#
Simos 18.x
#
Simos 18.1
#
Simos 18.4
#
Simos 18.10
#
Simos 18.1
#
Simos 18.4
#
Simos 18.10
#
Unlock Procedure
This has been heavily tested, Simos 18.4 does not have a recovery procedure ensure that Simos 18.1 and 18.10 work before testing 18.4
Developed by
Aurelien at B&C Consulting
Original source code has bugs and can brick Simos 18.4 and 18.10, use IE.Tools.Simos16xPatcher project
Slow areas must be respected, and there is a special patch for 5G0906259 that involves using 5G0906259E CBOOT to be accepted and then unlock and then put the unlocked CBOOT back
#
TrueFlex
LMLev_stkeySig_VW is used for many functions, here's the state of it during different operations. I believe 3xxx is for A3 always on stalk, need to verify this in the GTI and log again.
The display ethanol code currently looks like so:
Jump out:
seg001:808B0EF4 j32 loc_808FC6D0
808B0EF0 77 BB 76 23 1D 02 EE 5B BB D0 07 40 1D BE D8 BBDisplay code:
seg001:808FC6D0 setrpm: ; CODE XREF: sub_808B0EA8+4C↑j
seg001:808FC6D0 call32 sub_8014C858
seg001:808FC6D4 lea a15, [a0](NDispOptm_n_VW - n_gb_nctl_mt_cor_ac)
seg001:808FC6D8 ld16.h d15, [a15]0
seg001:808FC6DA jnz16 d15, loc_808FC6F6
seg001:808FC6DC ld32.bu d15, [a0](LMLev_stKeySig_VW - n_gb_nctl_mt_cor_ac)
seg001:808FC6E0 and16 d15, #0x10
seg001:808FC6E2 jz16 d15, loc_808FC6F6
seg001:808FC6E4 nop16
seg001:808FC6E6 nop16
seg001:808FC6E8 nop16
seg001:808FC6EA nop16
seg001:808FC6EA ; END OF FUNCTION CHUNK FOR sub_808B0EA8
seg001:808FC6EC ld32.bu d2, [a0](perc_ff_sens_raw - n_gb_nctl_mt_cor_ac)
seg001:808FC6F0 mov32 d15, #0x9C
seg001:808FC6F4 mul16 d15, d2
seg001:808FC6F6 ; START OF FUNCTION CHUNK FOR sub_808B0EA8
seg001:808FC6F6
seg001:808FC6F6 loc_808FC6F6: ; CODE XREF: sub_808B0EA8+4B832↑j
seg001:808FC6F6 ; sub_808B0EA8+4B83A↑j
seg001:808FC6F6 st32.h [a0](NDispOptm_n_VW - n_gb_nctl_mt_cor_ac), d15
seg001:808FC6FA ret16
seg001:808FC6FA ; END OF FUNCTION CHUNK FOR sub_808B0EA8
seg001:808FC6FC ; ---------------------------------------------------------------------------
808FC6D0 6D C2 C4 80 D9 0F 08 C3 88 0F F6 FE 39 0F 38 C3
808FC6E0 16 10 76 FA 00 00 00 00 00 00 00 00 39 02 4C 90
808FC6F0 3B C0 09 F0 E2 2F F9 0F 08 C3 00 90 00 00 00 00TrueFlex Code V6 (no antilag):
Jump to call ignition functions
PFLASH:800BC6D8 call32 ie_iga_funcs
800BC6D0 24 FF FC 24 00 90 00 00 6D 03 A4 A4 6D FF 22 FECode for calculating iga_eth_cor_temp which is added to the end of the ignition calculation
PFLASH:80131020 ie_iga_funcs: ; CODE XREF: sub_800BC6D6:loc_800BC6D8↑p
PFLASH:80131020 ld32.bu d15, [a1](lc_fac_afu_ratio_conf - unk_80808000)
PFLASH:80131024 jnz16 d15, do_not_calculate
PFLASH:80131026 nop16
PFLASH:80131028 nop16
PFLASH:8013102A nop16
PFLASH:8013102C nop16
PFLASH:8013102E nop16
PFLASH:80131030 call32 calc_iga_eth_cor
PFLASH:80131034 call32 calc_iga_eth_cor_fac
PFLASH:80131038 call32 calc_iga_eth_cor_temp
PFLASH:8013103C nop16
PFLASH:8013103E nop16
PFLASH:80131040
PFLASH:80131040 do_not_calculate: ; CODE XREF: sub_80131012+12↑j
PFLASH:80131040 call32 loc_800BC240
PFLASH:80131044 ret16
PFLASH:80131046 ; ---------------------------------------------------------------------------
PFLASH:80131046
PFLASH:80131046 calc_iga_eth_cor: ; CODE XREF: sub_80131012+1E↑p
PFLASH:80131046 ld32.bu d4, [a9](n_32 - unk_D000C000)
PFLASH:8013104A ld32.bu d5, [a9](fac_afu_ratio - unk_D000C000)
PFLASH:8013104E movh.a a5, #0xA088
PFLASH:80131052 lea a5, [a5]@LOS(axis_n_32_ip_iga_bas_eth)
PFLASH:80131056 movh.a a6, #0xA088
PFLASH:8013105A lea a6, [a6]@LOS(axis_eth_ip_iga_bas_eth)
PFLASH:8013105E movh.a a4, #0xA088
PFLASH:80131062 lea a4, [a4]@LOS(ip_iga_bas_eth_cor)
PFLASH:80131066 call32 sub_80084E1C
PFLASH:8013106A add32 d15, d2, #-0x80
PFLASH:8013106E st32.b [a9](iga_eth_cor - unk_D000C000), d15
PFLASH:80131072 ret16
PFLASH:80131074 ; ---------------------------------------------------------------------------
PFLASH:80131074 nop16
PFLASH:80131076
PFLASH:80131076 calc_iga_eth_cor_fac: ; CODE XREF: sub_80131012+22↑p
PFLASH:80131076 ld32.bu d4, [a9](n_32 - unk_D000C000)
PFLASH:8013107A ld32.bu d5, [a9](load_clc_sae - unk_D000C000)
PFLASH:8013107E movh.a a5, #0xA088
PFLASH:80131082 lea a5, [a5]@LOS(axis_n_32_ip_iga_bas_eth)
PFLASH:80131086 movh.a a6, #0xA088
PFLASH:8013108A lea a6, [a6]@LOS(axis_load_ip_iga_bas_eth)
PFLASH:8013108E movh.a a4, #0xA088
PFLASH:80131092 lea a4, [a4]@LOS(ip_iga_eth_cor_fac)
PFLASH:80131096 call32 sub_80084E1C
PFLASH:8013109A add32 d15, d2, #-0x80
PFLASH:8013109E st32.b [a9](iga_eth_cor_fac - unk_D000C000), d15
PFLASH:801310A2 ret16
PFLASH:801310A4 ; ---------------------------------------------------------------------------
PFLASH:801310A4
PFLASH:801310A4 calc_iga_eth_cor_temp: ; CODE XREF: sub_80131012+26↑p
PFLASH:801310A4 ld32.bu d15, [a9](iga_eth_cor - unk_D000C000)
PFLASH:801310A8 ld32.bu d14, [a9](iga_eth_cor_fac - unk_D000C000)
PFLASH:801310AC mov.u d9, #0x80
PFLASH:801310B0 mul16 d14, d15
PFLASH:801310B2 div e0, d14, d9
PFLASH:801310B6 sat32.b d15, d0
PFLASH:801310BA div e0, d2, d9
PFLASH:801310BE sat16.h d0
PFLASH:801310C0 add16 d15, d0
PFLASH:801310C2 sat16.h d15
PFLASH:801310C4 sat16.b d15
PFLASH:801310C6 nop16
PFLASH:801310C8 add32 d15, d15, #-0x80
PFLASH:801310CC st32.b [a9](iga_eth_cor_temp - unk_D000C000), d15
PFLASH:801310D0 ret16
PFLASH:801310D2 ; ---------------------------------------------------------------------------
PFLASH:801310D2 lea a15, [a0](unk_D00193C9 - unk_D0018000)
PFLASH:801310D6 mov16 d15, #0
PFLASH:801310D8 ld32.bu d14, [a1](lc_fac_afu_ratio_conf - unk_80808000)
PFLASH:801310DC jnz16 d14, loc_801310E6
PFLASH:801310DE ld32.bu d15, [a9](iga_eth_cor - unk_D000C000)
PFLASH:801310E2 add32 d15, d15, #-0x80
PFLASH:801310E6
PFLASH:801310E6 loc_801310E6: ; CODE XREF: sub_80131012+CA↑j
PFLASH:801310E6 j32 loc_8089B086
PFLASH:801310EA ; ---------------------------------------------------------------------------
PFLASH:801310EA nop16
PFLASH:801310EC nop16
PFLASH:801310EE nop16
PFLASH:801310F0
PFLASH:801310F0 loc_801310F0: ; CODE XREF: sub_801E8818+214↓j
PFLASH:801310F0 ld32.bu d14, [a1](lc_fac_afu_ratio_conf - unk_80808000)
PFLASH:801310F4 jnz16 d14, loc_801310FE
PFLASH:801310F6 lea a4, [a1]0x5A08
PFLASH:801310FA j32 loc_801E8A30
PFLASH:801310FE ; ---------------------------------------------------------------------------
PFLASH:801310FE
PFLASH:801310FE loc_801310FE: ; CODE XREF: sub_80131012+E2↑j
PFLASH:801310FE lea a4, [a1](axis_toil_ip_fac_pow_max_toil_0_ - unk_80808000)
PFLASH:80131102 j32 loc_801E8A30
PFLASH:80131106 ; ---------------------------------------------------------------------------
PFLASH:80131106
PFLASH:80131106 loc_80131106: ; CODE XREF: sub_801E8818+21C↓j
PFLASH:80131106 ld32.bu d14, [a1](unk_80806BD4 - unk_80808000)
PFLASH:8013110A jnz16 d14, loc_80131114
PFLASH:8013110C ld32.bu d4, [a9](unk_808081C5 - unk_80808000)
PFLASH:80131110 j32 loc_801E8A38
PFLASH:80131114 ; ---------------------------------------------------------------------------
PFLASH:80131114
PFLASH:80131114 loc_80131114: ; CODE XREF: sub_80131012+F8↑j
PFLASH:80131114 ld32.bu d4, [a9](unk_808085AE - unk_80808000)
PFLASH:80131118 j32 loc_801E8A38
PFLASH:8013111C ; ---------------------------------------------------------------------------
80131020 39 1F 94 F8 EE 0E 00 00 00 00 00 00 00 00 00 00
80131030 6D 00 0B 00 6D 00 21 00 6D 00 36 00 00 00 00 00
80131040 6D FC 00 59 00 90 39 94 5C 80 39 95 05 70 91 80
80131050 08 5A D9 55 20 8D 91 80 08 6A D9 66 00 8D 91 80
80131060 08 4A D9 44 00 9D 6D FA DB 9E 8B 02 18 F0 E9 9F
80131070 00 01 00 90 00 00 39 94 5C 80 39 95 A3 E2 91 80
80131080 08 5A D9 55 20 8D 91 80 08 6A D9 66 20 BD 91 80
80131090 08 4A D9 44 10 CD 6D FA C3 9E 8B 02 18 F0 E9 9F
801310A0 04 01 00 90 39 9F 00 01 39 9E 04 01 BB 00 08 90
801310B0 E2 FE 4B 9E 01 02 0B 00 E0 F5 4B 92 01 02 32 20
801310C0 42 0F 32 2F 32 0F 00 00 8B 0F 18 F0 E9 9F 08 01
801310D0 00 90 D9 0F 09 F1 DA 00 39 1E 94 F8 F6 E5 39 9F
801310E0 00 01 8B 0F 18 F0 1D 3B D0 4F 00 00 00 00 00 00
801310F0 39 1E 94 F8 F6 E5 D9 14 88 85 1D 05 9B BC D9 14
80131100 5A D4 1D 05 97 BC 39 1E 94 FE F6 E5 39 94 05 70
80131110 1D 05 94 BC 39 94 6E 60 1D 05 90 BC 00 00 00 00Jump out to change axis on some maps:
PFLASH:801E8A2C j32 loc_801310F0
PFLASH:801E8A30 ; ---------------------------------------------------------------------------
PFLASH:801E8A30 st16.h [a15], d15
PFLASH:801E8A32 mov16.aa a5, sp
PFLASH:801E8A34 j32 loc_80131106
PFLASH:801E8A38 ; ---------------------------------------------------------------------------
801E8A20 94 E0 0B F0 80 F1 D9 0F 66 0D F8 0B 1D FA 62 43
801E8A30 B4 FF 40 A5 1D FA 69 43 6D F4 49 E5 D8 09 91 60Final jump to change out iga_bas_stall_cor to iga_eth_cor_temp
seg001:8089B080 j32 loc_801310D2
8089B080 1D C4 29 B0 DA 00 34 FF F6 04 05 DF EC 94 6E 0A
#
Rolling Antilag
Psuedo code for this
void check_ral_conditions()
{
if(n < ie_ral_n_min)
{
ral_active = false;
return;
}
if(toil < ie_ral_toil_min)
{
ral_active = false;
return;
}
if(toil > ie_ral_toil_max)
{
ral_active = false;
return;
}
if(tco < ie_ral_toco_min)
{
ral_active = false;
return;
}
if(tco > ie_ral_tco_max)
{
ral_active = false;
return;
}
if(pv_av > ral_pv_min)
{
ral_active = false;
return;
}
if(ral_cooldown_act)
{
ral_active = false;
return;
}
// RAL is ready to be activated
ral_target_n = n;
ral_active = true;
}
void setManualIgnitionValue()
{
if(!ral_active)
{
ie_iga_cut_act = false;
return;
}
if(n > ral_target_n)
{
ie_iga_cut_act = true;
}
else
{
ie_iga_cut_act = false;
}
}