ecu

21 Articles

A Live ECU Simulator For OBD2 Projects

July 10, 2017 by 12 Comments

If you are working with OBD2 hardware or software, it’s easy enough to access test data, simply plug into a motor vehicle with an OBD2 socket. If, however, you wish to test OBD2 software under all possible fault conditions likely to be experienced by an engine, you are faced with a problem in that it becomes difficult to simulate all faults on a running engine without breaking it. This led [Fixkick] to create an OBD2 simulator using a secondhand Ford ECU supplied with fake sensor data from an Arduino to persuade it that a real engine was connected.

The write-up is quite a dense block of text to wade through, but if you are new to the world of ECU hacking it offers up some interesting nuggets of information. In it there is described how the crankshaft and camshaft sensors were simulated, as well as the mass airflow sensor, throttle position, and speedometer sensors. Some ECU inputs require a zero-crossing signal, something achieved with the use of small isolating transformers. The result is a boxed up unit containing ECU and Arduino, with potentiometers on its front panel to vary the respective sensor inputs.

We’ve brought you quite a few OBD2 projects over the years, for example, there was this LED tachometer, and a way into GM’s OnStar.

Thanks [darkspr1te] for the tip.

Car Security Experts Dump All Their Research And Vulnerabilities Online

May 14, 2017 by 81 Comments

[Charlie Miller] and [Chris Valasek] Have just released all their research including (but not limited to) how they hacked a Jeep Cherokee after the newest firmware updates which were rolled out in response to their Hacking of a Cherokee in 2015.

FCA, the Corp that owns Jeep had to recall 1.5 million Cherokee’s to deal with the 2015 hack, issuing them all a patch. However the patch wasn’t all that great it actually gave [Charlie] and [Chris] even more control of the car than they had in the first place once exploited. The papers they have released are a goldmine for anyone interesting in hacking or even just messing around with cars via the CAN bus. It goes on to chronicle multiple hacks, from changing the speedometer to remotely controlling a car through CAN message injection. And this release isn’t limited to Jeep. The research covers a massive amount of topics on a number of different cars and models so if you want to do play around with your car this is the car hacking bible you have been waiting for.

Jeep are not too happy about the whole situation. The dump includes a lot of background for vehicles by multiple manufactureres. But the 2015 hack was prominent and has step by step instructions. Their statement on the matter is below.

Under no circumstances does FCA condone or believe it’s appropriate to disclose ‘how-to information’ that would potentially encourage, or help enable hackers to gain unauthorized and unlawful access to vehicle systems.

We anticipate seeing an increasing number of security related releases and buzz as summer approaches. It is, after all, Network Security Theatre season.

Megasquirting My 1983 Datsun Z

September 8, 2016 by 97 Comments

When Dinosaurs Drove to Work

Back in the mid 1980’s I worked at a company called Commodore Business Machines, a company that made home computers where our annual Superbowl was the Consumer Electronics Show in Las Vegas the first week in January.

Some time in November a Datsun Z would get parked in the front lot and then not move until whatever snow mounds that got plowed over it melted sometime in early spring. Ultimately I would have it towed leaving behind a sad little pile of rust and nuts and bolts. With a bonus check in hand for finishing the newest computer on time I would go buy another used Z and repeat the cycle.

Climate Change and Rust

These days the old Datsun Z’s; 240Z, 260Z, 280Z, 280ZX, are somewhat rare, probably because they were real rust buckets even when new. After having sacrificed a few myself in search of the next home computer I set out to rescue one for old times’ sake. I really did love the car so I made it my project to restore one. Now I have a total of three Z carcasses, an engine, and a transmission all sitting out back and an almost finished Z in the garage.

Since I had torn the engine down to its bare components I took the opportunity to make some changes: increased the size of the turbocharger, increased bore and stroke of the cylinder/piston, improved the fuel distribution, and improved the flow of air with things like porting the heads and an inter-cooler.

Continue reading “Megasquirting My 1983 Datsun Z”

32C3: Dieselgate — Inside The VW’s ECU

December 31, 2015 by 67 Comments

[Daniel Lange] and [Felix Domke] gave a great talk about the Volkswagen emissions scandal at this year’s Chaos Communication Congress (32C3). [Lange] previously worked as Chief architect of process chain electronics for BMW, so he certainly knows the car industry, and [Domke] did a superb job reverse-engineering his own VW car. Combining these two in one talk definitely helps clear some of the smog around the VW affair.

[Lange]’s portion of the talk basically concerns the competitive and regulatory environments that could have influenced the decisions behind the folks at VW who made the wrong choices. [Lange] demonstrates how “cheating” Europe’s lax testing regime is fairly widespread, mostly because the tests don’t mimic real driving conditions. But we’re not sure who’s to blame here. If the tests better reflected reality, gaming the tests would be the same as improving emissions in the real world.

As interesting as the politics is, we’re here for the technical details, and the reverse-engineering portion of the talk begins around 40 minutes in but you’ll definitely want to hear [Lange]’s summary of the engine control unit (ECU) starting around the 38 minute mark.

[Domke] starts off with a recurring theme in our lives, and the 32C3 talks: when you want to reverse-engineer some hardware, you don’t just pull the ECU out of your own car — you go buy another one for cheap online! [Domke] then plugged the ECU up to a 12V power supply on his bench, hooked it up, presumably to JTAG, and found a bug in the firmware that enabled him to dump the entire 2MB of flash ROM into a disassembler. Respect! His discussion of how the ECU works is a must. (Did you know that the ECU reports a constant 780 RPM on the tacho when the engine’s idling, regardless of the actual engine speed? [Domke] has proof in the reverse-engineered code!)

The ECU basically takes in data from all of the car’s sensors, and based on a number of fixed data parameters that physically model the engine, decides on outputs for all of the car’s controls. Different car manufacturers don’t have to re-write the ECU code, but simply change the engine model. So [Domke] took off digging through the engine model’s data.

Long story short, the driving parameters that trigger an emissions reduction exactly match those that result from the EU’s standardized driving schedule that they use during testing — they’re gaming the emissions tests something fierce. You’ve really got to watch the presentation, though. It’s great, and we just scratched the surface.

And if you’re interested in our other coverage of the Congress, we have quite a collection going already.

Hackaday Prize Entry: A Tiny Tool For Car Hacking

August 10, 2015 by 23 Comments

A car from 1940 would have been an almost completely mechanical device. These days though, a car without electricity wouldn’t run. It’s not the engine – it’s the computers; the design details of which automotive manufacturers would love to keep out of the hands of hardware hackers like us. [Mastro Gippo] wanted to build a small and powerful CAN bus reverse engineering tool, and the Crunchtrack hits it out of the park. It’s a CAN bus transceiver, GPS receiver, and GSM modem all wrapped up into a single tiny device that fits under your dash.

[Mastro] has a slight fetish for efficiency and tiny, tiny devices, so he’s packaging everything inside the shell of a standard ELM327 Bluetooth adapter. This is a device that can fit in the palm of your hand, but still taps a CAN bus (with the help of a computer), receives GPS, and sends that data out over cell phone towers.

The device is based on the STM32 F3 ARM microcontroller (with mbed support), a ublox 7 GPS module, and an SIM800 GSM module, but the story doesn’t stop with hardware. [Mastro] is also working on a website where reverse engineering data can be shared between car hackers. That makes this an excellent Hackaday Prize entry, and we can’t wait to see where it goes from here.

The 2015 Hackaday Prize is sponsored by:

Homebrew ECU Increases Mazda Zoom

July 9, 2015 by 58 Comments

A big problem with most modern cars is the sheer number of parts and systems that are not user serviceable. This is a big departure from cars of just decades ago that were designed to be easily worked on by the owner. To that end, [Anthony] aka [fuzzymonkey] has tackled what is normally the hardest thing to work on in modern cars: the Engine Control Unit. (Older posts on this project can be found at [Anthony]’s old project log.)

Every sensor in any modern car is monitored by a computer called the Engine Control Unit (ECU), and the computer is responsible for taking this data and making decisions on how the car should be running. In theory a custom ECU would be able to change any behavior of the car, but in practice this is extremely difficult due to the sheer number of operations required by the computer and the very specific tolerances of a modern engine.

The custom ECU that Anthony has created for his Mazda MX-5 (a Miata for those in North America) is based on the PIC18F46K80 microcontroller, and there are actually two units involved. The first handles time-sensitive operations like monitoring the engine cam position and engine timing, and the other generates a clock signal for the main unit and also monitors things like cooling temperature and controlling idle speed. The two units communicate over SPI.

[Anthony]’s custom ECU is exceptional in that he’s gotten his car running pretty well. There are some kinks, but hopefully he’ll have a product that’s better than the factory ECU by allowing him to change anything from throttle response and engine timing to the air-fuel ratio. There have been a few other attempts to tame the ECU beast in the past, but so far there isn’t much out there.

Continue reading “Homebrew ECU Increases Mazda Zoom”

Electric Go-Cart Has Arduino Brains

July 26, 2014 by 16 Comments

arduino powered go cart

Oh how times have changed. Back in the 30’s the VW Beetle was designed to be cheap, simple and easy for the typical owner to maintain themselves. Nowadays, every aspect of modern cars are controlled by some sort of computer. At least our go-carts are spared from this non-tinkerable electronic nightmare…. well, that’s not completely true anymore. History is repeating itself as [InverseCube] has built an electronic go-cart fully controlled by an Arduino. Did I forget to mention that [InverseCube] is only 15 years old?

The project starts of with an old gas-powered go-cart frame. Once the gas engine was removed and the frame cleaned up and painted, a Hobbywing Xerun 150A brushless electronic speed controller (ESC) and a Savox BSM5065 450Kv motor were mounted in the frame which are responsible for moving the ‘cart down the road. A quantity of three 5-cell lithium polymer batteries wired in parallel provide about 20 volts to the motor which results in a top speed around 30mph. Zipping around at a moderate 15mph will yield about 30 minutes of driving before needing to be recharged. There is a potentiometer mounted to the steering wheel for controlling the go-cart’s speed. The value of the potentiometer is read by an Arduino which in turn sends the appropriate PWM signal to the ESC.

Continue reading “Electric Go-Cart Has Arduino Brains”