Page 4 of 4
Re: How to gain firmware of PAM module BS7T-15K866-AE ?
Posted: 26 Dec 2019, 23:38
by Gwe89
Go4IT wrote: ↑26 Dec 2019, 23:03
Gwe89 wrote: ↑25 Dec 2019, 23:33
@ go4it if I program a pam module with the loader and send you it would it be any use to you?
No, as we already found out, the PAM is simply updated to a genuine recent one. The magic all is in the gateway. So we need an HEX dump of it's Flash or trigger the interface and look how it behaves. For the first it would also be finde to have some CAN logs when PAM get's activated.
I will get you the files its vin protected to my car tho but it definalty programs the pam module I think m0tral has put in some extra trigger or canbus code
Re: How to gain firmware of PAM module BS7T-15K866-AE ?
Posted: 25 Jan 2020, 18:46
by Ursadon
Go4IT wrote: ↑26 Dec 2019, 23:03
So we need an HEX dump of it's Flash or trigger the interface and look how it behaves.
Unfortunately, it is impossible to dump through the CAN bus.
SBL does not support required features. Only via BDM.
Re: How to gain firmware of PAM module BS7T-15K866-AE ?
Posted: 25 Jan 2020, 19:17
by Go4IT
Ursadon wrote: ↑25 Jan 2020, 18:46
Unfortunately, it is impossible to dump through the CAN bus.
SBL does not support required features. Only via BDM.
Did you analyze it? What do you use to decompile?
Re: How to gain firmware of PAM module BS7T-15K866-AE ?
Posted: 25 Jan 2020, 20:02
by paxtonix
Go4IT wrote: ↑25 Dec 2019, 18:17
Ok, then it is this small Arduino doing the job.
I tried to make a dump from Arduino MCU (atmega328p) - that is used on canbox from CM. but it looks like it is protected from reading.
I can't take a dump
viewtopic.php?f=10&p=1484#p1484
Re: How to gain firmware of PAM module BS7T-15K866-AE ?
Posted: 26 Jan 2020, 03:07
by Ursadon
Go4IT wrote: ↑25 Jan 2020, 19:17
Ursadon wrote: ↑25 Jan 2020, 18:46
Unfortunately, it is impossible to dump through the CAN bus.
SBL does not support required features. Only via BDM.
Did you analyze it? What do you use to decompile?
Yes, I searched for the can bus functions. The assembler for hcs12 architecture is very simple - there are few commands there. But there is a bad side - the listing of the program is growing.
For reverse engineering, I used Ghidra. Unlike the IDA, it can
decompile this architecture.
Re: How to gain firmware of PAM module BS7T-15K866-AE ?
Posted: 28 Jan 2020, 06:18
by Go4IT
Well, another point to work with Ghidra, i really need to spend some time with it...
Re: How to gain firmware of PAM module BS7T-15K866-AE ?
Posted: 28 Jan 2020, 15:23
by Stevebe
Go4IT wrote: ↑28 Jan 2020, 06:18
Well, another point to work with Ghidra, i really need to spend some time with it...
I just got Ghidra running and it does seen very good and easier to use I have just got my CG Pro 9S12 Freescale Programmer I’ll set up I should be able to read Pam if I can workout how to use it lol
DFE54988-D159-4FE2-8CD5-D283835C89E1.jpeg