I think ccm is just echoing the seed and not converting it to key for the pcm.
Maybe something in the ccm says theft is not good echo the seed, and pcm can`t figure it and keeps polling ccm for key.
Maybe someone can post ign on log with ccm and pcm on the bus, so we can compare how it goes there.
well whatever it is, i think i have enough info to emulate the ecm and win control of the bus, but the other thing i noticed is if the ccm wakes up it crashes the flash kernel. i wonder if there's a way to fully lock the ccm up. lots of cool experiments to run....
but id still like to know why my ecm didn't work. i think it's valuable info
E5 is the other Key-On +12V. +12V should go to it.Originally Posted by steveo
Yes, I could tell that from your logs; in all logs from my 94 and 95, the only time the CCM does not send the F0 poll is when the key is off. As soon as the key is inserted and turned to run, the F0 polls begin. So since your broadcast messages look totally normal save for the lack of F0 polls, that looks like a normal key-off state.
The $10 broadcast message is for the C68 HVAC system, and contains data the CCM has gleaned from the $41 broadcast from the ECM. This is normal. Additionally there is no return message to a $10 broadcast; it is sent into the void and it's up to the HVAC Programmer to do something about it on its own. There is no handshake or anything like that involved.
1990 Corvette (Manual)
1994 Corvette (Automatic)
1995 Corvette (Manual)
i thought it only got power in the 'start' position
it seems that a handshake is required. we proved that by making the ECM provide the correct response at which point the CCM became bus master and started the F0 polls. i -think- what you're likely seeing in the key-off state is the ECM isn't alive so it's not responding to the CCM.Yes, I could tell that from your logs; in all logs from my 94 and 95, the only time the CCM does not send the F0 poll is when the key is off. As soon as the key is inserted and turned to run, the F0 polls begin. So since your broadcast messages look totally normal save for the lack of F0 polls, that looks like a normal key-off state.
thanks, definitely good to know i can ignore that msgThe $10 broadcast message is for the C68 HVAC system, and contains data the CCM has gleaned from the $41 broadcast from the ECM. This is normal. Additionally there is no return message to a $10 broadcast; it is sent into the void and it's up to the HVAC Programmer to do something about it on its own. There is no handshake or anything like that involved.
edit: another thing i'm seeing is the CCM wakes back up after 3 seconds even if we send a keepalive F056F0CA. i wonder what keepalive message would be acceptable to keep the CCM shut up.
Last edited by steveo; 10-25-2021 at 05:24 AM.
Turns out it's both START and RUN. E4 is RUN only.
Interesting. You're probably right; I would have to check my logs on my '95 while running experiments to see if that is indeed the case. I mean, I assume it is since you already got it working thanks to kur4o's hack, but yeah. I could confirm I suppose.
Definitely seems like a security-related thing; again this handshake was not present in the 90-91 and was only added in 92 and later. And since I only have the original 1990 documentation, well, there's that.
1990 Corvette (Manual)
1994 Corvette (Automatic)
1995 Corvette (Manual)
The FSM specifies that E5 / IGN1 is hot in start and run, and that E4 / IGN3 is hot in run only. This implies E4 is not hot in start / cranking but I haven't tested in-car to verify.
Edit: On my test bench setup I was able to connect with eehack and / or read with flashhack with either E4 or E5 connected with a 1333 and 8051 PCM. Though I wasn't paying any attention to the CCM broadcast / polling traffic and responses.
Dammit, for some reason I'm not getting email notifications on new posts.
Steveo I'm too lazy to lookup calids - what year / type bin do you have on the PCM?
Last edited by spfautsch; 10-26-2021 at 03:22 AM.
currently using one that you posted here for me to trySteveo I'm too lazy to lookup calids - what year / type bin do you have on the PCM?
i tried a bunch of other 94 and 95 bins too
I wonder if there might not be something to the idea that your difficulty is because of the 8051 PCM. That bin is my original read, but I've always disabled the VATS stuff in the bin I'm running because I noticed that the engine would die right after startup if I left my laptop plugged into the usb serial adapter without eehack logging.
I've run an 8051 in my car and it was fine, but I always had issues with eehack getting disconnected periodically.
Thinking about it, the only hardware differences between the two are the additional post-cat heated O2 controllers, and the class 2 vpw chip. I wonder if that class 2 chip maybe contains an asic that the 1333s use to generate the key.
If I have time today I'll try that 8051 again in the car, this time with VATS enabled. Who's willing to wager it dies right after startup?
Last edited by spfautsch; 10-26-2021 at 09:41 PM.
Posting Permissions
Reply With Quote
Bookmarks