Automotive diagnostics have come a long way since the “idiot lights” of the 1980s. The current version of the on-board diagnostics (OBD) protocol provides real time data as well as fault diagnostics, thanks to the numerous sensors connected to the data network in the modern vehicle. While the hardware interface is fairly standardized now, manufacturers use one of several different standards to encode the data. [Alex Sidorenko] has built an open source OBD-II Adapter which provides a serial interface using the ELM327 command set and supports all OBD-II standards.
The hardware is built around the LPC1517 Cortex-M3 microprocessor and can accept a couple of different versions. Here’s the PDF schematic, and a set of Gerber files (ZIP archive) for the PCB layout, if you’d like to dig in to it’s internals. The MC33660 ISO K Line Serial Link Interface device is used to provide bi-directional half-duplex communication interface with the micro-controller. Also included is the TJF1051, a high-speed CAN transceiver that provides an interface between the micro controller and the physical two-wire CAN lines on the ODB-II connector. The serial output from the adapter board is connected to a computer using a serial to USB adapter.
The software is written in C++ for the LPCXpresso IDE – a GNU tool chain for ARM Cortex-M processors, but can also be compiled using a couple of other toolchains. He’s got instructions if you’d like to build the firmware from source, or if you’d like to program the adapter via Flash Magic.
We featured [Alex]’s inexpensive PIC based ODB-II interface way back in 2007, so he’s been working on this for a while and has a good grip on what he’s doing.
The Progressive Snapshot is a small device that plugs into the ODB-II port on your car, figures out how terrible of a driver you are, and sends that data to Progressive servers so a discount (or increase) can be applied to your car insurance policy. [Jared] wondered what was inside this little device, so he did a teardown. There’s an Atmel ARM in there along with a SIM card. Anyone else want to have a go at reverse engineering this thing from a few pictures?
[Alex]’s dad received a special gift for his company’s 50th anniversary – a Zippo Ziplight. Basically, its a flashlight stuffed into the metal Zippo lighter we all know and love. The problem is, it’s battery-powered, and Zippo doesn’t make them any more. It also uses AAAA batteries. Yes, four As. No problem, because you can take apart a 9V and get six of them.
‘Tis the season to decorate things, I guess, and here’s a Hackaday snowflake. That’s from [Benjamin Gray], someone who really knows his way around a laser cutter.
HHaviing trouble wiith a debounce ciircut? HHer’s a calculator for just thhat problem. Put iin the logiic hhiigh voltage level, the bounce tiime, and the fiinal voltage, and you get the capaciitor value and resiistor value.
A harmonograph is a device that puts a pen on a pendulum, drawing out complex curves that even a spirograph would find impressive. [Matt] wanted to make some harmonographs, but a CNC and a printing press got in the way. He’s actually making some interesting prints that would be difficult if not impossible to make with a traditional harmonograph – [Matt] can control the depth and width of the cut, making for some interesting patterns.
The Mooltipass, the Developed On Hackaday offline password keeper, has had an interesting crowdfunding campaign and now it’s completely funded. The person who tipped it over was [Shad Van Den Hul]. Go him. There’s still two days left in the campaign, so now’s the time if you want one.
What a strange message to read on the digital dashboard display of your car. This is proof that [Kristoffer Smith] was able to control the ODB-II bus on his Eagle Grand Cherokee.
He’s not just doing this for the heck of it. It stems from his goal of adding an Android tablet on the dashboard which has been a popular hack as of late. This left [Kristoffer] with steering wheel controls that did nothing. They originally operated the radio, so he set out to make them control the tablet.
He had seen an Arduino used to control the CAN bus, but decided to go a different route. He grabbed a USB CAN bus interface for around $25. The first order of business was to use it with his computer to sniff the data available. From there he was able to decode the traffic and figure out the commands he needed to monitor. The last piece of the puzzle was to write his own Android code to watch for and react to the steering wheel buttons. You can check out the code at his repository and see the demo after the break.
Continue reading “ODB-II hacking using an Android tablet”
This hardware, which was built as a Computer Engineering project by [Bryon] and his classmates, gives you feedback and control of a car though a cellular phone network. It uses text messages to communicate with a control device. This can be pretty much any cellphone, but in the clip after the break they show off an Android app which puts a pretty GUI in front of you and abstracts away the tedium of specially formatted messages.
At the heart of the system is an Arduino Mega board. It has a cellular shield with an external antennae for connectivity. A GPS device, relay board, and ODB-II module provide feedback and control to the system. The relays allow the car to be started and the doors to be locked. The GPS and ODB-II module can send back location and vehicle information (anything available from the car’s sensors). There were some issues with the text messages being blocked during testing. The team thinks that the automated back-and-forth triggered some kind of spam filter from the telecom.
There’s still more work to be done if they want to actually drive the car via remote control.
Continue reading “Cellular vehicle information and control”
You can do some neat stuff to the way your Ford Focus Mk2 works, but first you have to gain access to the data system. If you know some Russian, and don’t mind a bit of dongle rewiring, this guide will have you hacking the car’s CAN bus in no time. It was written by [Preee] and he has already added Radio RDS and CD Track information to the speedometer display panel, implemented hands free control for his cellphone, disabled the sounds the car makes when he goes into reverse, changed the door locking speed from 5mph to 10mph, and much more.
To gain access to the system you need hardware to bridge from a computer to the CAN bus. He hit eBay and bought an ELM327 cable which plugs into the On-Board Diagnostics port (ODBII). There are two different ways these dongles can be configured and since this isn’t the right one for the Focus he had to alter it. His hardware changes are illustrated in the second post of the forum thread. Instead of just switching over to the other configuration, he wired up a toggle switch to select between the two.
With hardware in place he grabbed some software and started hacking away. But as we hinted above, it’s not as simple as you might think. The software is in Russian. [Preee] did his best to add translations to a few screenshots, but it’s still going to be a bit of a bother trying to find your way around the GUI.
[Debrah] is taking his next project out to the garage. He built his own CAN bus reader using a dsPIC.
The nice thing about working with Control Area Network is that it’s a universal standard found on every modern production line automobile. And because of this, the chip you need in order to communicate using that protocol will cost just over a dollar. [Debraj] chose the MCP2551, which comes in several different 8-pin packages. There is even an application note tailored for use with the dsPIC33F family.
The project is running on both 5V and 3.3V rails. This complicates things just a bit, but a level converter makes sure that there’s no communications problems between the chips. A four line character LCD acts as the output during the tests (you can see this in the clip after the break) but he’s already got a second version which looks quite a bit better on the dashboard.
What else can be done with this hack? Well, we’ve seen a method used to read control buttons from the steering wheel before. It all depends on what data your vehicle is transmitting and one way to find that out is to build some hardware and start logging the packets. Continue reading “Tinkering with ODB II and the CAN bus”
Tomorrow a team of researchers will present their paper on Experimental Security Analysis of a Modern Automobile (PDF) at the IEEE Symposium on Security & Privacy. Much like the racing simulators we’ve seen they’re exploiting the ODB-II port to get at the vehicle’s Controller-area network, or CAN-bus. We’re not surprised at all that they can display custom text on the dashboard display or read sensor data from the car. What does surprise us is their exposé on how truly unsecured the system is. It seems that access to any device on the CAN-bus gives them unobstructed control of the car’s systems. Any device can send commands to any other device. They’ve even found a way to write malicious code to the car’s computer which can be programmed to erase itself in the event of a crash.
Much like RFID the security risks here are basically nill for the vast majority of consumers. We just find it a bit surprising that there’s apparently been little thought put into fortifying the communications between the safety systems such as the brakes on the vehicle. For instance, team experimented with sending random packets over the CAN-bus and stumbled across a way to lock the brake on just one wheel. To us it’s conceivable that a malfunctioning device on the network could start sending out damaged packets and cause a dangerous malfunction like this one.
The 14-page PDF linked above is a page-turner, check it out on your hacked ereader during lunch.