Вы находитесь на странице: 1из 5

WARNING! WARNING! WARNING! WARNING! WARNING!

THIS MUST NOT TO BE DONE ON ENGINES WITHIN THE USA!!!


There are steep penalties for modifying the emissions components on any engine that falls Under
EPA regulations. Doing so will land you with SERIOUS FINES!!
1-If you run Linux follow this step. for Windows go to numer 2
I am by no means an expert on this Calterm software, but I do know that there seems to be a
serious lack of help out there on howto use this stuff. It claims it is an engineering development
tool used to monitor ECM's for Cummins engines with the ability to alter the calibration data. Well,
It will do just that, but the problem is that it is not very friendly and the help files are vague at best.
The process doesn't come from any formal training, but rather by the hours and hours spent via
trial and error trying to figure this stuff out, and the bold willingness to risk my truck and its ECM
for the purpose of engine exploration and the pursuit of the allmighty MPG. My truck is a 2011
Pro-star with an ISX that has EGR and DPF. The ECM is a CM871, and the Calibration that was
in my engine was the original from when the truck was new. I run Linux on all my computers but
you can run Windows as you like, so I used VMWARE to create a WindowsXP-Promachine with a
Corporate key so that it needed NO Internet connection whatsoever. In Linux, I had to disable
security for RS232devices in the kernel with the following code so that it didn't interfere with the
INLINE adapter or VMWARE with the following script.
.
.#----( Disable linux RS232 device interference/security)-------function file_get_linenumber { awk "/$(escaped $2)/ {print FNR; exit}" "$1"; }
#Disable security for rs232..
FILE="/etc/modprobe.d/blacklist.conf"
;NEEDLE="blacklist pl2303";
ln=$(file_get_linenumber "$FILE" "$NEEDLE");
echo "ln = $ln";
if [[ -z "$ln" ]]; thensudo chmod 777 $FILE;
sudo echo '#Disable security for rs232 devices (allows USB gps and other RS232 devices
to work)...' >> $FILE
sudo echo 'blacklist pl2303' >> $FILE
fi;
#------------------------------------------------------------------------------------------------I set up the VM and used this hack to disabled Auto-run on all drives...
1) From start menu Chose Run and run 'gpedit.msc'
2) Navigate to Comp. Configuration->Administrative Template->System folder.
3) Open the 'Turn Off Auto-play' option on the right side of the screen.
4) Choose 'Enabled' and 'All Drives', then apply the changes and close the window.
I stripped all the eye-candy off of it, bla bla bla. And got it to my personal liking. After that I copied
ALL of the software I wanted toinstall into it, Installed VMWare Tools, Disabled ALL Internet
connectivity, then hacked the .vmx file with the following settings BEFORE actually installing any
engine software. Remember when adding these settings, that you cannot have any duplicate
entries in a .vmxfile...
uuid.action = "keep"
monitor_control.restrict_backdoor = "TRUE"
rtc.startTime = "1364189400 "

tools.syncTime = FALSE
time.synchronize.continue = FALSE
time.synchronize.restore = FALSE
time.synchronize.resume.disk = FALSE
time.synchronize.shrink = FALSE
time.synchronize.tools.startup = FALSE
time.synchronize.resume.host = FALSE
This makes the system clock perpetually March,28,2013 @ 01:30AM. So that any software
installed to the VM never expires, as well as isolating the VM from its host so that no engine
software could see the hardware ID's of the host itself. This makes it easy to move or copy the
VM to other computers if needed without loosing your software licenses. There is a downside to
these settings, and that is that Copy-Paste will NOT function to/from the host any more, so if you
want to transfer something to/from the VM from the host, you will need to do it via Memory stick. I
then set up some engine software that included Insite 7.5, Inline, FaultCheck, PowerSpec 5.2,
and Calterm . on it and got them all registered (not going into detail about that). I have an Inline-5
Adapter, so I installed the drivers for that and used a generic, but good quality USB-TO-RS232
adapter from Radio Shack to get the adapter set up on COM2 (I had to alsodisable COM2 in the
BIOS of the VM beforehand as well). Yes, I could have used the USB cord for the inline adapter,
but I found that the communications is much more stable and reliable using the RS232. Running
the Calterm software, I checked under 'Options' and found that I had NO privileges, so I closed
the program and hacked the Calterm_3.lic file. I just simply added the following to the bottom of
the file and made it look like this.
.
<LicenceFile xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Products available="AllProducts" />
<ToolFamily family="Engineering" />
<ToolFamily family="FieldEngineering" />
<ProductGroup available="true">MR</ProductGroup>
<ProductGroup available="true">HD</ProductGroup>
<ProductGroup available="true">HHP</ProductGroup>
<ProductGroup available="true">LD</ProductGroup>
<ProductGroup available="true">LDA</ProductGroup>
<ProductGroup available="true">LDD</ProductGroup>
<Feature>ToggleSecurityKey</Feature>
<Feature>CRCFiles</Feature>
<Feature>SendOperation</Feature>
<Feature>SPEEDDownload</Feature>
<Feature>SPEEDUpload</Feature>
<Feature>IgnoreRangeLimits</Feature>
<Feature>Unlock</Feature>
<Feature>CalibrationEditor</Feature>
<Feature>SaveFileCalibration</Feature>
<Feature>SaveModuleCalibration</Feature>
<Feature>ModuleEditor</Feature>
<Feature>HexEditor</Feature>
<Feature>BlockUnBlockFaults</Feature>
<Feature>Download</Feature>
<Feature>Export</Feature>
<Feature>Overlay</Feature>
<Feature>Assemble</Feature>
<Feature>Divide</Feature>
<Feature>ChangeRunLocation</Feature>
<Feature>SecureDownload</Feature>
<Feature>StopEngine</Feature>
<Feature>SubfileTableEdit</Feature>

<Feature>TemporaryWritestoSecureModules</Feature>
<Feature>TVOTVC</Feature>
<ProductGroup available="" />
</LicenceFile>

After that I Re-ran Calterm and went to Options-> Security and chose Liscense file upgrade, and
chose my hacked Calterm_3,lic file
then upgraded. After that, all the options were now available in the left window. The next thing I
did was get Calterm set up with my
DLA. I went to Options->Datalink, and set up the DLA. In my case, I had to choose the following...
Protocol: J1939
Adapter: RP1210a --< this is the correct setting for an INLINE-5 adapter.
Vendor: Cummins Inc.
Device: DeviceID-20,COM2,INLINE 4/5
J1939 Tool Adress: 0x8A --< I changed the default so that there is no interference from other
devices in my truck.
I saved the parameters and closed Calterm and before going any further, I ensured there was NO
ECM passwords in the ECM by
using the Insite Zappit software and deleting ALL ECM passwords including the OEM.
I also ensured that I had the meta-file for my engine, or at least one that was close to my CM871.
All meta-files are stored under the'c:\CaltermIII\ecfg' folder. For my engine, the closest one I
found was done so by opening the files one at a time and reading the XMLcode at about line 11
or so. There is a line that that reads '<module_name>CM87x</module_name>' for the correct file
that goes to theCM871. The other files will read a different ECM type. I actually took the time to
rename all the files in the folder so that I would nothave to look inside them again to see what
ECM they belonged to.
At this point, I then ensured I was still connected with my cables and turned the truck key-switch
to the ON position. The key-switch in the truck HAS TO BE ON to connect to the ECM, just like in
the Insite software. Re-ran Calterm, and Chose 'Select Product' from themain menu. I chose
'Eagle-Red' from the menu as this is the closest product representation for my ISX Engine. Next I
Chose'Tools->Unlock'. I clicked on the 'Find devices' button, and ensured the 0x00 was listed in
the device address box, then chose 'DisplayCur. Status' and saw that the ECM security was set
to Secure. I chose the button 'Switch', and it changed to 'Unsecured'. I then Chose 600D under
module status and chose the 'Apply' button. For some reason, just choosing 'Switch' without reapplying the 600D option caused the ECM not to stay unlocked, but setting the 600D and Apply
options made it stick.
I closed the Unlock feature and chose 'Open Module'. At this point, I had to choose again 'Eagle
Red' from the top list, then I selected the configuration file (the CM87x metafile I had found) from
the file chooser, then hit 'Automatic'. I got a warning message for the configfile not matching the
actual module config, but the versions were very close. One ended in 0.33 and the actual module
ended in 0.91 Ithink. This is perfectly ok. If you get an INLINE adapter firmware warning, then this
is NOT ok. This will cause many problem when hacking the ECM, so correct the problem if you
have to, or upgrade Calterm to match the INLINE firmware. My Inline frmware is 5.46 and my
Calterm is 3.6.008 and they match. (Firmware 5.32 requires Calterm 3.6.007). When the screen
opens all th way, then Press F7 on the keyboard to remove the circle-slash from the Screwdriver
symbol at the bottom of the screen. This puts the software in Editmode. If your ECM is unlocked
properly and ready for editing (from using the Unlock Tool), then you will also see a symbol at the
bottom of the screen that looks like a padlock that has been opened. If the padlock is closed, then
you will have to use the Unlock Tool again to get it unlocked. The ECM MUST be unlocked before
you can make ANY changes to it.With the ECM Unlocked, first thing is first. You need to add the

Engineering Security Key as the first entry in screen 0 to monitor. This will ensure later, when you
make changes to the ECM that the Unlock setting gets saved to any CAL files you might create,
as well as tell you its current state whenever you load or re-load a calibration. To do this, choose
the first blank spreadsheet-looking field in screen0 and press F1. And search for 'engr_sec'.
Check the little checkbox next to the '_Engr_Security_Key' paramater and choose'Apply'. Going
back to Screen 0 should now show the paramater in the first field and also show 'DISABLED' for
its current setting. If this is the case, then you are good to go for editing the Module.
MAKE A BACKUP FILE FIRST! Choose 'Upload' from the main menu and make a backup of your
ECM before going any further. This will ensure you can recover from a failed download, or a
parameter change that might corrupt the ECM. During the Upload / Download process, it is not
unusual to get some alarms on the dash of the truck. This is because the ECM is put in bootloader mode and taken out of Application mode during the upload.
After the upload is done, add parameters to Screen 0 that you want to change. Note that not all
parameters are editable. Many parameters are hard-coded, but this really doesn't limit you much
because somewhere else in the thousands of parameters is the bypass, or actual editable setting
to replace it. One thing that helped me in finding editable parameters is the descriptions. Just
about any description that has the words 'Tells the Tool', or 'informs the Tool' are NOT editable.
These are output parameters only that actually are just Outputs of other settings and results.
Many of the variable names include prefixes to indicate their functions, For example, C_ indicates
a user-adjustable control, and T_ indicates a control toggle. EMO_ indicates a function related to
emissions management. There are many other prefixes, and learning what they mean by
studying the comments is very helpful. Many parametersare Copies of others with a different
name, so be thoughtful and investigate thoroughly before choosing something to change or
monitor. Anyways, When you have some parameters selected and you Edit their value, If the
ECM will let you change them, then theValue field will turn Yellow indicating there was a change.
Make your changes to all fields desired, then use the 'Save' button at the topto actually commit
them into temporary ram-space in the ECM. These changes will stay until the power is cycled on
the ECM (the keyswitch in the dash of the truck turned off, then on a again). This makes it easy to
change something and then test it without screwing up your ECM.
To permanently change something, you need to get a little creative. First, Set all the changes you
want to make, Then use the 'Save'button to send them to the ECM, then Choose the 'Upload'
function from the main menu. Upload the file and save it as a CAL file. After that, You will need to
choose 'Download' to Download it BACK to the ECM. The ECM will then have the edited file as its
main Calibration file and the changes will then be permanent. You can compare the module, or
the new cal file to your original backup to see what changes you have made if you get lost along
the way using the compare tool.If you decide for some reason to hack a .ecfg or .cal file directly
then there is a tool to Re-certify the file's CRC. Just choose 'CRCFiles' from the main menu and
select the hacked .ecfg or .cal file and then add them to the list and choose ok. They will be
updated with the new CRC info permanently. I hacked my .ecfg to make it match my exact engine
calibration software version to eliminate the warning messages whenever I opened the Module
Editor this way.

WINDOWS
USERS
2-Install Calterm as usual in Windows

Some cool parameters to check/monitor while troubleshooting the engine


or perhaps test driving the truck.
..
EGA_DL_Engine_Speed
Final_Timing

The current live RPM of the engine.


The current live engine Timing (0.0 = 7.01 TDC)

_Turbocharger_Speed
The current live speed in RPM of the turbocharger.
FTT_q_CompFlCmd_v
The current live fuel flow rate command.
_VGT_Actuator_Position_Commanded- Live Commanded VGT postiton %.
ENGN_Final_Torque_Cmd
The current live torque load on the engine.

Derates and Engine Protection Shutdowns...


There are tons of parameters that deal with derates and engine shutdowns. Searching parameter
names that include 'DRT' or 'EPD' inthe name are almost always related to derates. Some
derates will cause an alarm in the dash, but there are many that are silent. Silent derates are in
place to protect the limits of the engine components and happen on a regular basis as a normal
part of engine operation.The consequences of turning them off may be severe, depending on
what it might be, if the driver of the truck is not aware that those components can now be pushed
beyond their intended limits. Disabling ALL derates will improve performance and fuel mileage for
the
engine, and because I drive my own truck, and no one else does, I disabled them ALL rather than
try and sort them out.Engine protection shutdowns can also be eliminated so that when a
shutdown alarm occurs, then engine will not be effected by it. The bad thing, is that if your engine
runs out of oil, it can destroy itself in short order, but the good thing is that you can bypass or
unplug acomponent or sensor that may have failed, like your EGR valve, or DPF can without it
shutting you down. Firetrucks, school buses and other emergency vehicles are often set this way
so that in an emergency, the vehicle can still be moved.

Here is the map to disable allderates and shutdowns...


Disable Engine Protections and Shutdowns
C_EPD_Derate_Suppress_En
1
C_EPD_CHT_RPM_Drt_En
1
C_EPD_EMT_Trq_Drt_En
1
T_EPD_Shutdown_Override_En
1
C_EPS_s_Enable
1
T_AFW_Enable
1
<-- {Enable for Alternator Warning.
1=On / 0 = Off}
C_TSD_Active_Enable
1
<-- {Enable Protecton for VGT Turbo
Overspin}
T_EPD_Shutdown_En
0
C_ADD_s_ReportFaultEnable
0
T_AT_Engine_Shutdown_Enable
0
<-- {Anti-Theft Can Shutdown
Engine 1=Yes / 0=No}
C_EPD_AECD_Trq_Drt_En
0
C_EMO_EgrOffEPD_Enable
0
C_CCP_Mod_Err_En
0
<-- {Disable Crank Case Filter
Alarms. Punch a 3/8" hole into Crank Case Filter so the enginecan
breathe easier After Disabling This
Alarm.}
T_EPD_CCP_Torque_Derate_En
0
C_CCP_Least_sev_Err_En
0
C_EPD_EP_RPM_Drt_En
0
T_VSS_Tamper_Sensitivity
0