Ghidra code emulation for mass air flow sensor analysis
From the previous post, we know from analysis of UDS service 22 that the Mass airflow sensor voltage reading is stored in variable 0xb0ad0 on IC501 (for firm...
Posts by Year
2024
OBD2 and UDS services over Canbus
A canbus message (ignoring for a moment multi-frame messages) can transmit/receive 8 data bytes. When requesting OBD2/UDS services over canbus the request...
Analyzing Canbus operation
Looking into the OBD2 implementation at an early stage is beneficial, since it can help identify key variables in the code. Mode 1 for reading current data w...
Analyzing a new firmware file - getting started
In this post, we will start to analyze an AJ27 CPU firmware file.
Annotating a firmware file in Ghidra
In this post, we will look into more detail of an AJ27 CPU firmware file. We will review how to add appropriate memory blocks and address labels to make the ...
Writing a Ghidra Loader
To create a loader in Ghidra, we will need to use the Eclipse IDE with GhidraDev installed (see post on “Writing a Ghidra processor specification part 1” for...
AJ27 Firmware Files
There are a few ways of obtaining a copy of the firmware from an ECU. One is to extract it directly from the ECU hardware, and there several techniques to do...
Writing a Ghidra processor specification part 3
More on addressing modes
Writing a Ghidra processor specification part 2
Following on from part1 of creating a Sleigh spec for 68HC16, the next task is the representation of the CPU instruction set.
Writing a Ghidra processor specification part 1
To analyze 68HC16 code using Ghidra, we need to write a processor specification in Ghidra’s SLEIGH language. The first step is to assemble to software tools ...
AJ27 Firmware Introduction
In order to analyze the firmware stored in the ECU, there are few things that have to be done Obtain a copy of the firmware code Use a tool to analyze t...
AJ27 ECU Hardware Schematic
In this post I will take a quick tour around the hardware schematic of the Jaguar AJ27 ECU to investigate some of the features, and provide a view of a mid/l...