CAN Bus Wireless Hacking / Dev Board

July 11, 2021 by Chris Lott 5 Comments

[Voltlog] has been hacking away at the CAN bus console of his VW Golf for quite some time now. Presumably, for his projects, the available CAN bus interface boards are lacking in some ways, either technically and/or price. So [Voltlog] designed his own wireless CAN bus hacking and development module called the ESP32 CanLite (see the video below the break). The board was tailored to meet the needs of his project and he claims it is not a universal tool. Nevertheless we think many folks will find the features he selected for this module will be a good fit for their projects as well.

In his introduction of the design, he walks through the various design decisions he faced. As the project name suggests, he’s using the ESP32 as the main controller due to it’s wireless radios and built-in CAN controller. The board is powered from the car’s +12V power, so it uses a wide input range ( 4 to 40 V ) switching regulator. One feature he added was the ability to switch automotive accessories using the ST VN750PC, a nifty high-side driver in an SO-8 package with integrated safety provisions.

The project is published as open source and the files can be pulled from his GitHub repository. We noticed the debug connector labeled VOLTLINK on the schematic, and found his description of this custom interface interesting. Basically, he was not satisfied with the quality and performance of the various USB-to-serial adapters on the market and decided to make his own. Could this be a common theme among [Voltlog]’s projects?

A word of warning if you want to build the ESP32 CanLite yourself. While [Voltlog] had intentionally selected parts that were common and easy to purchase when the project began, several key chips have since become nearly impossible to obtain these days due to the global parts shortage issue (it’s even out of stock on his Tindie page).

If you want to dig deeper into CAN bus hacking, check out this talk that we wrote about back in 2016. Do you have any favorite CAN bus development boards and/or tools? Let us know in the comments below.

Continue reading “CAN Bus Wireless Hacking / Dev Board” →

Using CanoPy To Visualize The CAN Bus

May 8, 2021 by Stephen Ogier 11 Comments

As cars have become more sophisticated electronically, understanding the CAN bus that forms the backbone of automotive digital systems has become more and more important for hacking cars. Inexpensive microcontroller CAN interfaces have made obtaining the raw CAN bus traffic trivial, but interpreting that traffic can be pretty challenging. In order to more easily visualize CAN traffic, [TJ Bruno] has developed CanoPy, a Python tool for visualizing CAN messages in real time.

A basic PC CAN interface simply dumps the bus’s message traffic into the terminal, while more sophisticated tools organize messages by the address of their intended recipients. Both of these approaches digitally lift the hood and let you examine what your car is thinking, but the wall-of-numbers approach makes finding the patterns that hold the keys to reverse engineering difficult. Automatically plotting the data with CanoPy makes finding correlations much easier, after which the text-based tools can be used to focus in on a few specific addresses.

Continue reading “Using CanoPy To Visualize The CAN Bus” →

Small Open Source Vehicle Hacking Platform

April 25, 2021 by Chris Lott 9 Comments

[Florian] and his engineering team at Munich-based bmc::labs has developed a clever set of prototyping boards for vehicle hacking and rapid product development, collectively called the bmc::board or bmc::mini. These stackable development boards were initially designed for in-house use. The team took a general purpose approach to the design so the boards could be used across a wide range of projects, and they should be useful to anyone in the field. [Florian] decided to release the boards to the community as open-source and certified by OSHWA (Open Source Hardware Association).

There are four boards currently defined, with several more in the works:

mini::base — Main microcontroller board, STM32F103-based
mini::out — I/O board with CAN bus, JTAG, etc.
mini:: grid — RF board providing GPS and GSM capability
mini::pit — local wireless connectivity, WiFi and Bluetooth, and 2nd CAN bus

At 54 x 42.5 mm, these boards are pretty small; a form-factor they describe as “exactly half a credit card”. We like the Wurth WR-MM family of stacking connectors they are using, and the symmetrical pinout means you can rotate the cards as needed. But at first glance, these thru-hole connectors seem to limit the stack to just two boards, although maybe they plan move to an SMT flavor of the connector in future designs permitting taller stacks.

If you’re into vehicle electronics and/or vehicle hacking, definitely take a look at these. You can check out [Florian]’s bmc::board Hackaday.io project page and the team’s GitHub repository for more details. Here’s another project by team member [Sebastian] using one of the future bmc::bike modules to eavesdrop on ECU communications, where he sensibly advises the reader “First, pull over and get off the bike. Never hack a two-wheeled vehicle while riding it!”.

No discussion of vehicle CAN bus tools should omit the work of Craig Smith, who literally wrote the book on hacking your car, and whose talk along with Hackaday’s own Eric Evenchick of CANtact fame we covered back in 2016. [Florian] has started a CrowdSupply campaign where you can see some more details of this project and a short promotional video.

Classic Triumph Gets A Modern Digital Dash

March 31, 2021 by Lewin Day 45 Comments

Analog gauges gave way to all manner of fancy electroluminescent and LED gauges in the ’80s, but the trend didn’t last long. It’s only in the last decade or so that LCD digital gauges have really started to take off in premium cars. [Josh] is putting a modern engine and drivetrain into his classic Triumph GT6, and realised that he’d have to scrap the classic mechanical gauge setup. After not falling in love with anything off the shelf, he decided to whip up his own solution from scratch.

The heart of the build is a Raspberry Pi 4, which interfaces with the car’s modern aftermarket ECU via CANBUS thanks to the PiCAN3 add-on board. Analog sensors, such as those for oil pressure and coolant temperature, are interfaced with a Teensy 4.0 microcontroller which has the analog to digital converters necessary to do the job. Display is via a 12.3″ super-wide LCD sourced off Aliexpress, with the graphics generated by custom PixiJS code running in Chromium under X.

The result is comparable with digital displays in many other modern automobiles, speaking to [Josh]’s abilities not just as a programmer but a graphic designer, too. As a bonus, if he gets sick of the design, it’s trivial to change the graphics without having to dig into the car’s actual hardware.

Gauge upgrades are common on restomod projects; another route taken is to convert classical mechanical gauges to electronic drive. If you’re cooking up your own sweet set of gauges in the garage, be sure to drop us a line! Video after the break.

Continue reading “Classic Triumph Gets A Modern Digital Dash” →

Adding Luxury Charging Features To An Entry-Level EV

September 12, 2020 by Bryan Cockfield 23 Comments

The Nissan Leaf is the best-selling electric car of all time so far, thanks largely to it being one of the first mass produced all-electric EVs. While getting into the market early was great for Nissan, they haven’t made a lot of upgrades that other EV manufacturers have made and are starting to lose customers as a result. One of those upgrades is charge limiting, which allows different charging rates to be set from within the car. With some CAN bus tinkering, though, this feature can be added to the Leaf.

Limiting the charging rate is useful when charging at unfamiliar or old power outlets which might not handle the default charge rate. In Europe, which has a 240V electrical distribution system, Leafs will draw around 3 kW from a wall outlet which is quite a bit of power. If the outlet looks like it won’t support that much power flow, it’s handy (and more safe) to be able to reduce that charge rate even if it might take longer to fully charge the vehicle. [Daniel Öster]’s modification requires the user to set the charge rate by manipulating the climate control, since the Leaf doesn’t have a comprehensive user interface.

The core of this project is performed over the CAN bus, which is a common communications scheme that is often used in vehicles and is well-documented and easy to take advantage of. Luckily, [Daniel] has made the code available on his GitHub page, so if you’re thinking about trading in a Leaf for something else because of its lack of features it may be time to reconsider.

Continue reading “Adding Luxury Charging Features To An Entry-Level EV” →

Custom Packet Sniffer Is A Great Way To Learn CAN

July 2, 2020 by Adil Malik 17 Comments

Whilst swapping out the stereo in his car for a more modern Android based solution, [Aaron] noticed that it only utilised a single CAN differential pair to communicate with the car as opposed to a whole bundle of wires employing analogue signalling. This is no surprise, as modern cars invariably use the CAN bus to establish communication between various peripherals and sensors.

In a series of videos, [Aaron] details how he used this opportunity to explore some of the nitty-gritty of CAN communication. In Part 1 he designs a cheap, custom CAN bus sniffer using an Arduino, a MCP2515 CAN controller and a CAN bus driver IC, demonstrating how this relatively simple hardware arrangement could be used along with open source software to decode some real CAN bus traffic. Part 2 of his series revolves around duping his Android stereo into various operational modes by sending the correct CAN packets.

These videos are a great way to learn some of the basic considerations associated with the various abstraction layers typically attributed to CAN. Once you’ve covered these, you can do some pretty interesting stuff, such as these dubious devices pulling a man-in-the-middle attack on your odometer! In the meantime, we would love to see a Part 3 on CAN hardware message filtering and masks [Aaron]!

Continue reading “Custom Packet Sniffer Is A Great Way To Learn CAN” →

Inside A CAN Bus Mileage Manipulator

March 13, 2020 by Bryan Cockfield 28 Comments

In the days of carburetors and leaf spring suspensions, odometer fraud was pretty simple to do just by disconnecting the cable or even winding the odometer backwards. With the OBD standard and the prevalence of electronics in cars, promises were made by marketing teams that this risk had all but been eliminated. In reality, however, the manipulation of CAN bus makes odometer fraud just as easy, and [Andras] is here to show us exactly how easy with a teardown of a few cheap CAN bus adapters.

We featured another project that was a hardware teardown of one of these devices, but [Andras] takes this a step further by probing into the code running on the microcontroller. One would imagine that basic measures would have been taken by the attackers to obscure code or at least disable debugging modes, but on this one no such effort was made. [Andras] was able to dump the firmware from both of his test devices and start analyzing them.

Analyzing the codes showed identical firmware running on both devices, which made his job half as hard. It looked like the code was executing a type of man-in-the-middle attack on the CAN bus which allowed it to insert the bogus mileage reading. There’s a lot of interesting information in [Andras]’s writeup though, so if you’re interested in CAN bus or attacks like this, it’s definitely worth a read.