Hi bmwman91, the main goal for my prototypes of this ecu is to make a module that can replace the original without any change on wiring or parts, so all actuators, sensors and the can networked dash were modeled and are supported on my current firmware.

The coils are dumb and on another ecu project that i made part of the electronics on 2008, the driver had mosfets and some bjts for driving.

On this project, to reduce board size, the only option for me was to use the ST VB025 driver, its a great driver and give some limited diagnostics, but the driving current must be carefuly calculated before every driving cycle. Thermal are really a problem on this delphi case.

I posted a photo of the current version of the board and you can see some of the choices i made. This version works well on bench up to 8000rpm and were tested on the car till 4000rpm, there are some issues now on idle, and i think that making a proper fuel trim long term will be needed.

Today this project is waiting for me to finish another project and on the meantime i am searching on patents and any document that can help me solve this idle issue.

I think I commented out this code, not because it didn’t work, but because nobody ever used it lol.

I’d be happy to run your file, at the very least it will validate my algorithm, and at worst you’ll be no worse off than you are now. Send me a pm and we can transfer files through email

Nando,

I found this thread as I've been trying to find a tool to calculate the correct checksum for my modified M70 DME rom. It was sold to me by a German tuner, and as a result, the checksum was not corrected (early EU 850i do not come with a check engine bulb in the dash as US cars do).
If you could help out I would appreciate it. I'm a new poster here, as I usually post on bimmerforums.

Thanks,
Pete

I added the M1.7 checksum to my web app a while back. I also tested it on a couple other DMEs (such as the M70) and it worked fine. Would be cool to extend it to 1.3, even if 1.7 is much improved 1.3 is far more common on the E30.

I added the M1.7 checksum to my web app a while back. I also tested it on a couple other DMEs (such as the M70) and it worked fine. Would be cool to extend it to 1.3, even if 1.7 is much improved 1.3 is far more common on the E30.

Spark Cut RPM Limiter test file

Here is a quick dirty file i patched that has a hard spark RPM limiter. this file is an output from biela's IDB file so its stock with only my code changes. i would only suggest someone with a chip emulator like a moates ostrich and understands how to use tuner pro RT to test this because some of the variables will have to be adjusted to see if its going to work right.

to test it open tuner pro RT and load an XDF that matches this BIN. you will have add a few new things to your XDF.
RPM Limit hex address=0x4127 equation=X*40
Ignition Dwell Angle address=0x412D equation=0.75*(X-30)
Actual Ignition Angle address=0x4130 equation=0.75*(X-30) This is ATDC not BTDC(...)

High speed logging output base

I made a base high speed logging output file for M1.7. This is made from an audi M2.3.2 file that i made several months back. The RAM variables are not right for the output but the base is there. i corrected all the jumps so that everything flows correctly and keeps logic with this code. over all it still needs work but could be tested using a freeware program called coolterm. coolterm will show the raw hex code output on a serial port. the baud rate for this is 187500 which is the maximum that the processor can output.

for hardware you will need to use a generic blue VAG cable or a BMW K+DCAN cable connected to the K-line. how it should work is when the key is on and engine in not running you have access to the factory diagnostics but when the car is running the high speed data logging protocol takes over and starts constant output.

The suggested RAM variables along with their equations that need to be found/added to this are
-RPM in RAM
-Ignition angle in RAM
-coolant temp in RAM
-intake air temp in RAM
-injector constant in RAM
-Injector dead time in RAM
-Injector on time high and low bytes in RAM
-wheel speed in RAM
-TPS position through ADC
-Load (preferribly 16bit because load could be uncapped) in RAM
-MAF voltage
-Knock control retard degree or counts of knock in RAM

Also a wideband input could be added for logging as well, how i did it before was i found a spare unused ADC input on the processor and wired the 0-5V output from my zeitronix wideband controller into that. also using the ZT-3 controller it will simulate the 0-1V output of the stock lambda controller too! the ZT-3 is the best bang for the buck wideband controller on the market with both 0-5V and 0-1V dual outputs!

With something like this working it will make the job of reverse engineering the rest of the ECU a heck of a lot easier because you can just change RAM variables and see what your output is. The other end of this that will need to be setup is a tuner pro RT ADX definition and dash layout. for now though using coolterm to get the logging output working is the first step. if you can get data to flow and see the raw hex in coolterm than you have something thats working.

in coolterm you need to add 187500 baud to the through adding baudrates.ini file to the cooltermwin folder. you can make this with a text editor. in the baudrates.ini file add this and save the ini file. this is all i can do because i dont own an E30 to test anything with so someone with 8051 knowledge, a moates ostrich emulator and some free time in their hands will have to develop this further.

files attached are an IDB for IDA 7.0 that has the logging code patched in and the BIN file itself that is a direct output from the IDB.(...)

It's been super busy for me the last week or so, and will probably continue to be. But, there's a lot of cool stuff going on in here all of a sudden lol. I am not likely to be testing the ignition-based rev limiter since I have a WBO2 and catalytic converter on the car, but we'll get it figured out.

The way that the tables are accessed seems nuts to me. Like, super inefficient, especially considering how badly these ECUs could use more instruction cycles in the main loop at high RPM. Anyway, I will try to take a look through instruction areas that look like what you showed and trace them into the actual table accesses. I'd really like to see how they look-up and interpolate table values since the way that axes are defined seems like it would inherently eat way more instruction cycles than necessary.

The checksum is dead simple on these DME's. It just sums up all of the values in program memory from 0x0000 - 0x9FFF, EXCLUDING 0x3F00 - 0x3FFF in the full 40K binary dump (0x1F00:1FFF in the EPROM) and truncates them to a 16 bit value, which is stored at 0x3F00:3F01. The value of 46367 from my previous post is simply the sum of the 8K internal program memory of the SAB80C515 MCU, which is mainly just interrupt vectors and some other stuff I am unsure of. I used the constant because I had not yet dumped the internal MCU program memory. This is identical in M1.3 & M1.7, and probably others. The IDA project based on "TotalCombinedROM" uses a binary I made by dumping the MCU's internal 8K via the K-line and combining it with the 32K from the EPROM (well, actually I just tapped an Arduino directly into the MCU's UART).