I do! The '94 has 15, and the '95 has 9.Originally Posted by spfautsch
I do! The '94 has 15, and the '95 has 9.
1990 Corvette (Manual)
1994 Corvette (Automatic)
1995 Corvette (Manual)
Please forgive my lazy, not wanting to read to try and figure out on my own. Can one change how many bytes are read with a mode 2? Or use some other command to get a smaller range?
Whatever the case, see below responses to f1 02 644b while shorting the key in pin to ground.
Now I guess I need to figure out where the processor is reading that from.Code:DATA=200111407F7F7F8F8F8F1111118181812020200101010000007F9F0000800006000100004010FFFF0602000087004900000000E30004FFFF00FFFF0000000000 < C11 grounded DATA=200111407F7F7F8F8F8F1111118080802020200101010000007F9F0000800006000100004010FFFF0602000087004900000000E30004FFFF00FFFF0000000000 < C11 floating
you can use a mode 3 request. mode 2 reads 64 bytes, mode 3 just reads that single byte.
can you confirm that the CCM does not respond in any way to a mode 12 request? (0C in hex)
i find it really weird that they'd make it a one-liner to change the cal id or vin in the 8051 but not its CCM companion.
while you're at it see if it responds to 0D unlock
I guess I really need to do some reading and understand the protocol a little better.
Code:COMM::Sent message: F1560CAD COMM::Packet error: Timeout waiting for reply payload.Code:COMM::Sent message: F1560DAC COMM::Reply was not as expected: f1560dac vs F15600B9
try a few bytes of command payload
like 0C0001 or 0D0000 or something
I better get some learning done on what these commands do and what you're trying to accomplish because I may be missing your whole point or just doing it all wrong. Maybe have NomakeWan try the same since he has a much better understanding of the protocol.Code:DEBUG::Sending raw command: DEVICE=F1 COMMAND=D DATA=0000 COMM::Sent message: F1580D0000AA COMM::Packet error: Timeout waiting for reply payload. DEBUG::Trying to reconnect to bus... DEBUG::Sending raw command: DEVICE=F1 COMMAND=D DATA=0001 COMM::Sent message: F1580D0001A9 COMM::Reply was not as expected: f1580d0001a9 vs 105908870200 DEBUG::Trying to reconnect to bus... DEBUG::Sending raw command: DEVICE=F1 COMMAND=C DATA=0000 COMM::Sent message: F1580C0000AB COMM::Packet error: Timeout waiting for reply payload. DEBUG::Trying to reconnect to bus... DEBUG::Sending raw command: DEVICE=F1 COMMAND=C DATA=0001 COMM::Sent message: F1580C0001AA COMM::Packet error: Timeout waiting for reply payload. DEBUG::Trying to reconnect to bus...
I'm having an obscene amount of fun mapping digital inputs to (perceived) memory locations and physical pins. Also discovered how to crack open old db9 solder type connectors to harvest the pins so I have the capability to do much, much more. Thus far I have the bit and address(es) for the key in, left door switch, hatch switch, low oil, and high beam inputs. I'm as happy as a possum eating a sweet potato.
Meh I guess 64 bytes will have to do b/c I want to see adjacent data.
It appears the key in input traces to pin 18 of the 52 pin PLCC packaged IC labeled 51756992 / 81848. I'm assuming this is some sort of I/O chip. I would assume it's talking to the processor over SPI or interfacing directly to RAM?
Posting Permissions
Reply With Quote
Bookmarks