Hello, I have some questions hopefully someone can help with. I'm somewhat new to tuning, and trying to learn all I can. I would like to be able to make my own cax files, but I can't figure out how to find address numbers in raw hex files. I've looked through some bin files in a hex editor program, but for the life of me I can't see how guys find them. Is there any software in particular that helps? I've even looked through Snipesy's E47 cruze cax files (BTW, thanks for those Snipesy, you're awesome). Any help is really appreciated. I'm trying to make LML files right now, but if I get successful with that I'll probably try other controllers too.

IDK, maybe I'm in over my head. If someone would sell me cax files, I'd be open to that option too.

You have to know what you are wanting to find for starters. It is not something that you just go blindly looking for. Otherwise it will be a needle in a hay stack. If you want to be targetted you need to disassemble the file and then figure it out from there... It is a steep learning curve but very rewarding.

Ok, thanks. That explains my problem. How do I go about disassembling my files? Sorry if I'm asking stupid questions, but I'm not sure how else to learn. :grin:

You have to know which CPU your ECM is using.
Then you obtain a disassembler (which comes bundled with embedded code development tools, you will probably have to buy several of these tool bundles/suites).
Then you convert the tune file into straight binary (i.e. decrypt and/or decompress it).
Then you disassemble the the binary...
and you can now look thru it (assuming you already know the assembly language and register layout for this CPU);
you would locate the execution start (usually called main()),
you would then follow the path execution would take try to locate where it appears index into a slab of memory
(i.e. it multiples and adds to an address several times (to skip columns/rows) and then uses this address to access the data there)...
you then look further around in this memory region to find other tables.
Somewhere there may be visual tools that show the data in 2D/3D graphic form, this helps in finding tables,
but you still need to know what data you are looking for, as highlander said above
(e.g. if you're looking for VSS/TPS shift tables, you already know what these should look like, this helps you find them).

If you've done that before (and are quite familiar with this family of ECM's), it still takes time and effort.
If you already are an embedded software engineer, it still takes time and effort.
If you haven't done this stuff before, it will take ALOT of time/effort.
The level of difficulty is considered to be high, and you have to devote a lot of time to it.
But, as highlander said, it is very rewarding...
you get to learn and understand the data layout and how the CPU accesses that data, how the algorithms work, and you may even venture to modify the algorithms.

Thanks a lot Joecar. I think that gives me all the info I need, now I just have to put the time in. I appreciate the time you took to help out a newbie like myself, even though there's nothing in it for you.

I know this thread is a couple years old but figured its worth a shot since I cannot PM yet. Joecar how can a person find out what assembly language a CPU uses? I am working on trying to figure out on CM2200 cummins ecu. From the best I can tell the ECM is made by Continental and the MCU is a Qorivva mpc5566. Is the MCU and CPU the same? I appreciate any help.

I know this thread is a couple years old but figured its worth a shot since I cannot PM yet. Joecar how can a person find out what assembly language a CPU uses? I am working on trying to figure out on CM2200 cummins ecu. From the best I can tell the ECM is made by Continental and the MCU is a Qorivva mpc5566. Is the MCU and CPU the same? I appreciate any help.

The CM2200 uses plain old PowerPC assembly language

Same with the CM2350. The CM2450 is PowerPC with VLE.

It’s not an easy task to work through, takes a lot of time, effort and learning

Yeah it's PPC.

Google reveals this:
https://www.nxp.com/products/MPC5566

Yep it is, been working in it for last 2 years on the cm2200, cm2350 and cm2450 controllers

I've been working Cm22xx for a couple of years now. I wonder what tools you are using to tune or modify these ecus. Calterm is the way to go for me for HD commercial stuff. I've bought a flashscan to work now in automotive diesels, and I'm trying to learn reading on this forum.

Sent from my SM-G996B using Tapatalk

Jim P. What’s the best way to get ahold of you privately? I’m new to the forum and not sure how to PM you personally