Tweet
Summary: This thread is intended to assist in our efforts to dissect the Aussie version of the MMCS found in the Pajero. While assistance is welcome, please avoid bringing up things like - "can you disable such-n-such for me?" and "can you add feature-x or support for y?". The simple fact is we are not up to that stage yet.
WHAT WE KNOW
1. The Australian Pajero MMCS has no hard-drive (overseas versions have a hard drive).
2. The unit appears to be an Eclipse system as a whole (possibly an AVN119M or some such). This is based on:
2a. The string "FUJITSU TEN LIMITED" contained in loading.kwi
2b. The following site contains the fit guides for the Pajero. http://www.fujitsu-ten.co.jp/eclipse...s/m000261.html
2c. You can use google to translate the following page to find other relevant fit guides for various models: http://www.fujitsu-ten.co.jp/eclipse...itsubishi.html (The pajero is in the middle - the link with the H18.10 is the latest information).
3. A very _similar_ loading.kwi file is used in the Mazda CX-9. The following link contains several pages with useful information: http://denso.wikispaces.com/
3a. According to this site, internal chips used include the "Naviem Denso", and various other sources cite this as a multi-OS supporting chip. It appears to be used in the Toyota Prius.
3b. It is based on a Toshiba TX49 cpu. According to Toshiba it appears to be MIPS based. This is consistent with observations of the code found in loading.kwi
4. Can not find the link right now, but someone did post a link to the schematic of the MMCS. It looks fairly close to the unit we have, and is consistent with the contents of loading.kwi.
HIDDEN MENUS
Two codes are currently known to work:
1-3-1-3-1-3-4-2
4-2-4-2-4-2
We do not know where these codes are stored, and as such can not currently identify any other codes. However we do know where the strings are that are used in the menus, and as such can work backwards to figure out where the menus are generated.
DISASSEMBLY OF THE KWI
We currently have a simple bit of C code that can pull the loading.kwi file apart into individual segments. The first 0x50 bytes contain basic information, including the "magic" string "MIUT", some sort of short name, some sort of type, a longer string / discription.
Following the header, are 4 byte memory offsets. The first four bytes are most likely where the segment is loaded into memory. Remaining four bytes appear to be entry points of some sort.
We can confirm the CPU is NOT an m32c, sh4, or for that matter anything with a variable instruction length. The machine language instructions are fixed length, 4 bytes each. It is a little endian, and MIPS instructions appear correct.
Disassembly can be done via several methods, however the most efficient method is currently being worked on. For those who have done this before, download binutils, configure with "--target=mips-elf". Use "as" and "objdump" as you require.
OPERATING SYSTEM
It is not WinCE. Note: The Naviem appears to have something called the "Windows Automotive" as a possible operating system. This appears to be used in non-Australian systems, and is probably a light-weight WinCE type version (assuming MS could do something that light weight!).
ITRON, muTRON, TRON etc are _specifications_, NOT operating systems. As such you can have an OS that complies with these specifications.
Hopefully I have covered the key points here. If I have missed _relevant_ links, please add as required.
WHAT WE KNOW
1. The Australian Pajero MMCS has no hard-drive (overseas versions have a hard drive).
2. The unit appears to be an Eclipse system as a whole (possibly an AVN119M or some such). This is based on:
2a. The string "FUJITSU TEN LIMITED" contained in loading.kwi
2b. The following site contains the fit guides for the Pajero. http://www.fujitsu-ten.co.jp/eclipse...s/m000261.html
2c. You can use google to translate the following page to find other relevant fit guides for various models: http://www.fujitsu-ten.co.jp/eclipse...itsubishi.html (The pajero is in the middle - the link with the H18.10 is the latest information).
3. A very _similar_ loading.kwi file is used in the Mazda CX-9. The following link contains several pages with useful information: http://denso.wikispaces.com/
3a. According to this site, internal chips used include the "Naviem Denso", and various other sources cite this as a multi-OS supporting chip. It appears to be used in the Toyota Prius.
3b. It is based on a Toshiba TX49 cpu. According to Toshiba it appears to be MIPS based. This is consistent with observations of the code found in loading.kwi
4. Can not find the link right now, but someone did post a link to the schematic of the MMCS. It looks fairly close to the unit we have, and is consistent with the contents of loading.kwi.
HIDDEN MENUS
Two codes are currently known to work:
1-3-1-3-1-3-4-2
4-2-4-2-4-2
We do not know where these codes are stored, and as such can not currently identify any other codes. However we do know where the strings are that are used in the menus, and as such can work backwards to figure out where the menus are generated.
DISASSEMBLY OF THE KWI
We currently have a simple bit of C code that can pull the loading.kwi file apart into individual segments. The first 0x50 bytes contain basic information, including the "magic" string "MIUT", some sort of short name, some sort of type, a longer string / discription.
Following the header, are 4 byte memory offsets. The first four bytes are most likely where the segment is loaded into memory. Remaining four bytes appear to be entry points of some sort.
We can confirm the CPU is NOT an m32c, sh4, or for that matter anything with a variable instruction length. The machine language instructions are fixed length, 4 bytes each. It is a little endian, and MIPS instructions appear correct.
Disassembly can be done via several methods, however the most efficient method is currently being worked on. For those who have done this before, download binutils, configure with "--target=mips-elf". Use "as" and "objdump" as you require.
OPERATING SYSTEM
It is not WinCE. Note: The Naviem appears to have something called the "Windows Automotive" as a possible operating system. This appears to be used in non-Australian systems, and is probably a light-weight WinCE type version (assuming MS could do something that light weight!).
ITRON, muTRON, TRON etc are _specifications_, NOT operating systems. As such you can have an OS that complies with these specifications.
Hopefully I have covered the key points here. If I have missed _relevant_ links, please add as required.
Comment