did you make sure to change to physical addressing mode by issuing "at sh 6c 10 f1"?. That changes the the headder you are sending, then when you go to send the get key command you send just the "27 01"

which implies this as the basic entry points for most major enhanced mode points (in the 3rd upper memory). The interesting thing is that following the table out would imply there are some numbers in the $40's which would be highly irregular I would think. 10 $8F26 12 $8FE8 13 $9103 14 $91e2 17 $91F...

OK well I think I have isolated the jump table for enhanced modes, though it has an offset from that number in the table of 4. For instance the 8f 22 at $8805 plus the offset of 4 is jumping to mode $10 at $18f26. 87F5 db $88, $DF, $89, $17, $89, $5D, $89, $EF, $8A, $03 87FF db $8B, $B0, $8D, $F8, $...

yep that is the reply and it is in bank 0, as for code you need look no further away than the code fragment I listed above, the first line of code in the serial port trap section loads the x register as a pointer it would appear. 8286 L8286 ldX #$0383 ; where the serial handler starts hmm just notic...

I was trying to fade off to sleep when it hit me how interesting it would be to run the stuff from the logic analyzer through a couple filters using the tednotepad. First finding the unique lines, then sort ascending. The results were very interesting. This popped right out for instance. Note when t...

this is a small section of the code steps it is taking right around the decision that there is something on the serial obd line

Already got it, it is in bank 3 8271 L8271 brset L0088, #%00100000, L8284 8275 brset L0088, #%00010000, L82CC 8279 ldY L1E7D 827D ldaA 15, Y 8280 cmpA #$AA 8282 beq L8286; Is there something on the serial bus? 8284 L8284 jr L82F0 ; 8286 L8286 ldX #$0383 ; where the serial handler starts 8289 ldaB 0,...

Well I know memory location $0088 definitely has something to do with inputs from the scan tool, I set obd2crazy up to ping away at mode $22 pid's and found that activity with that location picked up when I was pinging. I am trying to work my way through the code to find out where the big decision t...

Yep, you are correct. You need to send the request each time, and then there is the timeout if you take too long after the seed request to send the key

the 7f means that there is something definitly not correct going on. That is an error response code like you are sending the command in the wrong mode. You did start the thing off with a "at sh 6c 10 f1"? If you are using an elm or elm compatable try typing in "at h1" so you can ...