Software On ELM Street - OBD2 Software Development

[Tazzi]

Yeah. The vz v8 ls1vpw is the 1mbyte pcms which are the same but with double the flash mem. The vz ls1 have the electronic throttle.

What were they thinking? Diversity? Lets put a bosch/euro pcm in there this time..... and why bother paying to move the flash code to can.

Ill be at my mates place who has an 07 6.0 crewman today. Ill take my gear and see if I can get some can logs.

Some logs would be great!

AVT set up to write bin ve v8


25 [00000035] IOCTL_SERIAL_SET_LINE_CONTROL StopBits: 1, Parity: No, DataBits: 8
26 [00000036] IRP_MJ_WRITE Length: 0002, Data: E1 99
27 [00000036] IRP_MJ_READ Length: 0010, Data: 91 10 83 11 00 00 83 11 04 00
28 [00000037] IRP_MJ_WRITE Length: 0004, Data: 73 0A 00 02
29 [00000037] IRP_MJ_READ Length: 0006, Data: 91 19 83 0A 00 02
30 [00000037] IRP_MJ_WRITE Length: 0004, Data: 73 2B 00 04
31 [00000037] IRP_MJ_READ Length: 0004, Data: 83 2B 00 04
32 [00000037] IRP_MJ_WRITE Length: 0006, Data: 75 2A 00 00 07 E0
33 [00000037] IRP_MJ_READ Length: 0006, Data: 85 2A 00 00 07 E0
34 [00000038] IRP_MJ_WRITE Length: 0006, Data: 75 2C 00 00 00 0F
35 [00000038] IRP_MJ_READ Length: 0006, Data: 85 2C 00 00 00 0F
36 [00000038] IRP_MJ_WRITE Length: 0004, Data: 73 27 00 00
37 [00000038] IRP_MJ_READ Length: 0004, Data: 83 27 00 00
38 [00000038] IRP_MJ_WRITE Length: 0004, Data: 73 30 00 00
39 [00000039] IRP_MJ_READ Length: 0004, Data: 83 30 00 00
40 [00000039] IRP_MJ_WRITE Length: 0005, Data: 74 0F 00 07 E0
41 [00000039] IRP_MJ_READ Length: 0005, Data: 84 0F 00 07 E0
42 [00000039] IRP_MJ_WRITE Length: 0004, Data: 73 0E 00 02
43 [00000039] IRP_MJ_READ Length: 0004, Data: 83 0E 00 02
44 [00000039] IRP_MJ_WRITE Length: 0004, Data: 73 26 00 01
45 [00000039] IRP_MJ_READ Length: 0004, Data: 83 26 00 01
46 [00000040] IRP_MJ_WRITE Length: 0004, Data: 73 11 00 01
47 [00000040] IRP_MJ_READ Length: 0004, Data: 83 11 00 01
48 [00000040] IRP_MJ_WRITE Length: 0004, Data: 73 26 00 00
49 [00000040] IRP_MJ_READ Length: 0004, Data: 83 26 00 00
50 [00000041] IRP_MJ_WRITE Length: 0005, Data: 74 0F 00 07 E0
51 [00000041] IRP_MJ_READ Length: 0005, Data: 84 0F 00 07 E0
52 [00000041] IRP_MJ_WRITE Length: 0004, Data: 73 26 00 01
53 [00000041] IRP_MJ_READ Length: 0004, Data: 83 26 00 01
54 [00000041] IRP_MJ_WRITE Length: 0008, Data: 12 00 05 00 07 E0 1A C1
55 [00000041] IRP_MJ_READ Length: 0013, Data: 02 00 01 09 00 07 E8 5A C1 00 C0 A2 12
56 [00000042] IRP_MJ_WRITE Length: 0004, Data: 73 26 00 00
57 [00000042] IRP_MJ_READ Length: 0004, Data: 83 26 00 00
58 [00000042] IRP_MJ_WRITE Length: 0005, Data: 74 0F 00 07 E2
59 [00000042] IRP_MJ_READ Length: 0005, Data: 84 0F 00 07 E2
60 [00000042] IRP_MJ_WRITE Length: 0004, Data: 73 26 00 01
61 [00000042] IRP_MJ_READ Length: 0004, Data: 83 26 00 01
62 [00000043] IRP_MJ_WRITE Length: 0008, Data: 12 00 05 00 07 E2 1A C1
63 [00000043] IRP_MJ_READ Length: 0003, Data: 02 00 01
64 [00000050] IRP_MJ_WRITE Length: 0004, Data: 73 26 00 00
65 [00000050] IRP_MJ_READ Length: 0004, Data: 83 26 00 00
66 [00000050] IRP_MJ_WRITE Length: 0005, Data: 74 0F 00 07 E0
67 [00000050] IRP_MJ_READ Length: 0005, Data: 84 0F 00 07 E0
68 [00000050] IRP_MJ_WRITE Length: 0004, Data: 73 26 00 01
69 [00000051] IRP_MJ_READ Length: 0004, Data: 83 26 00 01
70 [00000051] IRP_MJ_WRITE Length: 0008, Data: 12 00 05 00 07 E0 1A 90
71 [00000051] IRP_MJ_READ Length: 0003, Data: 02 00 01
72 [00000052] IRP_MJ_READ Length: 0024, Data: 11 16 00 07 E8 5A 90 36 47 31 45 4B 34 32 48 32 39 4C 31 36 35 35 38 32

Looks like im going to be reading the avt leaners book! The above looks like mumbo jumbo at the moment.

[vn5000]

Yeah i tried to set avt up like jayme to monitor all addresses and also had trouble,it would be good if it could be done as its very hard to monitor all address with elm and not get buffer full errors at 500kbps.
I enede up using the elm for this program i wrote.

[Tazzi]

Yeah, the elm will gets its buffer full unless it has a mask and filter applied to only accepted specific messages to come through. The filter straight up makes sense.. buuuuuuut, the mask on the other hand is a tad more complex as it breaks the header down into its bits and needs individual bits turned off/on to accept only certain headers.

Eg, I want headers all headers 62X to be shown, where X can be any value.
or between 624 and 824 ect.

An "unrestricted" flow is a bit unrealistic unfortunately since not matter what device you use, the serial baud rate will be the choke point and the device (arduino,AVT,PIC,ELM ect) end up eventually filling its buffers and spewing out the error message. Although even the avt would fill up eventually (a long time I guess, dunno how big its buffer is?).

In the app above, what is "prog ind" and "mec"?

[vn5000]

I can get the elm to monitor all with no errors on 33kb lo speed can , and with spaces off and caf0 i can get 60 + messages connected to ve v8 ign on before buffer full error using 500kb hi speed can .
As the bus has some spare time im sure the avt would handle it as it has a 4000 byte buffer compared to elm 256 byte.You get a lot of messages either way.

MEC : manufactures enable counter ,if set to a specific value the module doesnt need to be unlocked to program

Prog Indicator i used by me for development ,if youve ever tried to program a dash with under 100km using tech 2 ,it looks for this value and wont proceed unless it = a specific value
,if it doesnt tech 2 says dash already programmed ,if it does dash display will read " not programmed"

[vn5000]

Also be carefull setting the elm baud rate faster than 115200 ,the datasheet says it can handle faster speeds , so i tried and its never worked since.

[Tazzi]

I can get the elm to monitor all with no errors on 33kb lo speed can , and with spaces off and caf0 i can get 60 + messages connected to ve v8 ign on before buffer full error using 500kb hi speed can .
As the bus has some spare time im sure the avt would handle it as it has a 4000 byte buffer compared to elm 256 byte.You get a lot of messages either way.

MEC : manufactures enable counter ,if set to a specific value the module doesnt need to be unlocked to program

Prog Indicator i used by me for development ,if youve ever tried to program a dash with under 100km using tech 2 ,it looks for this value and wont proceed unless it = a specific value
,if it doesnt tech 2 says dash already programmed ,if it does dash display will read " not programmed"

The real fun begins over 100kms
I imagine the ve odo algo would very complex.

Man my list of wants is getting larger lol. AVT cable might be useful as well.. removes the need for 4 ELM cables connected at one to do multiple tasks and mimic communication.

[Tazzi]

Also be carefull setting the elm baud rate faster than 115200 ,the datasheet says it can handle faster speeds , so i tried and its never worked since.

Yeah, thats because most computers/laptops only support baud rate up to 115200. You can achieve the higher rates on an arduino or alike

[Jayme]

Commented the CAN serial log. havent figured out why it sets some things multiple times, or why it sends the same message to the CAN twice and the 2nd time the response is different. ....

Code: Select all

TX: E1 99 -- enter can mode
RX: 91 10 -- Can mode enabled
RX: 83 11 00 00 -- Can channel 0 disabled
RX: 83 11 04 00 -- can channel 4 disabled

TX: 73 0A 00 02 -- set CAN0 to 500 kbaud
RX: 91 19 --???
RX: 83 0A 00 02 - ack

TX: 73 2B 00 04 -- Channel Can0 ID/MAsk mode = 4 (Acceptance ID and mask are 16-bit values.)  11 bit IDS
RX: 83 2B 00 04 -- ack

TX: 75 2A 00 00 07 E0 -- set CAN0 ID0 = 07 E0
RX: 85 2A 00 00 07 E0 -- ack


TX: 75 2C 00 00 00 0F --set CAN0 Mask0 low order 4-bits are ‘don’t care.
RX: 85 2C 00 00 00 0F --ack

TX: 73 27 00 00 --Disable padding 
RX: 83 27 00 00 -- ack

TX: 73 30 00 00 --Disable AE
RX: 83 30 00 00 -- ack

TX: 74 0F 00 07 E0 --Set Flow Control ID = 7E0
RX: 84 0F 00 07 E0 -- ack

TX: 73 0E 00 02 --Set Flow Control separation time 
RX: 83 0E 00 02 -- ack

TX: 73 26 00 01 --Enable ISO 15765 Mode1 processing for CAN0
RX: 83 26 00 01 -- ack

TX: 73 11 00 01 -- Enable Can0 for normal operations
RX: 83 11 00 01 -- ack

TX: 73 26 00 00 --Disable ISO 156765 Processing for CAN0
RX: 83 26 00 00 --ack

TX: 74 0F 00 07 E0 --Set Flow Control ID = 7E0
RX: 84 0F 00 07 E0 --ack

TX: 73 26 00 01 --Enable ISO 15765 Mode1 processing for CAN0
RX: 83 26 00 01 --ack

TX: 12 00 05 00 07 E0 1A C1 --transmit to CAN -12 indicates second alternate header format. 00 05 is the length -00 07 E0 1A C1 is the message
RX: 02 00 01 --  message transmit to network
RX: 09 00 07 E8 5A C1 00 C0 A2 12 --receive 9 bytes from network

TX: 73 26 00 00 --Disable ISO 156765 Processing for CAN0
RX: 83 26 00 00 --ack

TX: 74 0F 00 07 E2 --Set Flow Control ID = 7E2
RX: 84 0F 00 07 E2 --ack

TX: 73 26 00 01 --Enable ISO 15765 Mode1 processing for CAN0
RX: 83 26 00 01 --ack

TX: 12 00 05 00 07 E2 1A C1 --transmit message to CAN -12 indicates second alternate header format. 00 05 is the length -00 07 E2 1A C1 is the message
RX: 02 00 01 --ack message transmit to network

TX: 73 26 00 00 --Disable ISO 156765 Processing for CAN0
RX: 83 26 00 00 --ack

TX: 74 0F 00 07 E0 --Set Flow Control ID = 7E0
RX: 84 0F 00 07 E0 --ack

TX: 73 26 00 01 --Enable ISO 15765 Mode1 processing for CAN0
RX: 83 26 00 01 --ack


TX: 12 00 05 00 07 E0 1A 90
RX: 02 00 01  --ack message transmit to network
RX: 11 16 00 07 E8 5A 90 36 47 31 45 4B 34 32 48 32 39 4C 31 36 35 35 38 32

[Tazzi]

Cheers Jayme, that clears it up alot more.,
When sending say: 12 00 05 00 07 E2 1A C1
The actual message is :7E2 1A C1
So most "programming" procedures must be performed over CAN 11bit (Im guessing 11bit High, wonder whats on low?).

Since 29bit comms is pretty busy with "general chatter", so it makes sense to do most of the work over a comms with minimal chatter.

[Jayme]

so im still a little confused... but it looks to me like it tries to communicate with 7E0 flow control ID, which works, then it tries with 7E2, which fails, so it goes back to 7E0 then starts talking to PCM?

would you expect that if I set most things the same as this procedure then sent a request for a PID it would work?
what would you expect an AVT PID request for say SAE RPM to look like after looking at the above?