nurbs
New Member
Posts: 25
|
Post by nurbs on Jan 20, 2023 7:11:40 GMT
Hi Forum. Finding it fascinating to learn about automotive module commands & data structures and imagine what's possible. I see that most commands can be queried in DRB-III to determine properties. Besides for doing a "modsearch DR" in my case as I'm using with "Dodge RAM" are there any other queries that should be made to find modules that might pertain to a given vehicle ? The CUMMINS module was the first that I queried. Besides for commands with "UNKNOWN" properties and the process of determining what those might be (which will come later for me) where are the descriptions for "CONFIGURATIONS" (command 2A) coming from ? For example László just updated "MODEL YEAR" for said vehicle and I don't understand where the actual year text exists that is determined by returned message payload ?
Sven
|
|
|
|
Post by admin on Jan 21, 2023 10:17:36 GMT
Module search can only get you so far. Use this filtering method to dig deeper. txsearch J1850 && xmit: 24 && sc: Body
This command searches among all module, narrows down results to: PCI-bus, request message ID, and Body module. Feel free to add or remove search terms. Mind the whitespaces around " && ". You will find that the majority of bus messages are independent of vehicle type. You can enter any search term that appears in a line (even punctuation can make a difference): P_BCM_FXD_HDLMP_DLY_TIME_STATUS: J1850; xmit: 24-40-22-28-B3-00; sc: Body; 0x800089ab
Order of search terms does not matter. Remember that the DRB3 database is not 100% decoded and not 100% complete to begin with. Kyle only developed it this far. Some descriptions come from the database.mem file directly: > txsearch SCI && xmit: 2A
PART NUM CHAR9: SCI; xmit: 2A-17-00; sc: Engine; 0x8000001e
PART NUM CHAR10: SCI; xmit: 2A-18-00; sc: Engine; 0x8000001f
PART NUM CHAR1: SCI; xmit: 2A-01-00; sc: Engine; 0x80000020
PART NUM CHAR2: SCI; xmit: 2A-01-00; sc: Engine; 0x80000021
PART NUM CHAR3: SCI; xmit: 2A-02-00; sc: Engine; 0x80000022
PART NUM CHAR4: SCI; xmit: 2A-02-00; sc: Engine; 0x80000023
PART NUM CHAR5: SCI; xmit: 2A-03-00; sc: Engine; 0x80000024
PART NUM CHAR6: SCI; xmit: 2A-03-00; sc: Engine; 0x80000025
PART NUM CHAR7: SCI; xmit: 2A-04-00; sc: Engine; 0x80000026
PART NUM CHAR8: SCI; xmit: 2A-04-00; sc: Engine; 0x80000027
ENGMOD_SBECIII: SCI; xmit: 2A-0B-00; sc: Engine; 0x800000c0
FUEL TYPE: SCI; xmit: 2A-0A; sc: Engine; 0x80000910
MODEL YEAR: SCI; xmit: 2A-0B; sc: Engine; 0x80000911
DISPLACEMENT CONFIG ORIENTATIO: SCI; xmit: 2A-0C; sc: Engine; 0x80000912
SBECIII_INFO_ABAG: SCI; xmit: 2A-FD-00-00; sc: AirBag; 0x8000294d
SCI Modifiable: SCI; xmit: 2A-00; sc: MIC; 0x800029dd
SCI SBECIII/JTEC Mod Info: SCI; xmit: 2A-FD; sc: Right Side Airbag; 0x80002a84
SCI SBECIII/JTEC Mod Info: SCI; xmit: 2A-FD; sc: Left Side Airbag; 0x80002a98
MIC_ENGMOD_SBECIII: SCI; xmit: 2A-0B-00; sc: MIC; 0x80002acd
ENGMOD_SBECIII: SCI; xmit: 2A-0B-00; sc: ECM; 0x80002ca0
ENGMOD_SBECIII: SCI; xmit: 2A-0B-00; sc: Special Tests; 0x80002d38
ENGMOD_SBECIII: SCI; xmit: 2A-10-00; sc: Vehicle Theft Security; 0x80002e53
ENGMOD_SBECIII: SCI; xmit: 2A-0B-00; sc: Body; 0x80002e54
ENGMOD_SBECIII: SCI; xmit: 2A-10-00; sc: AirBag; 0x80004f7c
ENGMOD_SBECIII: SCI; xmit: 2A-0B-00; sc: Antilock Brakes; 0x80004fc8
CMT_ENGMOD_SBECIII: SCI; xmit: 2A-0B-00; sc: Compass Mini-Trip; 0x800053f6
ENGMOD_SBECIII_INFO: SCI; xmit: 2A-0F-00; sc: SKIM; 0x8000679e
Fuel, year, displacement is nicely enumerated: > dumpconverter 0x80000910
TYPE: STATE
REC: 20-20-C4-0D-3B-00
DSREC: C4-0D-00-00-00-00-53-0A
DFLT: N/A
0x01: UNLEADED FUEL
0x02: DIESEL FUEL
0x03: PROPANE FUEL
0x04: METHANOL
0x05: LEADED FUEL
0x06: FLEX FUEL
0x07: CNG
0x08: ELECTRIC VEHICLE
The rest I unearthed from DRB3 SuperCard dumps: {Some SuperCard enum}.data:005E8288 off_5E8288 dd offset asc_5EA480 ; DATA XREF: sub_470A00+4B2↑r
.data:005E8288 ; "*"
.data:005E828C dd offset a22lI4 ; "2.2L I4"
.data:005E8290 dd offset a25lI4 ; "2.5L I4"
.data:005E8294 dd offset a30lV6 ; "3.0L V6"
.data:005E8298 dd offset a33lV6 ; "3.3L V6"
.data:005E829C dd offset a39lV6 ; "3.9L V6"
.data:005E82A0 dd offset a52lV8 ; "5.2L V8"
.data:005E82A4 dd offset a59lV8 ; "5.9L V8"
.data:005E82A8 dd offset a38lV6 ; "3.8L V6"
.data:005E82AC dd offset a40lI6 ; "4.0L I6"
.data:005E82B0 dd offset a20lSohc ; "2.0L SOHC"
.data:005E82B4 dd offset a35lV6 ; "3.5L V6"
.data:005E82B8 dd offset a80lV10 ; "8.0L V10"
.data:005E82BC dd offset a24lI4 ; "2.4L I4"
.data:005E82C0 dd offset a25lI4_0 ; "2.5L I4"
.data:005E82C4 dd offset a25lV6 ; "2.5L V6"
.data:005E82C8 dd offset a20lDohc ; "2.0L DOHC"
.data:005E82CC dd offset a25lV6_0 ; "2.5L V6"
.data:005E82D0 dd offset a59lI6 ; "5.9L I6"
.data:005E82D4 dd offset a33lV6_0 ; "3.3L V6"
.data:005E82D8 dd offset a27lV6 ; "2.7L V6"
.data:005E82DC dd offset a32lV6 ; "3.2L V6"
.data:005E82E0 dd offset a18lI4 ; "1.8L I4"
.data:005E82E4 dd offset a37lV6 ; "3.7L V6"
.data:005E82E8 dd offset a47lV8 ; "4.7L V8"
.data:005E82EC dd offset a19lI4 ; "1.9L I4"
.data:005E82F0 dd offset a31lI5 ; "3.1L I5"
.data:005E82F4 dd offset a16lI4 ; "1.6L I4"
.data:005E82F8 dd offset a27lV6_0 ; "2.7L V6"
.data:005E82FC dd offset a57lV8 ; "5.7L V8"
.data:005E8300 dd offset a83lV10 ; "8.3L V10"
.data:005E8304 dd offset a27lI5 ; "2.7L I5"
.data:005E8308 dd offset a28lI4 ; "2.8L I4"
.data:005E830C dd offset aXYl ; "x.yL ??"
.data:005E8310 ; char *off_5E8310
.data:005E8310 off_5E8310 dd offset asc_5EA590 ; DATA XREF: sub_470A00+1A05↑r
.data:005E8310 ; "*"
.data:005E8314 dd offset aFcc ; "FCC"
.data:005E8318 dd offset aSbecI ; "SBEC I"
.data:005E831C dd offset aSbecIi ; "SBEC II"
.data:005E8320 dd offset aSbecIia ; "SBEC IIA"
.data:005E8324 dd offset aSbec3 ; "SBEC 3"
.data:005E8328 dd offset aJtec ; "JTEC"
.data:005E832C dd offset aSbec3a ; "SBEC 3A"
.data:005E8330 dd offset aSbec3_0 ; "SBEC 3+"
.data:005E8334 dd offset aCummins ; "Cummins"
.data:005E8338 dd offset aBosch ; "Bosch"
.data:005E833C dd offset aNorthropEvScu ; "Northrop EV SCU"
.data:005E8340 dd offset aJtec_0 ; "JTEC+"
.data:005E8344 dd offset aJtecTransOnly ; "JTEC (Trans Only)"
.data:005E8348 dd offset aJtecTransOnly_0 ; "JTEC+ (Trans Only)"
.data:005E834C dd offset aBoschEdc15V ; "Bosch EDC15-V"
.data:005E8350 dd offset aBoschEdc15C5 ; "Bosch EDC15-C5"
.data:005E8354 dd offset aSiemensSim70 ; "Siemens Sim70"
.data:005E8358 dd offset aSbec3a_0 ; "SBEC 3A+"
.data:005E835C dd offset aSbec3b ; "SBEC 3B"
.data:005E8360 dd offset aGenericJtec ; "Generic JTEC"
.data:005E8364 dd offset aCummins845 ; "Cummins 845"
.data:005E8368 dd offset aCummins846 ; "Cummins 846"
.data:005E836C dd offset aGenericCummins ; "Generic Cummins"
.data:005E8370 dd offset aCummins848 ; "Cummins 848"
.data:005E8374 dd offset aEdc16C2 ; "EDC16-C2 "
.data:005E8378 dd offset asc_5EA69A ; "*"
.data:005E837C dd offset aNgc ; "NGC"
.data:005E8380 dd offset aEdc16C2_0 ; "EDC16-C2"
.data:005E8384 dd offset aCumminsIi ; "Cummins II"
.data:005E8388 dd offset asc_5EA6B4 ; "*"
.data:005E838C dd offset asc_5EA6B6 ; "*"
.data:005E8390 off_5E8390 dd offset aFederalHighAlt
.data:005E8390 ; DATA XREF: sub_470A00+85↑o
.data:005E8390 ; "Federal High Altitude Module"
.data:005E8394 dd offset aTruckModule ; "Truck Module"
.data:005E8398 dd offset aMexicanNbm ; "Mexican (NBM)"
.data:005E839C dd offset aCalifNyMassCon ; "Calif/NY/Mass/Conn Module"
.data:005E83A0 dd offset aFederalCanadia ; "Federal/Canadian Module"
.data:005E83A4 dd offset aBuxEceModule ; "BUX/ECE Module"
.data:005E83A8 dd offset aGulfStatesModu ; "Gulf States Module"
.data:005E83AC dd offset a50StateCanadia ; "50 State/Canadian Module"
.data:005E83B0 dd offset aTransitoryLowE ; "Transitory Low Emiss. Veh (NBT)"
.data:005E83B4 dd offset aLowEmissionVeh ; "Low Emission Vehicle (NBV)"
.data:005E83B8 dd offset aCarbObdIiTruck ; "CARB OBD II Truck Module"
.data:005E83BC dd offset aEpaFederalObdT ; "EPA Federal OBD Truck Module"
.data:005E83C0 dd offset aHeavyDutyTruck ; "Heavy Duty Truck Module/Chry OBD"
.data:005E83C4 dd offset aCanadianOnly ; "Canadian Only"
.data:005E83C8 dd offset aFederalOnly ; "Federal Only"
.data:005E83CC dd offset a50StateOnly ; "50 State Only"
.data:005E83D0 dd offset aZeroEmissionVe ; "Zero Emission Vehicle (NBZ)"
.data:005E83D4 dd offset aUltraLowEmissi ; "Ultra Low Emission Vehicle (NBU)"
.data:005E83D8 dd offset aJapanGhNbj ; "Japan GH (NBJ)"
.data:005E83DC dd offset aEuroStageIiiNb ; "Euro Stage III (NB3)"
.data:005E83E0 dd offset aNationalLowEmi ; "National Low Emissions (NLEV)"
.data:005E83E4 dd offset aEuroStageIiNb2 ; "Euro Stage II (NB2)"
.data:005E83E8 dd offset aEuroStageIvNb4 ; "Euro Stage IV (NB4)"
.data:005E83EC dd offset aSuperUltraLowE ; "Super Ultra Low Emiss Veh (NBS)"
.data:005E83F0 dd offset aEnharentlyLowE ; "Enharently Low Emiss Veh (NBI)"
.data:005E83F4 dd offset aPartialZeroEmi ; "Partial Zero Emiss Veh (NBP)"
.data:005E83F8 dd offset asc_5EA91B ; "*"
.data:005E83FC dd offset asc_5EA91D ; "*"
.data:005E8400 dd offset asc_5EA91F ; "*"
.data:005E8404 dd offset asc_5EA921 ; "*"
.data:005E8408 dd offset asc_5EA923 ; "*"
.data:005E840C dd offset asc_5EA925 ; "*"
.data:005E8410 dd offset asc_5EA927 ; "*"
.data:005E8414 dd offset asc_5EA929 ; "*"
.data:005E8418 dd offset asc_5EA92B ; "*"
.data:005E841C dd offset asc_5EA92D ; "*"
Notice how each line can be matched with a return value of SCI 2A XX. Lists always start with 00 and the asterisk tells you it's an unused value. |
|
nurbs
New Member
Posts: 25
|
Post by nurbs on Jan 22, 2023 0:29:32 GMT
PCMCIA  I'm old enough to remember these and how amazing we thought they were when we first saw. Useful to see the enumerations, thanks. So you queried your dump for engine model strings or there is something self-identifying in first column ? So might these SuperCard dumps contain information about the following command: Idle Up Feature Enable: SCI; xmit: 23-15; sc: ECM; 0x800079f0 I've been aware of this command because it allows for control of engine speed using the cruise control switches ( useful with PTO ). Actually paid a dealership to enable, but they were unable. A dumpconverter of the command shows: > dumpconverter 0x800079f0 TYPE: UNKNOWN_x22 REC: 22-22-1B-58-01-2E DSREC: 1B-58-00-00-00-00-53-0A I queried DRB3 for something relevant. Assuming nothing in DRB3 might there be something in SuperCard ? Sven |
|
|
|
Post by admin on Jan 22, 2023 17:31:28 GMT
Wait, are you all older than me?  Not quite, I was just looking at the content and saw groups of strings, then it was obvious. This one is interesting. I looked at similar feature switches and they tend to change settings in EEPROM. To do that at least Level 1 security access is needed. 23-15 is a group command. It needs a third byte to address Idle Up, and possibly a fourth byte (on/off). I see a single reference to it in the DRB3Emulator (it uses database.mem content) [...]
.text:004CCC07 call sub_41BE00
.text:004CCC0C pop ecx
.text:004CCC0D push eax ; Format
.text:004CCC0E push 2 ; int
.text:004CCC10 push 0 ; int
.text:004CCC12 push 6 ; int
.text:004CCC14 call sub_431864
.text:004CCC19 add esp, 10h
.text:004CCC1C push offset a1Enable_17 ; "1. Enable"
.text:004CCC21 push 2 ; int
.text:004CCC23 push 3 ; int
.text:004CCC25 push 6 ; int
.text:004CCC27 call sub_431864
.text:004CCC2C add esp, 10h
.text:004CCC2F push offset a2Disable_17 ; "2. Disable"
.text:004CCC34 push 2 ; int
.text:004CCC36 push 4 ; int
.text:004CCC38 push 6 ; int
.text:004CCC3A call sub_431864
.text:004CCC3F add esp, 10h
.text:004CCC42 push offset aIdleUpFeature ; "Idle Up Feature"
.text:004CCC47 push 2 ; int
.text:004CCC49 push 6 ; int
.text:004CCC4B push 6 ; int
.text:004CCC4D call sub_431864
.text:004CCC52 add esp, 10h
.text:004CCC55 push offset aIsCurrently_1 ; "is Currently"
.text:004CCC5A push 2 ; int
.text:004CCC5C push 7 ; int
.text:004CCC5E push 6 ; int
.text:004CCC60 call sub_431864
.text:004CCC65 add esp, 10h
[...]
This need some figuring out. |
|
nurbs
New Member
Posts: 25
|
Post by nurbs on Jan 22, 2023 19:51:15 GMT
Thanks for more good info. Curious about the process of figuring this one out because I think there are several others for this truck that I would like to try to tackle as well. Worst case I know somebody with a programmer such that I could probe SCI lines with DSO to see what is specifically happening for this command ? I relocated my factory DLC connector this weekend as it was dangerous for both scanner and driving (pointed straight at legs). In the process I added an intermediate terminal block so as to be able to more easily probe and a switch for 12V so as to be able to leave scanner connected without power consumption. I can post parts list (BOM) if somebody else interested.
Sven
|
|
I'm old enough to remember these and how amazing we thought they were when we first saw. Useful to see the enumerations, thanks. So you queried your dump for engine model strings or there is something self-identifying in first column ?