Remoticon Video: Learn How To Hack A Car With Amith Reddy

December 10, 2020 by Dan Maloney 14 Comments

There was a time not too long ago when hacking a car more often than not involved literal hacking. Sheet metal was cut, engine cylinders were bored, and crankshafts were machined to increase piston travel. It was all in the pursuit of milking the last ounce performance out of every drop of gasoline, along with a little personal expression in the form of paint and chrome.

While it’s still possible — and encouraged — to hack cars thus, the inclusion of engine control units and other systems to our rides has created an entirely different universe of car hacking options, which Amith Reddy distilled into his very popular workshop at the 2020 Remoticon. The secret sauce behind all the hacks you can accomplish in today’s drive-by-wire cars is the Controller Area Network (CAN), the network used to connect the array of sensors, actuators, and controllers that lie under the metal and plastic of modern cars.

Continue reading “Remoticon Video: Learn How To Hack A Car With Amith Reddy” →

Developing An Automatic Tool For CAN Bus Hacking

July 22, 2019 by Tom Nardi 25 Comments

In the old days, a physical button or switch on the dashboard of your car would have been wired to whatever device it was controlling. There was potentially a relay in the mix, but still, it wasn’t too hard to follow wires through the harness and figure out where they were going. But today, that concept is increasingly becoming a quaint memory.

Assuming your modern car even has physical buttons, pushing one of them likely sends a message over the CAN bus that the recipient device will (hopefully) respond to. Knowing how intimidating this can be to work with, [TJ Bruno] has been working on some software that promises to make working with CAN bus user interfaces faster and easier. Ultimately, he hopes that his tool will allow users to rapidly integrate custom hardware into their vehicle without having to drill a hole in the dashboard for a physical control.

But if you’re the kind of person who doesn’t like to have things done for them (a safe bet, since you’re reading Hackaday), don’t worry. [TJ] starts off his write-up with an overview of how you can read and parse CAN messages on the Arduino with the MCP2515 chip. He breaks his sample Sketch down line by line explaining how it all works so that even if you’ve never touched an Arduino before, you should be able to get the gist of what’s going on.

As it turns out, reading messages on the CAN bus and acting on them is fairly straightforward. The tricky part is figuring out what you’re looking for. That’s where the code [TJ] is working on comes in. Rather than having to manually examine all the messages passing through the network and trying to ascertain what they correspond to, his program listens while the user repeatedly presses the button they want to identify. With enough samples, the code can home in on the proper CAN ID automatically.

The upside to all this is that you can activate aftermarket functions or hardware with your vehicle’s existing controls. Need an example? Check out the forward-looking camera that [TJ] added to his his 2017 Chevy Cruze using the same techniques.

Continue reading “Developing An Automatic Tool For CAN Bus Hacking” →

Juicing Up The Chevy Volt With Raspberry Pi

February 15, 2019 by Tom Nardi 31 Comments

While Chevrolet’s innovative electric hybrid might officially be headed to that great big junkyard in the sky, the Volt will still live on in the hearts and minds of hackers who’d rather compare amp hour than horsepower. For a relatively low cost, a used Volt offers the automotive hacker a fascinating platform for upgrades and experimentation. One such Volt owner is [Katie Stafford], who’s recently made some considerable headway on hacking her hybrid ride.

In an ongoing series on her blog, [Katie] is documenting her efforts to add new features and functions to her Volt. While she loves the car itself, her main complaint (though this is certainly not limited to the Volt) was the lack of tactile controls. Too many functions had to be done through the touch screen for her tastes, and she yearned for the days when you could actually turn a knob to control the air conditioning. So her first goal was to outfit her thoroughly modern car with a decidedly old school user interface.

Like most new cars, whether they run on lithium or liquefied dinosaurs, the Volt makes extensive use of CAN bus to do…well, pretty much everything. Back in the day it only took a pair of wire cutters and a handful of butt splice connectors to jack into a car’s accessory systems, but today it’s done in software by sniffing the CAN system and injecting your own data. Depending on whether you’re a grease or a code monkey, this is either a nightmare or a dream come true.

Luckily [Katie] is more of the latter, so with the help of her Macchina M2, she was able to watch the data on the CAN bus as she fiddled with the car’s environmental controls. Once she knew what data needed to be on the line to do things like turn on the fan or set the desired cabin temperature, she just needed a way to trigger it on her terms. To that end, she wired a couple of buttons and a rotary encoder to the GPIO pins of a Raspberry Pi, and wrote some code that associates the physical controls with their digital counterparts.

That’s all well and good when you need to mess around with the AC, but what’s the Pi supposed to do the rest of the time? [Katie] decided a small HDMI display mounted to the dash would be a perfect way for the Raspberry Pi to do double duty as information system showing everything from battery charge to coolant temperature. It also offers up a rudimentary menu system for vehicle modifications, and includes functions which she wanted quick access to but didn’t think were necessarily worth their own physical button.

In the video after the break, [Katie] walks the viewer through these modifications, as well as some of the other neat new features of her battery powered bow tie. What she’s already managed to accomplish without having to do much more than plug some electronics into the OBD-II port is very impressive, and we can’t wait to see where it goes from here.

Today there are simply too many good electric cars for hybrids like the Chevy Volt and its swankier cousin the Cadillac ELR to remain competitive. But thanks to hackers like [Katie], we’re confident this isn’t the last we’ve seen of this important milestone in automotive history.

Continue reading “Juicing Up The Chevy Volt With Raspberry Pi” →

A DIY Interface for Subaru Select Monitor 1

Hacking A 20 Year Old Subaru

December 31, 2018 by Eric Evenchick 45 Comments

While cars are slowing becoming completely computer-controlled, road vehicles have been relying on computers since the 1970’s. The first automotive use of computers was in engine control units (ECUs) which came along as fuel injection systems started to replace carburetors.

[P1kachu]’s 1997 Subaru Impreza STi, like most cars of this vintage, uses an ECU and provides a diagnostic connector for external communications. [P1kachu]’s Subaru hacking project includes building a diagnostic interface device, dumping the ECU’s firmware, and reverse engineering the binary to understand and disable the speed limiter. If this looks familiar, it’s because we just covered the infotainment hacks in this car on Saturday. But he added information about the communications protocols is definitely worth another look.

This era of Subaru uses a non-standard diagnostics protocol called SSM1, which is essentially a 5 volt TTL serial line running at 1953 bits per second. The custom interface consists of a Teensy and a 3.3V to 5V level shifter. Once connected, commands can be sent directly to the ECU. Fortunately, the protocol has been quite well documented in the past. By issuing the “Read data from ECU address” command repeatedly, the full firmware can be dumped.

[P1kachu] goes on to locate the various engine tuning maps and discover the inner workings of the speed limiter. With cars getting more computerized, it’s nice to see folks are still able to tune their rides, even if it means using Teensys instead of wrenches.

Car Hacking At DEF CON 26

August 11, 2018 by Mike Szczys 9 Comments

A great place to get your feet wet with the data-network-wonderland that is modern-day automobiles is the Car Hacking Village at DEF CON. I stopped by on Saturday afternoon to see what it was all about and the place was packed. From Ducati motorcycles to junkyard instrument clusters, and from mobility scooters to autonomous RC test tracks, this feels like one of the most interactive villages in the whole con.

Continue reading “Car Hacking At DEF CON 26” →

Spared No Expense: Cloning The Jurassic Park Explorer

May 22, 2018 by Tom Nardi 53 Comments

While you’d be hard pressed to find any serious figures on such things, we’d wager there’s never been a vehicle from a TV show or movie that has been duplicated by fans more than the Staff Jeeps from Jurassic Park. Which is no great surprise: not only do they look cool, but it’s a relatively easy build. A decent paint job and some stickers will turn a stock Wrangler into a “JP Jeep” that John Hammond himself would be proud of.

While no less iconic, there are far fewer DIY builds of the highly customized Ford Explorer “Tour Vehicles”. As a rather large stretch of the film takes place within them, the interiors were much more detailed and bears little resemblance to the stock Explorer. Building a truly screen accurate Jurassic Park Tour Vehicle was considered so difficult that nobody has pulled it off since the movie came out in 1993. That is until [Brock Afentul] of PropCulture decided to take on the challenge.

In an epic journey spanning five years, [Brock] has created what he believes is the most accurate Jurassic Park Tour Vehicle ever produced; and looking at the side by side shots he’s done comparing his Explorer to the ones from the movie, it’s hard to disagree. A massive amount of work went into the interior, leaving essentially nothing untouched. While previous builds have tried to modify the stock dashboard to look like the one from the movie, he built a completely new dash from MDF and foam and coated it in fiberglass. The center console featuring the large display was also faithfully reproduced from the movie, and runs screen accurate animations, maps, and tour information. The seats also had to be replaced, multiple times in fact, as he had a considerable amount of trouble getting somebody to upholster them to his standards.

But perhaps the most difficult component of all was the clear acrylic roof bubble. These were critical to filming the movie, as they not only let the viewer see down into the Tour Vehicles but also let the characters see out during the iconic tyrannosaurus attack. But because the roof bubble was created only for the movie and never existed as a real aftermarket product, it usually gets ignored in Tour Vehicle builds. It’s simply too difficult to produce for most people. The omission of the bubble was always considered a case of artistic license; in the same way nobody expects a replica DeLorean from Back to the Future to actually fly or travel through time.

But [Brock] wanted to take his Tour Vehicle all the way, so he partnered up with a local glass shop that let him rent time in their oven so he could heat up acrylic sheets. Once heated to the appropriate temperature, they could be removed and wrapped around a mold to make the bubble. The process took weeks to perfect, but in the end he and a few friends got the hang of it and were able to produce a gorgeous roof bubble that they fitted to the already very impressive Explorer.

While previous Jurassic Park Tour Vehicle replicas were unquestionably awesome, this build really does take it to the next level. Short of equipping the garage with a movie-accurate super computer, it’s hard to see how the bar can get any higher.

34C3: Using Your Car As Video Game Controller

December 30, 2017 by Christian Trapp 6 Comments

Despite the presence of human drivers, modern cars are controlled by computers. In his talk at the Chaos Communication Congress [Guillaume Heilles] and [P1kachu] demonstrate the potential of taking control of a car’s computer. This of course leads to the natural conclusion of emulate an Xbox controller and using the car to play computer games.

His research was limited by the fact that the only cars they had access to were the daily drivers of different members of [P1kachu]’s family, which meant that all tinkering had to be strictly non-destructive. Despite this, they achieved impressive results and deliver a great introduction into reverse engineering.

[P1kachu] used a RasPi and an OBD-II adapter to access the car’s CAN bus and begins the presentation with a quick overview of the protocol. He then briefly touches on security measures that he ran into, which are optional and their implementation varies widely between manufacturers. His first attempt to access the CAN bus was successfully blocked by a challenge-response algorithm doing its work. His mother’s convertible however provided no such obstacles and gaining access allowed him to map the position of the steering wheel and pedals to a game controller, using the car to play video games.

After this, [Guillaume] steps in and walks us through the teardown of a gadget that plugs into the OBD-II port and claims to do amazing things for your car’s mileage by reprogramming the ECU. The device was not brand specific and after having seen the variations in the ways different manufacturers implement the protocol, [Guillaume] and [P1kachu] doubted that the gadget was capable of even holding the information required to modify every known implementation out there. Listening to the output of the device, along with a quick analysis of the circuit followed by decapping the single chip they found, showed that their doubt was justified. The lecture closes with an extended Q&A that adds more information on car hacking. Those that don’t have access to a car can instead tear down hot glue guns, doppler modules or antique calculators.

Continue reading “34C3: Using Your Car As Video Game Controller” →