NefMoto

ME7 is receiving and sending information through CAN bus, but the IDs are kept quite secret.
many GPS data loggers are able to get data from CAN but you need to have a definition, often called ".dbc".

isn't that information also in the ECU image?

I can find what I need (I think) in the FR pdf in the CAN function e.g. "Botschaft Motor 7 ($588, 20ms-Raster, 8 Byte)".
I guess $588 is the CAN ID, 50 Hz. But I need that for a ME7 I have no Funktionsrahmen for...

Yes you can find them in bin. For example, open 06a906032hj 366426, go at address 3EC9C.
You will see ID $280 (16bit) which is Motor1.
There's few bytes of data after each ID, it's up to you to make something out of it.

I might be able to help you, if you tell me what you are looking for, or what data you need to extract from the bus.

examining that Skoda 1.8t(?) image, I would find some IDs:

0280
0288
0380
0488
0010(??)
0440
01A0
0540
0420
05E0
0050
04A0
038A

is this right?
but these Blocks usually are some bytes of length with unknown composition....(to me)

From these you can see what IDs are used by ecu to send data.
$280=Motor1
$288=Motor2
$380=Motor3
$488=Motor6

These are some IDs that ecu is interested in hearing about.
$440=Transmission1
$1A0=Brake1
$540=Transmission2
$420=Kombi-instrument2
$5E0=Klima1
$050=Airbag1
$4A0=Brake3
$38A=GRA

What data you need to read from the can-bus?
Some of these messages are cyclic, so they update all the time. Some are sent only when data changes.

very nice!  :)
Did you gather that information from the Skoda image or is it a common standard for VAG cars?

I knew these IDs already, so i just looked for them in the file.
They are pretty much standard to some extent.

Boost pressure should be in packet ID $588 (Motor7), startbyte 5, 8 bits long, scaling 0.02

@ TeroK ,

Can you turn these data requests off ? In the case that you dont have the airbags and ABS ? Or is it easier to dis-able the code word and testers ect ?

Not by this method. It propably is possible if correct config bits are found. Easier to just delete codes.

@ TeroK
Can you point where to search torque from engine, in 280?, how to scale it ?

ID 280$, Inneres Motormoment, startbyte 2, length 8 bits, scaling 0.39, 0..99.06% MDI. Value of 255 = fehler.
Is this what you are looking for?
This propably doesn't apply to all engines.

I assume that you are counting from 1, right  ?

After day of tracing and I also picked byte at offset 1 as most probably candidate, with scaling ~1.4 to reach Nm
I have very good correlation in 2000 to 5000 RPM revolution range at WOT,
e.g. 308Nm vs. 306Nm taken from measuring grp 120 field 2 (engine 2.0TFSI).

At idle my tq oscialtes around 20Nm vs. 0Nm  from grp 120,
in range from 20 to 100Nm, I have 20Nm disperacy, I accounted above for mechanical losses.

But one thing I don't underestand, above 5000RPM till red line,
at 5000RPM when ECU stops maintain constant torque and start to main constant power,
my difference raises, ending with 270Nm vs 240 Nm from grp 120

I assume that explnaition is in "scaling 0.39, 0..99.06% MDI" scaling 0.39 gives what units %?
what is MDI, (eventully can you point me to some documntation/resources ?)
Is there somewhere MaximumEngineTorque ? I need convert to Nm somehow

thx for replay,

Have you looked at TKMWL (IIRC) in the FR?

You should find the answer to alot of your questions there.

TKMWL is for tester communication.
Powertrain CAN-messages you find in section CAN in FR.

There is MDMAXKBI Nm output in $580, startbyte 5 (first is 1), 8bits, scale 0..2550Nm, scaling factor 10.

Other engine torque messages are handled in internal torque %.

I know.

I was speaking specifically about his questions in his last post.

OK, got it

in listen mode i received these"
0x280 DLC: 8
Extended ID: 0x0A07C2B3  DLC: 8
0x2B8 DLC: 8
0x2F8 DLC: 8
0x40006067 DLC: 108
Extended ID: 0x000A0030  DLC: 0
Extended ID: 0x09CC6767  DLC: 7
0x4000033B DLC: 7
0x33B DLC: 7
0x363 DLC: 7
0x01D DLC: 0
0x3ED DLC: 0
0x40000380 DLC: 7
Extended ID: 0x0CEC6767  DLC: 7
0x51A DLC: 0
Extended ID: 0x000DA30B  DLC: 0
0x08B DLC: 7
0x338 DLC: 0

many of them are not defined in FR
anybody know how can i get the VIN , time from start , KM from start and time?
thanks in advance

Smaller can adresse is Most importants ecus (Motor used to be a smaltest)

Witch car you sniffed ?



IMA this sniff is not based on a VAG PQ-based car..

Yes, the priority of CAN-IDs is correct, but ECU is not the importest controler in car-network.

Airbag, ESP, SteeringAngle-sensor are more important then ECU ;)

Skoda octavia 1, it's the same like golf 4.
I found many id's from engine, but others , who vcds shows , i can not identify.
When vcds interogate the ecu , doesn;t send any can messages, or maybe is too fast.
I tried some pids from k-line and i can not find them

Witch CAN bus zu sniffed ?

Some of the ID´s you list, are not part of AntriebsCAN of PQ34 platform

arduino with mcp2515