A thing of beauty is a joy forever.
Btw, are those Argo rods?
ABS Hacking
-
vlad01
- Posts: 7795
- Joined: Mon Oct 08, 2012 6:41 pm
- cars: VP I S
VP I executive
VP II executive
VP II executive #2
VR II executive - Location: Kyneton, Vic
Re: ABS Hacking
I'm the director of VSH (Vlad's Spec Holden), because HSV were doing it ass about.
-
jlvaldez
- Posts: 155
- Joined: Mon Feb 11, 2019 12:48 pm
- cars: '01 - Corvette Z06
'20 - Sierra Denali
'03 - Volvo S80 T6
'16 - Accord V6 - Location: DFW, Texas
Re: ABS Hacking
Haven't touched this for a few days lol. Motivation was dwindling.
I've got most of this crummy UI put together.
Still haven't got my hands on the API
Tazzi, where you at!
I keep diggign through the ELM documentation, and I don't see a way to transmit while also keeping ATMA active.
Edit: Did a little more updates. I have been updating the back end to do the frame processing in pandas (python library) instead of using the GUI's internal lists. Slowly getting there
And it works on all OSes! OS X and Windows pictured here
I've got most of this crummy UI put together.
Still haven't got my hands on the API
Tazzi, where you at!I keep diggign through the ELM documentation, and I don't see a way to transmit while also keeping ATMA active.
Edit: Did a little more updates. I have been updating the back end to do the frame processing in pandas (python library) instead of using the GUI's internal lists. Slowly getting there
And it works on all OSes! OS X and Windows pictured here- Attachments
-
-
- guiv2.png (18.94 KiB) Viewed 2603 times
Re: ABS Hacking
Nice work!
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!
-
jlvaldez
- Posts: 155
- Joined: Mon Feb 11, 2019 12:48 pm
- cars: '01 - Corvette Z06
'20 - Sierra Denali
'03 - Volvo S80 T6
'16 - Accord V6 - Location: DFW, Texas
Re: ABS Hacking
Alright, finally got it put together and working well enough to test it in car. So far it can only listen on the bus, but it does exactly what I want.
Here i plugged it into the car and turned it on and pressed a few buttons. Makes sniffing for data way easier because I can select how many of the bytes in the payload to use to determine if a message is unique. Since most responses from modules have the same first 2 bytes to acknowledge a request and give the PID, it will update the payload after that if you so desire, which is awesome.
Only problems i'm having:
1) I tried using Pandas to store the incoming messages, but it was too damn slow. I ended up switching everything over to python lists, but unfortunately it's a pain in the ass to read, since the lists use indices instead of keys in a dictionary.
2) Python serial library seems to have a delay reading incoming messages. It streams pretty constantly for ~2-3 seconds, then pauses for a few seconds, then streams again. So not quite real time, but pretty damn close.
I plan to add support to be able to transmit a message, but with the ELM327 command send, it's not possible to send a message while simultaneously listening to the entire bus. (cough cough, tazzi
)
Here i plugged it into the car and turned it on and pressed a few buttons. Makes sniffing for data way easier because I can select how many of the bytes in the payload to use to determine if a message is unique. Since most responses from modules have the same first 2 bytes to acknowledge a request and give the PID, it will update the payload after that if you so desire, which is awesome.
Only problems i'm having:
1) I tried using Pandas to store the incoming messages, but it was too damn slow. I ended up switching everything over to python lists, but unfortunately it's a pain in the ass to read, since the lists use indices instead of keys in a dictionary.
2) Python serial library seems to have a delay reading incoming messages. It streams pretty constantly for ~2-3 seconds, then pauses for a few seconds, then streams again. So not quite real time, but pretty damn close.
I plan to add support to be able to transmit a message, but with the ELM327 command send, it's not possible to send a message while simultaneously listening to the entire bus. (cough cough, tazzi
)- Attachments
-
- Screen Shot 2020-12-22 at 9.45.09 PM.png (151.41 KiB) Viewed 2484 times
Re: ABS Hacking
I found Tazzi on Facebook (not hard - see the LS Droid group) and asked him about what you're doing. I think I misunderstood the issue you're facing so i probably asked the wrong question, but the answer might still be useful, especially this part:
"We have the xpro command set on the Obdx pro website"
By which he meant this: https://obdxpro.com/Downloads/Reference ... e%20v2.pdf
The interesting commands:
DX PT1 (passthough mode on)
DX PT0 (passthrough off)
DX SM 00 00 00 (set mask to "anything")
I'm not sure whether sending messages while in passthrough mode will interrupt the monitoring or not, but it's worth a try.
"We have the xpro command set on the Obdx pro website"
By which he meant this: https://obdxpro.com/Downloads/Reference ... e%20v2.pdf
The interesting commands:
DX PT1 (passthough mode on)
DX PT0 (passthrough off)
DX SM 00 00 00 (set mask to "anything")
I'm not sure whether sending messages while in passthrough mode will interrupt the monitoring or not, but it's worth a try.
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!
Re: ABS Hacking
Passthrough basically removes the "send 1 receive 1" nature of the ELM protocol.
It allows all messages that meet the filter requirements to be sent to the computer instantly. You can still also send messages to the bus.
It allows all messages that meet the filter requirements to be sent to the computer instantly. You can still also send messages to the bus.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
-
jlvaldez
- Posts: 155
- Joined: Mon Feb 11, 2019 12:48 pm
- cars: '01 - Corvette Z06
'20 - Sierra Denali
'03 - Volvo S80 T6
'16 - Accord V6 - Location: DFW, Texas
Re: ABS Hacking
Thanks guys! That looks like the exact set of commands I require for this sniffer and transmitter script
I have it working ok-ish enough to sniff data only, which is primarily what I needed. I'll return and update the other functions, as well as debug why the serial stream seems to read in blocks of a few seconds instead of a continuous stream as they come in.
Currently I've been writing some firmware for a microcontroller to handle querying the ABS module and listening for certain messages.
PS: I requested to join the LS Droid FB group. Didn't realize there was one
I have it working ok-ish enough to sniff data only, which is primarily what I needed. I'll return and update the other functions, as well as debug why the serial stream seems to read in blocks of a few seconds instead of a continuous stream as they come in.
Currently I've been writing some firmware for a microcontroller to handle querying the ABS module and listening for certain messages.
PS: I requested to join the LS Droid FB group. Didn't realize there was one
Re: ABS Hacking
Sorry to just jump in here. Would this be able to remove the action of stabilitrack AWD system trying to send power to the front wheels by applying the brakes to the rear. You know, If you installed a manual transfer case in the place of the awd one? Even with the traction control off, it still interferes and won't allow me to drift.
Re: ABS Hacking
Maybe, if it uses the EBCM to apply the brakes. Have you tried pulling fuses for the EBCM to see if that makes a difference?
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!
Re: ABS Hacking
NSFW wrote:Maybe, if it uses the EBCM to apply the brakes. Have you tried pulling fuses for the EBCM to see if that makes a difference?
Oh I am sure it would, or disconnecting a wheel speed sensor would have the same effect, albeit triggering the ABS and brake warning lights and having a fault that would not go away until a proper scan tool clears the code. Don't feel like lugging around my maxidas 908P hehe!