If your whip is a Honda, Toyota, BMW, Chrysler, VW, or Mini made in the last decade or so, the Car Kracker is for you. This project allows you to connect directly to your car’s computer system, allowing you to display messages on your stereo, play music off an SD card, and even override factory settings like always-on daytime running lights.
The Car Kracker uses ISO 9141, an in-car communications protocol that is now mostly used in foreign (for the US) cars. The build uses a Gadget Gangster Propeller board to connect to the CD changer port and OBD-2 port in the trunk, and the diagnostic port located under the hood.
With the Car Kracker, it’s easy to connect the Aux In on your stereo to an SD card loaded with music, or even plug in an iPod for the poor souls without a 1/8″ jack. Dealer customizations such as turning the ‘door is ajar’ noise off, toggling daytime running lights, and throwing a nav warning up are also possible.
Check out the two videos after the break, and if anyone has any more info on getting this deep into a car’s computer system (a wiki, maybe?), send a link in on the tip line.
ODB-2… OBD-2?
sucks that the bmws with the best displays were the last generations with dumb odb1.
wich is probably as capable as 2 after you account for all the proprietary stuff each maker added, but since there’s no standard to use it, point is moot.
ISO 9141 was included in the OBD2 specifications. You might find it in some pre-obd2 cars, but I suspect it’s unlikely.
ODB, not OBD.
It’s OBD (On Board Diagnostics = OBD)
http://en.wikipedia.org/wiki/On-board_diagnostics
OBD 1
OBD 1.5
OBD 2
bruh…
“pay music off an SD card”
I assume “play”? :) Quite interesting nonetheless!
Getting a toyota next month… interfacing.
Next month on Hack a Day; How to Unbrick Your BMW.
:D
:D
Very interesting anyway!
LOL ;D.
I was always wantning to see like this. This will surely go to my first car :)
“unbricked”, “rooted”, “unlocked”, “stolen” XD hahaha
just open doors 1 3 and the trunk/boot then press Clutch, Wipers and open the fuel tank door.
that should unbrick a late model…
Remember doing something like this with my cw jetta and the obd port and vagcom program
Very cool stuff wouldn’t surprise me as BMW’s have enough wires and computers to link up to NORAD !!
Considering our nuclear programs and such haven’t been updated since the 70’s, your wrist watch is probably more powerful than NORAD.
Lol, soooo true.
Especially since they started making watches like these, lol.
Forgot link: http://www.sonymobile.com/us/products/accessories/smartwatch/
If you’d like some more information about the MINI Cooper CAN bus traffic, I wrote up a presentation Here.
In other words, your car can have traffic inside and out!
Or, “Yo dawg, we heard you like traffic…”
Really cool, but turning off day time running lights is not a smart idea. Plus they are mandatory in Canada so disabling them could get you a ticket up here!
daytime lights are just silly in places like california.
it should be configurable in foggy places, but other than that, just useless battery drain.
I hate DRL – it burned out the light relay in my old Geo Metro. My ’00 BMW doesn’t have DRL, but they aren’t required where I live.
They aren’t for you. As you said, in full sun you can see plenty. They are for other drivers, so then can see you better, especially if you are in a shadow and they aren’t.
Daytime running lights reduce accidents even during the daytime. Draining the battery is a silly concern given that the added load to your engine is negligible.
It shouldn’t be draining the battery unless there’s something horribly wrong with your charging system.
If this was possible on my car I would look into it right away. Running lights a more of an annoyance if you have a job like mine. I work security and occasionally I have a job that requires me to sit in my car all night. Thankfully pulling the hand brake turns off the lights or else I would have to chose between sitting in air conditioning and giving away my position or not sticking out but having to sit in a hot car all night.
Hey HAD! This is my project;
It’s actually pretty hard to brick your car – only the engine and transmission have re-writable firmware, and they’re on a separate data bus.
Many complaints about my ’00 e46. But the data bus is a lot of fun to play with.
Hm. What about Suzuki? Has anyone you know of tried it on a less-common Japanese car?
Ross tech made an interfacing cable a long time ago with free software to do this very thing. I just bought my wife a VW Jetta and managed to turn off the seat belt buzzer, door buzzer, and activate/deactivate a half-dozen other features. However, this is much neater, and notably cheaper. I will have to try this out as well.
http://www.warp.at/lotus … there is much more that has firmware (ABS, ESP, Airbag, …)
BCM, where most crypto code and dash controls are.
There are some cool patented algos in ECMs for fuel and emissions.
I remember messing with this stuff late 90s, it’s too expensive for most people including me, now. Some of the things I did made world news when some university researchers published papers 5 years later on just a fraction of it. They got sewed though ^^
care to share a link to those papers ? ;)
Software-wise, they’re just targeting BMW stuff. Some of the stuff they’re doing won’t work the way they’re doing it on a VW, for instance, or is just impossible without hardware mods.
Also, ISO 9141 is an outdated protocol, most companies have since moved to CAN-only systems.
Re: the Ross-Tech cable, that’s somewhat different in that it’s a diagnostic tool that can manually access the control modules in the car to change settings or read sensors. (I highly recommend their stuff if you have a VW, though.)
Re: OBD-I vs. OBD-II… generic OBD-II is very limited compared to the proprietary protocols, which at least in the case of VWs, stayed the same when they moved from OBD-I to OBD-II. This may actually work on an OBD-I BMW, given that it’s not going to be using the Generic OBD-II command set.
Re: Reflashable control modules… you’d be surprised what’s reflashable. On my 99.5 Golf TDI, the engine computer is NOT reflashable (2000+ were, and there was a nasty bug in the firmware on the pre-2000 Mk4 TDI startup fueling map (essentially, a corner of the map that covered high temperature and low RPM was zeroed out, meaning you had to crank for 5+ seconds before the emergency start fueling map was used to dump fuel into the engine), that went unfixed due to the cost of fixing it). However, the instrument cluster and the central convenience (locks, doors, windows, mirrors, that sort of thing) modules are reflashable. Nowadays, everything in the car is reflashable.
Yes, I unhappily discovered this only after purchasing the Kiwi WiFi ODBII dongle and iPhone app. What a bummer that was. I would hate to make that mistake again with this product.
ahh, one of the FEW people that dont think im off my rocker by TRYing to warn people… that newer cars can be started and driven off unattended THROUGH the INTERNET connection provided by OnStar… how? your car doesnt have a firewall nor virus scanner, and hash andor checksum can both easily be faked, as has been prouven on desktop computers time and time again.
but how could this “virus” possibly be implanted? does your car play MP3’s? MP3’s that were burnt on a CD… on a computer that is connected to the internet and browses on websites.
have fun with facebook,,, GIF and JPG files can BOTH hold viruses, picked a few up from facebook (someone else using) and antivirus deleted it.
friend request? too late you already just downloaded the virus just by viewing the request list-page! hmm scary
PS: everything i just talked about was about viruse files, im have no clue and dont want to know if they can be hacked into directly… even more scary
PPS: if there is a webcam (backup camera, while in reverse, and reverse IS fast enough to kill a person) or GPS involved (onstart has GPS built in i think) then it becomes MUCH more dangerous of a machine!
PPPS: toyota
I’ve reversed onstar firmware, you are off your rocker. It’s most robust system at most can control ECM to the point of ignition and alarm security bypass and only after challenge/response with an operator.
FPGA on ECM are hardware-write-locked and only some can be dumped, so super hax0rs are no significant threat even if they give generic bypass tools to thiefs..
A bypass tool would defeat challenge/response via physical connection to FBGA bus board..
but it(onstar) can shut down the engine without any hacking if the car is reported stolen(to the police)… so wouldnt one be right to say it could also start said engine?
maybe im just stuck thinking about OLDER car networks, the ones without a hoot of thought put into them. 1st gen if you will
im not talking about a specific car, and im not talking about all cars, im talking about “some” cars.
and since when are cars challenge and response? maybe i was out of the loop too long but last i heard car “networks” didnt even have the “from” field in their network packet… so the left-front brake can not tell if it is the pedal telling it to brake, or the onstar, or even the stereo, yes, the stereo could concievebly tell the car to spin out.
seperate networks, i heard there is a device that translates from one network to the other in a car, blocking certain sendto address packets. could that not be overwritten too? im assuming this device has the same amount of security in it as a home networking router, and those have been broken time and time again.
PS: i mean (toyota) cars dont just accelerate uncontrolled and crash for no reason.
they said it needed a metal “shim”, yeh right.
how the hell does a “shim” keep the whole thing from going bonkers, i mean i’d understand if the pedal’s calibration was off by as much as 50% when it breaks, but 100% off???
Fear is our greatest weapon.. and Surprise !
Fear and Surprise are our greatest weapons…
Does any one have any more info on doing stuff like this with a 99 VW Golf?
http://www.nefmoto.com has lots of VW/Audi info on reverse engineering 1999-2005 cars.
http://www.nefmoto.com has lots of info on reverse engineering and tuning the ME7 engine computers used in 1999-2005 VW/Audi/Skoda/Seat. On the site there is a lot of info on the ISO9141/KWP1281 and KISP14230/WP2000 protocols used for communicating with the different computers in the car.
Now if it will let me alter the perimeters in the computer so i can get the engine lite out and get it to pass inspection before it’s due that would be awesome.
Clearing codes can be done with any OBD reading tool. You can probably even get it done at the local Pep Boys or Autozone.
Altering the engine parameters is a little harder since that’s actually ECU modding, which is a whole different problem.
clearing codes is easy I’m taking about clearing the codes so it doesn’t look like it’s been cleared and keeping them from coming back on so it can “pass” inspection as my pos needs expensive exhaust work that I can’t afford to do.
I think this is nto full demo video. I have seen more in this type in technique area.