Just came across this in the GTR thread - this is from the GTR product brochure:

Here's an earlier version of that function in C:

I've got almost the complete source code for MSS52, that's where this came from.

Hello,
I'm trying to get Ghidra working for the CPU32 and having a few problems. Has anyone sucessfully got it running by following the instructions here?

>>> This project also relies on the following files which have been enhanced to add the appropriate CPU32 support (particularly the TBL lookup instructions).

Once Ghidra has been installed and the CPU32 support added the project files can be opened. <<<

The first problem I had was that 68000.sinc ​ has many changes to be made and I wasn't going to do that manually - there must be some automated way to do it. Luckily I found a file called CPU32.zip in another forum which had almost all the required files. What it didn't have was CPU32.sla, so Ghidra complained about that, does anyone know where to find it?

Finaly, when I tried to import the gar file that karter16 provided, the RESTORE is greyed out.

Here are some of the errors I get when I try to import a binary file:

Errors compiling C:\Users\Mark D'Sylva\Documents\projects\customTuning\ghidra_11. 4.2_PUBLIC\Ghidra\Processors\68000\data\languages\ CPU32.slaspec -- please check log messages for details
ghidra.app.plugin.processors.sleigh.SleighExceptio n: Errors compiling C:\Users\Mark D'Sylva\Documents\projects\customTuning\ghidra_11. 4.2_PUBLIC\Ghidra\Processors\68000\data\languages\ CPU32.slaspec -- please check log messages for details
at ghidra.app.plugin.processors.sleigh.SleighLanguage .reloadLanguage(SleighLanguage.java:472)
at ghidra.app.plugin.processors.sleigh.SleighLanguage .initialize(SleighLanguage.java:139)
at ghidra.app.plugin.processors.sleigh.SleighLanguage .<init>(SleighLanguage.java:105)
at ghidra.app.plugin.processors.sleigh.SleighLanguage Provider.getLanguage(SleighLanguageProvider.java:1 33)
at ghidra.program.util.DefaultLanguageService$Languag eInfo.lambda$getLanguage$0(DefaultLanguageService. java:332)
at ghidra.util.task.TaskBuilder$TaskBuilderTask.run(T askBuilder.java:306)
at ghidra.util.task.Task.monitoredRun(Task.java:134)
at ghidra.util.task.TaskRunner.lambda$startTaskThread $0(TaskRunner.java:106)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1090)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:614)
at java.base/java.lang.Thread.run(Thread.java:1474)

---------------------------------------------------
Build Date: 2025-Aug-26 1351 EDT
Ghidra Version: 11.4.2
Java Home: C:\Program Files\Eclipse Adoptium\jdk-25.0.0.36-hotspot
JVM Version: Eclipse Adoptium 25
OS: Windows 11 10.0 amd64
Workstation: GTR7PRO ​

Does anyone have any idea what I did incorrectly?

Thanks



​



​

Hey Mark - Sent you a PM but realised given you're not at 10 posts I don't think you'll be able to reply to me - if you can view PM's then I've also flicked you my email address.

When I get home from work later I'll send you my exact setup with the CPU32 language files for Ghidra - I don't recall in enough detail what I did to give you advice without having my own config to hand. (will update the instructions at the same time to be clearer!). There's several other people who have got setup with this more recently, so if any of them chimes in you might get an answer sooner!

Re importing the GAR file I think you're on the right track, you just don't need to have a project created/open. You should be able to just open Ghidra and import the GAR file directly, the project is contained within the GAR file. That said it still won't work great until the CPU32 lang files are sorted.

Cheers,

Matt

Hi Matt,

Thanks for the reply!

So it seems that the CPU.sla file is the output of the SLEIGH compiler, but I'm bit sure what triggers that to compile.

On another site , I saw this post:

>>>>>>>>>>>>>>>>>>>>

Re: 12587603 OS disassembly


Post by jlvaldez » Mon Jan 20, 2020 2:47 am NSFW,
To get CPU32 to show up in my Ghidra, I had to compile it with sleigh via the command line. Once compiled, it would show up in sleigh after a reboot (though I didn't notice the refresh button). Once it shows up in sleigh, it looks like you can simply recompile it to make it use the new file.

Path is <Ghidra root>/support/

You'll see the sleigh and sleigh.bat files.

Input it seems to want is:
./sleigh -DBaseDir=<path to Ghidra root directory (one directory above the support directory)> -i ../Ghidra/Processors/68000/data/sleighArgs.txt ../Ghidra/Processors/68000/data/languages/CPU32.slaspec ../Ghidra/Processors/68000/data/languages/CPU32.sla

This is where my help ends. I don't understand the sleigh language, but I haven't spend too much time looking into it.
​
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< <

I had a quick look at the sleigh.bat file need to look further.

I used a self compiled Ghirda by pulling a commit with CPU32 support, that has worked for me MarkD_M5

Thanks Matt, I wonder why BMW went for the MSS70 in their S54 powered Z4's. Perhaps the MSS54 was getting old by then. I can't imagine they needed more processing power or input/output capability.


Anyway, what are the next subjects for the 0401 disassembly?

I'd very much like to get this set up for my gauge.s, Is the custom program closed source?

It's not currently released. I haven't got around to testing all the edge cases, plus I also have additional enhancements I want to make before I would release this wider. I'm not exactly sure yet how I'll be sharing it. To be honest I am wary of having my work out on people's cars from a risk perspective. The likelihood of issue is very low, but the impact could be high.

When I do make it available, in whatever way and to whatever extent, it will be free. I have no interest in making money off my hobby.

Watch this space I guess :-)

Decided to have a quick look at the April 2009 program that was released to address issues with connectivity to emissions computers. This change never made it to the CSL version of the program as the CSL wasn't released in the USA.

Interestingly the difference (aside from checksum/crc bytes) appears to be very minor:



That byte represents the wait time for a certain message/connection action. Pre-fix this value was 0x19 (25ms) and post fix its 0x46 (70ms). Seems the fix was simply to wait longer in this particular scenario...

It sometimes takes cycling the key, engine off and then on again, to get it to communicate.

That's nuts.

I always figured the fix was for some protocol edge case bug and not "let's give the computers a little longer to think". Amazing.

I was a little bit underwhelmed when I looked at the diff!


Sent from my iPhone using Tapatalk

Do the US emissions machines connect via OBD2 ?

In the UK we just have the pipe up the exhaust and hold engine RPM steady.

In Netherlands cars starting from 2006 get scanned, if the readiness is good then the sniffer isn’t used.