I've done some work with LIN signals. It's basically USART over a single line. An interface chip like an MCP2003 or MCP2004 accomplishes the combining of the RX and TX lines into one signal. Some PIC microcontrollers have the ability to handle the synchronous serial part in hardware. The PIC I used handled the break and sync parts on its own.
All activity on the bus is initiated by the master node. I was interfacing with a switchpack. The master sent the break (low) and sync signals (0x55) followed by a PID that the switch pack was listening for. When the switchpack heard its PID, it responded with the states of the various switches.
For more info Hackaday recently posted this article covering LIN.
I’d try looking in a service manual for the car and get an actual Ford scan tool. People like Forscan because it allows for customizing beyond what Ford allows. But, I don’t think it has all of the “other details.” I’ve used a product from vxdiag for my Subaru and can vouch it has all the same dealer functionality. So my though was this: https://www.amazon.com/VXDIAG-Nano-Ford-Mazda-V100/dp/B01EFWPAN0 plus, like I said a Ford service manual. Some manufacturers, not all, allow for a module to be “recoded” for different trims, drivetrains etc. I wouldn’t be surprised if you google around or look in a service manual that you’d find this information. Airbags are an example, curtain airbags or in the case of Audi, rear seat thorax airbags, are an option. But they can use the same part number for the airbag module, it’s just coded differently.
If the above doesn’t work, I can’t imagine you’ll find someone who can fix this fast over Remote Desktop for a price less than the cost of a new car.
https://www.amazon.com/YARD-Stick-One-wireless-controlled/dp/B01N3TR4AA
$125
https://www.amazon.com/RTL-SDR-Blog-RTL2832U-Software-Defined/dp/B0129EBDS2
$22
Am I mistaken that you can unlock pretty much any car you want for... $180 and some time/dedication?
This app worked pretty good for me on Android back in the day:
https://play.google.com/store/apps/details?id=com.picitup.iOnRoad.pro
There's also a free version. I see it hasn't been updated in a while tho. I think the company was bought out.
You also gave me an idea for the inputs with that - I searched and found https://www.amazon.com/dp/B01EY7626K. Now maybe there is a board that combines both.. <searches>
paid version(displays all sensors data. I don't know if you need the paid version to log all sensors data)
I bought a VGate iCar Pro for my car with extended can after running into buffer limits with a generic ELM327. Here is the link to the one I have, there are a few different versions with different chip speeds, but any of them should let you pull the full message.
How tiny are these new cats that something like this wont fit?! lol - https://www.amazon.com/Portable-25800mAh-Capacity-Indicator-etc%EF%BC%88Black%EF%BC%89/dp/B07TSHW85D
Have they really shrunken that much since the days of my old blazer (96)? lol
Assuming your using a exhausted cat (can't think of a better term for them when their done) and your not planning on moving the vehicle for a while then I very much doubt a thief will check if you've removed some of the honeycomb mesh inside. Hell if you really want to get crafty you could always run a tiny 5 volt wire to the battery bank via a hidden secondary hole in the exhaust system. Just use a thin enough wire that will break easily when the thief cuts the cat out. Just make sure to charge it every once in a while.
Having said this... Are you sure this is the route you want to take? Don't get me wrong those thieves are trash but I would speak with an attorney before you go this route. Last thing you want when you catch them is to have them turn around and counter sue you for stalking.
i used:/* inflate.c -- put in the public domain by Mark Adler */and then just:DecompressDeflatedData (outdata, indata, 34448) on the above mentioned array. the 34448 maybe not 100% as that was just the size of my copy/paste range from your cff.
https://www.kernel.org/doc/Documentation/networking/can.txt
make sure local loopback is turned on maybe?
Also, technically, you should have 2 120ohm resistors. I know you can get away with cheating a little (using a single 60ohm instead, for example) but idk off the top of my head if a single 120 will work.
There's an Android app out there written by a guy calls himself theksmith. Is designed to make it easier to do exactly what you're trying to do: debugging or sniffing of the CAN bus for SWC and other info, via the OBD port.
Car Bus Interface (Connect to car computers via Bluetooth) - https://f-droid.org/app/com.theksmith.android.car_bus_interface
It runs on Android and talks to the OBD through Bluetooth.
I tried it a couple of times this week in my 2004 Euro-sourced GM car with no luck. Is possible my car was the last in its lineage not to use the CAN bus which may explain things but Torque works well enough on the same setup (knock off BT adaptor reporting itself as capable of the AFAIK erroneous ELM v1.5). I guess Torque is not designed to sniff any CAN bus though.
I dont know what security level you needed, sorry.
You can steal FordIDS on torrents (for example, here). But I never tried using it.
Looks like you need VxDiag cable (or it clone).
​
I only saw a lot of logs recorded at authorized service. Dont know, what hardware they used.
Loads of documentation on this by googling “Raspberry PI instrument cluster”, here’s one such example
https://www.hackster.io/SURYATEJA/black-box-obd-pi-using-raspberry-pi-e363aa
Your car may not how quick it’s going digitally, get an adapter and use something like Torque to see.
My suggestion, and I’m by no means an expert in car hacking, is to look into the Windows Subsystem for Linux (WSL) as it’s designed to have a Linux environment on native windows machines via a command line interface.
Maybe that will be enough for you to run your ruby script?
EDIT: the Microsoft docs do in fact say it supports Ruby
They get broadcasted when the thing is active. So you get something that can listen and then trigger them and see what statuses come out.
https://www.freecodecamp.org/news/hacking-cars-a-guide-tutorial-on-how-to-hack-a-car-5eafcfbbb7ec/
Here's exactly what I have for my 2018. Just used it with LeafSpy today.
LELink Bluetooth Low Energy BLE OBD-II OBD2 Car Diagnostic Tool for iPhone/iPod/iPad and Android. New: Configurable Auto On/Off https://www.amazon.com/dp/B00QJRYMFC/ref=cm_sw_r_apan_glt_fabc_S0JMPM7Z055G7F3JSEJM?_encoding=UTF8&psc=1
Yeah my car was fine as soon as I removed the interface. I'm using this: https://www.amazon.com/dp/B07P9JGXXB/ref=cm_sw_r_cp_apa_glt_fabc_FGWRR3CWCQ9JAJEKHMHX?_encoding=UTF8&psc=1
This is also the same bus with the 4.5v/.5v readings. Weird thing is that the 4.5v is coming from the CANL pin and the .5v from the CANH pin. According to the diagrams, I definitely have them identified correctly. Maybe I should try swapping them anyway?
I've tried a bunch of different things, but I'm ultimately trying to get everything to work on a raspberry pi 4B. The pi is running ubuntu 20.04 and I'm currently using this interface: https://www.amazon.com/dp/B07VMB1ZKH/ref=cm_sw_r_cp_apa_glt_fabc_DA0T4GVJMNXENJ9JJ0WD?_encoding=UTF8&psc=1
Thats what I did, obd2 splitter, obd2 scanner with a high and medium speed ability (I used this one https://www.amazon.com/dp/B01MUALTSX) hooked up to Forscan. I have the paid version, it's like $5 and let's you really dig into the data , and a macchina M2 (https://www.macchina.cc) to record the can traffic.
MELIFE 2 Pack for ESP32 ESP-32S Development Board 2.4GHz Dual-Mode WiFi + Bluetooth Dual Cores Microcontroller Processor Integrated with ESP32s Antenna RF AMP Filter AP STA for Arduino IDE https://www.amazon.com/dp/B07Q576VWZ/ref=cm_sw_r_cp_api_glt_fabc_JYW6BR6MGMC0KRTN7VGA?_encoding=UTF8&psc=1
i’d love to show you the code. i tried all kinds of xTask/arduino libraries
hey. that's a different shield. I tried that and unfortunately couldn't get it working.
I spent more money and bought this one https://www.amazon.ca/gp/product/B076DSQFXH/ref=ppx_yo_dt_b_asin_title_o00_s00?ie=UTF8&psc=1 the seeed studio v2. it costs more but i got it working. i couldnt figure out the other one
hey thanks for the feedback. I actually have the ECU with me right now but I'm having trouble opening the ECU with the screwdriver set I bought: https://www.amazon.com/gp/product/B07Z913L48/ref=ppx_yo_dt_b_asin_title_o01_s00?ie=UTF8&psc=1 I managed to remove one of the screws using M5.5 sized bit.
Would you recommend any electric screwdriver or drill for that?
Worst case for the pin there is a pin puller app that charges roughly $15 per vehicle you need to pull a pin for.
One thing OP can do that may work at least for a quick and free check is if they have a phone with NFC (preferrably Android), can see if the existing tag/chip will read with it. NFC readers in most phones will read some limited RFID tag types. I recommend the app linked below for Android as it will give full details on the type of tag. If that doesn't work, then you'll have to go for the referenced RFID reader/writer hardware.
https://play.google.com/store/apps/details?id=com.wakdev.wdnfc&hl=en_US
Do you know what generation MMI you have? Keep in mind that the model year might not be aligned with the year it was built. VW/Audi in particular tend to have of mid-year changes that make things complicated.
I'm 99% sure there is an off the shelf adapter (like this) that would be compatible, but it might also be worth looking into there are any Chinese import head units available that are a direct fit for your car. Sometimes they can get a bit expensive depending on the model but if you're planning to keep it for awhile having Android Auto / Car Play would be well worth the upgrade.
Try JScan - it is available on Android and it's dedicated for Jeep but most modules are similar it should read Trouble Codes from most modules. https://play.google.com/store/apps/details?id=net.clever.obd4u
Also what do you guys recommend for a sniffer. I'm looking at a few but they are all so expensive. I found this. Are any of you familiar with it? Are there more options around that price range? I want to be able to use Wireshark since it is very powerful. Edit: Just found this also.
ITs actually pretty easy. I have a 2012 chevy volt and you can trigger the remote start with this https://www.amazon.com/gp/product/B006NZTZLQ/ref=ox_sc_act_title_1?smid=A1C2436WDJ39HA&psc=1
It is possible to remote start a lot of new cars over OBD2 ASSUMING it has onstar module. Onstar doesnt need to be active, but the module needs to be there
I installed a Nexus 7 as my head unit. Does that count?
There an app called AutoMate or something. I haven't used it yet because I forgot until just now. I'll install it today and play around with it and report back.
https://play.google.com/store/apps/details?id=com.bitspice.automate
While looking at that I also discovered an Android auto app that I'll play around with as well.
https://play.google.com/store/apps/details?id=com.google.android.projection.gearhead
I know none of this is carhacking, but I had already written this up when I realized what sub this was and I don't want to remove it. I apologize.
EDIT:
Turns out the Android Auto app isn't available on the play store for the Nexus 7. I'm running Android 6.0.1 vanilla with timur's kernel
The AutoMate app works like a dream though. I may even pay for the full version because after using it for 5 minutes it became my default interface. It's perfect and I can't believe I'd forgotten about it.
10/10 will use a Nexus 7 as a head unit in all my cars.
I'm guessing you may have figured something out already, but for others with this question in the future:
Some cars have a pin on the OBD-II port that is tied to ignition ACC power (exactly what you're asking for). Manufacturers can use pins 1, 3, 8, 9, 11, 12, and 13, for whatever they want. My car has ACC power on pin 8. You can either find a wiring diagram, or if you're brave use a multimeter to check the mentioned pins.
If you do find an ACC pin, I would recommend purchasing an OBD-II splitter like this one and swapping the ACC pin with the main power pin (16) on just the last segment of the splitter (fairly simple, just pry the two pins/wires out of the connector using a small screwdriver). Then you'll have one OBD-II port with power always on and another that turns off with the car without having to modify whatever you're plugging into the port.
Yeah, we were using both. We were using an OBD2 to DB9 converter to connect this to our CANBUS. This is what it looks like:
With this, we are basically hitting all of the PINS. Would there be a better method than this?
For right now, what you said about slamming it with garbage data will work. But we would prefer to get that CAN message that overrides the PCM. We are looking into physical options as well. I'm a little nervous about doing this though.
We have been basing our attack methods off of this article: http://feihu.eng.ua.edu/NSF_CPS/year1/w9_1.pdf
It's a bit of a long read, but I am an academic doing this for a potential Master's project. If you want a good read, this may help you on your own car projects :).