tag:blogger.com,1999:blog-13978895.post1273706096233973606..comments2023-04-06T17:53:44.530+02:00Comments on Only_Dead_Fish_Go_With_The_Flow: Hacking Your CarMarco Guardiglihttp://www.blogger.com/profile/06980098282508369629noreply@blogger.comBlogger83125tag:blogger.com,1999:blog-13978895.post-10370575212304458022018-05-08T09:51:02.841+02:002018-05-08T09:51:02.841+02:00Hello Mr. Marco Gaurdigli,
Thank you for great in...Hello Mr. Marco Gaurdigli, <br />Thank you for great infomation on CAN<br /><br />I understand that, in CAN protocol , you send request to car,and your car will response data.<br />Do you know about CAN contactless ?<br /><br />I bought a CAN Contactless from Gps4net. CAN bus data output is the same data in my car.<br />Whent I connect device CAN contactless to ELM327, I cannot read data from car, i think because CAN Contactless cannot trans request to the car(no physical wire connections).<br />Do you have any solution to read data without send request to the car?<br /><br />Thank you.vietzunghttps://www.blogger.com/profile/14439265963494087273noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-87342606417272131932017-03-18T16:46:32.668+01:002017-03-18T16:46:32.668+01:00I understand however I thought about all that and ...I understand however I thought about all that and proceeded carefully. All I am really doing is sending it the same commands that comes from the gearshifter when you control the gear lever manually. So if the gear shift algorithms are not happy to act my wishes it does not change gear anyway. Upon testing (not on a road!) This is confirmed. If the canbus id copy trick causes clashing and cant be made to work then i may have to give up the canbus write commands and connect something up to the sensors of the actuall gear shift sensors instead and emulate them. That way it really is ecactly the same as manually shifting it.<br />This is simply trying to create my own shift pattern. Vw did a terrible job of the original shift map and it wears out the clutch packs!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13978895.post-49607996836936382852017-03-18T10:02:02.504+01:002017-03-18T10:02:02.504+01:00@anonymous What you are doing is injecting spoofed...@anonymous What you are doing is injecting spoofed commands in your car drivetrain can bus. <br />This is extremely dangerous, and you should not do it. Doing so would bring the software state within the car controller out of sync with real state. <br />The embedded software has many embedded security procedures and multiple checks, but can not deal with cospicuous inconsistencies. <br />These potentially dangerous situations are probably logged somewhere and reported to factory lab.<br />Try to put yourself in the place of the main ecu: it receives an "official" gear set, consults a number of tables with data coming from many other sensors, and adjusts engine injection parameters accordingly. Before proceeding with parameter setting, it could also post a query to the originating controller asking for confirmation, and get an answer.<br />Injecting fake informations in this control loop would bring the main software in unknown and uncharted territories, and decisions would be probably taken according to "anomalous condition" rules, which are to be used in emergency, and far from being efficiency or performance optimized. <br />Do not joke with safety. Be smart. Be responsible.<br />@mguaMarco Guardiglihttps://www.blogger.com/profile/06980098282508369629noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-9273399974597862992017-03-18T02:42:40.865+01:002017-03-18T02:42:40.865+01:00Hi I was wondering if you know the answer to my qu...Hi I was wondering if you know the answer to my query. If you broadcast a id and message into the canbus which is the same as what is coming from one of the vehicles ecu's but is different, what happens? <br />I have a arduino canbus sheild on an vw. It is broadcasting into the canbus "change up a gear now". It is sending "id 440 message 5 00 A1 0 0 0 " at the right time. Will it clash with the vehicles original gear shifter ecu? I had it programmed to only broadcast it once which failed sometimes so i programmed it to do it 3 times. It works but sometimes the gearbox ecu recognises something is wrong and puts the car into safe mode and will not change gear untill i restart everything.<br />So emulating another ecu to get a result i want is working but eventually the vehicle is recognising im fooling it.<br />How should one approach this correctly to avoid message clashes and tripping fault conditions in the canbus system?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13978895.post-36172747581299446012017-03-15T20:52:46.081+01:002017-03-15T20:52:46.081+01:00@erwin: I am not an expert in car security, but I ...@erwin: I am not an expert in car security, but I think your approach is not going to work. Firmware compatibility matrix is to be respected. You can maybe swap a board between components with same release and versions, but there are probably checks in the code to protect the systems from unauthorized tampering. Also the mismatch would probably become evident if and when your car is checked thru an authorized diagnostic tool. I also do not understand the problem you want to solve by swapping firmware chips. Datasheet is for chips or electronic components. You need to consider firmware levels, which is something different being software not hardware. Good luck and play safe. @mguaMarco Guardiglihttps://www.blogger.com/profile/06980098282508369629noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-49532924089466175032017-03-15T16:43:13.244+01:002017-03-15T16:43:13.244+01:00Hi Marco, I have a problem with the BSI of my fiat...Hi Marco, I have a problem with the BSI of my fiat stilo 1.9 jtd 115hp. I found a used one, functioning I hope, and would like to swap the eeprom that contains the code of my car in order not to change the whole lot.<br />The problem is that I can't find the datasheet of this magneti marelli bsi, so don't have a clue about which IC I have to swap. Is it the 14 pins CAN interface or an 8pin ic ? <br />Please I really need this if you can help, it would be very much appreciated. I'm italian and live in france.<br />Best regards<br />Erwin Di Benedetto<br />erwinwizzy@gmail.comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13978895.post-86456907792107943412017-03-06T08:47:50.201+01:002017-03-06T08:47:50.201+01:00@vijay
Hi Vijay. Unfortunately I am not working an...@vijay<br />Hi Vijay. Unfortunately I am not working anymore on vehicle electronics these days, so I am not able to give you a satisfying answer. <br />Consider this: whatever digital signal appears in the OBD2 port comes from a specific gateway device which has the main task of selectively allowing authorized diagnostic operations thru specific brand-dependent diagnostic equipment. <br />To my knowledge each brand has very proprietary diagnostic equipment, and even in the same brand, different firmware on the gateway device generate different behaviours.<br />Probably the best cross-brand tools to read OBD port signals are the ELM Electronics https://www.elmelectronics.com/ chips which are used in many diagnostic devices (but beware because there are a lot of fake devices not using the original chips). <br />Specifically ELM has a CAN only chip (ELM329) which allows state-of-the-art can protocol decoding from can signals on OBD2 port and is able to interpret several CAN based protocols like FMS J1939. <br />I am in no way affiliated to Elm Electronics. Marco Guardiglihttps://www.blogger.com/profile/06980098282508369629noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-79857429844852775052017-03-06T07:48:19.218+01:002017-03-06T07:48:19.218+01:00hi marco,
I each car has different id for vehicle ...hi marco,<br />I each car has different id for vehicle speed,engine speed and various parameters but in the code there are some lines like.. <br />"canbus.ecu_req(ENGINE_RPM,buffer) == 1"<br /><br />But for a different car how can we change the id and use the same code?<br />please reply fast actually im working on a project which need these things..<br />Thanks in advance and waiting for the reply<br />Anonymoushttps://www.blogger.com/profile/17291944579315626506noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-46549327589454586022017-03-01T12:49:12.182+01:002017-03-01T12:49:12.182+01:00hi Marco
i had seen your information and its very ...hi Marco<br />i had seen your information and its very useful to me.<br />but this is my project making a gear shift indicator.<br />so i just the information for 1.engine speed and 2.vehicle speed depending on that i can proceed so i purchased can bus shield from dx.com and they said they had done the shield based on sk pang so i have seen the ino file but it all the other stuff likw lcd and gps but can u please help me.... <br />but i just want the information on how to retrieve the correct information?<br />Anonymoushttps://www.blogger.com/profile/17291944579315626506noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-47422599729305827432016-11-17T21:28:42.736+01:002016-11-17T21:28:42.736+01:00Hi Marco
You have put together a great resource o...Hi Marco<br /><br />You have put together a great resource of information in a well-organized page. I've been interested in cars for many years and have used OBDI and OBDII tools extensively. The arduino developments sounds promising and seem to offer more potential than the limited scope of the typical BT OBD adaptors that are so common.<br /><br />Thanks for spending so much time on this so the rest of us have a nice reference site!<br /><br />Cheers <br />AM (Toronto, Canada)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13978895.post-55580955390853786202016-11-04T14:11:18.412+01:002016-11-04T14:11:18.412+01:00On my DLC pin 5 is not grounded properly. Can som...On my DLC pin 5 is not grounded properly. Can someone tell me where this pin is grounded on a 96 mazda mpv or how I can properly ground it.Maxhttps://www.blogger.com/profile/18189658722776248950noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-83981240915710451402016-09-29T04:06:33.918+02:002016-09-29T04:06:33.918+02:00Hi When ELM circuit is connected to a vihicle then...Hi When ELM circuit is connected to a vihicle then its vulnerable for<br />shorts and over Current.<br /><br />Lets say you got a Vihicle with OBD 2 PORT DATA LINES are SHORTED to<br />POSITIVE or to GROUND.. then if you connect the elm to this car then<br />output transistors or elm chip could get fried..becuase of Over<br />Current Flow..???<br /><br />Please tell me What kind of simple circuit we might need to protect<br />ELM Circuit from Over current Shorts..? Thanks in Advance.Deenusernamehttps://www.blogger.com/profile/09179943822243781039noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-85980220684639333442016-08-22T21:50:27.777+02:002016-08-22T21:50:27.777+02:00Hi, Is there a way to snoop a working Car CANBus, ...Hi, Is there a way to snoop a working Car CANBus, find packets I'm interested in. Then on my engine swap project pump CANBus packets to the ECU telling him everything is working fine and run the engine correctly...<br /><br />More specifically, I putting a 2015 Subaru FB25 engine in my VW Vanagon camper bus.. I removed a bunch of unneeded controllers such as VDC. But the ECU goes into limp mode without the VDC and I want to correct this..<br /><br />I dead in the water with my engine swap need help..<br /><br />thanks much,<br />Billtargabillhttps://www.blogger.com/profile/01534460977968265941noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-48282833204824534452016-06-25T09:21:32.602+02:002016-06-25T09:21:32.602+02:00@Aleksandar Check quasarelectronics devices (menti...@Aleksandar Check quasarelectronics devices (mentioned in the post). Sorry for huge delay in publishing and replying.Marco Guardiglihttps://www.blogger.com/profile/06980098282508369629noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-67204508723970531052016-06-25T09:19:57.190+02:002016-06-25T09:19:57.190+02:00@luciano
I am sorry but I do not understand. What ...@luciano<br />I am sorry but I do not understand. What do you mean by VDO?<br />What is normally available on OBDII CAN pins is just a subset of what goes on the different CAN buses of the vehicle.Marco Guardiglihttps://www.blogger.com/profile/06980098282508369629noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-36884744009377119152016-06-23T20:35:48.602+02:002016-06-23T20:35:48.602+02:00Hi Marco,
i apologize for my poor english,
my que...Hi Marco,<br />i apologize for my poor english, <br />my question is: there is some difference between the canbus connected to the VDO and the canbus connected to the OBDII ?<br />Thank youmartinohttps://www.blogger.com/profile/04114696598318226904noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-48731135984823935012016-04-25T12:23:20.893+02:002016-04-25T12:23:20.893+02:00Hi,
I built the Alfa GT engine of Alfa Romeo 156 2...Hi,<br />I built the Alfa GT engine of Alfa Romeo 156 2.4 JTD 20V, complete with ECU.<br />The Alfa 156 no CAN line for cdashboard ie. body.<br />(I do not work rev counter and temperature)<br />Is there an interface that turned these two parameters in the CAN signal?<br />Thanks<br />Anonymoushttps://www.blogger.com/profile/13945108662926197918noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-24789268331919452162016-03-01T06:14:54.530+01:002016-03-01T06:14:54.530+01:00Hi,
I removed the car radio from a Fiat Grande Pu...Hi,<br /><br />I removed the car radio from a Fiat Grande Punto and I want to keep it on while it is on the workbench. I provided 12v and ground, but unfortunately after some minutes it goes off. The connector has two pins labeled "CAN A" and "CAN B", may be the radio sense the engine or the ECU on that bus. Can be feasible to sniff CAN-BUS packets from the car radio connector and then play them back to the radio on the workbench?<br /><br />Everything is aimed to keep the radio on for a sufficient time, because the message "RADIO BLOCKED / WAIT" is displayed, and I had to wait for the "ENTER CODE" message. And no, the radio was not stolen! It was blocked probably due of a faulty contact.Anonymoushttps://www.blogger.com/profile/16685801380891532057noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-19985869871359203062016-02-24T18:43:42.653+01:002016-02-24T18:43:42.653+01:00Hi
Dear marco
I have Kia pride year Before 1996 an...Hi<br />Dear marco<br />I have Kia pride year Before 1996 and ECU Siemens 1.3i ( Fenix5) included 20pin diagnostic connector under hood<br />I need how to connect to this model for see live data and sensor parameter ? <br />please help me <br />Thank you and Best RegardsHamedhttps://www.blogger.com/profile/00817275308005631221noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-31226745520027039602016-02-24T18:29:56.016+01:002016-02-24T18:29:56.016+01:00Hi
Dear marco
I have Kia pride year Before 1996 an...Hi<br />Dear marco<br />I have Kia pride year Before 1996 and ECU Siemens 1.3i ( Fenix5) included 20pin diagnostic connector under hood<br />I need how to connect to this model for see live data and sensor parameter ? <br />please help me <br />Thank you and Best RegardsHamedhttps://www.blogger.com/profile/00817275308005631221noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-36867347784795181912015-11-15T10:14:37.231+01:002015-11-15T10:14:37.231+01:00Hello,
I am trying to get access to Volkswagen Je...Hello,<br /><br />I am trying to get access to Volkswagen Jetta Convenience CAN bus. I am trying to read and get data which I am failing at this moment. I want to transmit few CAN message on Convenience CAN Bus. <br /><br />Can anybody help me out?Anonymoushttps://www.blogger.com/profile/10877236642595614170noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-7311019849168447002015-10-07T23:18:18.027+02:002015-10-07T23:18:18.027+02:00Hello Marco,I see you are quite aware of automotiv...Hello Marco,I see you are quite aware of automotive electronics and would like to ask if you know any website where is described in detail the design and operation of the engine electronic control module? I have a problem with an module Magneti Marelli IAW 8P for Peugeot 306 and I need to understand in more detail the way it works. I searched in the Internet but could not find enough comprehensive information. I would be grateful if you could help me and congratulations for the nice article!<br />AlexAnonymoushttps://www.blogger.com/profile/18310468180609435276noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-61035363590655469692015-10-07T23:14:39.428+02:002015-10-07T23:14:39.428+02:00This comment has been removed by the author.Anonymoushttps://www.blogger.com/profile/18310468180609435276noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-29030787907432652612015-06-21T20:28:38.203+02:002015-06-21T20:28:38.203+02:00ThanksThanksobd scannerhttps://www.blogger.com/profile/01451304276877784620noreply@blogger.comtag:blogger.com,1999:blog-13978895.post-31873690489672131922015-02-02T09:43:12.926+01:002015-02-02T09:43:12.926+01:00Hello.
I am trying to access a Citroen C4 BSI via ...Hello.<br />I am trying to access a Citroen C4 BSI via the obd interface.<br />I would like to know what is the difference between the pins :<br />3,14 (CAN I/S 250 KB/s)<br />and 3,8 (DIAG ON CAN 500 KB/s)?<br />And which ones to use for that purpose ?<br /><br />Many thanks.<br /><br /> Anonymousnoreply@blogger.com