J2534 Emulator

ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

J2534 Emulator

Post by ironduke »

Wondering if anyone knows of one?
This winter might give me some time to play indoors, instead of coding and then going out to the shop to try it, or lugging 2 mdi's and a y cable in the house I'm wondering about using a simulator..

I did find 1 and it uses a xml file to store the receive and reply commands but with CAN(6&14) the damn thing is adding a checkbyte of some kind at the end of every message.. I know that exists with gm vpw communication but this is just not working for me, lol.. I'll attach what I found below, Don't remember where exactly I found it but google did the hard work for me.. It's in russian(I think) so the characters don't even show up for me but I muddled thru it, lol..

In any case I want to be able to sed up a J2534 simulator that I can connect to with my own software and have it reply to some of my commands, could actually use it with dps and other gm software possibly as well..

Say I send a 00 00 01 01 FE 02 1A B0 then it will reply with 00 00 07 E8 03 5A B0 11

This would be with no MDI plugged into the computer.. As it stands now I have some code to spoof either an E92 or a T43 transmission so I can sniff a 5 byte key or program just the ECM when the ecm AND TCM are required.. But this requires 2 mdi's plugged into each other with a y cable, little bit of a pita.. With the simulator I can change my receive and reply file and send it..

program I found is below.. I can't/haven't found how how to get into the dll and run thru the code to remove the checkbyte.. that's my other option?
PassthruEMUv1.09.7z
(357.2 KiB) Downloaded 974 times
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: J2534 Emulator

Post by kur4o »

https://forum.kolyandex.su/viewtopic.php?t=48

Here si download links, there is also a tracer.
If we have the source it will be easy to remove the checkbyte.
Maybe some of the checkboxes clears it.
Do you have a pic with the program that states text not ????
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: J2534 Emulator

Post by ironduke »

No pics, I’ve been looking as well.. google brought up some people talking about it and they mentioned Russian language so I even tried downloading windows language pack for Russian and still no dice..

I’ll check the link you posted, think I looked at that before, it does say simulator but other than allowing me to connect to it I don’t see where I can edit a receive and reply setup.. I’ll check into it and see what I can come up with, thanks..

Edited: Your link is to the same program I attached, lol.. There is another program I had found but as explained above I don't know how to make it work to do what I want it to do.. If someone else could use this maybe we could figure it out?

https://github.com/charlie-x/J2534-Sim
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: J2534 Emulator

Post by kur4o »

https://www.autohacking.net/viewtopic.php?t=8567

Here are some screenshot and in depth how it works. The ini file is where you store the recieve/reply strings.


Edit:checked the source.

ExtraDataIndex in j2534_sim.cpp seems like what you need. How to turn it off is another question.
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: J2534 Emulator

Post by ironduke »

Just want to make sure I'm not confusing you.. The program I posted and the github I linked are 2 different programs..

If you are able to find source code for the PassthruEMUv1 program that would probably make things a lot easier..
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: J2534 Emulator

Post by kur4o »

charlie-x/J2534-Sim: J2534 Simulator for 0202 and 0404 - GitHub

By the name of it 0202 0404 I was under impression it is the same stuff due to the folders in zip.
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: J2534 Emulator

Post by ironduke »

Yeah, I was hopeful... doesn't seem to be related but maybe? I can't find any reference to reading an xml file or anything that actually does anything receive reply wise except pretend to connect which I can't even get to work. There seems to be missing code in the first switch command. Don't know c++ that well but it doesn't look right.

I am finding something out, I need to research it more, I've been trying it with my own code and then with DPS..
My own code using CAN seems to be ok without that extra byte..
DPS connects as ISO15765 and sets up filters and that's where it seems to be adding the checksums.. Can formatting is messed up in the dll?? I noticed I had to remove the length byte to get it to even recieve the command so I removed the length byte from the replies and it does work but that's where it's adding the extra checksum byte at the end?
kur4o
Posts: 948
Joined: Sun Apr 10, 2016 9:20 pm

Re: J2534 Emulator

Post by kur4o »

0000008594: WriteMsgs ChID=00000001 Nummsg=1
0000008594: PtID=00000005 Rx=00000000 Tx=00000040 Time=00000000 DataSize=0000000C ExData=00000000
0000008594: (TO=0) TxD[0]:00 00 01 01 FE 01 20 00 00 00 00 00
0000008594: ReadMsgs ChID=00000001 Request Nummsg=1
0000008594: PtID=00000005 Rx=00000001 Tx=00000040 Time=E349E0A8 DataSize=0000000D ExData=00000000
0000008594: (TO=500) RxD[0]:00 00 01 01 FE 01 20 00 00 00 00 00 21
0000008594: TOTAL Nummsg=1 Result=STATUS_NOERROR
0000008594: ReadMsgs ChID=00000001 Request Nummsg=1
0000008688: PtID=00000005 Rx=00000000 Tx=00000000 Time=E349E0A8 DataSize=0000000C ExData=0000000B
0000008688: (TO=1500) RxD[0]:00 00 07 E8 01 60 AA AA AA AA AA A2
0000008688: TOTAL Nummsg=1 Result=STATUS_NOERROR

I managed to make it run with some software

It seems first it echoes the message back and than send the reply with extra byte at the end.
I think no_error msg indicates that the program don`t complain.

Do you have a log with dps requesting info from a real pcm using mdi. It will be interesting to put the log in the ini file and see if it is emulated good enough.

On the program top left checkbox is log to file right checkbox extended log to file device checkbox is to use random ID.
p1 and p2 are some timers delay for response.

Do you have the tracer part.

I read somewhere that autel??? cables send the extra checkbyte. Might the program be configured for that type of cable.
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: J2534 Emulator

Post by ironduke »

Posting a small section of your log below.. Look at the extra 21 at the end where it's echoing the command back,, went from 12 bytes to 13.. It does the same thing with the actual responses it's sending back.. I am only assuming it's some kind of checksum because it changes when I change the reply.. I didn't notice that it did it even with raw CAN before it switches to ISO15765. The few Can commands before it switches didn't seem to mind the extra byte at the end as long as it was 12 bytes or less.. The ISO15765 don't like the extra byte so much and refuse to work with it..

0000008594: PtID=00000005 Rx=00000000 Tx=00000040 Time=00000000 DataSize=0000000C ExData=00000000
0000008594: (TO=0) TxD[0]:00 00 01 01 FE 01 20 00 00 00 00 00
0000008594: ReadMsgs ChID=00000001 Request Nummsg=1
0000008594: PtID=00000005 Rx=00000001 Tx=00000040 Time=E349E0A8 DataSize=0000000D ExData=00000000
0000008594: (TO=500) RxD[0]:00 00 01 01 FE 01 20 00 00 00 00 00 21 <<<<<<<<<<<<<<< This extra byte here is what's pissing me off!!! >>>>>>>>>>>>>>>>>>>>


I have the tracer but I haven't even looked at it.. Below is a DPS log of an E38 ecm from within DPS..

Code: Select all

Verify that power to the controller is on,
   and that all connections are secure.
Select calibration.
Press the "Program" button to program the controller.
Initializing Get Controller Info Session - v4.30.0.0
>> DLL Path: C:\Program Files (x86)\GM MDI Software\Products\MDI\Dynamic Link Libraries\BVTX4J32.dll
>> Firmware Version:   8.  5. 33, DLL Version: 2.5.33.53, API Version: 04.04
>> Startup
>> Setup Base Mapping Matrix
>> Determine subnet configuration
>> Available subnets:  HS-CAN   
>> Base Mapping Matrix:
>> ECU 0x11 on HS-CAN (ReqCANId: 0x7E0, RspCANId: 0x7E8)
>> InitiateDiagnosticOperation (0x10) service with sub-func. 0x02 (disableAllDTCs)
>> ReportProgrammedState (0xA2) service
>> Number of detected programmable ECUs: 1
>> Enable MixedFormatFrames (ignore failure)!
>> ReturnToNormalMode (0x20) service

-------------  END OF SESSION LOG  ---------------

15:55:31<[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] 
15:55:31>[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] TxMsgType 
15:55:31<[.H..]00 00 01 01 FE 02 1A B0 00 00 00 00 [0012] 
15:55:31>[.H..]00 00 01 01 FE 02 1A B0 00 00 00 00 [0012] TxMsgType 
15:55:31>[.H..]00 00 07 E8 03 5A B0 11 AA AA AA AA [0012] 
15:55:33<[.H..]00 00 01 01 FE 02 10 02 00 00 00 00 [0012] 
15:55:33>[.H..]00 00 01 01 FE 02 10 02 00 00 00 00 [0012] TxMsgType 
15:55:33>[.H..]00 00 07 E8 01 50 AA AA AA AA AA AA [0012] 
15:55:33<[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] 
15:55:33>[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] TxMsgType 
15:55:34<[.H..]00 00 01 01 FE 01 28 00 00 00 00 00 [0012] 
15:55:34>[.H..]00 00 01 01 FE 01 28 00 00 00 00 00 [0012] TxMsgType 
15:55:34>[.H..]00 00 07 E8 01 68 AA AA AA AA AA AA [0012] 
15:55:34<[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] 
15:55:35>[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] TxMsgType 
15:55:36<[.H..]00 00 01 01 FE 01 A2 00 00 00 00 00 [0012] 
15:55:36>[.H..]00 00 01 01 FE 01 A2 00 00 00 00 00 [0012] TxMsgType 
15:55:36>[.H..]00 00 07 E8 02 E2 00 AA AA AA AA AA [0012] 
15:55:36<[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] 
15:55:36>[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] TxMsgType 
15:55:38<[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] 
15:55:38<[.H..]00 00 01 01 FE 01 3E 00 00 00 00 00 [0012] 
15:55:39<[.H..]00 00 07 E0 27 01 [0006] FramePad 
15:55:39>[.H..]00 00 01 01 FE [0005] TxDone 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 67 01 50 57 [0008] 
15:55:39<[.H..]00 00 07 E0 1A 90 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 [0004] StartOfMessage 
15:55:39>[.H..]00 00 07 E8 5A 90 31 47 43 52 4B 53 45 37 36 44 5A 31 30 33 34 36 31 [0023] 
15:55:39<[.H..]00 00 07 E0 1A 97 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 [0004] StartOfMessage 
15:55:39>[.H..]00 00 07 E8 5A 97 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF .. [0026] 
15:55:39<[.H..]00 00 07 E0 1A 92 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:39<[.H..]00 00 07 E0 1A CB [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A CB 00 C1 14 D8 [0010] 
15:55:39<[.H..]00 00 07 E0 1A CC [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A CC 00 C0 47 73 [0010] 
15:55:39<[.H..]00 00 07 E0 1A 95 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:39<[.H..]00 00 07 E0 1A 9A [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A 9A FF FF [0008] 
15:55:39<[.H..]00 00 07 E0 1A 99 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A 99 20 19 08 19 [0010] 
15:55:39<[.H..]00 00 07 E0 1A 98 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 [0004] StartOfMessage 
15:55:39>[.H..]00 00 07 E8 5A 98 32 32 30 36 31 30 39 36 31 00 [0016] 
15:55:39<[.H..]00 00 07 E0 1A C0 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A C0 00 C0 59 CC [0010] 
15:55:39<[.H..]00 00 07 E0 1A D0 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A D0 4E 41 [0008] 
15:55:39<[.H..]00 00 07 E0 1A C1 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A C1 00 C1 14 6A [0010] 
15:55:39<[.H..]00 00 07 E0 1A D1 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A D1 41 41 [0008] 
15:55:39<[.H..]00 00 07 E0 1A C2 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A C2 00 C1 05 50 [0010] 
15:55:39<[.H..]00 00 07 E0 1A D2 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A D2 41 45 [0008] 
15:55:39<[.H..]00 00 07 E0 1A C3 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A C3 00 C0 E2 8D [0010] 
15:55:39<[.H..]00 00 07 E0 1A D3 [0006] FramePad 
15:55:39>[.H..]00 00 07 E0 [0004] TxDone 
15:55:39>[.H..]00 00 07 E8 5A D3 41 44 [0008] 
15:55:40<[.H..]00 00 07 E0 1A C4 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A C4 00 C1 05 6E [0010] 
15:55:40<[.H..]00 00 07 E0 1A D4 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A D4 41 45 [0008] 
15:55:40<[.H..]00 00 07 E0 1A C5 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A C5 00 C1 04 40 [0010] 
15:55:40<[.H..]00 00 07 E0 1A D5 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A D5 41 43 [0008] 
15:55:40<[.H..]00 00 07 E0 1A C6 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A C6 00 C1 04 22 [0010] 
15:55:40<[.H..]00 00 07 E0 1A D6 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A D6 41 42 [0008] 
15:55:40<[.H..]00 00 07 E0 1A C7 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:40<[.H..]00 00 07 E0 1A C8 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:40<[.H..]00 00 07 E0 1A C9 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A C9 00 C0 A7 E4 [0010] 
15:55:40<[.H..]00 00 07 E0 1A D9 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A D9 41 41 [0008] 
15:55:40<[.H..]00 00 07 E0 1A CA [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A CA 00 C0 93 8B [0010] 
15:55:40<[.H..]00 00 07 E0 1A DA [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A DA 41 46 [0008] 
15:55:40<[.H..]00 00 07 E0 1A DD [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:40<[.H..]00 00 07 E0 1A B5 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A B5 FF FF FF FF [0010] 
15:55:40<[.H..]00 00 07 E0 A2 [0005] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 E2 00 [0006] 
15:55:40<[.H..]00 00 07 E0 1A A0 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 5A A0 00 [0007] 
15:55:40<[.H..]00 00 07 E0 1A B4 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 [0004] StartOfMessage 
15:55:40>[.H..]00 00 07 E8 5A B4 38 36 41 42 48 44 4B 32 32 31 35 38 52 39 58 4C [0022] 
15:55:40<[.H..]00 00 07 E0 1A 28 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 [0004] StartOfMessage 
15:55:40>[.H..]00 00 07 E8 5A 28 31 47 43 52 4B 53 45 37 36 44 5A 31 30 33 34 36 31 [0023] 
15:55:40<[.H..]00 00 07 E0 1A 9F [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:40<[.H..]00 00 07 E0 1A F1 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:40<[.H..]00 00 07 E0 1A F2 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:40<[.H..]00 00 07 E0 1A F3 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:40<[.H..]00 00 07 E0 1A F4 [0006] FramePad 
15:55:40>[.H..]00 00 07 E0 [0004] TxDone 
15:55:40>[.H..]00 00 07 E8 7F 1A 31 [0007] 
15:55:41<[.H..]00 00 01 01 FE 01 20 00 00 00 00 00 [0012] FramePad 
15:55:41>[.H..]00 00 01 01 FE 01 20 00 00 00 00 00 [0012] TxMsgType 
15:55:41>[.H..]00 00 07 E8 01 60 AA AA AA AA AA AA [0012]
ironduke
Posts: 579
Joined: Thu Feb 13, 2020 11:32 pm
cars: Mainly GM trucks, a Cruze and an Equinox for dailys..

Re: J2534 Emulator

Post by ironduke »

By the way... THANKS!!!!! Appreciate you taking a look at this...
Post Reply