Evesdropping Software

Disassembly, Reassembly, Tools and devleopment. Going deep with Hardware and Software.
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: Evesdropping Software

Post by ironduke »

This is something I wrote, it should get you started.. Not promoting my own, just what I have, lol.. If your working with an ecm compatible with pcm hammer than you want to select 9 twice so it states it's monitoring vpw communication which is pin 2.. unzip it using 7zip and run the exe in the folder..
J2534.Logger.2.0.8.7z
(28.09 KiB) Downloaded 149 times
MudDuck514
Posts: 397
Joined: Wed Jul 05, 2017 8:30 am
cars: 2001 Pontiac Grand AM SE
LD9 2.4l I4, 4T40E
2005 Chevrolet Venture
LA1 3400 V6, 4T65E
Location: North TX, USA

Re: Evesdropping Software

Post by MudDuck514 »

ironduke wrote:This is something I wrote, it should get you started.. Not promoting my own, just what I have, lol.. If your working with an ecm compatible with pcm hammer than you want to select 9 twice so it states it's monitoring vpw communication which is pin 2.. unzip it using 7zip and run the exe in the folder..
J2534.Logger.2.0.8.7z
I assume this only works with a J-tool? Do you have one that works with the OBDXpro tool?

Mike.
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: Evesdropping Software

Post by ironduke »

MudDuck514 wrote:
ironduke wrote:This is something I wrote, it should get you started.. Not promoting my own, just what I have, lol.. If your working with an ecm compatible with pcm hammer than you want to select 9 twice so it states it's monitoring vpw communication which is pin 2.. unzip it using 7zip and run the exe in the folder..
J2534.Logger.2.0.8.7z
I assume this only works with a J-tool? Do you have one that works with the OBDXpro tool?

Mike.
No I don't. but.. use a serial terminal program and typing in atma should do the same thing.. Data should scroll across the screen.. Highlight and copy and paste to a text file, or some serial terminal programs can bet set to log automatically.. That would be for pin 2 vpw.. pin 1 should work as well given the data rate, high speed can pins 6&14 would be a problem speedwise.. No idea how big the read buffer is or what baud rates are available for that tool..
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: Evesdropping Software

Post by antus »

Nobody has specifically mentioned VPW and I expect were talking can but keep in mind that for VPW you have 1x and 4x data rates, and most logging tools wont automatically switch between the two speeds so the data at the higher speed tends to be missed.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: Evesdropping Software

Post by ironduke »

antus wrote:Nobody has specifically mentioned VPW and I expect were talking can but keep in mind that for VPW you have 1x and 4x data rates, and most logging tools wont automatically switch between the two speeds so the data at the higher speed tends to be missed.
Very good point on the 4x programming speed for VPW.. OP had mentioned monitoring an ecm compatible with pcm hammer so I was making the assumption of vpw communicaton.

The elm327 can do 4x speed but only in custom configuration,

my j2534 logging software can do 4x speed but I have no implementation of that done in my code.. That would have to be something I would try to incorporate but as I have no use for it something like that would get put on the back burner.. Wouldn't be hard to add a selection to try to connect at 4x vpw(10.4) speed but it might not connect and at the very least it would show garbage until the tech2 switched to 4x mode.. Not sure If I would be able to automate it..
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: Evesdropping Software

Post by antus »

I did it in code here in a logic analyser, and its now been ported to sigrok v3 plugin api. viewtopic.php?f=3&t=4761 It measures the length of the start of frame, and then from that decides if its a 1x or a 4x packet, and adjusts it internal timings to collect the rest of the packet. It works well for what it is, but it was more for allpro interface firmware development and not for generic packet capture - it doesnt have a way to dump the decoded packets to csv or anything, you have to read off the screen and you need a capture device that can capture the electronic signal for long enough in one hit.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
darkman5001
Posts: 212
Joined: Sat Dec 18, 2021 8:15 am
cars: 2004 Suburban, 2001 Tahoe, 2002 Envoy, 2006 Envoy, 2003 Lincoln LS
Location: New Jersey, USA

Re: Evesdropping Software

Post by darkman5001 »

I gave IronDuke's logger a try and it records up until programming starts and then crashes. Any ideas?
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: Evesdropping Software

Post by ironduke »

darkman5001 wrote:I gave IronDuke's logger a try and it records up until programming starts and then crashes. Any ideas?
As Antus had mentioned something none of us had thought of, Once it goes to programming mode it switches to high speed mode which is 4x normal vpw speed.. my software does not switch. About the only fairly quick thing I could do to help you is give 4x vpw speed as a connection option.. If it does connect it would be garbled and miss all the messages prior to 4x speed.. It would then hopefully show valid data once in 4x mode..

Antus's method of looking at the length of the start frame would be waay more work than I intend to put in on something like that if I could even figure out how to do it. I do not know if his sigrok plugin tool would work for you, I have never tried it, no idea how to use it or set it up..

my tool as it sites now can get you the seed and key at least.. If you post up your known seed and key we can probably come up with an algorithm that will unlock that model ecu.. Unless your just wanting to do the one..
User avatar
Gampy
Posts: 2330
Joined: Sat Dec 15, 2018 7:38 am

Re: Evesdropping Software

Post by Gampy »

ironduke wrote:
darkman5001 wrote:I gave IronDuke's logger a try and it records up until programming starts and then crashes. Any ideas?
As Antus had mentioned something none of us had thought of, Once it goes to programming mode it switches to high speed mode which is 4x normal vpw speed.. my software does not switch. About the only fairly quick thing I could do to help you is give 4x vpw speed as a connection option.. If it does connect it would be garbled and miss all the messages prior to 4x speed.. It would then hopefully show valid data once in 4x mode..

Antus's method of looking at the length of the start frame would be waay more work than I intend to put in on something like that if I could even figure out how to do it. I do not know if his sigrok plugin tool would work for you, I have never tried it, no idea how to use it or set it up..

my tool as it sites now can get you the seed and key at least.. If you post up your known seed and key we can probably come up with an algorithm that will unlock that model ecu.. Unless your just wanting to do the one..
Post the code and let some one that is capable of doing it, do so if they choose ...
Intelligence is in the details!

It is easier not to learn bad habits, then it is to break them!

If I was here to win a popularity contest, their would be no point, so I wouldn't be here!
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: Evesdropping Software

Post by ironduke »

Gampy wrote:
ironduke wrote:
darkman5001 wrote:I gave IronDuke's logger a try and it records up until programming starts and then crashes. Any ideas?
As Antus had mentioned something none of us had thought of, Once it goes to programming mode it switches to high speed mode which is 4x normal vpw speed.. my software does not switch. About the only fairly quick thing I could do to help you is give 4x vpw speed as a connection option.. If it does connect it would be garbled and miss all the messages prior to 4x speed.. It would then hopefully show valid data once in 4x mode..

Antus's method of looking at the length of the start frame would be waay more work than I intend to put in on something like that if I could even figure out how to do it. I do not know if his sigrok plugin tool would work for you, I have never tried it, no idea how to use it or set it up..

my tool as it sites now can get you the seed and key at least.. If you post up your known seed and key we can probably come up with an algorithm that will unlock that model ecu.. Unless your just wanting to do the one..
Post the code and let some one that is capable of doing it, do so if they choose ...
If someone is capable of it then they really don’t need my poor example of programming to start with, lol.. there is an earlier version of it on GitHub, I may update it with this version that does do the different buses.. Not hard to connect on a different bus or speed once you figure out the hard stuff.. well, hard to me.. lol
https://github.com/IronDuke123/Canbus-logger


Oh,just had a small brainstorm.. If your just looking for seed key and kernel just grab the files out of the sps cache..I have another program that can extract them, identify the utility file, get the seed key algo and table, and get the cal files.. The write kernel is inside the utility file.. If you empty the cache, then program an ecu, you can grab the files it used and zip them up and post up here, the utility file isn't too hard to break down and get the kernel..
I have since found out that some of the newer sps files are sort of encrypted but pcmhammer ecu's will not be effected..
Post Reply