ESP32 Used As Wireless CAN Bus Reader

November 22, 2023 by 34 Comments

The CAN bus, accessible through the OBD-II port, is the channel that holds all the secrets of the modern automobile. If you want to display those for your own perusal, you might consider this nifty tool from [EQMOD].

Yes, it’s an OBD-II dongle that you can build using an ESP32 WROVER module. It’s designed to read a car’s CAN bus communications and display them on a self-hosted web page, accessible over WiFi. The build relies on the dual-core nature of the ESP32, with the first core handling CAN bus duties via the SN65HVD230 CAN bus transceiver chip. The second core is responsible for hosting the web page. Data received via the CAN bus is pushed to the web user interface roughly every 60 to 100 milliseconds or so for information like RPM and speed. Less time-critical data, like temperatures and voltages, are updated every second.

It’s a neat little thing, and unlike a lot of dongles you might buy online, you don’t need to install some dodgy phone app to use it. You can just look at the ESP32’s web page for the data you seek. The graphics may be a little garish, but they do the job of telling you what’s going on inside your car. Plus, you can always update them yourself.

Getting to grips with the CAN bus is key if you want to diagnose or modify modern vehicles. Meanwhile, if you’ve been cooking up your own electronic vehicular hacks, don’t hesitate to drop us a line!

Probing CAN Bus For EV Battery Info

July 27, 2022 by 8 Comments

The widespread adoption of the CAN bus (and OBD-II) in automobiles was largely a way of standardizing the maintenance of increasingly complicated engines and their needs to meet modern emissions standards. While that might sound a little dry on the surface, the existence and standardization of this communications bus in essentially all passenger vehicles for three decades has led to some interesting side effects, like it’s usage in this project to display some extra information about an electric car’s battery.

There’s not a ton of information about it, but it’s a great proof-of-concept of some of the things CAN opens up in vehicles. The build is based on a Citroën C-Zero (which is essentially just a re-badged Mitsubishi i-MiEV) and uses the information on the CAN bus to display specific information about the state of charge of the battery that isn’t otherwise shown on the car’s displays. It also includes a build of a new secondary display specifically for this purpose, and the build is sleek enough that it looks like a standard part of the car.

While there are certainly other (perhaps simpler) ways of interfacing with a CAN bus, this one uses off-the-shelf electronics like Arduino-compatible microcontrollers, is permanently installed, and has a custom case that we really like. If you’re just starting to sniff around your own vehicle’s CAN bus, there are some excellent tools available to check out.

Thanks to [James] for the tip!

Continue reading “Probing CAN Bus For EV Battery Info”

Volvo C30 Custom Gauge And CAN Bus Reverse Engineering

June 15, 2022 by 8 Comments

With cars being essentially CAN buses on wheels, it’s no wonder that there’s a lot of juicy information about the car’s status zipping about on these buses. The main question is usually how to get access to this information, both in terms of wiring into the relevant CAN bus, and decoding the used (proprietary) protocol. Fortunately for [Alex], decoding the Volvo VIDA protocol used with his Volvo C30 was relatively straightforward, enabling the creation of a custom gauge that displays information like boost pressure and coolant temperature.

The physical interfacing is accomplished via the car’s OBD port, which conveniently provides access to the car’s two (high-speed and low-speed) CAN buses. Hardware of choice is an M2 UTH (Under the Hood) board, sporting a SAM3X Cortex-M3-based MCU, designed for permanent automotive installations. On [Alex]’s GitHub project page it is explained how the protocol works, and which bytes to look for when replicating the project.

Rounding off the project is a round LCD display from 4D Systems that cycles through the status update screens. As a bonus, the dashboard illumination level is also read out in real-time, so the brightness of the display is adjusted to fit this level. All in all a well-rounded project, with interesting prospects for a more permanent integration of the gauge into the dashboard proper.

Continue reading “Volvo C30 Custom Gauge And CAN Bus Reverse Engineering”

Simplify 3D Printer Wiring With CAN Bus

November 3, 2021 by 56 Comments

[mark] had an interesting idea when looking at all the wiring of a typical 3D printer; Use CAN Bus. There are a lot of wires going to the extruder assembly, and with most designs this thing is flying around at quite some speed. You’ve got connections for powering the heater, fan power, four wires for the extruder motor, thermistor sensor wires. You get the idea. Lots of wires. Worse, they’re all moving around with the axis, and if failures occur at either end due to poor strain relief, or the conductors themselves break, then all manner of interesting failures can occur. If the hot end thermistor connection goes open circuit, usually no damage occurs but the temperature control goes out the window and your print will fail.

Now if you push the electronics needed to drive and control the extruder, directly onto the moving body itself, and hook-up to the main printer electronics with CAN Bus, you can do the whole moving interconnect thing with a measly four wires. Yes, you need another PCB assembly, so it adds cost, but it does also simply the electronics at the control end, so some savings can be made. [mark] has used CAN Bus due its availability with modern microcontrollers and also its designed-in robustness, thanks to its automotive and industrial heritage. When you think about it, this is a rather obvious thing to do, and we’re not sure why we’ve not see it much before.

If you want to dig into the detail, the project GitHub has the schematics and code ready to go.

 

Continue reading “Simplify 3D Printer Wiring With CAN Bus”

CAN Bus Wireless Hacking / Dev Board

July 11, 2021 by 5 Comments

[Voltlog] has been hacking away at the CAN bus console of his VW Golf for quite some time now. Presumably, for his projects, the available CAN bus interface boards are lacking in some ways, either technically and/or price. So [Voltlog] designed his own wireless CAN bus hacking and development module called the ESP32 CanLite (see the video below the break). The board was tailored to meet the needs of his project and he claims it is not a universal tool. Nevertheless we think many folks will find the features he selected for this module will be a good fit for their projects as well.

In his introduction of the design, he walks through the various design decisions he faced. As the project name suggests, he’s using the ESP32 as the main controller due to it’s wireless radios and built-in CAN controller. The board is powered from the car’s +12V power, so it uses a wide input range ( 4 to 40 V ) switching regulator. One feature he added was the ability to switch automotive accessories using the ST VN750PC, a nifty high-side driver in an SO-8 package with integrated safety provisions.

The project is published as open source and the files can be pulled from his GitHub repository. We noticed the debug connector labeled VOLTLINK on the schematic, and found his description of this custom interface interesting. Basically, he was not satisfied with the quality and performance of the various USB-to-serial adapters on the market and decided to make his own. Could this be a common theme among [Voltlog]’s projects?

A word of warning if you want to build the ESP32 CanLite yourself. While [Voltlog] had intentionally selected parts that were common and easy to purchase when the project began, several key chips have since become nearly impossible to obtain these days due to the global parts shortage issue (it’s even out of stock on his Tindie page).

If you want to dig deeper into CAN bus hacking, check out this talk that we wrote about back in 2016. Do you have any favorite CAN bus development boards and/or tools? Let us know in the comments below.

Continue reading “CAN Bus Wireless Hacking / Dev Board”

Using CanoPy To Visualize The CAN Bus

May 8, 2021 by 11 Comments

As cars have become more sophisticated electronically, understanding the CAN bus that forms the backbone of automotive digital systems has become more and more important for hacking cars. Inexpensive microcontroller CAN interfaces have made obtaining the raw CAN bus traffic trivial, but interpreting that traffic can be pretty challenging. In order to more easily visualize CAN traffic, [TJ Bruno] has developed CanoPy, a Python tool for visualizing CAN messages in real time.

A basic PC CAN interface simply dumps the bus’s message traffic into the terminal, while more sophisticated tools organize messages by the address of their intended recipients. Both of these approaches digitally lift the hood and let you examine what your car is thinking, but the wall-of-numbers approach makes finding the patterns that hold the keys to reverse engineering difficult. Automatically plotting the data with CanoPy makes finding correlations much easier, after which the text-based tools can be used to focus in on a few specific addresses.

Continue reading “Using CanoPy To Visualize The CAN Bus”

Inside A CAN Bus Mileage Manipulator

March 13, 2020 by 28 Comments

In the days of carburetors and leaf spring suspensions, odometer fraud was pretty simple to do just by disconnecting the cable or even winding the odometer backwards. With the OBD standard and the prevalence of electronics in cars, promises were made by marketing teams that this risk had all but been eliminated. In reality, however, the manipulation of CAN bus makes odometer fraud just as easy, and [Andras] is here to show us exactly how easy with a teardown of a few cheap CAN bus adapters.

We featured another project that was a hardware teardown of one of these devices, but [Andras] takes this a step further by probing into the code running on the microcontroller. One would imagine that basic measures would have been taken by the attackers to obscure code or at least disable debugging modes, but on this one no such effort was made. [Andras] was able to dump the firmware from both of his test devices and start analyzing them.

Analyzing the codes showed identical firmware running on both devices, which made his job half as hard. It looked like the code was executing a type of man-in-the-middle attack on the CAN bus which allowed it to insert the bogus mileage reading. There’s a lot of interesting information in [Andras]’s writeup though, so if you’re interested in CAN bus or attacks like this, it’s definitely worth a read.