Pages: 1 [2]
Author Topic: Anyone into car mods with Linux and OpenSource?  (Read 11291 times)
d3irb
Full Member
***

Karma: +134/-1
Offline Offline

Posts: 195


« Reply #15 on: October 24, 2020, 08:42:53 AM »

I'm a little confused where you're going here, this DFU mode code you linked in the Panda is the way the Panda gets reflashed over USB, it's entirely unrelated to ECUs or even cars really, just a standard STM32 microcontroller update system.

Maybe https://github.com/pylessard/python-udsoncan and https://github.com/richClubb/python-uds/ , specifically https://github.com/richClubb/python-uds/blob/master/test/Uds-Config-Tool/Functional%20Tests/E400NewProgrammingSequence.py can help if your best language is Python?

That second project is massive academic overkill since it tries to implement the ASAM flashing standard (where the addresses and blocks to flash are defined by an ODX file), but that file does give you a good outline in Python of the steps I laid out in my last post on this thread: diagnostic session -> security access -> erase memory -> download -> transfer data -> exit transfer -> checksum -> reset ECU.

Also, geohotz is a wanker.
Logged
00001101
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 15


« Reply #16 on: October 24, 2020, 04:41:41 PM »

Today I found one more alternative.

Its a python library called UDSonCAN. I am considering using MCP2515 can bus module either with RP3 or Arduino to start my testing because is cheap but reliable way. UDSonCAN is basically everything you need that was specified on ISO 14229 documentation. I am still not clear on how change diagnostic session works for writing data but I guess now I need an ECU to play around with. That would be the only way to learn.

- UDSonCAN: https://github.com/pylessard/python-udsoncan
- MCP2515 Module CAN Bus Module SPI Module CAN Shield for Raspberry Pi
Logged
00001101
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 15


« Reply #17 on: October 24, 2020, 04:44:53 PM »

I'm a little confused where you're going here, this DFU mode code you linked in the Panda is the way the Panda gets reflashed over USB, it's entirely unrelated to ECUs or even cars really, just a standard STM32 microcontroller update system.

Maybe https://github.com/pylessard/python-udsoncan and https://github.com/richClubb/python-uds/ , specifically https://github.com/richClubb/python-uds/blob/master/test/Uds-Config-Tool/Functional%20Tests/E400NewProgrammingSequence.py can help if your best language is Python?

That second project is massive academic overkill since it tries to implement the ASAM flashing standard (where the addresses and blocks to flash are defined by an ODX file), but that file does give you a good outline in Python of the steps I laid out in my last post on this thread: diagnostic session -> security access -> erase memory -> download -> transfer data -> exit transfer -> checksum -> reset ECU.

Also, geohotz is a wanker.


Lol I agree. I actually posted about UDSonCAN just now and saw your post. Panda is too expensive and overcomplicated. Check my update and thanks for the recommendation.
Logged
d3irb
Full Member
***

Karma: +134/-1
Offline Offline

Posts: 195


« Reply #18 on: October 27, 2020, 05:18:03 PM »

https://github.com/bri3d/VW_Flash/blob/master/flashsimos18.py here's a worked example of UDSonCAN -> Flash.

I hope this illustrates my main points:

The basic flashing routine is simple. Diagnostic session -> security access -> erasememory -> request download -> transfer data (repeat) -> exit transfer -> checksum -> reset is shared across almost all ECUs, because there's no reason to add complexity, and why make your dealer tools more expensive to develop? The details of SecurityAccess and the routines used in flashing differ from manufacturer to manufacturer, but for the most part, there's no reason to add extra cost to both the supplier's ECU development process and the manufacturer's tools development process.

Here's the thing though: this is where the commonalities end. The ability to flash arbitrary software on any given ECU is an exercise in reverse engineering much simpler than (most of the time...) but no different to jailbreaking a new mobile phone or games console: the trust chain needs to be compromised at runtime, arbitrary code must be inserted, and then a permanent "untethered" security bypass needs to be installed to allow for custom calibration.

This is the challenge in tuning and goes far beyond flashing, which is honestly the elementary part left to the reader. I think a lot of the reason you don't see more open-source flashing software, not to be elitist to _too_ great a degree, is that by the time you've built a tuning solution for an ECU, flashing is a distant, trivial afterthought.
Logged
Pages: 1 [2]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.015 seconds with 16 queries. (Pretty URLs adds 0s, 0q)