instantioc
Newbie
Karma: +0/-0
 Offline
Posts: 11
|
 |
« on: October 03, 2023, 05:17:31 PM »
|
|
|
I'm honestly at a loss and hoping someone has some guidance. I bought a MG1 DME from an M5 (F90) to do some bench experiments. I also have a AMT BST clone interface and another commercial tool for bench reading and writing these ECU's. The bench diagram uses (2) 12V leads, GND and CAN-H and CAN-L for communciation. Each of the tools identifies and is able to read and write to the ECU. I hooked up my Picoscope to record the CAN traffic and tried to decode with built in CAN decoder. I had moderate success with this ... mainly just some initial frames but never the whole exchange. This problem 1. Problem 2 ... I tried attaching a Raspberry Pi with CAN Hat to the CAN bus and candump the bench tool reading the ECU's ID. Communication fails if the CAN hat is connected to the bus with the tools (either one). Yet, the CAN hat can talk CAN0 to CAN1 no problem if wired back to back. My ultimate goal is to analyze the CAN exchange of a bench tool communicating with the ECU, reading VIN, and ideally later writing but I'm not even crawling at this point ... just pooping my diaper.  |
|
|
|
|
Logged
|
|
|
|
instantioc
Newbie
Karma: +0/-0
Offline
Posts: 11
|
|
« Reply #1 on: October 03, 2023, 05:29:16 PM »
|
|
|
Adding a snapshot from the Picoscope. The initial identification with the commercial tool sends around 100 CAN frames with all of the same data, then pauses and any further CAN messages are not able to be decided with the built in CAN decoder (at least by me).
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #2 on: October 03, 2023, 10:23:41 PM »
|
|
|
At your level of knowledge... give up now... sorry.
1. The protocol is not CAN, it's only using CAN transceiver. So any CAN sniffing tools do not work.
2. Learn at least about the CAN topology, this is open info. Your Pi probably has a termination resistor.
|
|
|
|
|
Logged
|
|
|
|
instantioc
Newbie
Karma: +0/-0
Offline
Posts: 11
|
|
« Reply #3 on: October 04, 2023, 09:16:02 AM »
|
|
|
"At your level of knowledge... give up now... sorry."
Ha ... I expected nothing less from you. Seems to be your MO. I'll continue researching and publish stuff in my thread as I find valuable info. At least others at my inferior level may find some benefit. Thanks for your helpful advice as always.
|
|
|
|
|
Logged
|
|
|
|
Irish37
Newbie
Karma: +2/-8
Offline
Posts: 3
|
|
« Reply #4 on: October 05, 2023, 08:08:22 AM »
|
|
|
... sorry.
You ain’t sorry. You are a Liar Can’t help? Can’t teach, or show him the way? You know how to do it, and can help and can teach, but you actively choose not to because being a total CUNT makes you feel better than others. Greedy whores who can’t share free knowledge This place is sad as fuck PRJ, how about you give up on life? You have the appeal of a steaming pile of shit |
|
|
|
« Last Edit: October 05, 2023, 08:10:28 AM by Irish37 »
|
Logged
|
|
|
|
instantioc
Newbie
Karma: +0/-0
Offline
Posts: 11
|
|
« Reply #5 on: October 05, 2023, 01:25:27 PM »
|
|
|
I truly was not expecting someone to hand over code they've been working on for a while or anything remotely close. Instead of the "kindly fuck off and kill yourself ... sorry" that I got, here would have been a slightly more helpful response or even none at all.
1. The protocol is not CAN, it's only using CAN transceiver. So any CAN sniffing tools do not work. <<<< Good start to a response. Maybe give a hint as to what protocol is actually running if you know (ISO-TP, UDS, etc). Still don't understand why I did actually see some CAN traffic that was decoded though if there's no CAN.
2. Learn at least about the CAN topology, this is open info. Your Pi probably has a termination resistor. <<< Not a horrible response. At least it gives a hint. I did research and actually tried the 120 ohm switch in both settings. I've since found another thread discussing "silent" mode (RX only) on the CAN transceivers which I will experiment with.
|
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #6 on: October 05, 2023, 01:31:29 PM »
|
|
|
Maybe give a hint as to what protocol is actually running if you know (ISO-TP, UDS, etc). Still don't understand why I did actually see some CAN traffic that was decoded though if there's no CAN. In the SBOOT itself the only thing used from CAN is the physical transceiver, as I already told you. Why you bring in transport and service layer protocols when it's not even running CAN frames is beyond me. I mean you see it yourself at this point, don't you? No amount of CAN configuration will give you anything, because it's not really CAN beyond the physical layer. Search this forum, this has been discussed here in the past... But you really picked the wrong protocol for an easy copy paste. |
|
|
|
|
Logged
|
|
|
|
instantioc
Newbie
Karma: +0/-0
Offline
Posts: 11
|
|
« Reply #7 on: October 05, 2023, 01:59:25 PM »
|
|
|
Thank you for responding. I'll keep at it. If it were easy, it wouldn't be any fun. Maybe I'm just a glutton for punishment or I enjoy spending thousands on tools, toys and software. It's all about the journey. I don't make my living off of any of this. It will never be more than a hobby for me. |
|
|
|
|
Logged
|
|
|
|
jcsbanks
Full Member
Karma: +17/-3
Offline
Posts: 126
|
|
« Reply #8 on: October 05, 2023, 03:29:41 PM »
|
|
|
UART?
|
|
|
|
|
Logged
|
|
|
|
|
terminator
|
|
« Reply #9 on: October 05, 2023, 06:38:27 PM »
|
|
|
It's UART. First CAN, then switches to UART.
MEDC17 can be fully read via CAN, but not sure about MDG.
|
|
|
|
|
Logged
|
|
|
|
elias
Full Member
Karma: +17/-3
Offline
Posts: 59
|
|
« Reply #10 on: October 06, 2023, 04:11:55 AM »
|
|
|
Can someone remind me of the usb-adapter which is able to communicate with UART and CAN on physical CAN-Pins? It would help the thread starter as he want to do opensource solution.
|
|
|
|
|
Logged
|
|
|
|
Geremia
Jr. Member
Karma: +11/-10
Offline
Posts: 27
|
|
« Reply #11 on: October 06, 2023, 11:15:40 AM »
|
|
|
- want to make opensource copypaste of some [probably cloned] commercial tool protocol
- can't even understand a sniff
- pretend a tutorial from the knowledged people, since precious hints are not enought.
Pause 5minutes, guess how many months of reverse engineering it would take to find a bug to exploit in first place, do you think that these exploits grows in the garden for free? Where do you think the knowledge comes from, if not from years of professional reverse engineering? Do you really think to deserve help to make your afterdinner project to get cool with friends? This is not "car-hacking" around steering wheel of a crappy jeep with arduino, sorry.
|
|
|
|
|
Logged
|
|
|
|
jcsbanks
Full Member
Karma: +17/-3
Offline
Posts: 126
|
|
« Reply #12 on: October 06, 2023, 02:08:43 PM »
|
|
|
Can someone remind me of the usb-adapter which is able to communicate with UART and CAN on physical CAN-Pins? It would help the thread starter as he want to do opensource solution.
No idea of the USB adapter, but an ESP32 is able to do UART or CAN on the same pins and is able to be switched at run time. Most microcontrollers with pin mapping should be able to. |
|
|
|
« Last Edit: October 06, 2023, 02:13:55 PM by jcsbanks »
|
Logged
|
|
|
|
instantioc
Newbie
Karma: +0/-0
Offline
Posts: 11
|
|
« Reply #13 on: October 06, 2023, 02:20:06 PM »
|
|
|
- want to make opensource copypaste of some [probably cloned] commercial tool protocol
- can't even understand a sniff
- pretend a tutorial from the knowledged people, since precious hints are not enought.
Pause 5minutes, guess how many months of reverse engineering it would take to find a bug to exploit in first place, do you think that these exploits grows in the garden for free? Where do you think the knowledge comes from, if not from years of professional reverse engineering? Do you really think to deserve help to make your afterdinner project to get cool with friends? This is not "car-hacking" around steering wheel of a crappy jeep with arduino, sorry.
WTF are you talking about? Not one of these assertions is even remotely true. I'm not sure if you feel threatened about folks sharing information with each other and it affecting your livelihood or if you're just a dick, maybe both? As far as using a commercial tool(s) and studying them, OF COURSE I'm going to do that. I already own them and why wouldn't I glean info if available? You'd have to be at least mildly retarded not to. That is LITERALLY the definition of reverse engineering. I'd venture to guess you've probably done the same as well before you decided to hoard and sell the info. Also, I have no need to "get cool with friends" ... maybe that's your bag? Maybe just projecting a bit? Really trying to understand your hostility here. |
|
|
|
|
Logged
|
|
|
|
|
prj
|
|
« Reply #14 on: October 07, 2023, 02:25:20 AM »
|
|
|
As far as using a commercial tool(s) and studying them, OF COURSE I'm going to do that. I already own them and why wouldn't I glean info if available? You'd have to be at least mildly retarded not to. That is LITERALLY the definition of reverse engineering. Reverse engineering is if you take the ECU and find your way in without copying what someone else did before you. Calling sniffing a commercial tool and replicating the behaviour "reverse engineering" is an insult to those of us who actually do it and make the solutions that others copy. The correct term is "stealing IP". |
|
|
|
|
Logged
|
|
|
|
|
