View Single Post
Old Tue, Jan-09-2018, 04:24:44 AM   #15
Registered User
Join Date: Nov 2017
Posts: 3
Reputation: 0 jcolley is on a distinguished road

United States

Default Re: Comprehensive MSS60 DME Information

I'll tag along here and provide some input. Sorry I haven't gotten back to your email @dpaul, I will, just buried in too many things right now.

To clarify, when you BDM read the mss60, the port is *not* blocked. Most tools will read it out properly, just the internal flash portion of the one processor will be empty. I have spent a month or so starting at disassembly on both mss60 and mss65 and this is one area I've focused on. I will say I'm 99% certain how the data is filtered out, but haven't decided yet if I intend to make any commercial use of it.

Yes, I am on the commercial end of this, but got started on mss65 in the m5board effort that never went much of anywhere. At the time I was still active duty, but now find myself eking out a living playing with these cars and I haven't made up my mind yet how much I want to give away. I read every post about mss6x on pretty much every forum there is and it's only a matter of time, it will all be public. I just can't financially throw it all out there right now.

Most of my work at the moment is dedicated to R/E the mss6x for the purposes of reconstructing portions of the code in MoTeC's M1 Build to run and S65 and S85 on a MoTeC M1 series ECU. The torque manager, idle actuator CAN, throttle actuator CAN, IBS, SMG/DCT structures...these are all of the things I have in focus as my primary goal is to bring a standalone ECU option to the E6x Ms and E9x Ms that provides full functionality of all systems.

I have been staring at mss65 almost daily for about 4 years now and tuning the S85 for about 2 years now.

My interest in the BDM lock is not to remove it, but actually implement it on both processors for both mss60 and mss65. I'm probably 50% of the way there on that, just trying to get comfortable with the idea of altering assembly to insert code in the program area.

For reading and writing, I will say, for 99% of what you guys want to achieve, unless you plan on leading a project into IDA and going at some PPC disassembly, a full read is pretty much useless.

mss65 has had very minimal changes to the program and calibration structure over any iteration with exception of 520E which was never for use in the US. I've not had time to get into what the nuts and bolts differences are, but have full reads of every mss65 version from 60E up to 520E.

mss60 had some pretty significant reconstruction at some point, to include incorporating the BDM internal flash masking. I initially thought that these changes were in the boot area and would require access to some file not publicly available in ISTA/PROGMAN/etc, but that is not the case.

It stands to reason that if the lock was incorporated at some point down the line with an iLevel upgrade, it would be in a program version change for mss60. I mistakenly believed that this would be in the boot area and would require an elusive/rumored .0ba file and not in the .0pa or .0da files. I will save you all the time. The lock is not in the boot area.

As I said, I'm still undecided how much I am willing to give away, not that I know what I *want* to give away. I just need to get my revenue stream shifted away from reflash tuning and get a few motec projects running.
Jump to top jcolley is offline   Reply With Quote