Handling of Interval CAN Messages

Ideas and discussion of what to do with the CAN Bus ( i.e. XMDirect, iPod, Carputer, etc... )
Post Reply
joshb86
How the heck did I end up here?
Posts: 1
Joined: 2015 Jan 07 22:37

Handling of Interval CAN Messages

Post by joshb86 » 2015 Jan 20 14:33

Hello Everyone,

I'm new here and also new to CAN. My interest in CAN started when I decided I wanted to know what all was happening with the network in my modern car. This led to me finally picking up a Kvaser interface and monitoring the CAN bus. My first goal was to try track the CAN ID & message that is sent when a specific interior button is pressed. Once I found the message, I then wanted to attempt sending the message myself to see if I could get the same result without physically pressing the button.

The first phase of this was a success, but it wasn't as simple as I expected... It turns out that when the button if depressed (off) the network is transmitting a specific message in 2ms intervals. The message is the same except the last byte loops from 0 to 255 over and over.

When the button is pressed (on) the message flips the values of 2 bytes and then continues the loop of the last byte from 0 to 255 in the same interval...

Button OFF = 0 211 7 0 6 192 15 0 0 0-255 <--Byte Loops
Button ON = 0 211 7 8 14 192 15 0 0 0-255 <---Byte Loops

My initial thought was that I could just send the "ON" message and hopefully the already steady interval messages would somehow follow suit. That sadly wasn't the case. When I sent my message, the dash light indicator for the button simply blinked instead of staying on because the car was still sending the loop of "OFF" messages. I could script flooding the "ON" messages, but this wouldn't be the proper fix and I assume the function of the button wouldn't be stable.

So my question is what is the best way to go about dealing with interval packets like this? Is there a way I can get the network to drop the packets?

mrdennis87
What's hacking?
Posts: 26
Joined: 2015 Nov 19 11:21

Re: Handling of Interval CAN Messages

Post by mrdennis87 » 2016 Jan 29 11:43

I've came across this when sending the packet to roll my window down. The network constantly sends a stop packet to it. So my window will go down only a half an inch each time I send the packet, because it receives the stop packet the network is sending. The only way around this, is to send a packet to the module, and tell it to stop sending all packets.. But, I was told this is not a good idea to do as different modules control a lot of things on the vehicle.. I just left it as it is, and the window will roll down, just a half inch at a time lol. But, I never tested the theory of stopping the module, because I couldn't get the packet to send to it that would do so.

poop713
Yes, we CAN hack!
Posts: 62
Joined: 2017 Feb 09 23:31

Re: Handling of Interval CAN Messages

Post by poop713 » 2017 May 17 15:50

I know this is old but I'm going to try to help some people put reading this.
if your using "canutils" you can send a message to basically flood out the "stop" message by using "cangen"
example: "cangen can0 -g 100 -I YOURID -D YourData" "cangen can0 -g 100 -I 334 -D 000000008F030000"
you would play around with the -g 100 to get the timing correct.

mrdennis87
What's hacking?
Posts: 26
Joined: 2015 Nov 19 11:21

Re: Handling of Interval CAN Messages

Post by mrdennis87 » 2017 May 17 16:21

Is the canutils able to be used with any 2534 compliant device? In my setup, I had to write custom software, as I was using an arduino and a Can Bus shield to connect to the Class2 protocol on my car. I haven't seen 'canutils' before.

User avatar
linuxkidd
Site Admin
Posts: 345
Joined: 2005 Jul 22 15:48
Location: Anywhere, USA
Contact:

Re: Handling of Interval CAN Messages

Post by linuxkidd » 2017 May 18 12:28

can-utils is a linux based can library...

It works great on Raspberry Pi devices w/ the PI-CAN2 hat.

They even have a version w/ a 12v switching PSU so you can power the Pi from the car: PI-CAN2 w/ SMPS
If you can read this, the light is still red.

mrdennis87
What's hacking?
Posts: 26
Joined: 2015 Nov 19 11:21

Re: Handling of Interval CAN Messages

Post by mrdennis87 » 2017 May 18 12:47

That's awesome. I was using a SparkFun can bus shield with my Arduino Uno.. Had to use a voltage regulator to keep it powered to the car. I'm going to have to check this out!

poop713
Yes, we CAN hack!
Posts: 62
Joined: 2017 Feb 09 23:31

Re: Handling of Interval CAN Messages

Post by poop713 » 2017 May 23 10:21

it works great I'm just having trouble sending commands back. like I'm able to get my lock/unlock ID's but when I send them back I get nothing. I'm kinda stuck at this road block for now lol still researching why my commands aren't sending.

User avatar
linuxkidd
Site Admin
Posts: 345
Joined: 2005 Jul 22 15:48
Location: Anywhere, USA
Contact:

Re: Handling of Interval CAN Messages

Post by linuxkidd » 2017 May 23 11:19

poop713: I'd have a candump running in parallel with the cansend. That way you can see how it's going out onto the network. The candump/cansend commands don't block access on the port. I use this a LOT when I'm prototyping commands.

LK
If you can read this, the light is still red.

mrdennis87
What's hacking?
Posts: 26
Joined: 2015 Nov 19 11:21

Re: Handling of Interval CAN Messages

Post by mrdennis87 » 2017 May 23 14:36

poop713 wrote:
2017 May 23 10:21
it works great I'm just having trouble sending commands back. like I'm able to get my lock/unlock ID's but when I send them back I get nothing. I'm kinda stuck at this road block for now lol still researching why my commands aren't sending.
What year and model vehicle?

Can you post some traffic, so we can help?

poop713
Yes, we CAN hack!
Posts: 62
Joined: 2017 Feb 09 23:31

Re: Handling of Interval CAN Messages

Post by poop713 » 2017 May 24 21:03

2014 charger SXT and yes sir theres a link below to a log file I got with Wireshark
and I'm sure the ID's I have will work with other Chrysler vehicles.

heres a log file on my dropbox https://www.dropbox.com/s/o7pcd1gw7m8yw ... capng?dl=0

poop713
Yes, we CAN hack!
Posts: 62
Joined: 2017 Feb 09 23:31

Re: Handling of Interval CAN Messages

Post by poop713 » 2017 May 24 21:42

linuxkidd wrote:
2017 May 23 11:19
poop713: I'd have a candump running in parallel with the cansend. That way you can see how it's going out onto the network. The candump/cansend commands don't block access on the port. I use this a LOT when I'm prototyping commands.

LK
yea thats how I have it setup, on one terminal I'm running "cansniffer -cae can0" and on the other I'm sending the commands. I can see the commands show up on the sniffer but I'm getting no action. my only other guess is I'm missing an ID that goes along with the 2 that I already have for the door locks. on the door locks I see 2 ID's that change when I unlock/lock the doors.

mrdennis87
What's hacking?
Posts: 26
Joined: 2015 Nov 19 11:21

Re: Handling of Interval CAN Messages

Post by mrdennis87 » 2017 May 29 13:51

poop713,

I'm not showing any info for CAN, just UDS.. Do you know what the CAN ID is for the:

1) Drivers Door Module
2) Body Control Module

That's a lot of traffic to look through lol, but I'm attempting it. Being as you don't have the security algorithms from the OEMs to do Bi-Directional controls.. you will have to look for the message coming from the ECM to the Drivers Door Module or Body Control Module. I will have to go back to find my logs for my 03 trailblazer when I did this..

The easiest way, to see if it's even possible, is to.. replay all traffic that went across the bus when you locked/unlocked your doors. If they lock/unlock, then you're able to send a message to do that yourself. If not, then you're most likely not able too :\

Feel free to send a shorter log, or let me know if you know the IDs, and I can help. Or if you're using a serial connection with an Arduino or Raspberry Pi, I can maybe write some software to help with this..

poop713
Yes, we CAN hack!
Posts: 62
Joined: 2017 Feb 09 23:31

Re: Handling of Interval CAN Messages

Post by poop713 » 2017 Jun 04 21:24

im using a device called "carloop" and a "particle photon" with that I'm able to connect to linux and use "canutils"
I have an Arduino and can bus shield but so far really i am trying to use canutils, and I'm not savvy enough to code my own sketch for my can bus shield https://www.amazon.com/LinkSprite-10110 ... bus+shield
and my Arduino uno. I've tried different sketches but none worked with canutils, or I just didn't know how to get it working correctly. with the carloop they have a basic starter sketch for you to work with canutils and thats what I'm using. I'm pulling all sorts of info off the OBDII port in my 14 charger and my friends 13 Chrysler 300. the end goal is to get something like the "avidcode" https://www.youtube.com/watch?v=WEPbCZi5jZI

poop713
Yes, we CAN hack!
Posts: 62
Joined: 2017 Feb 09 23:31

Re: Handling of Interval CAN Messages

Post by poop713 » 2017 Jun 04 21:31

mrdennis87 wrote:
2017 May 29 13:51
poop713,

I'm not showing any info for CAN, just UDS.. Do you know what the CAN ID is for the:

1) Drivers Door Module
2) Body Control Module

That's a lot of traffic to look through lol, but I'm attempting it. Being as you don't have the security algorithms from the OEMs to do Bi-Directional controls.. you will have to look for the message coming from the ECM to the Drivers Door Module or Body Control Module. I will have to go back to find my logs for my 03 trailblazer when I did this..

The easiest way, to see if it's even possible, is to.. replay all traffic that went across the bus when you locked/unlocked your doors. If they lock/unlock, then you're able to send a message to do that yourself. If not, then you're most likely not able too :\

Feel free to send a shorter log, or let me know if you know the IDs, and I can help. Or if you're using a serial connection with an Arduino or Raspberry Pi, I can maybe write some software to help with this..



when I play the log back in canplayer with this filter I can see the doors unlock and lock. candump vcan0,0x334:0x7FF,0x355:0x7FF

Post Reply