|
Title: Kess Flash Sniffing Suggestions Post by: bluelighttube on December 06, 2022, 03:01:24 PM Does anyone have suggestions for sniffing a Kess KWP protocol flash on CAN high/low wires?
Normally, I plug a k+dcan cable into a Y splitter cable and listen live with putty or some other serial logger. However with the Kess, when I plug my K+dcan cable in the OBD Y splitter, there is packet loss whether i'm listening live or not. It shows as either unable to identify ECU or or it identifies it with bad data ie VIN and HW ID appear truncated. The sniffed data is accurate up until the failure too. I have both a genuine and non kess both of which behave the same in this scenario. Title: Re: Kess Flash Sniffing Suggestions Post by: cherry on December 06, 2022, 03:52:02 PM Look into datasheet from your transceiver and mute it. You need to connect a pin. Not all support this, maybe you need to use a compatible one, and maybe lift pin.
Title: Re: Kess Flash Sniffing Suggestions Post by: bluelighttube on December 07, 2022, 08:57:26 AM Look into datasheet from your transceiver and mute it. You need to connect a pin. Not all support this, maybe you need to use a compatible one, and maybe lift pin. I am open to hardware suggestions as well.Title: Re: Kess Flash Sniffing Suggestions Post by: cherry on December 07, 2022, 03:08:33 PM Did you open your interface, check transceiver and read in datasheet how to mute it?
Title: Re: Kess Flash Sniffing Suggestions Post by: bluelighttube on December 07, 2022, 03:11:36 PM Did you open your interface, check transceiver and read in datasheet how to mute it? It is a ft232RL and could not find anything relating to muting in the datasheet. Title: Re: Kess Flash Sniffing Suggestions Post by: bluelighttube on December 16, 2022, 08:25:52 AM Did you open your interface, check transceiver and read in datasheet how to mute it? So I found it is a mcp2515. The top was not easily legible. The datasheet states "The Listen-only mode is activated by setting the mode request bits in the CANCTRL register" Would this have to be in the program that's on the atmega162 operating the whole device? I have not interfaced with a transciever like this. https://www.sparkfun.com/datasheets/DevTools/Arduino/MCP2515.pdf Title: Re: Kess Flash Sniffing Suggestions Post by: cherry on December 16, 2022, 09:36:42 AM Take a look for another cable with SOIC8 inside. If it´s MPC2551 inside replace it with a TJA1050, then you can mute it by connection.
Title: Re: Kess Flash Sniffing Suggestions Post by: IamwhoIam on December 16, 2022, 09:39:59 AM What sort of top secret super dooper protocol are you trying to sniff from a Kess of all things?
Title: Re: Kess Flash Sniffing Suggestions Post by: bluelighttube on December 16, 2022, 10:56:32 AM Take a look for another cable with SOIC8 inside. If it´s MPC2551 inside replace it with a TJA1050, then you can mute it by connection. Thanks this worked to a point where the communication with KESS is not disrupted. However, it seems i'm only sniffing maybe 5% of the traffic (but are clean packets logged)Title: Re: Kess Flash Sniffing Suggestions Post by: nihalot on April 20, 2023, 11:16:09 AM Kess switches baud rates after initial loader is sent to the ecu in boot/bench protocols
Usually init is at 100kBit/s and switched to 500/1000kBit/s This varies from ecu to ecu but you can use something like PCAN and write scripts to change baud automatically Title: Re: Kess Flash Sniffing Suggestions Post by: K2d33 on April 09, 2024, 01:26:02 AM Kess switches baud rates after initial loader is sent to the ecu in boot/bench protocols Or simply use another kind of logging devices... such as Salae or Kingst Logic analyzer to log "start communication" - and your tool enabled with delay to grab another data ;-)Usually init is at 100kBit/s and switched to 500/1000kBit/s This varies from ecu to ecu but you can use something like PCAN and write scripts to change baud automatically |