Solar Panel Keeps Car Battery Topped Off Through OBD-II Port

Up until the 1980s or so, a mechanic could check for shorts in a car’s electrical system by looking for sparks while removing the battery terminal with everything turned off in the car. That stopped being possible when cars started getting always-on devices, and as [Kerry Wong] learned, these phantom loads can leave one stranded with a dead battery at the airport after returning from a long trip.

[Kerry]’s solution is simple: a solar trickle charger. Such devices are readily available commercially, of course, and generally consist of a small photovoltaic array that sits on the dashboard and a plug for the lighter socket. But as [Kerry] points out in the video below, most newer model cars no longer have lighter sockets that are wired to work without the ignition being on. So he chose to connect his solar panel directly to the OBD-II port, the spec for which calls for an always-on, fused circuit connected directly to the positive terminal of the vehicle battery. He had to hack together an adapter for the panel’s lighter plug, the insides of which are more than a little scary, and for good measure, he added a Schottky diode to prevent battery discharge through the panel. Even the weak winter sun provides 150 mA or so of trickle charge, and [Kerry] can rest assured his ride will be ready at the end of his trip.

We used to seeing [Kerry] tear down test gear and analyze unusual devices, along with the odd post mortem on nearly catastrophic failures. We’re glad nothing burst into flames with this one.

Continue reading “Solar Panel Keeps Car Battery Topped Off Through OBD-II Port”

Emulating OBD-II On The ESP32

It used to be that you could pop the hood and with nothing more than flat head screwdriver, some baling wire, and tongue held at the optimal angle, you could fix anything that ailed your car. But today, for better or for worse, the average automobile is a rolling computer that runs on gasoline and hope (if it even still has a gasoline engine, that is). DIY repairs and maintenance on a modern car is still possible of course, but the home mechanic’s toolbox has needed to evolve with the times. If you want to do anything more advanced than changing a tire, you’ll really want to have the gear to interface with the vehicle’s computer via the OBD-II port.

But for some, even that isn’t enough. [limiter121] recently wrote in to tell us of an interesting project which doesn’t read the OBD-II port in a vehicle, but actually emulates one. Like so many others this hack was born out of necessity, as a way to test an OBD-II project without having to sit out in the driveway all day. It allows you to create fictitious speed and engine RPM values for the OBD-II device or software under test to read, complete with a slick web interface to control the “car”.

So what makes it tick? Surprisingly little, actually. At the most basic level, an ESP32-WROOM-32 is connected up to a SN65HVD230 CAN transceiver chip. You’ll also need a 3.3V power supply, as well as a USB to serial adapter to do the initial programming on the ESP32. From there it’s just a matter of compiling and flashing the code [limiter121] has made available in the GitHub repo.

If you’re wondering if such products don’t already exist on the commercial market, they do. But like so many other niche projects, the price is a bit hard to swallow for the home hacker. Compared to the nearly $300 USD list price of commercial offerings such as the Freematics OBD-II Emulator, building one of these ESP32 based emulators should only cost you around $20.

Unless you’re developing an OBD-II reader, you probably don’t have much use for an OBD-II emulator. But this project could still be useful for anyone who wants to learn more about OBD from the comfort of their couch.

OBD-II Dongle Attack: Stopping A Moving Car Via Bluetooth

Researchers from the Argus Research Team found a way to hack into the Bosch Drivelog ODB-II dongle and inject any kind of malicious packets into the CAN bus. This allowed them to, among other things, stop the engine of a moving vehicle by connecting to the dongle via Bluetooth.

Drivelog is Bosch’s smart device for collecting and managing your vehicle’s operating data. It allows a user to connect via Bluetooth to track fuel consumption and to be alerted when service is necessary. It was compromised in a two stage attack. The first vulnerability, an information leak in the authentication process, between the dongle and the smart phone application allowed them to quickly brute-force the secret PIN offline and connect to the dongle via Bluetooth. After being connected, security holes in the message filter of the dongle allowed them to inject malicious messages into the CAN bus.

The Bluetooth pairing mechanism, called “Just Works”, has been fixed by Bosh by activating a two-step verification for additional users to be registered to a device.  The second issue, the ability for a maliciously modified mobile application to possibly send unwanted CAN messages, will be mitigated with an update to the dongle firmware to further limit the allowed commands that the dongle is able to place on the CAN bus.

Bosch downplays the issue a bit in their statement:

It is important to note that scalability of a potential malicious attack is limited by the fact that such an attack requires physical proximity to the dongle. This means that the attacking device needs to be within Bluetooth range of the vehicle.

The problem is that physical proximity does not equal Bluetooth range. Standard Bluetooth range is about 10m, which is very arguable physical proximity, but it is pretty easy to buy or even modify a Bluetooth dongle with 10x and 100x more range. When adding a wireless connection to the CAN bus of an automobile, the manufacturer has an obligation to ensure the data system is not compromised. This near-proximity example is still technically a remote hack, and it’s an example of the worst kind of vulnerability.

Open Source OBD-II Adapter

Automotive diagnostics have come a long way since the “idiot lights” of the 1980s. The current version of the on-board diagnostics (OBD) protocol provides real time data as well as fault diagnostics, thanks to the numerous sensors connected to the data network in the modern vehicle. While the hardware interface is fairly standardized now, manufacturers use one of several different standards to encode the data. [Alex Sidorenko] has built an open source OBD-II Adapter which provides a serial interface using the ELM327 command set and supports all OBD-II standards.

The hardware is built around the LPC1517 Cortex-M3 microprocessor and can accept a couple of different versions. Here’s the PDF schematic, and a set of Gerber files (ZIP archive) for the PCB layout, if you’d like to dig in to it’s internals. The MC33660 ISO K Line Serial Link Interface device is used to provide bi-directional half-duplex communication interface with the micro-controller. Also included is the TJF1051, a high-speed CAN transceiver that provides an interface between the micro controller and the physical two-wire CAN lines on the ODB-II connector. The serial output from the adapter board is connected to a computer using a serial to USB adapter.

The software is written in C++ for the LPCXpresso IDE – a GNU tool chain for ARM Cortex-M processors, but can also be compiled using a couple of other toolchains. He’s got instructions if you’d like to build the firmware from source, or if you’d like to program the adapter via Flash Magic.

We featured [Alex]’s inexpensive PIC based ODB-II interface way back in 2007, so he’s been working on this for a while and has a good grip on what he’s doing.

OBD-II TrckrX: Data Logging In A BMW E36 M3

[Bruce Land] sent in this cool final project for ECE 4760 at Cornell University. Dubbed TrckrX, it is an OBD-II tracking and data logging system built into a BMW E36 M3. The car in question is being used in some auotocross competitions. The driver wanted instant access to some data as well as a log of everything for later analysis. The unit gives a real time display of vehicle speed, coolant temp, and RPM. G-force and timestamps are stored on the SD card.

We think this is a very cool idea, and could be quite useful in some instances. The real time display of speed and RPM seem a bit peculiar as the car’s speedometer and tachometer are more appropriately placed for real time information. However, we completely understand that this was a class project and this person may not have wanted to replace their dash cluster with a new readout.

Keep Tabs On Your Car Without OBD-II

[Steve] let us know about his MultiDisplay car monitoring system. Unlike traditional systems that rely on interfacing with the OBD-II protocol and existing car computer, the MultiDisplay uses an Arduino and custom shield with a combination of sensors; including temperatures, pressures, throttle, Boost, and etc. The data collected can then be displayed on a 20×4 LCD or streamed to a PC with visualization and event recording.

It’s nice to see half a years worth of work finally be complete and presented in such a clean and professional manner, keep up the good work [Steve]

OBD-II Automotive Data Logging

obd2

[Avi Aisenberg] sent us his final project for ece 4760.  His team built and OBD-II data interface. Even though OBD-II is an industry standard, each manufacturer has implemented it differently. This is where this project shines. They have built it to be capable of talking to any of them. Not only that, but it has a nice backlit LCD screen for diagnosing issues without having to go back to your computer and downloading the data. If you really don’t need all the bells and whistles, you can make one for roughly $15. They even have an OBD-II app for the iPhone.