ODB-II hacking using an Android tablet


What a strange message to read on the digital dashboard display of your car. This is proof that [Kristoffer Smith] was able to control the ODB-II bus on his Eagle Grand Cherokee.

He’s not just doing this for the heck of it. It stems from his goal of adding an Android tablet on the dashboard which has been a popular hack as of late. This left [Kristoffer] with steering wheel controls that did nothing. They originally operated the radio, so he set out to make them control the tablet.

He had seen an Arduino used to control the CAN bus, but decided to go a different route. He grabbed a USB CAN bus interface for around $25. The first order of business was to use it with his computer to sniff the data available. From there he was able to decode the traffic and figure out the commands he needed to monitor. The last piece of the puzzle was to write his own Android code to watch for and react to the steering wheel buttons. You can check out the code at his repository and see the demo after the break.

[Read more...]

Cellular vehicle information and control

This hardware, which was built as a Computer Engineering project by [Bryon] and his classmates, gives you feedback and control of a car though a cellular phone network. It uses text messages to communicate with a control device. This can be pretty much any cellphone, but in the clip after the break they show off an Android app which puts a pretty GUI in front of you and abstracts away the tedium of specially formatted messages.

At the heart of the system is an Arduino Mega board. It has a cellular shield with an external antennae for connectivity. A GPS device, relay board, and ODB-II module provide feedback and control to the system. The relays allow the car to be started and the doors to be locked. The GPS and ODB-II module can send back location and vehicle information (anything available from the car’s sensors). There were some issues with the text messages being blocked during testing. The team thinks that the automated back-and-forth triggered some kind of spam filter from the telecom.

There’s still more work to be done if they want to actually drive the car via remote control.

[Read more...]

Hacking the computer interface of a Ford Focus Mk2

You can do some neat stuff to the way your Ford Focus Mk2 works, but first you have to gain access to the data system. If you know some Russian, and don’t mind a bit of dongle rewiring, this guide will have you hacking the car’s CAN bus in no time. It was written by [Preee] and he has already added Radio RDS and CD Track information to the speedometer display panel, implemented hands free control for his cellphone, disabled the sounds the car makes when he goes into reverse, changed the door locking speed from 5mph to 10mph, and much more.

To gain access to the system you need hardware to bridge from a computer to the CAN bus. He hit eBay and bought an ELM327 cable which plugs into the On-Board Diagnostics port (ODBII). There are two different ways these dongles can be configured and since this isn’t the right one for the Focus he had to alter it. His hardware changes are illustrated in the second post of the forum thread. Instead of just switching over to the other configuration, he wired up a toggle switch to select between the two.

With hardware in place he grabbed some software and started hacking away. But as we hinted above, it’s not as simple as you might think. The software is in Russian. [Preee] did his best to add translations to a few screenshots, but it’s still going to be a bit of a bother trying to find your way around the GUI.

[Thanks Fred]

Tinkering with ODB II and the CAN bus

[Debrah] is taking his next project out to the garage. He built his own CAN bus reader using a dsPIC.

The nice thing about working with Control Area Network is that it’s a universal standard found on every modern production line automobile. And because of this, the chip you need in order to communicate using that protocol will cost just over a dollar. [Debraj] chose the MCP2551, which comes in several different 8-pin packages. There is even an application note tailored for use with the dsPIC33F family.

The project is running on both 5V and 3.3V rails. This complicates things just a bit, but a level converter makes sure that there’s no communications problems between the chips. A four line character LCD acts as the output during the tests (you can see this in the clip after the break) but he’s already got a second version which looks quite a bit better on the dashboard.

What else can be done with this hack? Well, we’ve seen a method used to read control buttons from the steering wheel before. It all depends on what data your vehicle is transmitting and one way to find that out is to build some hardware and start logging the packets. [Read more...]

Modern car data systems lack security

Tomorrow a team of researchers will present their paper on Experimental Security Analysis of a Modern Automobile (PDF) at the IEEE Symposium on Security & Privacy. Much like the racing simulators we’ve seen they’re exploiting the ODB-II port to get at the vehicle’s Controller-area network, or CAN-bus. We’re not surprised at all that they can display custom text on the dashboard display or read sensor data from the car. What does surprise us is their exposé on how truly unsecured the system is. It seems that access to any device on the CAN-bus gives them unobstructed control of the car’s systems. Any device can send commands to any other device. They’ve even found a way to write malicious code to the car’s computer which can be programmed to erase itself in the event of a crash.

Much like RFID the security risks here are basically nill for the vast majority of consumers. We just find it a bit surprising that there’s apparently been little thought put into fortifying the communications between the safety systems such as the brakes on the vehicle. For instance, team experimented with sending random packets over the CAN-bus and stumbled across a way to lock the brake on just one wheel. To us it’s conceivable that a malfunctioning device on the network could start sending out damaged packets and cause a dangerous malfunction like this one.

The 14-page PDF linked above is a page-turner, check it out on your hacked ereader during lunch.

Driving the car without going anywhere

This video game controller is a factory fresh VW. Much like the racing simulator from earlier in the week, the video game data is being displayed on the instrument panel. This takes us to a much higher level now because control for the game is taken from the car’s CANbus using and ODB-II connector. If you don’t speak in automotive jargon, that means that the sensor readings from the steering wheel, shifter, and pedals are being picked up and exported as joystick commands to the PC running the driving game. The only place the experience uses a substitute for the real thing is the sound, which is being played through speakers instead of emanating from under the hood. Looks like you just need to add a projector and screen to your garage in order to turn it into the hottest new gaming device.