A gray 3d-printed box with RV-bridge embossed on it, and a connector-terminated bundle of wires coming out of it.

RV-Bridge Takes HomeKit To The Open Road

March 9, 2023 by Arya Voronova 19 Comments

In the world of proprietary protocol darkness, it’s comforting to see that the RV realm (Recreational Vehicle, also known as a motorhome) has mostly settled on RV-C, an open protocol that lets various devices and systems inside an RV talk to each other over CAN. The undeniable openness of RV-C is surprising, but we haven’t seen many hobbyists tinker with it — yet.

Now, [Randy Ubillos] sets an example — his gift to us is an ESP32 firmware called RV-Bridge and it lets you control your RV’s RV-C network from HomeKit. After all, your motorhome could benefit from home automation, too!

The RV-C network in [Randy]’s family RV already had a factory-provided front-end and an iOS app, but naturally, it had a limited set of features. Having looked around online he found that both RV-C and HomeKit had open libraries for them, and set out to join these worlds together.

Now he’s released the first revision of RV-Bridge, fully-featured enough for comfortable day-to-day use, and with a setup guide for those who want to try it out! When it comes to hardware, you’ll want an ESP32 board with CAN support — [Randy] has found a perfect board for sale, and made it even more fitting by designing a 3D printed case for RV use; as usual, files are on GitHub!

Making your stock RV more comfy through hacker methods is exactly what we expect to grace our tips line! The kinds of RV projects we’ve seen so far, are also outstandingly cool, yet of different kind – things like building your own RVs out of something not meant to be an RV, whether it’s an abandoned airliner, a school bus, or a jet engine! Oh, and if your hackerspace owns a RV, you can always convert it to something else, be it a mobile hackerspace or a spaceship simulator.

This ESP32 CAN!

October 10, 2022 by Jenny List 15 Comments

Since modern cars use the CAN bus for so many of their functions, it’s unsurprising that it’s a frequent object of interest for those in our community. Some people go no further than commercial plug-in analysers, while others build their own CAN devices. This is what [Magnus Thomé] has done, with his RejsaCAN microcontroller board.

It’s a small PCB with an onboard CAN interface from an ESP32-S3 and a car-friendly power supply circuit, and perhaps most importantly, it has an auto-shutdown feature to prevent battery drain. Software-wise it’s a blank piece of paper for the user to roll their own application, but since the ESP32 is supported by the Arduino ecosystem, there are libraries that make talking CAN as easy as it can be.

[Magnus] has a list of potential applications for the board, many of which take advantage of the ESP’s wireless capabilities. So far, [Magnus] has hooked it up to an LCD display, but we can see so many other useful things coming out powered by something like this.

You haven’t tried playing with your car’s CAN bus yet? Maybe you should read this to whet your appetite.

UART Can’t? Arduino CANSerial Can!

July 4, 2022 by Elliot Williams 11 Comments

[Jacob Geigle] had a problem. A GPS unit and a Bluetooth-to-serial were tying up all the hardware UARTs on an AVR Arduino project. “Software serial”, I hear you say. But what if I told you [Jacob] already had the board in question sending out data over CAN bus?

[Jacob]’s sweet hack creates an arbitrary number of CAN “devices” inside the Arduino code, and can treat each one of them as its own serial data channel. The “N” in CAN stands for network, after all. The trick is to create a device ID for each desired CANSerial interface, which is done in his library using the usual Arduino setup step. A buffer takes care of storing all the different channels until they can be pushed out over the hardware CAN peripheral. On the big-computer side of things, some software listens for the different “device” enumeration IDs and assigns each a virtual serial port.

While this was a hack born of necessity, we can see it as a clever opportunity to segregate information coming from the microcontroller into different streams. Maybe a debug channel, a command channel, and a data channel? They’re virtual devices, so go nuts!

While we usually see CANbus in its native habitat – inside your car – it’s also cool to think of the uses we could put it to. For instance, controlling a 3D printer. Need a CAN refresher? We’ve got just the ticket.

[Bus photo: Malta Bus; The terminus, Valletta by John Haslam. Can photo: Paint Cans by Daniel R. Blume. Horrible visual pun: I’m afraid that’s on us. You try finding images for CANbus code!]

Hacking A Proper Dash Into The Tesla Model 3

January 28, 2022 by Lewin Day 60 Comments

The Tesla Model 3 and Model Y are popular electric vehicles that dispense with some of the usual provisions you’d expect in a typical car. Namely, there’s no dash cluster in front of the driver; instead, all information is solely displayed on the center console screen. [Nick Nguyen] wasn’t a fan of this setup, and decided to hack together a dash cluster of his own.

The CANdash works in a simple fashion, snooping the Tesla’s CAN bus for all the information relevant to the vehicle’s operation. It’s capable of displaying everything from speed to the remaining range in the battery, while also allowing the user to keep an eye on things like coolant temperatures and whether the Tesla Autopilot system is currently available.

The build relies on a CANserver, an ESP32-based device specifically built for hooking up to the CAN bus on Tesla vehicles and sharing the data externally. The data can then be piped wirelessly to an Android phone running CANdash to display all the desired information. With the help of an aftermarket dash clip or a 3D printed custom mount, the phone can then be placed behind the steering wheel to display data in the usual location.

It’s a simple, straightforward hack that gives Tesla owners a useful feature that they’re otherwise missing from the factory. The US automakers cars are proving to be fertile ground for hackers and DIYers, with one man recently saving thousands on a battery swap with a simple mod. Video after the break.

Continue reading “Hacking A Proper Dash Into The Tesla Model 3” →

Baby Steps Toward DIY Autonomous Driving: VW Golf Edition

January 8, 2022 by Dave Rowntree 18 Comments

Nice thermal design, but conformal coating and no ID marks make this tough to reverse engineer

[Willem Melching] owns a 2010 Volkswagen Golf – a very common vehicle in Europe – and noticed that whilst the electronic steering rack supports the usual Lane Keep Assist (LKAS) system, and would be theoretically capable of operating in a far more advanced configuration using openpilot, there were some shortcomings in VW’s implementation which means that it would not function for long enough to make it viable. Being very interested in and clearly extremely capable at reverse engineering car ECUs and hacking them into submission, [Willem] set about documenting his journey to unlocking openpilot support for his own vehicle.

And what a journey it was! The four-part blog series is beautifully written, showing every gory detail and all tools used along the way. The first part shows the Electronic Power Steering (EPS) ECU from a 2010 Volkswagen Golf Mk6 module (which rides on the back of the three-phase steering rack motor) being cracked open to reveal an interesting multi-chip module approach, with bare die directly bonded to a pair of substrate PCBs, that are in turn, bonded to the back of the motor casing, presumably for heat dissipation reasons. Clever design, but frustrating at the same time as this makes part identification somewhat tricker!

Entropy less the 1.0, and zero sections indicate no encryption applied

[Willem] uses a variety of tools and tricks to power up and sniff the ECU traffic on the CAN bus, when hooked up to a SAE J2534-compliant debug tool, eventually determining it speaks the VW-specific TP2.0 CAN bus protocol, and managed to grab enough traffic to check that it was possible to use the standard KWP2000 diagnostic protocol to access some interesting data. Next was a very deep dive into reverse engineering update images found online, by first making some trivial XOR operations, then looking at an entropy plot of the file using Binwalk to determine if he really did have code, and if it was encrypted or not, After running cpu_rec, it was determined the CPU was a Renesas V850. Then the real work started – loading the image into Ghidra to start making some guesses of the architecture of the code, to work out what needed patching to make the desired changes. In the final part of the series, [Willem] extracts and uses the bootloader procedure to partially patch the code configuration area of his vehicle and unlocks the goal he was aiming at – remote control of his steering. (OK, the real goal was running openpilot.)

In our opinion, this is a very interesting, if long, read showing a fascinating subject expertly executed. But we do want to stress, that the vehicular EPS module is an ASIL-D safety tested device, so any hacks you do to a road-going vehicle will most definitely void your insurance (not to mention your warranty) if discovered in the event of a claim.

Older ECUs are a bit easier to hack, if you can pull the EPROM, and people out there are producing modules for allsorts of vehicular hacking. So plenty to tinker with!

Annoy Yourself Into Better Driving With This Turn Signal Monitor

November 7, 2021 by Dan Maloney 44 Comments

Something like 99% of the people on the road at any given moment will consider themselves an above-average driver, something that’s as statistically impossible as it is easily disproven by casual observation. Drivers make all kinds of mistakes, but perhaps none as annoying and avoidable as failure to use their turn signal. This turn signal monitor aims to fix that, through the judicious use of negative feedback.

Apparently, [Mark Radinovic] feels that he has a predisposition against using his turn signal due to the fact that he drives a BMW. To break him of that habit, one that cost him his first BMW, he attached Arduino Nano 33 BLEs to the steering wheel and the turn signal stalk. The IMUs sense the position of each and send that over Bluetooth to an Arduino Uno WiFi. That in turn talks over USB to a Raspberry Pi, which connects to the car’s stereo via Bluetooth to blare an alarm when the steering wheel is turned but the turn signal remains untouched. The video below shows it in use; while it clearly works, there are a lot of situations where it triggers even though a turn signal isn’t really called for — going around a roundabout, for example, or navigating a sinuous approach to a drive-through window.

While [Mark] clearly built this tongue firmly planted in cheek, we can’t help but think there’s a better way — sniffing the car’s CANbus to determine steering angle and turn signal status comes to mind. This great workshop on CANbus sniffing from last year’s Remoticon would be a great place to start if you’d like a more streamlined solution than [Mark]’s.

Continue reading “Annoy Yourself Into Better Driving With This Turn Signal Monitor” →

CAN Bus Wireless Hacking / Dev Board

July 11, 2021 by Chris Lott 5 Comments

[Voltlog] has been hacking away at the CAN bus console of his VW Golf for quite some time now. Presumably, for his projects, the available CAN bus interface boards are lacking in some ways, either technically and/or price. So [Voltlog] designed his own wireless CAN bus hacking and development module called the ESP32 CanLite (see the video below the break). The board was tailored to meet the needs of his project and he claims it is not a universal tool. Nevertheless we think many folks will find the features he selected for this module will be a good fit for their projects as well.

In his introduction of the design, he walks through the various design decisions he faced. As the project name suggests, he’s using the ESP32 as the main controller due to it’s wireless radios and built-in CAN controller. The board is powered from the car’s +12V power, so it uses a wide input range ( 4 to 40 V ) switching regulator. One feature he added was the ability to switch automotive accessories using the ST VN750PC, a nifty high-side driver in an SO-8 package with integrated safety provisions.

The project is published as open source and the files can be pulled from his GitHub repository. We noticed the debug connector labeled VOLTLINK on the schematic, and found his description of this custom interface interesting. Basically, he was not satisfied with the quality and performance of the various USB-to-serial adapters on the market and decided to make his own. Could this be a common theme among [Voltlog]’s projects?

A word of warning if you want to build the ESP32 CanLite yourself. While [Voltlog] had intentionally selected parts that were common and easy to purchase when the project began, several key chips have since become nearly impossible to obtain these days due to the global parts shortage issue (it’s even out of stock on his Tindie page).

If you want to dig deeper into CAN bus hacking, check out this talk that we wrote about back in 2016. Do you have any favorite CAN bus development boards and/or tools? Let us know in the comments below.

Continue reading “CAN Bus Wireless Hacking / Dev Board” →