Reading this thread with heavy interest as I'm trying to decide which system will prove more useful. I'm an EE that does embedded hardware/firmware design, so I can attest to the fact that reverse-engineering a system is not easy, though certainly doable with enough time.
I have no specific knowledge of what any particular company is doing, but in uprev's case the use of a complete custom OS may be a bit of a misnomer. By the time all modifications are made I imagine it would appear to be completely custom, but it most likely grew out of the stock system little by little. My approach would be similar to the following:
1) Determine where maps exist (regardless of what they do), not terribly hard as they usually consist of large chunks of slowly changing values
2) Once these are known, it's a fairly simple matter of determining the code that access each maps (still may not know what each does).
3) Modify code form step 2 to branch to another location, one that includes custom code allowing for returning map data from multiple custom maps located elsewhere in memory.
This is only the beginning, mind you, but it would allow for a fairly quick modification of a stock ECU to run with (multiple) custom maps. Granted, it does not grant the programmer with any special knowledge as to what those maps actually do (that's where the experience with tuning helps to recognize data), but it shows you how easy a
simplistic mod can be. Understanding what effects any changed maps will have on other portions of the system is beyond the scope of such a simplistic change, and that's where the time sink comes in.
On to our coding exercise:
4) Trace back sensors to the processor pins (not always easy due to multi-layer PCBs).
5) Pull out processor data sheets to determine what pieces of code are accessing each of those pins.
6) Start making connections between each piece of code identified in step 5) and the maps those same pieces of code access.
7) Begin to see a pattern emerging, then realize you've merely had too much Red Bull and Twinkies.
8) Put down Red Bull and Twinkies, then start praying you still see a pattern emerging.
That's the process, in a nutshell. It's not necessarily difficult, but it
is slow, tedious, and often times not straightforward.
So, who'll be the first to tell me to
?