Winter 2021 projects

There are a few projects that are in the works right now

Flashhack is still under development.  Three cool things have happened:

  • It reprograms 1994-1995 (and maybe 1993 too?) Corvette CCM EEPROM.  This generally requires physical access to the CCM, but you don’t actually have to touch any chips
  • It can reprogram the onboard EEPROM regions of EE ECMs.  This could be very useful as it’s 100% safe to write (no bricking) and changes can be made very quickly.  The feature is built but I haven’t released the new version pending applications of this technology.
  • Some folks are forking flashhack to attempt to restart work on the 1996-1997 (OBD-II) ECMs.

I’m also writing a better data analyzer suite.

Trimalyzer was full of good intentions, to be both an advanced tool and to be idiot proof where a new tuner could simply load a log file from any tool and press analyze to get a good set of VE table changes, but that design has limited its usefulness.  Stay tuned on that one.

EEHack/Flashhack videos

I’ve noticed that someone made a few videos of some basic flashing and tuning of LT1s with EEHack and FlashHack on youtube, they might be worth watching if you are a new user as there are a few useful tips.  It’s always good to see people keeping the LT1 alive.

Anyway check ’em out if you like videos!

Flashhack – LT1/P66 error recovery

Although uncommon, when the flash procedure has failed for your LT1 or P66 ECM, there are several things you can do to ensure successful recovery.  As you are probably aware, until a complete and successful reflash procedure, your ECM will be rendered unusable and your car will not run.

These steps should be fairly rare as flashhack automatically retries from a logical place in the procedure when there’s a failure (which should automatically recover from the issue)

What NOT to do

Lets start with what NOT to do after your flash write has failed, until you figure out what to do:

  • Do not use any function in flashhack other than ‘Write Calibration’.  Clicking ‘Read Calibration’ or ‘Unload Kernel’ may result in a bricked ECM at this point, as these procedures generally reboot the ECM, and right now you don’t have anything to boot.
  • Do not load a different flash tool or anything else that connects to your ALDL port (including dataloggers) and try to recover using that.  Trust me on this, if you were using another flash tool, there would be no hope at this point anyway.
  • Do not turn your key off, remove power from your ECM, or let your car battery die or drop to a low voltage.  Maintaining power to PCM IGN and PCM BAT is critical until the recovery is complete.

Current ECM State

It might be useful to determine what state your ECM and your flash tool (computer) is in before proceeding, you can usually do that based on the last message printed in your log when it has failed, so lets talk about how the flash procedure works.

It’s worth mentioning, if you aren’t aware already, that these ECMs are actually two separate ECMs in one box.  The flash procedure is run for each one, that’s why it appears we’re doing most things twice.  There are also two bin files, but LT1 tuning software generally stacks them into one.  GM calls the two sides TSIDE (time side) and ESIDE (event side)

Because flashhack writes one side of the ECM at a time, if your flash write has failed, only one half of the ECM must be recovered.

The normal flash write procedure that flashhack uses (for each side) is:

  1. Check if the kernel is already running.  If not:
    1. Unlock the ECM security and enter reprogramming mode (which allows us to execute any code we want)
    2. Upload and run the kernel, this stops executing any code on the eeprom (that we are about to rewrite) and instead runs a tiny operating system from ECM RAM.
    3. Upload a set of programs and subroutines that we’re going to use during the reflash procedure
  2. Quickly check your bin against the one already loaded into the ECM to see if it’s already complete (no point in flashing the exact same thing again)
  3. Run the erase program on the ECM, which both erases and verifies the eeprom, and ensure it completes
  4. Run the write program on the ECM, which allows us to upload chunks of the bin until complete
  5. Verify the bin was written completely

If it has at any point failed during or after an ERASE procedure (Step 3-5), you should proceed with caution.  You must complete a successful flash before doing anything else.

If ECM power has been lost during a flash procedure on an LT1, and the recovery rom was installed, you should reconnect power and try again now.  There is a small chance the recovery rom was not completely installed due to the exact moment that the power loss occurred, in which case your ECM will not recover.

What to do?

This assumes the ECM is in a recoverable state.  Either the kernel is loaded, or we are booted from the recovery rom.

First off, if for some reason flashhack itself or your laptop has crashed, you should restart the program at this point.  If you are suspicious some bug in flashhack has caused the failure, it might also be a good idea to restart the program now so you are starting fresh.  Also, make sure you are running the most current version.

Optional: Since we aren’t sure why it failed, and we don’t know how stable your computer, interface, or ECM is, if you know which side we’re failing on (TSIDE or ESIDE), you could disable flashing the OTHER side for now (go into parameters and uncheck ‘write ESIDE’ or ‘write TSIDE’), and just focus on getting your ECM bootable.  Make sure to re-check that box afterwards.

No matter what the failure, the only thing you can do is press ‘Write Calibration’ again.  This should return to the first step, detect that the kernel is already running, and retry the procedure.

To assist in getting a good clean ALDL bus, make sure your battery is fully charged, and disconnect any battery chargers from your vehicle.  Remove any other sources of electrical noise, turn off any accessories in your vehicle such as stereos or fans.  Unplug your laptop charger if you’re using one.

If you see communication errors, you may have an issue with your interface or connection to the ALDL port.  There also may be a device on your ALDL bus (such as a body control module) which is malfunctioning and making it difficult to communicate.  Many devices often share the ALDL bus.

One thing you might not realize, provided you maintain power to the ECM, is that this is a safe time to restart flashhack, try a different ALDL interface, or even install flashhack on a different computer.

You may even want to order a new or better ALDL interface online and try again when it arrives, provided you can maintain power until then with a battery charger.

If many attempts, different serial interfaces and computers have failed to complete the flash write, it’s possible that your vehicle wiring is faulty.  If that is the case, it’s also possible ECM is still in a recoverable state despite the repeated failures.  If the erase procedure has completed and the first ~10% of the bin has been written, and the recovery rom was successfully installed, you should be able to safely power the ECM off, remove it from the car, and construct a bench flashing setup or move it to another vehicle.

Flashhack – Unable to install recovery rom errors

Q: While using flashhack with my LT1, I get an error about being unable to install the recovery rom on the t-side or e-side.  Why does this happen, and what should I do?

A: With LT1 ecms, by default, we modify some code before writing it to the ECM, and also change the order that the programming is written. This should, in most cases, allow the ECM to remain bootable most of the time if something goes horribly wrong during the flash procedure.  This helps only in rare cases of stupidity like someone turning the key off on your car while programming.  It’s called the recovery rom.

These warnings pop up for you because the area of code we are modifying is not as expected, and since anything could happen if we don’t understand your existing ECM code, we ‘play it safe’ and forbid installation of the recovery rom.

If you get this error, your bin may have code patches installed in it, or may be an uncommon revision from GM.  Modifying a common bin using ordinary tuning procedures should not trigger this error, nor should really common patches such as the ones in EEX.

You can either change to a bin that is unmodified in those areas, or uncheck the option ‘Install recovery rom on …’ in the parameters.  Make sure nobody disconnects power from the ECM until your flash is successful.

Thanks for the beer

I just wanted to write a quick note to all of the users of my software that found a few bucks to send to my beer fund.

I’m not a professional programmer, and through your generosity, I know you all appreciate the ridiculous amount of time I’ve put into writing this oddball code for rare ECMs in a cold, dirty, low-budget basement electronics lab.

Just so you know, this does not just pay for beer, alongside the few google ads we put up here, it also pays most of my web hosting bills so this stuff can be available to everyone.  It also pays for the odd meal out so my wife isn’t too upset about the time I spend on these projects.

As long as you’re all interested, I’ll keep going with this stuff.

Flashhack P66

Flashhack keeps getting better, thanks to everyone that’s helped me test it.

P66 V6 development has been very slow, since I don’t actually have an ECM to test with, but thanks to some back and forth it seems to be working well.  It shares a lot of code with the LT1 flash tool so I’d expect it to be quite reliable.

I have not removed the ‘for bench test only’ warning for the P66 but if you’re brave please ignore it and give it a try, let me know how it goes


My new LT1 flash tool definitely seems ready for everyday use, but does need more widespread testing.  I would be really suprised if we ever see an accidently bricked ECM with this tool and feel it’s the safest 1994-1995 LT1 flash tool ever (…no warranty though)

It has P66 V6 support coming soon too.


EEHack support

I get a lot of comments posted directly to this site asking for support for EEHack.

If you want to get help with EEHack in any way, please join and ask there.  It’s the only way.  I will not answer comments on this site anymore, I just don’t have time due to my other projects.

2020 Development continues…

Due to a generous donation that got me another test ECM, EEHack development continues with a fresh test bench, socketed up ready to go and communicating with the cheapest FTDI device china has to offer (which is really all you need to tune an LT1, you know)

Thank you to Mogielski and all the other supporters that have kept me motivated to keep working on this platform over the years even without having an LT1.

I plan on separating the flash tool from EEHack entirely and making a better one that will support other ECMs as well.