EvolutionM - Mitsubishi Lancer and Lancer Evolution Community

Notices
ECU Flash

need Evo 9 owner to test rear O2 *heater* sim patch

Thread Tools
 
Search this Thread
 
Old May 19, 2009 | 11:32 AM
Share
  #241  
logic's Avatar
logic
Evolved Member
iTrader: (2)
 
Joined: Apr 2003
Posts: 1,022
Likes: 7
From: Berkeley, CA
Originally Posted by logic
Assuming you already have acamus' readiness patch in place, is there any reason that these whole routines couldn't just be replaced with NOPs?
And it looks like that worked. The CEL didn't recur, and no other codes were thrown after a bit of testing at lunch.

So for the brave 96530006/96530706 users who would like to try this, add the following table to your XML:
Code:
<table name="Rear O2 Heater Patch" category="Front/Rear_O2" address="2c61e" type="3D" level="1" scaling="Hex16">
    <table name="Code" type="Static X Axis" elements="1" scaling="Hex16">
        <data>Hex16</data>
    </table>
    <table name="Address" type="Static Y Axis" elements="8">
        <data>2c61e</data>
        <data>2c620</data>
        <data>2c622</data>
        <data>2c624</data>
        <data>2c626</data>
        <data>2c628</data>
        <data>2c62a</data>
        <data>2c62c</data>
    </table>
</table>
Open the new table up in EcuFlash, and you should see:


Change everything to '0009':


And that should be it. To pass OBD-II emissions testing, you'll also need to apply acamus' patch from post #117. No warranty; if this breaks your car, you get to keep both pieces.
Attached Images   
Reply
0
Old May 19, 2009 | 06:21 PM
Share
  #242  
fjo_newport's Avatar
fjo_newport
Newbie
iTrader: (3)
 
Joined: Feb 2008
Posts: 87
Likes: 0
From: Baltimore,MD
Worked for me today! Thanks Ed!

Also note that I don't have the readiness patch in just yet.
Reply
0
Old May 19, 2009 | 10:43 PM
Share
  #243  
acamus's Avatar
acamus
Evolved Member
 
Joined: Mar 2008
Posts: 730
Likes: 3
From: Lattitude 48.38°, Longitude 17.58°, Altitude 146m = Slovakia, for common dude
Originally Posted by logic
You know, I'm looking at the code for 96530006 and comparing it to 88590015:

For 96530006:
Code:
loc_2C61E:                               ! CODE XREF: sub_2C55C+48
                 mov.l   @(0x1CC,pc), r0 ! [0002C7EC] = MUT_D3
                 mov.w   @r0, r0
                 shlr8   r0
                 tst     #8, r0
                 bt      loc_2C62E
                 mov.l   @(0x178,pc), r10 ! [0002C7A4] = sub_2F9C0
                 jsr     @r10 ! sub_2F9C0
                 nop
For 88590015:
Code:
loc_2DAF4:                               ! CODE XREF: sub_2C4F0+15E6
                                         ! sub_2C4F0+15F8
                 mov.l   @(0x154,pc), r0 ! [0002DC4C] = 0xFFFF6BB8
                 mov.w   @r0, r0
                 shlr8   r0
                 tst     #8, r0
                 bt      loc_2DB08
                 mov.l   @(0x154,pc), r4 ! [0002DC54] = unk_9DE0
                 mov     #1, r5
                 mov.l   @(0x14C,pc), r10 ! [0002DC50] = sub_47E30
                 jsr     @r10 ! sub_47E30
                 nop
Assuming you already have acamus' readiness patch in place, is there any reason that these whole routines couldn't just be replaced with NOPs? That would effectively prevent the test from running, the same as setting FCA #8 (bit 3) to 0 would, but without the side effect of disabling all the other tests wrapped with that same periphery bit.

For a more refined approach, you could replace the MUT_D3 #8 comparison with a comparison to another location, to make it a toggle of it's own. (I'm thinking a "tephramod option" here. )

I may give this a try at lunch today, and see if the simple approach is "good enough".
I believe this is much more than necessary, I think it is sufficient to change
either shlr8 r0 -> mov #8, r0 (h'4019 -> h'E008) @2C622
or jsr @r10 ! sub_47E30 -> nop (h'4A0B -> h'0009) @ 2C62a

I like minimalistic approaches

Ed, good work btw ...
Last edited by acamus; May 19, 2009 at 11:02 PM.
Reply
0
Old May 19, 2009 | 11:06 PM
Share
  #244  
acamus's Avatar
acamus
Evolved Member
 
Joined: Mar 2008
Posts: 730
Likes: 3
From: Lattitude 48.38°, Longitude 17.58°, Altitude 146m = Slovakia, for common dude
Maybe it is time to start howto thread, as this one is kind of testing

mrfred, do you agree? as this is mainly your effort...
Reply
0
Old May 20, 2009 | 12:05 AM
Share
  #245  
tephra's Avatar
tephra
EvoM Guru
15 Year Member
iTrader: (6)
 
Joined: Feb 2007
Posts: 9,486
Likes: 67
From: Melbourne, Australia
if someone can give me a quick rundown (or link to it)

ill check to see how hard/easy it would be to integrate into V7...
Reply
0
Old May 20, 2009 | 12:11 AM
Share
  #246  
acamus's Avatar
acamus
Evolved Member
 
Joined: Mar 2008
Posts: 730
Likes: 3
From: Lattitude 48.38°, Longitude 17.58°, Altitude 146m = Slovakia, for common dude
Originally Posted by tephra
if someone can give me a quick rundown (or link to it)

ill check to see how hard/easy it would be to integrate into V7...
If I will patch 88590015 V7 would that be sufficient for you?
Reply
0
Old May 24, 2009 | 10:52 PM
Share
  #247  
mt057's Avatar
mt057
Evolved Member
iTrader: (6)
 
Joined: Apr 2007
Posts: 1,529
Likes: 12
From: DFW
Thank you Mr. Fred, Tephra, Amacus, and everybody else who has figured this stuff out. I am going to flash to my car tomorrow with my improved 94170015rom. I have disabled my p0300, disabled heater cel, simulated my rear o2 sensor, and turned all systems to ready and passed. Hopefully, I will be able to finally pass inspection.
Reply
0
Old May 24, 2009 | 10:54 PM
Share
  #248  
tephra's Avatar
tephra
EvoM Guru
15 Year Member
iTrader: (6)
 
Joined: Feb 2007
Posts: 9,486
Likes: 67
From: Melbourne, Australia
^ dont blame me hehehe

seriously, its the other dudes that worked this one out
Reply
0
Old May 25, 2009 | 01:18 PM
Share
  #249  
mt057's Avatar
mt057
Evolved Member
iTrader: (6)
 
Joined: Apr 2007
Posts: 1,529
Likes: 12
From: DFW
Originally Posted by tephra
^ dont blame me hehehe

seriously, its the other dudes that worked this one out
I am using the tephra mods as well .
Last edited by mt057; May 29, 2009 at 10:34 PM.
Reply
0
Old May 25, 2009 | 08:12 PM
Share
  #250  
mt057's Avatar
mt057
Evolved Member
iTrader: (6)
 
Joined: Apr 2007
Posts: 1,529
Likes: 12
From: DFW
Originally Posted by mbartel
Its on this thread, post 59, here

M
Ed why did you replace everything with 0009. Does this theoretically work on any evo 8 rom like say the 94170015? I plan to test it in the morning one way or another.
Reply
0
Old May 25, 2009 | 08:29 PM
Share
  #251  
logic's Avatar
logic
Evolved Member
iTrader: (2)
 
Joined: Apr 2003
Posts: 1,022
Likes: 7
From: Berkeley, CA
No, definitely don't do that with any ROM other than 96530006, unless you know the code I changed above is in the same place (it probably isn't, but I haven't checked). What is there originally is a small chunk of code that checks if the O2 tests are supposed to run, and if so, runs the rear O2 heater test. By changing it all to 0x0009s, you're basically telling the ECU to do nothing there instead, and just move on to the next thing in line. It makes sense when you're looking at it in a disassembler, but not as much when looking at it in EcuFlash like this.

acamus: you're right, just blatting NOPs over the JSR should have been good enough. Actually, I think it would be nice to just change the mov.l+mov.w+shlt8+tst code into something that checks a user-specified on/off flag like the rest of tephra's mod options, so the user can enable or disable this with a simple bit flip in EcuFlash, rather than making this an ugly patch like what I did.
Reply
0
Old May 25, 2009 | 08:38 PM
Share
  #252  
mt057's Avatar
mt057
Evolved Member
iTrader: (6)
 
Joined: Apr 2007
Posts: 1,529
Likes: 12
From: DFW
it comes up with...

2c61e 0009
2c620 doac
2c622 6001
2c624 4019
2c626 c820
2c628 8902
2c629 daa9
2c62c 4a0b

I guess that you would need to view the whole thing though. I have no idea how this stuff works just attempting to wrap my head around it.
I will stick to amacus's patch for now.
Reply
0
Old May 25, 2009 | 09:41 PM
Share
  #253  
acamus's Avatar
acamus
Evolved Member
 
Joined: Mar 2008
Posts: 730
Likes: 3
From: Lattitude 48.38°, Longitude 17.58°, Altitude 146m = Slovakia, for common dude
Originally Posted by logic
acamus: you're right, just blatting NOPs over the JSR should have been good enough. Actually, I think it would be nice to just change the mov.l+mov.w+shlt8+tst code into something that checks a user-specified on/off flag like the rest of tephra's mod options, so the user can enable or disable this with a simple bit flip in EcuFlash, rather than making this an ugly patch like what I did.
if you use shlr8 r0 -> mov #8, r0 (h'4019 -> h'E008) @2C622 patch,
then you can create binary definition for 2C623
and you have what you are actually asking for,
reset/set bit 3 will enable/disable the function.
Last edited by acamus; May 25, 2009 at 10:56 PM.
Reply
0
Old May 29, 2009 | 03:34 PM
Share
  #254  
silex's Avatar
silex
Evolved Member
iTrader: (26)
 
Joined: Nov 2005
Posts: 717
Likes: 0
From: San Diego, CA
So if we happen to be running a hardware o2 simulator that is already mimicking the rear o2 sensor and heater circuit (no CEL's), I would just need to apply Acamus's mod to ensure it is not detected during inspection?

I lied actually. I did start getting a P0301 code, but I'm attributing it to the wonky o2 sim so I might just do the entire conversion while leaving it there as a backup for the heater circuit.
Reply
0
Old May 29, 2009 | 08:19 PM
Share
  #255  
sharkm87's Avatar
sharkm87
Evolved Member
iTrader: (29)
 
Joined: Jun 2005
Posts: 2,034
Likes: 0
From: Dirty Jerz
whats the patch info for evo 8 rom 94170008
Reply
0



Advanced Search

All times are GMT -7. The time now is 12:15 PM.