Background
So after starting to read The Car Hacker's Handbook and accidentally lighting up the dashboard on my Civic like a Christmas tree a few months ago (luckily unplugging the battery fixed everything :)) ), I decided to experiment with car hacking not on the car I rely on every day. A lot of people have starting poking at this stuff since Charlie Miller and Chris Valsek published their research a couple years ago, and there's even a Car Hacking Village at DEFCON now.Inspired by the Cyber Truck Challenge I saw on twitter last year, I was determined to get my hands on the Engine Control Module (ECM, aka Engine Control Unit or ECU, aka Powertrain Control Module or PCM) out of a semi truck. A couple hours of searching and calling and $120 to a salvage site later, I got the ECM supposedly out of an old school bus. Not exactly what I thought I was looking for but turns out it's off the same Cummins CM2150 engine similar to many trucks and buses alike. What's more, I'm not the first person to tear down this ECM! This Cummins CM2150E Engine Control Module Teardown has jump started me on reverse engineering my new (new to me, anyway) ECM.
Semi Truck Firmware
Despite the big ECM flashing/tuner community online, finding info about Cummins ECM ROM/firmware or ECM reverse engineering was a lot harder that I expected. What I could find though is info about all the Cummins ECM software tools. After looking at Cummins quickserve site, I discovered and found out about a number of tools including Calterm and INSITE. I may have installed some sketchy downloads of these tools (thanks goodness for VMs lol) and found out the proprietary(?) Cummins ECM ROM format is .cbf or ECFG.Cummins CBF File Reverse Engineering
I got my hands on some of Cummins ".cbf" files after finding an online copy of the Cummins' INSITE program (normally used for engine diagnostics) and its Field Access Tool (FAT) add-on. Stay tuned (no pun intended!) for a follow-up about how this works and the board breakdown soon. I wasn't very successful with finding information on reversing cbf files or disassembling cbf files yet, other than their use of the Power Architecture, and I could only find one site with specific information about the files. Hopefully I'll make more progress in this area by my next post. For the curious, here is some more information about the specific modules:Generic_gtis38_j1708.cbf
INSITEParameters.cbf
PDDI_download.cbf
Generic_CM400.cbf
Generic_CM420.cbf
GTIS4Boot.cbf
Generic_ECMC.cbf
Generic_gtis38.cbf
Generic_gtis20.cbf
Generic_ECMB.cbf
bosch_download.cbf
productioncfgfile.cbf
bosch.cbf
Generic_gtis20_j1708.cbf
If you have any tips or questions, feel free to reach me at rachelrsimmons1987[at]gmail.com!
No comments:
Post a Comment