but random values which without analyzing what references them and HOW the instructions process the data, cannot be inferred what they mean. They could even be executable code(unlikely), they could be map data, but certainly NOT DTCs!!
@@farmdve “These arnt dtcs.” It’s my truck, I have tested it. You are wrong. My Suzuki sidekick Ecu with an (Mitsubishi) sh7055 processor I am having a hard time with. I have asked for help in private message, you have not responded. “Rpm is never raw value” in my denso sh7055 and my denso sh7058 Ecu it is. There are loads of maps that are using x and y as 32bit full float values. And again in almost every function, they use floating point numbers (raw value). You are wrong. The reason why there are multiples of the same dtcs listed is because this Ecu has different organized sets of functions that deal with different types of dtcs. However all of them call on this dtc map with a decimal value. Ie 16 being the 16th place in the dtc map. No function has the same dicimal value (I have no idea why) if three functions call the same dtc, said dtc is listed three times in order for each function to have its own decimal value 16, 17, and 18 may be 0401. You are wrong. lol I even found the map(the same length as the dtc map) that sets priority level of said dtc’s this isn’t hard man it’s just time consuming. I don’t understand why you are taking so much interest in “telling the world” I am wrong when you clearly have never even tuned an Ecu with full float 32bit normalizers in their maps. That’s wild man. Something tells me you own a tuning platform and are trying to convince people that this is harder than it is. You seem like someone who knows a lot about tuning. I have only been doing this for a year….but again you are …. Well ….. you fill I. The blank. All fucking around aside, I could use some help. I think my next project on these two ecus. Is getting them too ram dump,DRM,mode 23. You say you are willing to help, you can clearly see I’m trying to help the community. Put your time where your mouth is, let’s OS patch this bitch and get her too dump some ram…… or are you just a troll? I dig the traffic. And I appreciate you as a person and your interest in my project. It’s cool when people have the balls too call someone out. Helps the community as a whole
Im tuner i have swiftec and winols i litterly do understand dtc switches and dtc lables but doing it with ghidra very cool using my experience made find them wirh only eyes so this things is really fun
Nice!! I have only been working on this stuff for around 1.5 years. Ghidra for 6 months. My personal truck has very limited support that I could find. I did find a mappack on stageX ai, but they had many mislabeled maps. Trying too change boost and it was my rail pressure instead. 275800-6704. That is what made me start using ghidra
Great video man I'm a beginer in term of ECU tuning so i want to ask what can i do with the DTC that has been found like shawn in the video ?? Thanks a lot for your content
ruclips.net/video/jRo1wr7o80g/видео.htmlsi=C7QcfrX-V-Ux4U_O Watch this video. You can use the dtc table and this dtc handler to find sensor linearization maps.
How exactly do you extract the assembly code into your ide from the ecu? What do you use to read the ecu microcontroller flashed compiled assembly code?
Pcmflash is my preferred software for reading and writing ecus (microcontrollers), accompanied with an open port tactrix 2.0 as the interface between your Ecu/obd2 port, and laptop.
Hi , i m also getting to know ida pro and ghidra to inverse engineer. I tune and remap diesel 1.5dci - stage 2 - and now searching for some limiter of fuel . I cannot find it but in logs I see my raw injection quantity is dropping . Need to know this stuff how to find limiter in my bin file.😢
Good morning . I would like to take a course with you to be able to eliminate dpf, egr, lamda off, dtc off. using gidra or another link search to be able to make modifications in winols
@@GHIDRAuto If it's okay, it's just what I need. Find the parameters of the data that appears in Winols. how to find links for me after searching for it in winols
@@GHIDRAuto If it's okay, it's just what I need. Find the parameters of the data that appears in Winols. how to find links for me after searching for it in winols
@@GHIDRAuto No way. In your DTC array the code that began with the C is indeed a U-xxxx code like you mentioned. I was trying to say that this is common in other systems like Bosch and Continental as well
Oh lol. I thought you were talking about “code” as in what is making up the language of the Ecu. Yeah I have seen them like this in almost every Ecu I have looked at.
That is a good idea. I have already touched on that a little, but I will take some time for that specifically. In the mean time Have you watched the video in this link all the way through? this will inadvertently show you how to find conditions to set. How to find EGT, MAF, ECT, sensor scalers. Denso sh7058 and 55 ruclips.net/video/jRo1wr7o80g/видео.html
@@suwatp.3331 are you asking me for your mcu file, or asking me for mine? I have an mcu file from a denso sh7058 Ecu included with my paid for course on my website www.ghidrauto.com
Does anyone have a solution to unlock ..cloning or remap ECU for mazda cx30 skyactiveD year 2020 ecu denso s805 18881, mb275700-9552, 12V KE124D MADE IN SPAIN...THANKS FOR ANY INFORMATION
This hit make me wanna quit learning reverse engineering and stick to c++. This is very impressive but i dont understand asything. Wtf are dtcs, WinOle, what am i being shown? I only know how to do some basic crackmes 😭
@@GHIDRAuto thank for the reply. I am good in c++ (thank God at least that, usually work with Windows API). What youre doing is wayyy more impressive. Also thanks for explaining 😁
@@GHIDRAuto Haha, never 😂. Its always fun to learn something new tho, and I find RE so entertaining. The average person has no idea hew wide the Technology department is. By the way, do you have any onher socials ? 😁
dude this is really interesting, there is such limited information on the denso ecu's! i've also got the SH7058 in my truck, so would be super keen to see more of this content, would definitely help a lot of people! I've liked and subscribed, kudos mate!
Thanks for the comment. Yeah I’ll keep making them!
legend bro, appreciate you!!@@GHIDRAuto
Except and I don't mean it as disrespect, but his methodology is flawed and these are neither dtcs nor anything dtc related. He isn't analyzing the code but making erroneous conclusions and assumptions that are not based on any analysis. Denso ecus like bosch most often use factors and none are applied here making these values useless. I didn't want to be harsh, I don't want be harsh, but I told the dude a few times that these videos are completely wrong and it's not how any of this works. I spent one year reverse engineering a Denso ecu to get a solid understanding of what and where the maps are , what the factors are and creating my own winols file. One...year of my time. I also never used the decompiler, those can be misleading.
In the video we see him converting hex values to raw decimal values which can be anything but not as they appear.
Again, I am not trying to be a douche, just trying to point out these issues. You can consider the videos misleading at this point. If you need information on Denso I can help somewhat.
So yes, the only way to understand what the values are, is to see what the surrounding code does. To first figure out which memory address corresponds to what. And how the value is represented.
For instance for some Denso ECUs the RPM is stored in memory in raw form and needs to be multiplied by 0,1953125 to get the actual value.
0x8000 = 32768. 32768 * 0,1953125 = 6400. You will not see the RPM value used in raw form ever. The alternative is (RPM * 12800)/65535. These factors WILL differ from ECU to ECU.
Sometimes ECT(coolant temp) will also require not just a factor, but then also substracting a number. Such as ((ECT raw value )*160/255)-40.
So again, the information in the videos is misleading, it has nothing to do with DTCs or temperatures. Go to github and look at romraider subaru definitions, they are in XML and have formulas inside to convert the RAW sensors values to voltage, temperature whatever. They all do. Example : The formula is (raw value) * 0,01933677
So again I am not trying to be a douche but pointing out the logical fallacy of the video. And if the poster of the videos tries flashing any changes he makes right now, he will end up bricking his ECU at best and destroying his engine at the worst.
Look no further than the video segment at 1:11 where he incorrectly assumes that the values he sees are DTCs. First notice how the table of data has repeating numbers. You won't see that in actual DTC codes, each value will be unique and not repeat. This is wrong, those are not DTCs but random values which without analyzing what references them and HOW the instructions process the data, cannot be inferred what they mean. They could even be executable code(unlikely), they could be map data, but certainly NOT DTCs!!
@@farmdve “These arnt dtcs.” It’s my truck, I have tested it. You are wrong.
My Suzuki sidekick Ecu with an (Mitsubishi) sh7055 processor I am having a hard time with. I have asked for help in private message, you have not responded.
“Rpm is never raw value” in my denso sh7055 and my denso sh7058 Ecu it is. There are loads of maps that are using x and y as 32bit full float values. And again in almost every function, they use floating point numbers (raw value). You are wrong.
The reason why there are multiples of the same dtcs listed is because this Ecu has different organized sets of functions that deal with different types of dtcs. However all of them call on this dtc map with a decimal value. Ie 16 being the 16th place in the dtc map. No function has the same dicimal value (I have no idea why) if three functions call the same dtc, said dtc is listed three times in order for each function to have its own decimal value 16, 17, and 18 may be 0401. You are wrong. lol I even found the map(the same length as the dtc map) that sets priority level of said dtc’s this isn’t hard man it’s just time consuming.
I don’t understand why you are taking so much interest in “telling the world” I am wrong when you clearly have never even tuned an Ecu with full float 32bit normalizers in their maps. That’s wild man. Something tells me you own a tuning platform and are trying to convince people that this is harder than it is.
You seem like someone who knows a lot about tuning. I have only been doing this for a year….but again you are …. Well ….. you fill I. The blank.
All fucking around aside, I could use some help. I think my next project on these two ecus. Is getting them too ram dump,DRM,mode 23. You say you are willing to help, you can clearly see I’m trying to help the community. Put your time where your mouth is, let’s OS patch this bitch and get her too dump some ram…… or are you just a troll?
I dig the traffic. And I appreciate you as a person and your interest in my project.
It’s cool when people have the balls too call someone out. Helps the community as a whole
Im tuner i have swiftec and winols i litterly do understand dtc switches and dtc lables but doing it with ghidra very cool using my experience made find them wirh only eyes so this things is really fun
Nice!! I have only been working on this stuff for around 1.5 years. Ghidra for 6 months. My personal truck has very limited support that I could find. I did find a mappack on stageX ai, but they had many mislabeled maps. Trying too change boost and it was my rail pressure instead. 275800-6704.
That is what made me start using ghidra
Great video man
I'm a beginer in term of ECU tuning so i want to ask what can i do with the DTC that has been found like shawn in the video ??
Thanks a lot for your content
ruclips.net/video/jRo1wr7o80g/видео.htmlsi=C7QcfrX-V-Ux4U_O
Watch this video. You can use the dtc table and this dtc handler to find sensor linearization maps.
How exactly do you extract the assembly code into your ide from the ecu? What do you use to read the ecu microcontroller flashed compiled assembly code?
Pcmflash is my preferred software for reading and writing ecus (microcontrollers), accompanied with an open port tactrix 2.0 as the interface between your Ecu/obd2 port, and laptop.
Hi , i m also getting to know ida pro and ghidra to inverse engineer. I tune and remap diesel 1.5dci - stage 2 - and now searching for some limiter of fuel . I cannot find it but in logs I see my raw injection quantity is dropping . Need to know this stuff how to find limiter in my bin file.😢
Good morning . I would like to take a course with you to be able to eliminate dpf, egr, lamda off, dtc off. using gidra or another link search to be able to make modifications in winols
I do not teach how to tune or disable. Only how to find parameters
What Ecu? With my methods on the Ecu’s I have worked on, what you are asking is easy to fine
@@GHIDRAuto If it's okay, it's just what I need. Find the parameters of the data that appears in Winols. how to find links for me after searching for it in winols
@@GHIDRAuto If it's okay, it's just what I need. Find the parameters of the data that appears in Winols. how to find links for me after searching for it in winols
The representation of U0 codes as Cxxx is very common across many ECU and processor architectures
Not going to lie, this statement is over my head
@@GHIDRAuto No way. In your DTC array the code that began with the C is indeed a U-xxxx code like you mentioned. I was trying to say that this is common in other systems like Bosch and Continental as well
Oh lol. I thought you were talking about “code” as in what is making up the language of the Ecu. Yeah I have seen them like this in almost every Ecu I have looked at.
Can this be used to reverse engineer the conditions for setting a specific DTC? If so - how? Could you make a video on it?
That is a good idea. I have already touched on that a little, but I will take some time for that specifically. In the mean time Have you watched the video in this link all the way through? this will inadvertently show you how to find conditions to set. How to find EGT, MAF, ECT, sensor scalers. Denso sh7058 and 55
ruclips.net/video/jRo1wr7o80g/видео.html
Mate i liked you video wanna learn more about those things i m tuner
Good to hear. Thank you for the comment! I am sure I could learn a lot from you too! Make some videos
Do you know the language of Honda jazz ecu? I put the file honda jazz ge but I don't know what language to use to import the file into ghidra.
First find what processor it is and then do some research from there. If it is sh7xxx sh2A should work.
@@GHIDRAuto thank you
@@GHIDRAuto Do you have the mcu file of ecu sh7058 or sh72543?
@@GHIDRAuto Or where can I find it?
@@suwatp.3331 are you asking me for your mcu file, or asking me for mine? I have an mcu file from a denso sh7058 Ecu included with my paid for course on my website www.ghidrauto.com
Thanks, very interesting!
Thanks for the comment man.
Does anyone have a solution to unlock ..cloning or remap ECU for mazda cx30 skyactiveD year 2020 ecu denso s805 18881, mb275700-9552, 12V KE124D MADE IN SPAIN...THANKS FOR ANY INFORMATION
I am not sure, what processor? Ghidrauto@gmail.com
Good Job bruh, very nice, but i dont Understand
Thanks man
How can I get winols free
Winols test version is free on their website evc winols
i want Crack version
This hit make me wanna quit learning reverse engineering and stick to c++. This is very impressive but i dont understand asything. Wtf are dtcs, WinOle, what am i being shown? I only know how to do some basic crackmes 😭
lol this is a cars Ecu. Yeah man learn c++ I use chatgpt becuase I’m a dumbass and don’t know c++. Gooogle man. This is your cars Ecu.
@@GHIDRAuto thank for the reply. I am good in c++ (thank God at least that, usually work with Windows API). What youre doing is wayyy more impressive. Also thanks for explaining 😁
I’m sure I could learn alot from you. Someone with your expertise would be leaps and bounds ahead of me!
@@GHIDRAuto Haha, never 😂. Its always fun to learn something new tho, and I find RE so entertaining. The average person has no idea hew wide the Technology department is. By the way, do you have any onher socials ? 😁
Yeah for sure. Social media? Reddit is ghidrauto, none of my other socials have too do with this stuff.