Adding Upgrades To A Stock Motorcycle

September 11, 2018 by Bryan Cockfield 28 Comments

In today’s world of over-the-air firmware upgrades in everything from cars to phones to refrigerators, it’s common for manufacturers of various things to lock out features in software and force you to pay for the upgrades. Even if the hardware is the same across all the models, you can still be on the hook if you want to unlock anything extra. And, it seems as though Suzuki might be following this trend as well, as [Sebastian] found out when he opened up his 2011 Vstrom motorcycle.

The main feature that was lacking on this bike was a gear indicator. Even though all the hardware was available in the gearbox, and the ECU was able to know the current gear in use, there was no indicator on the gauge cluster. By using an Arduino paired with an OBD reading tool (even motorcycles make use of OBD these days), [Sebastian] was able to wire an LED ring into the gauge cluster to show the current gear while he’s riding.

The build is very professionally done and is so well blended into the gauge cluster that even we had a hard time spotting it at first. While this feature might require some additional lighting on the gauge cluster for Suzuki to be able to offer this feature, we have seen other “missing” features in devices that could be unlocked with a laughably small amount of effort.

Continue reading “Adding Upgrades To A Stock Motorcycle” →

Emulating OBD-II On The ESP32

April 11, 2018 by Tom Nardi 34 Comments

It used to be that you could pop the hood and with nothing more than flat head screwdriver, some baling wire, and tongue held at the optimal angle, you could fix anything that ailed your car. But today, for better or for worse, the average automobile is a rolling computer that runs on gasoline and hope (if it even still has a gasoline engine, that is). DIY repairs and maintenance on a modern car is still possible of course, but the home mechanic’s toolbox has needed to evolve with the times. If you want to do anything more advanced than changing a tire, you’ll really want to have the gear to interface with the vehicle’s computer via the OBD-II port.

But for some, even that isn’t enough. [limiter121] recently wrote in to tell us of an interesting project which doesn’t read the OBD-II port in a vehicle, but actually emulates one. Like so many others this hack was born out of necessity, as a way to test an OBD-II project without having to sit out in the driveway all day. It allows you to create fictitious speed and engine RPM values for the OBD-II device or software under test to read, complete with a slick web interface to control the “car”.

So what makes it tick? Surprisingly little, actually. At the most basic level, an ESP32-WROOM-32 is connected up to a SN65HVD230 CAN transceiver chip. You’ll also need a 3.3V power supply, as well as a USB to serial adapter to do the initial programming on the ESP32. From there it’s just a matter of compiling and flashing the code [limiter121] has made available in the GitHub repo.

If you’re wondering if such products don’t already exist on the commercial market, they do. But like so many other niche projects, the price is a bit hard to swallow for the home hacker. Compared to the nearly $300 USD list price of commercial offerings such as the Freematics OBD-II Emulator, building one of these ESP32 based emulators should only cost you around $20.

Unless you’re developing an OBD-II reader, you probably don’t have much use for an OBD-II emulator. But this project could still be useful for anyone who wants to learn more about OBD from the comfort of their couch.

OBD-Sniffing A Caddy PHEV

February 22, 2018 by Jenny List 25 Comments

The Cadillac ELR is a plug-in hybrid car with a bit of class, it has the beating heart of a Chevy Volt in a nice coupé body with some up-market styling and a nice interior. Since it wasn’t on the market for long and some consumers are still wary of cars with electric motors, it also represents something of a sweet spot: according to [Andrew Rossignol] you can pick them up for less outlay than you might imagine. He bought one, and being an inquisitive soul decided to probe its secrets through its OBD-II ports.

OBD-II sniffing is nothing especially new, but his write-up provides an interesting run-down of the methodology used to identify the different proprietary pieces of data that it makes available. His Python script attempted to parse the stream as though it were multi-byte words of different lengths, plotting its results as graphs, It was then a straightforward process of identifying the graphs by eye that contained useful data and rejecting those that were obviously garbage. He was able to pick out the figures in which he was interested, and write an interface for his little Sony VAIO UX to display them on the move.

We’ve covered OBD hacks too numerous to mention over the years, but perhaps you’d like to read our history of the standard.

OBD-II Dongle Attack: Stopping A Moving Car Via Bluetooth

April 14, 2017 by Pedro Umbelino 30 Comments

Researchers from the Argus Research Team found a way to hack into the Bosch Drivelog ODB-II dongle and inject any kind of malicious packets into the CAN bus. This allowed them to, among other things, stop the engine of a moving vehicle by connecting to the dongle via Bluetooth.

Drivelog is Bosch’s smart device for collecting and managing your vehicle’s operating data. It allows a user to connect via Bluetooth to track fuel consumption and to be alerted when service is necessary. It was compromised in a two stage attack. The first vulnerability, an information leak in the authentication process, between the dongle and the smart phone application allowed them to quickly brute-force the secret PIN offline and connect to the dongle via Bluetooth. After being connected, security holes in the message filter of the dongle allowed them to inject malicious messages into the CAN bus.

The Bluetooth pairing mechanism, called “Just Works”, has been fixed by Bosh by activating a two-step verification for additional users to be registered to a device. The second issue, the ability for a maliciously modified mobile application to possibly send unwanted CAN messages, will be mitigated with an update to the dongle firmware to further limit the allowed commands that the dongle is able to place on the CAN bus.

Bosch downplays the issue a bit in their statement:

It is important to note that scalability of a potential malicious attack is limited by the fact that such an attack requires physical proximity to the dongle. This means that the attacking device needs to be within Bluetooth range of the vehicle.

The problem is that physical proximity does not equal Bluetooth range. Standard Bluetooth range is about 10m, which is very arguable physical proximity, but it is pretty easy to buy or even modify a Bluetooth dongle with 10x and 100x more range. When adding a wireless connection to the CAN bus of an automobile, the manufacturer has an obligation to ensure the data system is not compromised. This near-proximity example is still technically a remote hack, and it’s an example of the worst kind of vulnerability.

Bil Herd Asks OBD “How Fast Am I Going?”

February 15, 2017 by Bil Herd 87 Comments

Whenever I end up with a new vehicle I ultimately end up sticking in a new GPS/Receiver combination for better sound quality and a better GPS.

I am quite at home tearing into a dashboard as I was licensed to install CB radios in my teens as well as being the local go-to guy for 8-track stereo upgrades in the 70’s. I have spent a portion of my life laying upside down in a puddle on the car floor peering up into the mess of wires and brackets trying to keep things from dropping on my face. If you remember my post on my Datsun 280ZXT, I laid in that same position while welding in a clutch pedal bracket while getting very little welding slag on my face. I did make a note that the next time I convert a car from an automatic to a manual to do so while things are still disassembled.

Swapping out a factory radio usually involves choosing whether to hack into the existing factory wiring wire-by-wire, or my preference, getting a cable harness that mates with the factory plug and making an adapter out of it by splicing it to the connector that comes with the new radio.

Usually I still have to hunt down a few signals such as reverse indicator, parking brake indicator, vehicle speed sensor and the like. In my last vehicle the Vehicle Speed Sensor (VSS) wire was supposed to be in the factory harness, but driving experience showed it must not be as the GPS would show me driving 30 feet to the right of the highway. That and the calibration screen on the GPS verified that it was not receiving speed pulses.

Continue reading “Bil Herd Asks OBD “How Fast Am I Going?”” →

Maintenance, Emissions, And Privacy: The OBD Story

January 4, 2017 by Bryan Cockfield 113 Comments

The 90s were a pivotal time in world history, and 1996 was no different. You might have spent the year glued to the TV playing Super Mario 64, or perhaps you were busy campaigning for Bill Clinton or Bob Dole, or maybe you were so depressed that Princess Diana and Prince Charles divorced that you spent the whole year locked in your room, a prisoner of your own existential nihilism. Whatever you did, though, it’s likely that one major event passed you by without a thought: The standardization of on-board vehicle diagnostics (in the US), otherwise known as OBD-II.

In the 1970s, vehicles (in some western countries, at least) were subject to ever-increasing restrictions on emissions. Most companies began switching from carburetors to efficient fuel injection systems, but even that wouldn’t be enough for the new standards. Cars began to carry rudimentary computer systems to manage and control the influx of valves, meters, and sensors that became the new norm. And, as one would guess, every car company had their own standard for managing and monitoring these computer systems. Eventually they would settle on the OBD system that we have today.

Continue reading “Maintenance, Emissions, And Privacy: The OBD Story” →

Raspberry Pi Adds A Digital Dash To Your Car

September 28, 2016 by Richard Baguley 37 Comments

Looking for a way to make your older car more hi-tech? Why not add a fancy digital display? This hack from [Greg Matthews] does just that, using a Raspberry Pi, a ~~OBD-II~~ Consult reader and an LCD screen to create a digital dash that can run alongside (or in front of ) your old-school analog dials.

[Greg’s] hack uses a Raspberry Pi Foundation display, which includes a touch screen, so you don’t need a mouse or other controls. Node.js displays the speed, RPM, and engine temperature (check engine lights and other warnings are planned additions) through a webpage displayed using Chromium. The Node page is pulling info from another program on the Pi which monitors the ~~CAN~~ Consult bus. It would be interesting to adapt this to use with more futuristic displays, maybe something like a pico projector and a 1-way mirror for a heads-up display.

To power the system [Greg] is using a Mausberry power supply which draws power from your car battery, but which also cleanly shuts down the Pi when the ignition is turned off so it won’t drain your battery. When you throw in an eBay sourced ~~OBD-II~~ Consult reader and the Consult Dash software that [Greg] wrote to interpret and display the data from the ~~OBD-II~~ Consult bus, you get a decent digital dash display. Sure, it isn’t a Tesla touchscreen, but at $170, it’s a lot cheaper. Spend more and you can easily move that 60″ from your livingroom out to your hoopty and still use a Raspberry Pi.

What kind of extras would you build into this system? Gamification of your speed? Long-term fuel averaging? Let us know in the comments.

UPDATE – This post originally listed this hack as working from the OBD-II bus. However, this car does not have OBD-II, but instead uses Consult, an older data bus used by Nissan. Apologies for any confusion!

Continue reading “Raspberry Pi Adds A Digital Dash To Your Car” →