Holden

Changes

Holden:ALDL (8192 Baud) (view source)

Revision as of 13:05, 21 April 2021

3,467 bytes added ,  13:05, 21 April 2021
no edit summary
Line 5: Line 5:  
== Frame Structure ==
 
== Frame Structure ==
   −
An ALDL frame consists of a message ID, length, an optional number of data bytes (up to 65 bytes), and a 2's compliment checksum. Any multi-byte fields are always big-endian unless otherwise noted. The table below illustrates the structure of an ALDL frame.
+
An ALDL frame consists of a message ID, length, an optional number of data bytes, and a 2's compliment checksum. Whilst the maximum size of an ALDL frame isn't defined, the length byte allows for up to 170 data bytes (173 bytes total including the ID, length and checksum)<ref>[http://fbodytech.com/misc/ee-aldl-communications/ fbodytech - ALDL Communications]</ref>. Any multi-byte fields are always big-endian unless otherwise noted. The table below illustrates the structure of an ALDL frame.
    
{| class="wikitable"
 
{| class="wikitable"
Line 12: Line 12:  
| align="center" | 1 || Message ID || The value <code>0</code> is reserved and is not a valid ALDL message ID
 
| align="center" | 1 || Message ID || The value <code>0</code> is reserved and is not a valid ALDL message ID
 
|-
 
|-
| align="center" | 1 || Length || <code>0x55</code> + ''n'', where ''n'' is the number of data bytes (up to 65)
+
| align="center" | 1 || Length || <code>0x55</code> + ''n'', where ''n'' is the number of data bytes
 
|-
 
|-
 
| align="center" | ''n'' || Data ||
 
| align="center" | ''n'' || Data ||
Line 100: Line 100:  
| align="center" | 1 || Mode || align="center" | <code>00</code> ||
 
| align="center" | 1 || Mode || align="center" | <code>00</code> ||
 
|-
 
|-
| align="center" | 1 || Checksum || align="center" | ||
+
| align="center" | 1 || Checksum || align="center" | ''c'' ||
 
|}
 
|}
   Line 118: Line 118:  
| align="center" | 1 || Table || align="center" | ''n'' || Table number
 
| align="center" | 1 || Table || align="center" | ''n'' || Table number
 
|-
 
|-
| align="center" | 1 || Checksum || align="center" | ||
+
| align="center" | 1 || Checksum || align="center" | ''c'' ||
 
|}
 
|}
   Line 136: Line 136:  
| align="center" | 2 || Address || align="center" | ''n'' || 16-bit address in big endian format
 
| align="center" | 2 || Address || align="center" | ''n'' || 16-bit address in big endian format
 
|-
 
|-
| align="center" | 1 || Checksum || align="center" | ||
+
| align="center" | 1 || Checksum || align="center" | ''c'' ||
 
|}
 
|}
   Line 152: Line 152:  
| align="center" | 64 || Data || align="center" | || Memory contents at the requested address
 
| align="center" | 64 || Data || align="center" | || Memory contents at the requested address
 
|-
 
|-
| align="center" | 1 || Checksum || align="center" | ||
+
| align="center" | 1 || Checksum || align="center" | ''c'' ||
 
|}
 
|}
   Line 174: Line 174:  
| align="center" | 2 || ''A''<sub>n</sub> || align="center" | ||
 
| align="center" | 2 || ''A''<sub>n</sub> || align="center" | ||
 
|-
 
|-
| align="center" | 1 || Checksum || align="center" | ||
+
| align="center" | 1 || Checksum || align="center" | ''c'' ||
 
|}
 
|}
   Line 192: Line 192:  
| align="center" | ''n'' || Control Structure || align="center" | || Varies depending on module
 
| align="center" | ''n'' || Control Structure || align="center" | || Varies depending on module
 
|-
 
|-
| align="center" | 1 || Checksum || align="center" | ||
+
| align="center" | 1 || Checksum || align="center" | ''c'' ||
 
|}
 
|}
   Line 240: Line 240:  
| align="center" | 1 || Mode || align="center" | <code>0A</code> ||
 
| align="center" | 1 || Mode || align="center" | <code>0A</code> ||
 
|-
 
|-
| align="center" | 1 || Checksum || align="center" | ||
+
| align="center" | 1 || Checksum || align="center" | ''c'' ||
 +
|}
 +
 
 +
=== Mode 13 ===
 +
 
 +
Mode 13 is used for a challenge-response authentication system in order to unlock flash-based PCMs for programming. Once the PCM is in an ''unlocked'' state, certain restricted operations and Mode 1 tables will become available. The challenge-response calculation itself is fairly straightforward. On request, the PCM will provide a 16-bit value as the ''seed''. All bits of the seed are inverted with an XOR operation, which is sent back to the PCM as the ''key''.<ref>[http://fbodytech.com/misc/ee-aldl-communications/ fbodytech - ALDL Communications]</ref> The tables below illustrate the structure of the seed request, key response and PCM unlock response.
 +
 
 +
First, a request for ''Table 1'' is made in ''Mode 13''.
 +
 
 +
{|class="wikitable"
 +
! Length (bytes) !! Field !! Value !! Notes
 +
|-
 +
| align="center" | 1 || ID || align="center" | <code>F7</code> ||
 +
|-
 +
| align="center" | 1 || Length || align="center" | <code>57</code> ||
 +
|-
 +
| align="center" | 1 || Mode || align="center" | <code>0D</code> ||
 +
|-
 +
| align="center" | 1 || Table || align="center" | <code>01</code> ||
 +
|-
 +
| align="center" | 1 || Checksum || align="center" | <code>A4</code> ||
 +
|}
 +
 
 +
The PCM will respond with a seed value as the challenge.
 +
 
 +
{|class="wikitable"
 +
! Length (bytes) !! Field !! Value !! Notes
 +
|-
 +
| align="center" | 1 || ID || align="center" | <code>F7</code> ||
 +
|-
 +
| align="center" | 1 || Length || align="center" | <code>59</code> ||
 +
|-
 +
| align="center" | 1 || Mode || align="center" | <code>0D</code> ||
 +
|-
 +
| align="center" | 1 || Table || align="center" | <code>01</code> ||
 +
|-
 +
| align="center" | 2 || Seed || align="center" | ''S'' || 16-bit Seed Value
 +
|-
 +
| align="center" | 1 || Checksum || align="center" | ''c'' ||
 +
|}
 +
 
 +
The key ''K'' is calculated by inverting all bits of the seed ''S'' (for example, <code>A2B9</code> becomes <code>5D46</code>), and transmitted back as a write to ''Table 2'' in ''Mode 13''.
 +
 
 +
{|class="wikitable"
 +
! Length (bytes) !! Field !! Value !! Notes
 +
|-
 +
| align="center" | 1 || ID || align="center" | <code>F7</code> ||
 +
|-
 +
| align="center" | 1 || Length || align="center" | <code>59</code> ||
 +
|-
 +
| align="center" | 1 || Mode || align="center" | <code>0D</code> ||
 +
|-
 +
| align="center" | 1 || Table || align="center" | <code>02</code> ||
 +
|-
 +
| align="center" | 2 || Key || align="center" | ''K'' || 16-bit Key Value
 +
|-
 +
| align="center" | 1 || Checksum || align="center" | ''c'' ||
 +
|}
 +
 
 +
If the key is correct, and the unlock operation is successful, the PCM will respond with ''Table 2'' containing a single value <code>AA</code>. The table below shows the full response that can be expected from the PCM after a successful unlock.
 +
 
 +
{|class="wikitable"
 +
! Length (bytes) !! Field !! Value !! Notes
 +
|-
 +
| align="center" | 1 || ID || align="center" | <code>F7</code> ||
 +
|-
 +
| align="center" | 1 || Length || align="center" | <code>58</code> ||
 +
|-
 +
| align="center" | 1 || Mode || align="center" | <code>0D</code> ||
 +
|-
 +
| align="center" | 1 || Table || align="center" | <code>02</code> ||
 +
|-
 +
| align="center" | 1 || Status || align="center" | <code>AA</code> || Equals <code>AA</code> on successful unlock
 +
|-
 +
| align="center" | 1 || Checksum || align="center" | <code>F8</code> ||
 
|}
 
|}
  
Jake
10

edits

Retrieved from "https://holden.asger.xyz/wiki/Special:MobileDiff/82"