[ Tools | Scripts | LABs | Links & Resources ] [ Car Hacking ]
[ Tools | Scripts ]
3rd_brakelight.sh - 11.2023
A simple way to tell UDS (Unified Diagnostic Services) that you want access to it's input/output functions and you would like to use it for turning the 3rd brake light on and off. While UDS is accessed via the CAN-C bus, the message structure is completely different. With UDS, the ECU will reply back to every single message with a code of success or a failure for each command sent. Python 3 has implementation for UDS I need to check out. udsoncan.getVehicleTime.sh - 11.2023
JEEP vehicles broadcast the time on both CAN-C & CAN-IHS bus once per second using message ID 350. This script reads the value from the CAN-IHS bus and returns the current value in a human readable form. PRO TIP: If the message is one byte long, it's on the CAN-IHS bus. If the message is eight bytes long, it's on CAN-C bus. When you are converting the numbers you can use the bindechexascii utility, or just use printf: printf "%d" 0x$valueBlackbox_monitor.sh - 11.2023
This script launches a black-box data recording script and a remote start HVAC automation script which the ignition is put into RUN mode or the vehicle is remotely started. When the vehicle goes back into OFF or ACCESSORY mode, it terminates the black box data recorder. NOTE: The HVAC script will make it's own determination of if the vehicle was remote started or not. It also handles it's own exit and does not need to be killed like the black box monitor does. This script takes advantage of message id $122 which exists only on the CAN-IHS bus. Messages are sent every tenth of a second, containing the current status of the ignition switch. It is up to the programmer to catch when the virtual ignition switch changes from one mode to another. When the vehicle goes into sleep mode, it will produce no messages until the vehicle wakes back up again. It's possible to repurpose this script to start or kill other process or automatically perform actions (ex: Turn ESS off) as the vehicle goes between OFF/ACCESSORY and START/RUNRemote_WiFi.sh - 11.2023
This script will disable WiFi on the Raspberry pi when you use the keyfob to lock/unlock your vehicle. This takes advantage of message id $1C0 which exists on both CAN-C and the CAN-IHS bus. New messages are sent on this bus every 10th of a second. If a new remote command is recieved, it wil contain an ID which represents the command. If no additional commands are recieved, it will continously report an ID which represents an idle state. If the vehicle goes into sleep mode, it will not produce any messages until the vehicle is awake again. To enable WiFi: Rapidly press the Unlock button on your fob two times. NOTE: takes about 10 seconds to be accessible.pyJeepCan.py - 11.2023
Python script for reading live data from the canbus on a JEEP. Data fields can be added simply by adding to monitorlist. Current data parsed: Battery Voltage, Roll\Tilt\Yaw, RPM\MPH, IAT\Coolant Temps, Oil temp\Oil Pressure, Gear, Transfer, Steer Angle\Rate and PS Temp \PSI.[ LABs | Tutorials ]
Python Canbus Lab Guide - 11.2023
Dont have access to a CAN device? No problem, you can simulate one using py-can & Can-Utils with the sample canbus log files provided below. Download: TKCan.py | CANBus Log FilesExample CANBus dev stack using a Raspberry Pi
1. Raspberry Pi 4b (2GB) 2. Software controlled Argon Fan Hat (adjustable cpu fan) NOTE: Without the fan, the CPU will still automatically throttle to keep operating temps within a safe operating range. 3. A horizontal GPIO connector (better airflow & spacing) 4. Zero2Go Omni (Better sleep and power management) 5. Waveshare 2 Channel CAN Hat (Used as a dual port adapter) 6. Homebrew Logic Level Converter (Controls the RGB Halos) 7. 40 Pin Stacking headers..
image of CAN-C and CAN-IHS bus connections (located behind the glovebox)
DIY OBD-II Diagnostic Cable - 11.2023
I usually access the canbus of the JEEP vehicles i hack on by accessing them via the unused ports behind the glovebox. This offers direct access to two of the vehicles 13-way CANBus connectors. These ports are also granted read AND write on the CANbus. As a bonus there is always a free port open for use and its out of the way of other things, so plenty of room to add components for testing.. The opther bonus to accessing the canbus via this location, is that we can easily isolate the major components which plug in to this location as well. The only downfall, aside from taking your dash apart, is that there is no direct power source in the area.. Most of all, makes it super simple to not interfere with another device already using the ODB-II port or needing to bypass the security gateway.. If taking our your glovebox is too much effort or just not possible, you can also access the canbus via the ODB-II port. However this comes with some limitations... One major downfall is it being read-only access (unless you installed a secure gateway bypass..). It's also the safest way to access the canbus for learning purposes. Writing things to the canbus can cause damage, undesirable results.. No telling. Use at your own risk. If you understand these limitations and still want to proceed via the ODB-II port, this guide will help you in creating your own cable. Always double check and cross refrence sources before playing with your vehicles canbus.. This is meant to be an informational guide only and can definitely void warranties...
Secure Gateway Modules - ?.?
Secure Gateway Modules, its purpose and relationship with the ODB-II port and how it interacts with yConnect radios on JEEPs.
Sniffing ISO-TP Messages over CAN (advanced) - ?.?
Sniffing the CANbus for traffic using candump.
SavvyCan SavvyCAN is a cross platform QT based C++ program. It is a CAN bus reverse engineering and capture tool. It was originally written to utilize EVTV hardware such as the EVTVDue and CANDue hardware. It has since expanded to be able to use any socketCAN compatible device as well as the Macchina M2 and Teensy 3.x boards. SavvyCAN can use any CAN interface supported by QT's SerialBus system (PeakCAN, Vector, SocketCAN, J2534, etc) It can capture and send tomultiple buses and CAN capture devices at once.