Home - LegacyNsfw/12593358 GitHub Wiki

Welcome to the 12593358 wiki!

Do we want to make our own customized operating systems? Of course we do.

How do we start? By finding the code that needs to be changed.

How are we gonna do that? I'm so glad you asked...

I started trying to disassemble the OS that came in my car a couple weeks ago, and have made enough progress that I think it's worth documenting how I did it, in case other people want to do something similar for other operating systems. I just put everything I've got so far on GitHub. It is admittedly not much, but there's enough that I'm pretty optimistic about where this is all going.

A few things made it possible to make a lot of progress in a pretty short time.

  1. Dimented24x7 disassembled a bunch of another OS a couple years ago, and posted his findings. That was especially helpful in the very beginning, so I've put a copy of his annotated disassembly in the GitHub repository.

  2. IDA Pro. You can also do this kind of thing without it (Dimented didn't seem to be using it) but I'm a huge fan because if its ability to navigate around using cross-references and lists of named objects/variables/functions/whatever. It is kind of expensive, but I think it's money well spent.

  3. An XDF for the operating system, thanks to cmaje72. I wrote a small Windows PowerShell script that reads the XDF and produces an IDC script, which IDA then executes. When that's done, all of the constants and tables that were in the XDF are labeled in IDA. Then you can use IDA's cross-referencing to find the code that uses the stuff documented in the XDF.

  4. There's a table in the OS that maps OBD2 PIDs to functions. I haven't actually verified this for certain yet, but I am pretty sure that those functions read values from RAM, do a little bit of trivial arithmetic to convert to the desired units, and return the value that gets sent back over the OBD2 connection. I thought I was looking at a job scheduler at first (execute all of the functions in order, then start over if it runs out of time?) but then I remembered that Subaru's OS has a similar table of function pointers for OBD2 queries, and then I noticed that the values alongside the function pointers look an awful lot like OBD2 PIDs... So I wrote another PowerShell script, which processes this table to produce another IDC script, which gives names to all of the functions. From there, you can label the RAM locations.

This stuff is described in a bit more detail in the other wiki pages - use the sidebar to navigate.

I haven't achieved anything especially noteworthy just yet, but like I said, I feel pretty good about where this is going.