CSL '0401' Program Binary Disassembly Notes

bmwfnatic replied

12-19-2024, 02:57 AM
Originally posted by karter16 View Post

Here's the function that calculates the variable speed lights based on oil temp. Useful to find this as these parameters are incorrectly mapped in the XDF.

Seems it's just a bit shifted, 0 starts earlier and there are 6.
At the bottom of function 0x1ddfc there seems to be some logic where the old amount of activated lights is compared against a new hypothetical value, and once this new value has been consistent for at least K_DWF_T_HYS (0xac7b) amount of times, the new value is adpoted.
This is to prevent the lights from going back on and off if the temperature is on the edge I think.
Likes 1
Leave a comment:
karter16 replied

12-18-2024, 08:26 PM
Here's the function that calculates the variable speed lights based on oil temp. Useful to find this as these parameters are incorrectly mapped in the XDF.
Likes 1
Leave a comment:
Niklas replied

12-18-2024, 05:41 AM
Nice work, the next consequent step would be to advance or reroute the SMG-CAN-functionality (or PT-CAN) to deal with the E92 and/or F8x DCT.
Likes 1
Leave a comment:
karter16 replied

12-17-2024, 10:17 PM
It appears that the memory space at 0x00ff8000 through 0x00ff87ff (which is managed by CS5 in the SIM module) is somehow a shared memory space between Master and Slave for global variables which need to be accessed by both functions that reside on the master and on the slave. I'm yet to confirm for sure or figure out exactly how it works, or whether there's some other mechanism at play.
Leave a comment:
karter16 replied

12-15-2024, 08:31 PM
Original post is now updated with link to the GitHub repo and some basic information on getting started. For anyone who is interested please have a look and let me know where you might need more info/guidance on getting up and running.
Likes 3
Leave a comment:
karter16 replied

12-15-2024, 01:04 PM
Originally posted by bmwfnatic View Post

I know there isn't one for the CSL binary, I am still trying to figure out which binary it does belong to 😂

This is why I shouldn't reply to comments at work. Sorry. Yes interesting question - I haven't seen that information anywhere. I guess a way to do it would be to load each binary against it and see how much of it aligns, but that would be a huge amount of effort. Also I guess it's entirely possible the A2L is from during development and doesn't align exactly to any production binary.

Sent from my iPhone using Tapatalk
Leave a comment:
bmwfnatic replied

12-15-2024, 11:56 AM
Originally posted by karter16 View Post

Ah I'm with you apologies - afaik there was never a correct A2L leaked for the CSL binary - others have pieced it together from the A2L that was leaked. It is incomplete and there are a range of parameters/curves and tables that seem specific to the CSL that are not identified by the A2L. This is part of the fun and as I'm going through I'm discovering where the XDF/A2L is incorrect.

Sent from my iPhone using Tapatalk

I know there isn’t one for the CSL binary, I am still trying to figure out which binary it does belong to 😂
Leave a comment:
karter16 replied

12-15-2024, 11:47 AM
Originally posted by bmwfnatic View Post

Sounds good, but I meant more which binary belongs to the A2L.
I understand we intend to reverse the CSL bin.

Ah I'm with you apologies - afaik there was never a correct A2L leaked for the CSL binary - others have pieced it together from the A2L that was leaked. It is incomplete and there are a range of parameters/curves and tables that seem specific to the CSL that are not identified by the A2L. This is part of the fun and as I'm going through I'm discovering where the XDF/A2L is incorrect.

Sent from my iPhone using Tapatalk
Leave a comment:
bmwfnatic replied

12-15-2024, 11:44 AM
Originally posted by karter16 View Post

Off the back of Heinz's suggestion I'm setting up a GitHub repo with the basics to enable multiple people to contribute to this. I'll share here as soon as it's good enough to share as a start. This will include the binary, etc (I'm using Terra's modified 0401 binary)

Sent from my iPhone using Tapatalk

Sounds good, but I meant more which binary belongs to the A2L.
I understand we intend to reverse the CSL bin.
Leave a comment:
karter16 replied

12-15-2024, 11:06 AM
Originally posted by bmwfnatic View Post

Makes sense, which binary do we use for this?

Off the back of Heinz's suggestion I'm setting up a GitHub repo with the basics to enable multiple people to contribute to this. I'll share here as soon as it's good enough to share as a start. This will include the binary, etc (I'm using Terra's modified 0401 binary)

Sent from my iPhone using Tapatalk
Likes 1
Leave a comment:
bmwfnatic replied

12-15-2024, 06:40 AM
Originally posted by karter16 View Post

Pretty much - the A2L/XDF gives you the memory locations and names of the parameters, curves and tables in the data space along with some somewhat questionable details around UOM etc. from there you can find the references to these in the program binary and start working backwards from there. The FunktionsRahmen helps a bit too with identifying some of the global var names, etc.

Sent from my iPhone using Tapatalk

Makes sense, which binary do we use for this?
Leave a comment:
karter16 replied

12-14-2024, 02:06 PM
Originally posted by bmwfnatic View Post

How do you get started on this, using that leaked A2L and then using a matched binary and then just start cross referencing? Or is there something I am missing.

Pretty much - the A2L/XDF gives you the memory locations and names of the parameters, curves and tables in the data space along with some somewhat questionable details around UOM etc. from there you can find the references to these in the program binary and start working backwards from there. The FunktionsRahmen helps a bit too with identifying some of the global var names, etc.

Sent from my iPhone using Tapatalk
Leave a comment:
bmwfnatic replied

12-14-2024, 01:15 PM
How do you get started on this, using that leaked A2L and then using a matched binary and then just start cross referencing? Or is there something I am missing.
Leave a comment:
karter16 replied

12-14-2024, 11:13 AM
Originally posted by heinzboehmer View Post

Awesome, thanks for sharing! Let me know if you ever need/want help and I can try to jump in.

Would be nice to get this binary publicly disassembled so that we can write some custom features into the DME (e.g. current gear broadcast to retrofit the SMG screen in a manual car, MK60 brake pressure query over D bus and rebroadcast over CAN, etc.).

Can always leverage the wiki on the github repo if that works better than this thread.

The GitHub wiki is a good idea - I will look into that. I'd love as much help as possible, I'm just trying to figure out how I best set everything up that others can access and contribute to it while keeping some semblance of order.

Last edited by karter16; 12-14-2024, 11:16 AM.
Likes 1
Leave a comment:
karter16 replied

12-14-2024, 11:11 AM
Originally posted by heinzboehmer View Post

Monolithic you say? Sounds copy-pastable to me!

haha - maybe - what I'm not sure about is what the code in the non-csl binary looks like that handles the TOG (oil level/temp sensor). Depending on how it was written and how the CSL version replaced it it may or may not be easy to add in the additional functionality. The way the CSL version is written I'm guessing it was a fairly brute-force replacement of the original code, but maybe not. (I'd love to look into it, but this is all very time consuming and trying to take the time to get the basics in place first to aid in better understanding of the code).
Likes 1
Leave a comment:

Announcement

CSL '0401' Program Binary Disassembly Notes

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment:

Leave a comment: