Post Reply
kiev
Posts: 1012
Joined: Sun May 03, 2015 7:15 am
Location: The Heart o' Dixie
Contact: Website

EV-ECU Reverse Engineering

Sun Sep 02, 2018 5:45 pm

This may be overly optimistic and entirely premature, but here are pictures of the top and bottom of the board to get it started.

Con1 is the main box connector which is subdivided into 4 separate connectors marked A-D on the board.

Con2 and 3 look like unpopulated programming ports, such as JTAG for the micro and something with a bunch of pins for an eeprom.

Also some little bitty 3- and 4-pins for Con4 and Con5, likely for some sort of program or testing power supplies.

IC1 has mitsubishi logo and is marked MH8106F 115A105 U0.

IC2 has a big mits logo and is marked E350B SC111528BAF M66E 263 QDE1124D.

Anybody interested feel free to jump in and bite off a slice--ain't gonna be easy but a whole lotta fun...

Top side
Image

Bottom
Image
kiev = kenny's innovative electric vehicle
BruceWillis
Posts: 1
Joined: Tue Aug 13, 2019 4:17 pm

Re: EV-ECU Reverse Engineering

Tue Aug 13, 2019 4:19 pm

Hello , you can use mmcflash to read this ecu
coulomb
Posts: 178
Joined: Sun Jun 10, 2018 8:32 pm
Location: Brisbane, Australia

Re: EV-ECU Reverse Engineering

Wed Aug 14, 2019 6:26 am

BruceWillis wrote:use mmcflash to read this ecu

Alas, the MH8106F chip seems rather mysterious. I haven't found a single datasheet for it as yet. This chip seems to often be used for vehicle ECUs, so I suspect that the lack of data is intentional, to make reverse engineering harder, so people can't do dangerous things with their cars. Unfortunately, that means they also can't get information on them for interoperability, or patch undesirable behaviour that the manufacturers don't fix.

To make progress with the iMiev ECU firmware, we'd need these things:
  • A binary or hex dump of the flash image
  • A datasheet for the MH8106F, with at least basic information on what the various special function registers do
  • Probably also a datasheet for the other large IC, IC2. We don't even know which of the several numbers on it are the part number, or who the actual manufacturer is (I doubt that Mitsubishi have their own semiconductor fabrication facility, but I could be wrong).
  • A disassembler / decoder, preferably for Ida Pro.
  • Lots of time and patience.

This information has to be "out there", since there seems to be a market in reprogrammed chips for various vehicles, all at high prices. If anyone comes across any free information, I'd be interested.
Post Reply

Return to “Instruments - Radio/USB/Nav - CAN - Climate Controls - Remote”