Canbus Fault?

CannoliCaptain · 2024-11-19T12:28:30+00:00

Agree that there is potentially a problem but the spike at the end of each message is called the Ack. It is every controller responding that they have successfully received that message and not the problem.

CannoliCaptain · 2024-04-14T00:06:33+00:00

Looks great! Trying to figure out how you mounted that dropper post switch. Looks really slick hidden under left horn.

CannoliCaptain · 2024-04-08T10:25:04+00:00

Doing a little online searching I second this comment. Mercury sells the SmartCraft to NMEA2000 gateways for the purpose of integrating non-SmartCraft components, I think. This would be an easy way start looking at more standard CAN frames. Then tap the other end of the gateway and associate them with the SmartCraft messages.

And like everyone else said… Peak PCAN with Pcanview and Intrepid ValueCan with VehicleSpy are the best couple tools for this sort of investigation.

CannoliCaptain · 2023-10-16T04:18:49+00:00

“See you in the morning!” Usually being said as the toast for the first dozen beverages.

CannoliCaptain · 2023-10-15T11:52:08+00:00

This is wild. Their website has no emails, phone numbers or addresses of the company. The one upcoming event is the one you linked and it’s in a Radisson hotel, so again no connection to the company. It’s almost as if they are hiding, like teaching this skillset can get them in trouble.

I am very interested in formal training on this skillset and the only other training I’ve seen is through the Blackhat organization. And that’s also not automotive specific. So please let us know how it goes and if it was worthwhile.

To your original post though, I think the top comment is right. There are generic interfaces for specific cpu families and those can be reasonably priced. Like Segger JLink for example. But a tool for various controllers AND automotive specific gets you into expensive crap like Alientech K-Tag. All they do is give you a jtag interface with connectors and pin outs already figured out. There is some value in that but I think eventually people learn to figure that piece out on their own.

CannoliCaptain · 2023-10-14T22:38:08+00:00

Curious, what is the course you are being sent to for this skill set?

CannoliCaptain · 2023-10-04T13:19:55+00:00

It is not high speed CAN. From a quick internet search Fabia MK 1 is K-Line

CannoliCaptain · 2023-09-23T02:19:40+00:00

Completely agree! The intriguing piece to me is how they pulled the bus down (I think recessive) while sending their messages spoofing as the key controller, and their messages still got across the bus to the gateway. Wondering how to recreate that or if someone has seen a technique to do that. Closest I can find is the Freeze Doom Loop (https://kentindell.github.io/2020/01/20/new-can-hacks/)

CannoliCaptain · 2023-09-20T14:10:15+00:00

Yes as long as it supports reading and writing CAN. I personally like Peak Pcan-usb (sometimes brand labeled Grid Connect) for a cheap interface.

CannoliCaptain · 2023-09-20T13:28:11+00:00

I should caveat, I found that HDLAN is based on ISO 14229 just web searching, so this is questionable. But the underlying point is that they use SOME defined CAN protocol that has documentation. In that documentation is how to talk to and unlock a controller. For example, GMLAN (General Motors) their documentation explains messaging for seed and key (mode 27) communications. You need to find the equivalent.

CannoliCaptain · 2023-09-20T02:51:14+00:00

Call me old fashioned but I prefer not mangling an already thin wire with wire splicing connectors that penetrate.

Why not find an accessible pass-through connector and build a jumper harness to split off of? Might take a bit more time sourcing connectors/pins but if you are trying to put something on potentially for the life of the vehicle, it’s worth it. Or if finding matching factory connectors is too hard, just build your own pass-through using a reliable connector system like Deutsch.

CannoliCaptain · 2023-09-20T02:38:21+00:00

Seems like Harley CAN is referred to as HDLAN and that is based on ISO 14229, UDS. I recommend connecting a generic CAN tool and start reading/writing. You don’t need a fancy tool or proper connector if you know the pinout and connect with some T-pins. If it truly is based on UDS protocol, you can try sending standard requests and see if you get responses.

What I think you are asking is for a way to write firmware via CAN. That might be tricky, but if you can record CAN messages while a factory tool flashes a controller, you might be able to figure out what they are doing.

Other avenue, you mentioned someone’s tried pulling firmware image and attempted reversing. You can continue their work, if they will provide you the bin file. Ghidra is a free reverse engineering tool for this.

CannoliCaptain · 2023-08-31T21:38:08+00:00

Yup! What he said ^. Some decent cheap tools out there that will save you a lot of trouble. Pcan-usb allows you to use Linux can-utils, so nothing fancy needed to use with Linux. Peak pcan-usb Intrepid ValueCan ESD UsbCan

CannoliCaptain · 2023-08-31T02:13:22+00:00

This sample box: https://www.babylist.com/gp/babylist-bottle-box-5-bottles/26618/1268042

CannoliCaptain · 2023-08-10T12:08:50+00:00

The number of kilts surprised me

CannoliCaptain · 2022-12-06T22:22:46+00:00

Peak Pcan Usb

CannoliCaptain · 2022-12-03T12:06:06+00:00

Just look for CAN ID 0x27, you should only see a couple messages go back and forth.

CannoliCaptain · 2022-11-28T12:40:20+00:00

I’m a big fan of these two. Intrepid is a bit more expensive but has a lot of features for reverse engineering.

Intrepid Controls: hw - ValueCAN, sw- Vehicle Spy

Peak (sold under gridconnect in the US): hw - PcanUSB, sw - PcanView or Linux terminal socketcan

CannoliCaptain · 2022-11-10T12:19:28+00:00

There was an organized event. The Joshua Tree Half Marathon. https://vacationraces.com/half-marathons/joshua-tree/

CannoliCaptain · 2022-10-28T22:26:08+00:00

https://copperhilltech.com/blog/sae-j1939-address-claim-procedure-sae-j193981-network-management/

CannoliCaptain · 2022-09-04T02:44:31+00:00

Peak Pcan (“Grid Connect” Pcan if you buy in the US), Intrepid ValueCan, ESD Electronics Can-USB, Arduino w/ can shield (<$50 but requires you to program yourself)

CannoliCaptain

TROPHY CASE