|
Crude Launch Control
The Vanquish has it. A crude one can be set up in the AMV8. If you are interested in seeing some of the inner workings of your ECU read on:
Car is 2007 manual shift AstonMartin V8 Vantage with supercharger. Car has 8 separate ‘ETC’ RPM limiters one for each gear,neutral and reverse. It also has 2 fuel cut RPM limiters, one for when the car is in gear and one for neutral or when the clutch is depressed. You can reduce the neutral fuelcut RPM limiter to create a crude launch control but whenever you change gears the limiter cuts in and the car bucks. The stock binary code is below and the disassembly is attached. 7C 08 02 A6 7C2B 0B 78 94 21 FF C8 48 01 522D 396B FF E8 48 01 51 81 3FE0 00 40 3B FF AE 28 3BC2 C0 3C 3B AD 96 60 3B 8D 96 94 C1 22 BF D0 896D 94 EC 28 0B 00 00 C0 02 BF B8 FF A0 48 90 4182 00 20 81 42 F9 10 28 0A 00 00 40 82 00 28 C182 C0 2C C1 AD 9D D8 FC 0D 60 00 40 80 00 18 C162 C0 30 FC 0B 48 00 41 82 001C C0 02 C0 30 4800 00 14 C1 42 C0 34 FC 0A 48 00 41 82 00 08 C002 C0 34 C1 AD 9D F0 FC 0D 48 00 https://cimg3.ibsrv.net/gimg/www.6sp...77a8da4fc5.jpg By changing just two conditional branch instructions (see in red), the RPM limit in neutral can be made speed dependent.New binary below and disassembly is attached 7C 08 02 A6 7C 2B 0B 78 94 21 FF C8 48 01 52 2D 396B FF E8 48 01 51 81 3FE0 00 40 3B FF AE 28 3BC2 C0 3C 3B AD 96 60 3B 8D 96 94 C1 22 BF D0 896D 94 EC 28 0B 00 00 C0 02 BF B8 FF A0 48 90 40 82 00 20 81 42 F9 10 28 0A 00 00 40 82 00 28 C182 C0 2C C1 AD 9D D8 FC 0D 60 00 41 80 00 18 C162 C0 30 FC 0B 48 00 41 82 001C C0 02 C0 30 4800 00 14 C1 42 C0 34 FC 0A 48 00 41 82 00 08 C002 C0 34 C1 AD 9D F0 FC 0D 48 00 https://cimg8.ibsrv.net/gimg/www.6sp...d1bad5f8d5.jpg |
Thank you! So the hack prevents fuel cut while moving? What program/device are you using to read the ecu rom? Any ideas for the sportshift models?
|
Oh interesting!
Bamford Mike would this help to stop the TC trashing rear pads? |
Originally Posted by sanengo
(Post 4327529)
Thank you! So the hack prevents fuel cut while moving? What program/device are you using to read the ecu rom? Any ideas for the sportshift models?
I included the relevent code, any tuner should be able to do this for you. The beauty is that the opcode changes are complimentary and so they don't change the Checksum that protects the code block |
Originally Posted by mikey k
(Post 4327594)
Oh interesting!
Bamford Mike would this help to stop the TC trashing rear pads? Traction control is mostly achieved by limiting torque via throttle closing (soft cut), the hard cut fuel shut off is only activated for engine max over-speed control which throttle closing could not eliminate quickly enough. Problem with hard cut is that bouncing in / out of it will exotherm / heat fail the cat due to high HC content in the cat. Traction control is not the prime culprit of excessive pad wear, DSC is, this mod will reduce DSC intervention only because for the mod to work DSC needs to be switched off, except on model years with 2 stage settings of course where traction can be off / dsc remain on. However, the only reason for dsc to dab brakes during a traction event would be during powered oversteer, which if the driver was doing, unless extremely confident, dsc and traction on is best measure. In this example the mod would help prevent wheel slip but what would correct steering angle / what is making car follow a correct track if the mod didn't work entirely and some dsc is needed? Meaning this mod is kind of ok but only in straight line, because whilst traction is needed to prevent wheel slip, dsc is needed to keep car going in direction desired without oversteer / understeer. respect to the OP who does acknowledge the above limitation, but dsc and traction being algorithm within brake control module, a substitute will be tricky. The OP has invested serious amount of time and hard work which most pro tuners are incapable of in reality. But as the OP says, it would need a lot of fine tuning to whatever model a particular owner had and come with a dsc issue (cos its turned off and you really want it on) I kind of think the OP needed to do this for his application because the charged car produces so much low speed torque, the std traction control cal is sent into meltdown and results in a too large / intrusive 'hole' of torque reduction until slip is eliminated. However, we find suspension has a lot to do with wheel slip / excessive traction interaction. We send the rear dampers into soft mode at pull away and with larger better rubber, a car that previously spun up, squats down and powers up the road nicely with dsc and traction control reassuringly on and in the background. Power is nothing without control, and control is integration. On a large scale project power is easy, integration is the secret key to success. |
Originally Posted by rmrmd1956
(Post 4328110)
I have launch RPM at 3200RPM and ECT limiters at various RPMs from 7000 to 7500. Fuel cut limiter is 7600. Launch speed is set at 10 mph. At any speed below that clutch in and gas pedal flat to floor maintains 3200 RPM. Dump clutch(TC off) and off you go. ECT neutal limit is set at 7000 in case of missed shift because of relatively low engine inertia. You will have to experiment with launch RPM to get what you want. Ideally I should turn off TC and write my own subroutine to monitor wheel slip and calc friction mu, perhaps later. You need unencryped serial reader, ford seed/key algorythm, ida pro and years of trial and error. The hack will work for sportshifts with minor mods.
I included the relevent code, any tuner should be able to do this for you. The beauty is that the opcode changes are complimentary and so they don't change the Checksum that protects the code block |
Originally Posted by mikey k
(Post 4327594)
Oh interesting!
Bamford Mike would this help to stop the TC trashing rear pads? |
Originally Posted by sanengo
(Post 4329818)
I'm guessing this level of code hacking is what the tuners out there have figured out? So I'm looking for a "Volvo" type OBD2 to serial connector? How do you tell if its unencrypted? IS the algorithm universal among V8V? Seed/Key finding is performed by IDA? Sorry for so many questions, I'd love to look into implementing various rom hacks, but there really isn't any online support for open-source hacking on this platform.
I think the tuners know a lot. They are your best source if you want to modyour car. As you know, you can buy an obd2 data logger and if you buy the enhancedFord package you can data log and understand a lot of how your car works. Toaccess the ROM for read/write you need to know the seed/key algorithm. It isdifferent for different manufacturers and different model generations. With thecorrect OBD2 tools you send a message on the CAN network that tells the car youwant to read/write. This is protected (imagine what an unscrupulous personcould do with such knowledge). The car sends you a seed and you calculate andsend the key and access is granted. All US and European tuners know these algorithmsand they are firmware in their devices. This will allow you to read and writethe PCM and some other modules. It is possible to use brute force techniques tofigure it out yourself (search "CAN Hacking" if you are so inclined).To my knowledge none of the major US tuners support AM (prob too small) but Ibelieve HPTuners is working on a consumer product. The seed/key algorithm isstandard Ford EEC6. All the big US tuners encrypt their files to protect theirproducts. In Europe it is a little different and you can buy unencryptedread/write tools for AM. You need to buy the "master" tool, theseed/key algorithm, the checksum program, a map editing program with a mapcreation bundle. Since there is little support for AM, you will need to findeverything yourself. You need to study the specs of the microprocessor, youneed to download the 4 freely available Ford strategy documents online(inobject language and in C), you need to read as many Ford patents as you can andas many tuning books and attend as many Ford tuning courses that you can find.AM uses a modification of Ford's EEC6 and you need to understand it as much aspossible. Next you need to understand how the data section of the ROM storesand addresses its maps. Then you can search and find all the maps in the ROM. Of course this does you no good unless you have extensive knowledge of whatFord maps look like. US tuners have huge knowledge, you would need to buy theirdevices and study the maps in 100's of cars. You can get a demo version ofHPtuners and find some Ford EEC mustang .hpt files on line to start. Once youhave the data you can try matching and labeling the AM maps. Many data log arerequired to verify that your guesses are correct. You should buy everything AMsells online about OBD2 esp their deck summary tables. Equipped with this youcan likely tune your car. The next step is to buy IDA PRO, probably the best disassembler on themarket. You will need to have some computer knowledge, in this case PowerPC,setup data anchors understand compiler protocols, ELF headers and commonassembly language tricks(magic numbers, bit manipulation etc etc) in order tounderstand the operational code. Luckily the pirated Ford strategy documentsonline are very helpful. Then with your large base of labeled maps andvalues from the data section you can go through the disassembly filling inthe blanks and labeling RAM locations. The more you know, the further you canget. With your prior data logs and EEC6 education, you can then intelligentlyguess at switches, the hardest items to figure out. In theory you couldcompletely disassemble the whole thing. Of course AM has a master list of locations and Simulink code that runs thecar, just like Ford but they are tightly help secrets with very few peoplehaving access. Revealing these things online would be wrong and likely prosecutable.I don't have them and everything Ihave said above is common knowledge among tuners/hackers. Unless you are a Ford/AM calibration engineer or equivalent, I think youwould be crazy to attempt what I am attempting. I began because I loved thecar, had it supercharged and knew more could be done. When I started there wasno access. You need to commit 10s of thousands of hours and 10s of thousands ofdollars. I am a stubborn SOB and yes CRAZY too! |
Thank you for the explaination.
I just came across this in the aston sportshift manual: Launch Control To obtain the fastest possible acceleration away from standstill, the following parameters are required: Transmission in “Sport” Paddle Shift Mode Traction Control turned off (hold the DSC button for four seconds) 1st gear selected Greater than 90% throttle applied in less than 0.5 seconds. If these parameters are met the system will raise the engine rpm to 5,000rpm and close the clutch. If these parameters are maintained the system will make an automated up-shift from 1st to 2nd and 2nd to 3rd at 7,100rpm. The remaining up-shifts will be made at 7,300rpm. |
Originally Posted by sanengo
(Post 4342367)
Thank you for the explaination.
I just came across this in the aston sportshift manual: Launch Control To obtain the fastest possible acceleration away from standstill, the following parameters are required: Transmission in “Sport” Paddle Shift Mode Traction Control turned off (hold the DSC button for four seconds) 1st gear selected Greater than 90% throttle applied in less than 0.5 seconds. If these parameters are met the system will raise the engine rpm to 5,000rpm and close the clutch. If these parameters are maintained the system will make an automated up-shift from 1st to 2nd and 2nd to 3rd at 7,100rpm. The remaining up-shifts will be made at 7,300rpm. https://www.6speedonline.com/forums/...ml#post4177957 |
| All times are GMT -6. The time now is 08:03 AM. |
© 2024 MH Sub I, LLC dba Internet Brands