How to gain firmware of PAM module BS7T-15K866-AE ?

Gwe89 · Post by **Gwe89** » 26 Dec 2019, 23:38

Go4IT wrote: ↑26 Dec 2019, 23:03
Gwe89 wrote: ↑25 Dec 2019, 23:33 @ go4it if I program a pam module with the loader and send you it would it be any use to you?
No, as we already found out, the PAM is simply updated to a genuine recent one. The magic all is in the gateway. So we need an HEX dump of it's Flash or trigger the interface and look how it behaves. For the first it would also be finde to have some CAN logs when PAM get's activated.

I will get you the files its vin protected to my car tho but it definalty programs the pam module I think m0tral has put in some extra trigger or canbus code

Ursadon · Post by **Ursadon** » 25 Jan 2020, 18:46

Go4IT wrote: ↑26 Dec 2019, 23:03 So we need an HEX dump of it's Flash or trigger the interface and look how it behaves.

Unfortunately, it is impossible to dump through the CAN bus.
SBL does not support required features. Only via BDM.

Go4IT · Post by **Go4IT** » 25 Jan 2020, 19:17

Ursadon wrote: ↑25 Jan 2020, 18:46 Unfortunately, it is impossible to dump through the CAN bus.
SBL does not support required features. Only via BDM.

Did you analyze it? What do you use to decompile?

paxtonix · Post by **paxtonix** » 25 Jan 2020, 20:02

Go4IT wrote: ↑25 Dec 2019, 18:17 Ok, then it is this small Arduino doing the job.

I tried to make a dump from Arduino MCU (atmega328p) - that is used on canbox from CM. but it looks like it is protected from reading.
I can't take a dump

viewtopic.php?f=10&p=1484#p1484

Ursadon · Post by **Ursadon** » 26 Jan 2020, 03:07

Go4IT wrote: ↑25 Jan 2020, 19:17
Ursadon wrote: ↑25 Jan 2020, 18:46 Unfortunately, it is impossible to dump through the CAN bus.
SBL does not support required features. Only via BDM.
Did you analyze it? What do you use to decompile?

Yes, I searched for the can bus functions. The assembler for hcs12 architecture is very simple - there are few commands there. But there is a bad side - the listing of the program is growing.

For reverse engineering, I used Ghidra. Unlike the IDA, it can decompile this architecture.

Go4IT · Post by **Go4IT** » 28 Jan 2020, 06:18

Well, another point to work with Ghidra, i really need to spend some time with it...

Stevebe · Post by **Stevebe** » 28 Jan 2020, 15:23

Go4IT wrote: ↑28 Jan 2020, 06:18 Well, another point to work with Ghidra, i really need to spend some time with it...

I just got Ghidra running and it does seen very good and easier to use I have just got my CG Pro 9S12 Freescale Programmer I’ll set up I should be able to read Pam if I can workout how to use it lol

DFE54988-D159-4FE2-8CD5-D283835C89E1.jpeg

MicroHacker Forum

How to gain firmware of PAM module BS7T-15K866-AE ?

Re: How to gain firmware of PAM module BS7T-15K866-AE ?

Re: How to gain firmware of PAM module BS7T-15K866-AE ?

Re: How to gain firmware of PAM module BS7T-15K866-AE ?

Re: How to gain firmware of PAM module BS7T-15K866-AE ?

Re: How to gain firmware of PAM module BS7T-15K866-AE ?

Re: How to gain firmware of PAM module BS7T-15K866-AE ?

Re: How to gain firmware of PAM module BS7T-15K866-AE ?