Control everything in your car with the Car Kracker

If your whip is a Honda, Toyota, BMW, Chrysler, VW, or Mini made in the last decade or so, the Car Kracker is for you. This project allows you to connect directly to your car’s computer system, allowing you to display messages on your stereo, play music off an SD card, and even override factory settings like always-on daytime running lights.

The Car Kracker uses ISO 9141, an in-car communications protocol that is now mostly used in foreign (for the US) cars. The build uses a Gadget Gangster Propeller board to connect to the CD changer port and OBD-2 port in the trunk, and the diagnostic port located under the hood.

With the Car Kracker, it’s easy to connect the Aux In on your stereo to an SD card loaded with music, or even plug in an iPod for the poor souls without a 1/8″ jack. Dealer customizations such as turning the ‘door is ajar’ noise off, toggling daytime running lights, and throwing a nav warning up are also possible.

Check out the two videos after the break, and if anyone has any more info on getting this deep into a car’s computer system (a wiki, maybe?), send a link in on the tip line.

46 thoughts on “Control everything in your car with the Car Kracker

    1. sucks that the bmws with the best displays were the last generations with dumb odb1.

      wich is probably as capable as 2 after you account for all the proprietary stuff each maker added, but since there’s no standard to use it, point is moot.

  1. Remember doing something like this with my cw jetta and the obd port and vagcom program
    Very cool stuff wouldn’t surprise me as BMW’s have enough wires and computers to link up to NORAD !!

    1. If this was possible on my car I would look into it right away. Running lights a more of an annoyance if you have a job like mine. I work security and occasionally I have a job that requires me to sit in my car all night. Thankfully pulling the hand brake turns off the lights or else I would have to chose between sitting in air conditioning and giving away my position or not sticking out but having to sit in a hot car all night.

  2. Hey HAD! This is my project;
    It’s actually pretty hard to brick your car – only the engine and transmission have re-writable firmware, and they’re on a separate data bus.

    Many complaints about my ’00 e46. But the data bus is a lot of fun to play with.

  3. Ross tech made an interfacing cable a long time ago with free software to do this very thing. I just bought my wife a VW Jetta and managed to turn off the seat belt buzzer, door buzzer, and activate/deactivate a half-dozen other features. However, this is much neater, and notably cheaper. I will have to try this out as well.

    1. BCM, where most crypto code and dash controls are.

      There are some cool patented algos in ECMs for fuel and emissions.

      I remember messing with this stuff late 90s, it’s too expensive for most people including me, now. Some of the things I did made world news when some university researchers published papers 5 years later on just a fraction of it. They got sewed though ^^

  4. Software-wise, they’re just targeting BMW stuff. Some of the stuff they’re doing won’t work the way they’re doing it on a VW, for instance, or is just impossible without hardware mods.

    Also, ISO 9141 is an outdated protocol, most companies have since moved to CAN-only systems.

    Re: the Ross-Tech cable, that’s somewhat different in that it’s a diagnostic tool that can manually access the control modules in the car to change settings or read sensors. (I highly recommend their stuff if you have a VW, though.)

    Re: OBD-I vs. OBD-II… generic OBD-II is very limited compared to the proprietary protocols, which at least in the case of VWs, stayed the same when they moved from OBD-I to OBD-II. This may actually work on an OBD-I BMW, given that it’s not going to be using the Generic OBD-II command set.

    Re: Reflashable control modules… you’d be surprised what’s reflashable. On my 99.5 Golf TDI, the engine computer is NOT reflashable (2000+ were, and there was a nasty bug in the firmware on the pre-2000 Mk4 TDI startup fueling map (essentially, a corner of the map that covered high temperature and low RPM was zeroed out, meaning you had to crank for 5+ seconds before the emergency start fueling map was used to dump fuel into the engine), that went unfixed due to the cost of fixing it). However, the instrument cluster and the central convenience (locks, doors, windows, mirrors, that sort of thing) modules are reflashable. Nowadays, everything in the car is reflashable.

    1. Yes, I unhappily discovered this only after purchasing the Kiwi WiFi ODBII dongle and iPhone app. What a bummer that was. I would hate to make that mistake again with this product.

  5. ahh, one of the FEW people that dont think im off my rocker by TRYing to warn people… that newer cars can be started and driven off unattended THROUGH the INTERNET connection provided by OnStar… how? your car doesnt have a firewall nor virus scanner, and hash andor checksum can both easily be faked, as has been prouven on desktop computers time and time again.

    but how could this “virus” possibly be implanted? does your car play MP3’s? MP3’s that were burnt on a CD… on a computer that is connected to the internet and browses on websites.

    have fun with facebook,,, GIF and JPG files can BOTH hold viruses, picked a few up from facebook (someone else using) and antivirus deleted it.

    friend request? too late you already just downloaded the virus just by viewing the request list-page! hmm scary

    PS: everything i just talked about was about viruse files, im have no clue and dont want to know if they can be hacked into directly… even more scary

    PPS: if there is a webcam (backup camera, while in reverse, and reverse IS fast enough to kill a person) or GPS involved (onstart has GPS built in i think) then it becomes MUCH more dangerous of a machine!

    PPPS: toyota

    1. I’ve reversed onstar firmware, you are off your rocker. It’s most robust system at most can control ECM to the point of ignition and alarm security bypass and only after challenge/response with an operator.

      FPGA on ECM are hardware-write-locked and only some can be dumped, so super hax0rs are no significant threat even if they give generic bypass tools to thiefs..

      A bypass tool would defeat challenge/response via physical connection to FBGA bus board..

      1. but it(onstar) can shut down the engine without any hacking if the car is reported stolen(to the police)… so wouldnt one be right to say it could also start said engine?

        maybe im just stuck thinking about OLDER car networks, the ones without a hoot of thought put into them. 1st gen if you will

        im not talking about a specific car, and im not talking about all cars, im talking about “some” cars.

        and since when are cars challenge and response? maybe i was out of the loop too long but last i heard car “networks” didnt even have the “from” field in their network packet… so the left-front brake can not tell if it is the pedal telling it to brake, or the onstar, or even the stereo, yes, the stereo could concievebly tell the car to spin out.

        seperate networks, i heard there is a device that translates from one network to the other in a car, blocking certain sendto address packets. could that not be overwritten too? im assuming this device has the same amount of security in it as a home networking router, and those have been broken time and time again.

        PS: i mean (toyota) cars dont just accelerate uncontrolled and crash for no reason.

        they said it needed a metal “shim”, yeh right.
        how the hell does a “shim” keep the whole thing from going bonkers, i mean i’d understand if the pedal’s calibration was off by as much as 50% when it breaks, but 100% off???

    1. Clearing codes can be done with any OBD reading tool. You can probably even get it done at the local Pep Boys or Autozone.
      Altering the engine parameters is a little harder since that’s actually ECU modding, which is a whole different problem.

      1. clearing codes is easy I’m taking about clearing the codes so it doesn’t look like it’s been cleared and keeping them from coming back on so it can “pass” inspection as my pos needs expensive exhaust work that I can’t afford to do.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s