ABS Hacking

They go by many names, P01, P59, VPW, '0411 etc . Circa 1999 to 2006. All VPW OBD2 PCMs.
User avatar
Posts: 6798
Joined: Mon Oct 08, 2012 6:41 pm
Location: Kyneton, Vic

Re: ABS Hacking

Postby vlad01 » Thu Dec 17, 2020 8:39 pm

A thing of beauty is a joy forever.



Btw, are those Argo rods?
I'm the director of VSH (Vlad's Spec Holden), because HSV were doing it ass about.

Posts: 121
Joined: Mon Feb 11, 2019 12:48 pm
Location: DFW, Texas

Re: ABS Hacking

Postby jlvaldez » Fri Dec 18, 2020 1:30 pm

Haven't touched this for a few days lol. Motivation was dwindling.

I've got most of this crummy UI put together.

Still haven't got my hands on the API :( Tazzi, where you at!

I keep diggign through the ELM documentation, and I don't see a way to transmit while also keeping ATMA active.

Edit: Did a little more updates. I have been updating the back end to do the frame processing in pandas (python library) instead of using the GUI's internal lists. Slowly getting there :) And it works on all OSes! OS X and Windows pictured here
Attachments
Screen Shot 2020-12-18 at 4.30.30 AM.png
guiv2.png
guiv2.png (18.94 KiB) Viewed 470 times

User avatar
Posts: 467
Joined: Fri Feb 02, 2018 3:13 pm

Re: ABS Hacking

Postby NSFW » Sat Dec 19, 2020 6:39 pm

Nice work!
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!

Posts: 121
Joined: Mon Feb 11, 2019 12:48 pm
Location: DFW, Texas

Re: ABS Hacking

Postby jlvaldez » Wed Dec 23, 2020 1:55 pm

Alright, finally got it put together and working well enough to test it in car. So far it can only listen on the bus, but it does exactly what I want.

Here i plugged it into the car and turned it on and pressed a few buttons. Makes sniffing for data way easier because I can select how many of the bytes in the payload to use to determine if a message is unique. Since most responses from modules have the same first 2 bytes to acknowledge a request and give the PID, it will update the payload after that if you so desire, which is awesome.

Only problems i'm having:
1) I tried using Pandas to store the incoming messages, but it was too damn slow. I ended up switching everything over to python lists, but unfortunately it's a pain in the ass to read, since the lists use indices instead of keys in a dictionary.
2) Python serial library seems to have a delay reading incoming messages. It streams pretty constantly for ~2-3 seconds, then pauses for a few seconds, then streams again. So not quite real time, but pretty damn close.


I plan to add support to be able to transmit a message, but with the ELM327 command send, it's not possible to send a message while simultaneously listening to the entire bus. (cough cough, tazzi ;) )
Attachments
Screen Shot 2020-12-22 at 9.45.09 PM.png
Screen Shot 2020-12-22 at 9.45.09 PM.png (151.41 KiB) Viewed 351 times

User avatar
Posts: 467
Joined: Fri Feb 02, 2018 3:13 pm

Re: ABS Hacking

Postby NSFW » Sat Dec 26, 2020 4:51 am

I found Tazzi on Facebook (not hard - see the LS Droid group) and asked him about what you're doing. I think I misunderstood the issue you're facing so i probably asked the wrong question, but the answer might still be useful, especially this part:
"We have the xpro command set on the Obdx pro website"
By which he meant this: https://obdxpro.com/Downloads/Reference ... e%20v2.pdf

The interesting commands:
DX PT1 (passthough mode on)
DX PT0 (passthrough off)
DX SM 00 00 00 (set mask to "anything")

I'm not sure whether sending messages while in passthrough mode will interrupt the monitoring or not, but it's worth a try.
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!

User avatar
Posts: 2283
Joined: Thu May 17, 2012 8:53 pm
Location: WA

Re: ABS Hacking

Postby Tazzi » Sat Dec 26, 2020 10:15 am

Passthrough basically removes the "send 1 receive 1" nature of the ELM protocol.

It allows all messages that meet the filter requirements to be sent to the computer instantly. You can still also send messages to the bus.
Your Local Aussie Reverse Engineer
Site:www.envyouscustoms.com
Mob:+61406 140 726
Image

Posts: 121
Joined: Mon Feb 11, 2019 12:48 pm
Location: DFW, Texas

Re: ABS Hacking

Postby jlvaldez » Mon Dec 28, 2020 3:59 pm

Thanks guys! That looks like the exact set of commands I require for this sniffer and transmitter script :)
I have it working ok-ish enough to sniff data only, which is primarily what I needed. I'll return and update the other functions, as well as debug why the serial stream seems to read in blocks of a few seconds instead of a continuous stream as they come in.

Currently I've been writing some firmware for a microcontroller to handle querying the ABS module and listening for certain messages.

PS: I requested to join the LS Droid FB group. Didn't realize there was one

Posts: 28
Joined: Tue Dec 03, 2019 4:26 am

Re: ABS Hacking

Postby TE27Levin » Thu Dec 31, 2020 2:43 am

Sorry to just jump in here. Would this be able to remove the action of stabilitrack AWD system trying to send power to the front wheels by applying the brakes to the rear. You know, If you installed a manual transfer case in the place of the awd one? Even with the traction control off, it still interferes and won't allow me to drift.

User avatar
Posts: 467
Joined: Fri Feb 02, 2018 3:13 pm

Re: ABS Hacking

Postby NSFW » Thu Dec 31, 2020 10:09 am

Maybe, if it uses the EBCM to apply the brakes. Have you tried pulling fuses for the EBCM to see if that makes a difference?
Please don't PM me with technical questions - start a thread instead, and send me a link to it. That way I can answer in public, and help other people who have the same question. Thanks!

Posts: 28
Joined: Tue Dec 03, 2019 4:26 am

Re: ABS Hacking

Postby TE27Levin » Fri Jan 01, 2021 8:07 am

NSFW wrote:Maybe, if it uses the EBCM to apply the brakes. Have you tried pulling fuses for the EBCM to see if that makes a difference?



Oh I am sure it would, or disconnecting a wheel speed sensor would have the same effect, albeit triggering the ABS and brake warning lights and having a fault that would not go away until a proper scan tool clears the code. Don't feel like lugging around my maxidas 908P hehe!

PreviousNext

Return to GM LS1 512Kbyte and 1Mbyte

Who is online

Users browsing this forum: No registered users and 2 guests