Quote:
Originally Posted by hunitori
The only way reading bin for Bosch MSE6.0 is using WinOls and you will be swimming in data  |
You can also use TunerPro. Maps on MSE6.0 are located near address 0x140000 and the best thing of MSE is the bin structure. Unlike Keihin ECUs the maps are separated from OPCODE and they are easily recognized. Every map has a kind of header where X and Y breakpoints number is indicated. Also X and Y breakpoints value are given in some of them.
The bad news - these binaries from MSE6.0 has near 3000 different routines ISO of 900-1000 for any Honda Keihin ECU. And the worst thing of all - address offsets are relative. r13 and r2 values are used as a reference for address offsets - this registers are writen at the inition of 2 binary sections with OPCODE. r2 and r13 values can be found searching for r2 and r13 operand usage in opcode window. But the 90% of routines still need to be executed in order to found which address it uses (maybe there is another way to do it, I don't know).
It means that Ghidra doesn't detects references to addresses unless you execute this particular routine and creates a references to all addrsses it W/R. A true PITA cos it's veery difficult to create decent memory map. And without memory map theere is no way to analyse the routines.
Personally I'm stuck with this ECU - of course I can see the maps, create xdf and so on but can't analyse the OPCODE as I'd like to.
P.D. Just sorted the reference problem - now all references to RAM are correct!