Discover hidden functions in your car (using CAN bus sniffing)

Discover hidden functions in your car (using CAN bus sniffing)

by autopi on Sept. 21, 2017, 2:22 p.m.
Discover hidden functions in your car (using CAN bus sniffing)

All modern vehicles today is controlled by multiple Electronic Control Units (ECU), which you can think of as small computers controlling all electrical components in your car. Using the OBD-II port and an AutoPi it is possible to communicate with the ECUs.

One of the ECU’s is called the Engine Control Module (ECM). This is responsible for communication with a lot of subsystems, like transmission, power steering, windows and doors. These subsystems communicates on a network bus called Controller Area Network (CAN), by broadcasting messages on the bus. A message could look like this:

CAN bus output
CAN bus output

The ‘024’ is the sender ID of the message, and the rest is the data containing the actual data. For example it could be a message containing instruction to roll down a window. With access to the CAN bus through the AutoPi, it is possible to send commands to your vehicle, and thereby inject commands on the CAN bus. The only problem is that individual commands to control specific parts of your vehicle, is not easily available.

A common method to identify commands is to listen/record the data flow on the bus, manually perform the action in your car you want to identify (like rolling down a window) and then identify the command on the recorded data stream. This is commonly known as CAN sniffing and is normally a very advanced way to discover hidden metrics in your car. But with AutoPi this has been reduced to only a few steps, that you need to run from the AutoPi Cloud and everyone can expand the possibilities of their car. The steps are:

  • From the AutoPi Cloud, start CAN monitoring
  • In your car, perform the action you want to record 5 times or more
  • Let AutoPi Cloud analyze the recorded data in order to identify your action
  • Name and save the action in the AutoPi library for everyone to use in the future
It couldn’t be easier. In this blog we will go over the details and explain what you can do with your new metrics.

CAN sniffing explained

Monitoring the CAN bus is complicated, because so much data flows in modern cars. So identifying individual messages from the stream of data is difficult.

A common way of identifying a specific message is called “divide and conquer”. The idea came from a classic computer algorithm, of same name, used in many aspect (like sorting). Easily explained, you know that the message you are looking for can be compared to finding a needle in a haystack. With the divide and conquer algorithm, you divide the haystack in two equal parts and look through half the haystack for the needle. If you don’t find the needle, you break up the remaining half in two new stacks, and looking in one of these. You continue this process until you find the needle.

You can apply this to finding CAN messages as well. Let's say you want to discover the command for controlling the power windows, then the steps involved are:

  • Record messages flowing while pressing the window switch in the car.
  • Divide the recorded messages into two halfs.
  • Replay/send all data from one part to the car’s CAN bus. If the window rolls down you have the right part.
  • Keep doing this procedure until you have identified the exact message you are looking for.
The following CAN data dump is 34 lines out of 1797 lines, for a 5 second recording:

Large CAN bus export
Large CAN bus export

Once you identified the specific command, you need to replay/send it to make sure you have the right one.

All of this sounds very complicated (which it can be), but with AutoPi all of this has been automated in a simple tool you can access from the AutoPi Cloud.

Using AutoPi to discover new commands in my car

With the AutoPi Cloud, the tedious process of finding CAN commands for your vehicle has been automated in a simple user interface.

Analyzing CAN data with AutoPi Cloud
Analyzing CAN data with AutoPi Cloud

Above image shows the user interface used to discover new CAN commands. The steps are very simple. You need to physically be in your car to do the discovery:

  • Open the CAN explorer. It will tell you if there is connection to the car
  • Press the record button
  • Now perform the function you want to record 5 times. Like pressing the “left front window” switch
  • Press the stop record button
The system will now analyze the data received and output the possible commands found. Because of the large data amount, the system will sometimes output a few number of possible commands. You now have to possibility to narrow it down by replaying the found commands one-by-one. When you found the command you were looking for, you simply press the save button. You newly found command is stored for future use by you and for all other users with a similar car.

Using discovered CAN commands to build something cool

So what can you do with your new CAN command? Why not use it to tie up a cool speech command to your car.

The AutoPi Cloud comes built in with an If-This-Then-That trigger system. Using this system you can add your own triggers and trigger the new found CAN command.

Adding new reactors in AutoPi Cloud
Adding new reactors in AutoPi Cloud

The image above shows the interface for adding new triggers to the system. Adding a new trigger is very simple.

  • Select your input source. This is the beacon. As an example select the “googleAssistantSpeech” source
  • Add a critearia, this is the text spoken. We will add “Roll down left front window”
  • Now you add your output source. this is the reactor. We select the “carIntegrator” and from the dropdown menu, we find our new command “left front window down” and select this
  • Press save
The system will automatically upload the new functionality to your AutoPi Dongle. Now all there is left for you is to test it by actually speaking to you car: “Hey AutoPi, roll down front left window”

Other blog posts for further reading

How-to build a Raspberry Pi touch screen car computer
How-to build a Raspberry Pi touch screen car computer

Integrated car computers are not only for expensive cars like the Tesla Model X nor is it only for complex car DIY projects that require you to have a degree in engineering. Not many people know how easy it is; by combining a few components it is possible to make it for any car. Follow this guide to see how it can be done.

by autopi
Migrate from Automatic Pro
Migrate from Automatic Pro

Sometimes an era must end and it is not fun at all. But you know what is fun? AutoPi Telematics Unit and it is available. With this guide we will walk you through how to collect and maintain your precious data you have been collecting with your Automatic Pro and continue to enjoy the features you just cannot live without.

by autopi
Fleet Management: Use your AutoPi to manage multiple vehicles
Fleet Management: Use your AutoPi to manage multiple vehicles

Fleet-sharing is not a new phenomenon, from small and big companies, like UPS, to government and state organizations, like the postal service, have all had corporate vehicles given out to their employees as part of their ‘fleets’. These vehicles are corporate or governmentally owned and thus the fleet of vehicles differs from trucks and vans for the postal service to sleek, electric and modern vehicles for corporations with a variety of options whereas the postal service is all uniformed and equally the same vehicles.

by autopi
AutoPi.io

Get your AutoPi today

AutoPi Telematics Unit - 4G/LTE Edition
AutoPi Telematics Unit - 4G/LTE Edition
 Order Now
AutoPi Telematics Unit - DIY Edition
AutoPi Telematics Unit - DIY Edition
 Order Now
OBD-II Extension Cable
OBD-II Extension Cable
 Order Now
AutoPi Telematics Unit - Wi-Fi/NB/Cat M1 Edition<
AutoPi Telematics Unit - Wi-Fi/NB/Cat M1 Edition
 Order Now
AutoPi Dongle - 4G/LTE Edition
AutoPi Dongle - 4G/LTE Edition
 Order Now
AutoPi Dongle - DIY Edition
AutoPi Dongle - DIY Edition
 Order Now
OBD-II Power Cable
OBD-II Power Cable
 Order Now
Replacement Pack for AutoPi Dongle
Replacement Pack for AutoPi Dongle
 Order Now
AutoPi Dongle - Wi-Fi/NB/Cat M1 Edition
AutoPi Dongle - Wi-Fi/NB/Cat M1 Edition
 Order Now
Raspberry Pi 3/4 Adapter for AutoPi Dongle
Raspberry Pi 3/4 Adapter for AutoPi Dongle
 Order Now
AutoPi.io
Follow us here:

Or sign up to our newsletter and receive the news first.