It used to be that you could pop the hood and with nothing more than flat head screwdriver, some baling wire, and tongue held at the optimal angle, you could fix anything that ailed your car. But today, for better or for worse, the average automobile is a rolling computer that runs on gasoline and hope (if it even still has a gasoline engine, that is). DIY repairs and maintenance on a modern car is still possible of course, but the home mechanic’s toolbox has needed to evolve with the times. If you want to do anything more advanced than changing a tire, you’ll really want to have the gear to interface with the vehicle’s computer via the OBD-II port.
But for some, even that isn’t enough. [limiter121] recently wrote in to tell us of an interesting project which doesn’t read the OBD-II port in a vehicle, but actually emulates one. Like so many others this hack was born out of necessity, as a way to test an OBD-II project without having to sit out in the driveway all day. It allows you to create fictitious speed and engine RPM values for the OBD-II device or software under test to read, complete with a slick web interface to control the “car”.
So what makes it tick? Surprisingly little, actually. At the most basic level, an ESP32-WROOM-32 is connected up to a SN65HVD230 CAN transceiver chip. You’ll also need a 3.3V power supply, as well as a USB to serial adapter to do the initial programming on the ESP32. From there it’s just a matter of compiling and flashing the code [limiter121] has made available in the GitHub repo.
If you’re wondering if such products don’t already exist on the commercial market, they do. But like so many other niche projects, the price is a bit hard to swallow for the home hacker. Compared to the nearly $300 USD list price of commercial offerings such as the Freematics OBD-II Emulator, building one of these ESP32 based emulators should only cost you around $20.
Unless you’re developing an OBD-II reader, you probably don’t have much use for an OBD-II emulator. But this project could still be useful for anyone who wants to learn more about OBD from the comfort of their couch.
“more advanced than changing a tire”
If your car has tire pressure monitoring via sensors inside the tires, then changing a tire can be a tiresome procedure.
They make that needlessly complicated as relearning a new sensor could easily be something in a test menu in the gauge cluster or infotainment system.
Maybe make it a jumper wire under the dash if you wish to keep an air gap firewall between the infotainment system and the BCM.
Worst part is that the coding of new TPMS sensors into the memory of the monitoring unit never became internationally standardized before they got more or less mandatory in new automobiles.
If it was, then you could pick up a TPMS sensor ID reader and monitoring unit “programmer” for chump change.
That’s awesome- I’ve been trying to repair an obd2 reader (tech2) and having a signal source without sitting in the car would be very useful.
Lately I have been wondering if the frequency of your car radio can be read using ODB2, does anyone know?I have never played with this technology.
You could use any USB-CAN-Adapter for that. There are cheap ones from Lawicel and others. Even the Black beagle bone has CAN onboard. All that with SocketCAN support in Linux. So there is no real need for “emulating CAN”.
Inexpensive :)
Look at 8devices’ USB2CAN.
The BBB is missing the Transceiver.
I would like more info on this new product
I wonder what’s needed to develop this thing to the point that connecting it to a car’s OBD-II connector (and disconnecting the ECU) would allow an otherwise-out-of-compliance car to pass a state’s emission test computer? I’m asking for a friend.
First, ask VW lol
Second, youd have to know the exact test plan used by the state, which wouldnt be that hard in theory but I would assume theyre designed to go haywire at the slightest out of bounds repsonse
The state emission tests often involve using the OBD-II port, so you’d need to work around that. Couple options:
-> Wire in another port somewhere else (say, in the engine compartment away from the exhaust system. This is appealing, but (without knowing much about CAN) you’d have to prevent the signals from the original computer from reaching the tester, but still have it drive the car. Honestly, the easiest way is probably to MiTM the stock OBD-II port and alter readings as needed.
-> Reflash the original controller. Already commonly done. Alter values for daily driving, reset to stock when being tested, reflash to alternates for driving once you leave and continue polluting harder or whatever you’re doing.
-> If you want to *really* party, replace & emulate the stock MCU when in the shop, then have a hidden switch (or whatever control scheme you like) to flip it back to your configuration.
This is, however, fully playing with fire. Last I heard, there’s a surprising amount of interplay between safety systems and the (“main”) MCU; hopefully that’s been separated out a bit. Sure would be a shame if my Prius’s airbags failed to deploy because the main MCU was spinlocked with the virtual gas pedal floored. (I forget the details about the Prius thing).
All that said, I wouldn’t be bothering with emissions tests – that’s low on my priorities list. I’d be more concerned with physically isolating the systems running my engine and safety equipment from the wider Internet. There have been demonstrated vulnerabilities (with Daimler-Chrysler vehicles, but I have no doubt they exist elsewhere) allowing someone to go through the cellular modem, through the entertainment system, and then screw with brakes, power steering, throttle, etc. That shit is terrifying. Phuck that, I’ll be more than happy to run the extra cabling myself and isolate the network-accessible portion of my car from the part that keeps me from dying. That’s where the above ideas would be relevant – I’d be interested in dropping a good (looking at you, Daimler-Chrysler) hardware CAN firewall in place. I’ll install my system updates with a thumb drive and a USB port, not “hey look it’s all magically updated! Hopefully nobody broke through the security!”.
That said, I lack the skills to not wreck my car in doing so and the skills to get the MCU to not whine and moan (and probably disable the car) when it realizes it can’t access the climate control or the cellular modem. So I’ll probably end up just disconnecting/grounding/Farday cage’ing the cellular antenna and calling it a day. If I’m feeling really fancy, I’ll ground it through a transistor so I can flip a switch in the cap and forcibly disconnect/reconnect to the network.
I can see big benefits in implementing OBD for old vehicules (I own a VW combi).
I think about obd hud display, or trackers with obd that does not cost a lot compared to the time required to make them.
Moreover, in France, you must bring your vehicule to control it every two years. The controls are becoming more complex and
some new check points are rely onto OBD connexion, so have one could speed up the control process ;)
For me its a very interesting project, and I am going to explore it: thanks HaD !
Well “Bad Angel” are you implying that having a fake OBD connector on your car that gives acceptable readings to the authorities will speed up the testing process? That they will be happy to have something to plug into and not even bother to find out if your car is supposed to have one?
B^)
I’m not sure you’re aware of the whole…environment thing. And the diesel scandal that has hit a few car manufacturers. And the massive regulations changes that came with it.
E.g. here in Germany, our biannual technical inspections of vehicles include an exhaust emissions test. Until last year, this was done via OBD2 on cars that had it and via a snorkel in the tailpipe for those which didn’t.
From this year on, everyone gets a snorkel up the cars butt to check actual emissions coming out of there vs. those that your sensors report via OBD2. And guess how the inspectors mood will change if he sees your fake OBD2 data vs the toxic shit coming out the tailpipe.
They also do check engine fault codes, and pretty much any fault code will result in your car not being allowed on the roads. 4pot engine running on 3 but OBD2 is reporting “All is fine, nothing to see here!” will also get you into mad trouble.
“From this year on, everyone gets a snorkel up the cars butt ”
LOL!
@ Ren. Another scandal. Buttgate.
The diesel scandal was a scandal against the people. The “offending” cars met the standards of cars a few years older. In regards to tail pipe testing, you can run a different fuel composition to fool these tests. There is always a way for those who are so inclined. I realize that you EU guys have wholly given up control of your lives to the ruling class but in the USA 50% of us still value freedom and the sacrifices that our past patriots made for it. Methinks that we’ll be yelling “the british are coming!” again someday. Just look at londonistan – No guns, but surpasses NY murders with knives. Now mayor bans knives – what will be next? I guess clothes will be banned in the end, so that the enforcers can see that we’re not holding anything.
Strangulation’s went down when wired devices transitioned to wireless and not banned or even regulated other than quality of signals. What about sexual deviations and sodomy and poisons? Why is that becoming more legal and mainstream? That doesn’t make sense. Like no duals… though poisoning en mass is OK?
Anyhow, this article is a good reminder to learn more about CAN, sensors and the communication processes as I bought an ODBLink SX for a reasonable price and the Bluetooth versions are about $55. The article gets me thinking I can make a wireless version with an ESP32 or just about any micro-controller (have to check data transfer rates compatibility) or microcomputer at the least as a data transfer system.
I literally wanted to make a custom dash for the 2001 Dodge Ram and got as far as the Android system verification was working alright and am thinking I can reduce the dimensions of information into a 7″ LCD screen since I have a few and their height is shorter.
I’m guessing can be spliced into the line also so the ODB port is still accessible if taken in for servicing.
@NATO:
> The “offending” cars met the standards of cars a few years older.
Well, of course, but they’re not meeting the current regulations. By that argumentation of yours, manufacturers would be able to build cars without 3p-Belts/Airbags/ABS, because they meed “the standards of cars a few years older.”
> I realize that you EU guys have wholly given up control of your lives to the ruling class but in the USA 50% of us still value freedom and the sacrifices that our past patriots made for it.
Yknow, i’d rather not be allowed to drive old cars than have me or people close to me die early because of toxic gases in the air we breathe.
Also still better than being ruled by a cheeto that’s trying to start WW3.
> Just look at londonistan – No guns, but surpasses NY murders with knives.
Ah, great whataboutism you have there, “We have a problem, but look over there, they have an entierely different problem that has nothing to do with our own problem we have, but we don’t really like to talk about our problems, because were ‘murica! Freedom!”
old cars are WAY better eg. MG Midget, Mini, All real Landrovers up to the Defenders untimely demise. With some time and effort in biofuel and GM crops we can continue without changing from the glorious internal combustion engine, and without interfering governments we can all look after each other on a small community level
Of course old cars are better, as in they don’t break to bits when you hit something. But they’re pretty damn shit if you’re the one being hit by them. And they’re pretty much shit if you have to breathe the crap that comes out their exhaust. Engines are higly inefficient, safety systems are…next to not present at all.
Right, they literally go the bathroom on us and create all sorts of chem trails… or wait… they’re just polluted con trails.
you’re obviously not old enough to remember the smog in Los Angeles before the state took a proactive role in reducing emissions. I was in Beijing a couple years ago when the smog index was 550 (on a scale of 1-300!!!) and I can tell you that LA smog in the 70’s was much much worse
this makes a great ODB sniffer too, since it can be used to possibly extract proprietary tools OBD commands and work on documenting the manufacturer specific odb commands.
My thoughts exactly, now that would be really interesting to see implemented.
There’s encryption involved if memory serves.
Interesting
“If you’re wondering if such products don’t already exist on the commercial market, they do. But like so many other niche projects, the price is a bit hard to swallow for the home hacker.”
Considering most ODB tools are basically micro-controllers with some secret sauce firmware, yes I can understand. Hence the clone market.
If you have one of those trackers that plug into your OBD2 port for all of your vehicles except for the one that’s too old to have the port, I imagine something like this would allow you to add tracking when the company that makes the tracker refuses to allow it (I suggested a simple adapter that would feed switched 12v power to the tracker for the sole purpose of tracking – not any of the other functions that would require an actual OBD2 port – but Automatic was not interested).
How are the noisy electrical spikes in the car electrical system blocked from damaging the ESP and ancillary parts?
It’s called filters. Electronics 101.
While some of the comments have been about integrating a device like this into a pre-OBD car, the developer’s initial intent is that this would not be installed in a vehicle but instead running on your bench with a regulated power supply.
Yeah, this is more a learning tool is what I gleaned.
I scored a Mercedes Benz deck and CD changer (looks like Alpine) from a Goodwill Store for $4 each that looks like came out of an S Class of some sort. Yeah, $4 each.
Well… there is some sort of proprietary fiber optic cable that like I am thinking some are thinking… that have to find some sort of COTS adapter or device.
Nope… not much that I found other than like the Mercedes Benz customer service noted I have to subscribe to some application to get the schematics or figure out the protocol via sniffing out the digital packets and maybe for like wireless devices the analog carrier. I might just tear down the deck to get to the part of the circuit that translates the analog or maybe linear pulse modulated or whatever the digital version is to the fiber optic cable. I have a better deck I want to use already anyhow. Then I can just not have to buy anything for an adapter.
Back to OBD… since the vehicle OBD is wired from my understanding… there is a market already with these devices. Same goes with CAN adapters. Arduino I want to say even has a CAN interface board or CAN bus shield or module.
No need for wireshark on this type system… or maybe there is a wireless version I’m not aware of. An oscilloscope should be able to read signals and really a logic analyzer will be the way to go and interestingly I just opened a packet in the mail today for an “RCA Audio Noise Filter Suppressor Ground Loop Isolator for Car and Home Stereo”. Not sure what the OBD noise range is. I bought the filter for a VLF receiver… still… for ~$7 isn’t a bad deal and really you can read how they’re made and salvage parts. Think like a crossover coil for a speaker box… what frequencies do you want to cut out or attenuate?
Simulating a Ford Taurus ECU
http://www.fixkick.com/ELM327/taurus-sim/hacked.html
dudee…. I’m gonna work on doing this for a v6 mustang so i can unlock this fucking sct x4 that’s married to a car I can’t access