Author Topic: CANBUS Sniffers? (Read 1308 times)

Kamaji · « **on:** May 04, 2024, 07:06:18 pm »

Next new hobby is probably going to be learning all about the CAN system in new cars and how to get onto a car's CANBUS to both sniff traffic and, possibly, figure out how to write custom traffic.

Anyone here play around with CANBUS at all?

DB · « **Reply #1 on:** May 04, 2024, 07:09:26 pm »

Done a lot of different serial interfaces but never a CANBUS.

Kamaji · « **Reply #2 on:** May 04, 2024, 07:15:31 pm »

I've been thinking about getting a new car - Subaru - and started doing research on all the stuff that goes into them these days. Apparently, all the separate wiring that used to connect various sensors and devices to gauges or lights on the dash have been been replaced with a local area network - two-wire twisted wire pair - that allows the various controllers on the car to "talk" to each other.

Depending on how devices are registered onto a CANBUS, I am thinking that it might be possible to create a custom device that hardwires into the twisted-pair at some point, and if the device registration is plug-n-play, then that custom device should be able to register itself and start (a) sniffing traffic from other devices, and (b) issuing its own traffic - for example, mimicking traffic from other controllers on the CAN - which might be a handy way of permanently turning off the PoS auto start/stop feature, or at least turning it from on-by-default to off-by-default without having to remember to hit the "off" button each time one starts the car.

Sniffing the traffic on the CAN should also allow one to write one's own digital dash to get more in-depth data about functions one cares about, which might not have been displayed the way one wants on the car's built-in dash.

DB · « **Reply #3 on:** May 04, 2024, 07:21:44 pm »

Quote from: Kamaji on May 04, 2024, 07:15:31 pm

I've been thinking about getting a new car - Subaru - and started doing research on all the stuff that goes into them these days. Apparently, all the separate wiring that used to connect various sensors and devices to gauges or lights on the dash have been been replaced with a local area network - two-wire twisted wire pair - that allows the various controllers on the car to "talk" to each other.

Depending on how devices are registered onto a CANBUS, I am thinking that it might be possible to create a custom device that hardwires into the twisted-pair at some point, and if the device registration is plug-n-play, then that custom device should be able to register itself and start (a) sniffing traffic from other devices, and (b) issuing its own traffic - for example, mimicking traffic from other controllers on the CAN - which might be a handy way of permanently turning off the PoS auto start/stop feature, or at least turning it from on-by-default to off-by-default without having to remember to hit the "off" button each time one starts the car.

Sniffing the traffic on the CAN should also allow one to write one's own digital dash to get more in-depth data about functions one cares about, which might not have been displayed the way one wants on the car's built-in dash.

I doubt it is encrypted so you should be able to sniff the traffic by listening only. The tough part will be mapping out what is what as far as the messages/devices go unless there's detailed documentation somewhere for the devices in that specific car.

Kamaji · « **Reply #4 on:** May 04, 2024, 07:34:23 pm »

Quote from: DB on May 04, 2024, 07:21:44 pm

I doubt it is encrypted so you should be able to sniff the traffic by listening only. The tough part will be mapping out what is what as far as the messages/devices go unless there's detailed documentation somewhere for the devices in that specific car.

I believe there's partial documentation, although each manufacturer also has proprietary codes. One can also use an ODB reader to correlate events with a known result to traffic on the CANBUS. Then there's always the old peek/poke method of figuring out what's what - push a button that does action A, then see if you can discern the CANBUS message the device sent in response to that button push.

Elderberry · « **Reply #5 on:** May 08, 2024, 12:07:17 am »

CAN Bus Explained - A Simple Intro [2023]

https://www.csselectronics.com/pages/can-bus-simple-intro-tutorial

Need a simple, practical intro to CAN bus?

In this tutorial we explain the Controller Area Network (CAN bus) 'for dummies' incl. message interpretation, CAN logging - and the link to OBD2, J1939 and CANopen.

Read on to learn why this has become the #1 guide on CAN bus.

In this article

In this article
1.   What is CAN bus?
2.   Top 4 benefits of the CAN protocol
3.   CAN history & future
4.   What is a CAN frame?
5.   CAN logging use cases
6.   How to log CAN data
7.   How to decode CAN data
8.   CAN vs. J1939, OBD2 & CANopen

corbe · « **Reply #6 on:** May 08, 2024, 12:32:15 am »

I replaced my ABM Module last year on my Dodge Journey and I didn't research enough to realize that Dodge charges me $200 to flash my VIN in it. So my Traction Light stays on and I can't use Cruz Control. Soon readers will be cheap enough to allow me to do that <$100.

Weird Tolkienish Figure · « **Reply #7 on:** May 08, 2024, 01:11:10 pm »

I play this game Oxygen not Included and they have a video on how to implement a Canbus in the game:

http://www.youtube.com/watch?v=4LzYvsDyOvc

Never thought I'd be able to talk about it in here!

Weird Tolkienish Figure · « **Reply #8 on:** May 08, 2024, 01:15:58 pm »

Quote from: Kamaji on May 04, 2024, 07:34:23 pm

I believe there's partial documentation, although each manufacturer also has proprietary codes. One can also use an ODB reader to correlate events with a known result to traffic on the CANBUS. Then there's always the old peek/poke method of figuring out what's what - push a button that does action A, then see if you can discern the CANBUS message the device sent in response to that button push.

Some OBD2 readers are OBD2 only, the set of standards implemented by the government. Some readers interface with OBD2 and canbus, and some advanced (expensive) readers like Snap On can actually interface with a lot of manufacturer's custom software. Very interesting stuff.

Try looking into PLC's/smart relays if this sort of thing interests you.

Kamaji · « **Reply #9 on:** May 08, 2024, 08:32:59 pm »

Quote from: Weird Tolkienish Figure on May 08, 2024, 01:15:58 pm

Some OBD2 readers are OBD2 only, the set of standards implemented by the government. Some readers interface with OBD2 and canbus, and some advanced (expensive) readers like Snap On can actually interface with a lot of manufacturer's custom software. Very interesting stuff.

Try looking into PLC's/smart relays if this sort of thing interests you.

Thanks!

Author Topic: CANBUS Sniffers? (Read 1308 times)

Kamaji

CANBUS Sniffers?

DB

Re: CANBUS Sniffers?

Kamaji

Re: CANBUS Sniffers?

DB

Re: CANBUS Sniffers?

Kamaji

Re: CANBUS Sniffers?

Elderberry

Re: CANBUS Sniffers?

corbe

Re: CANBUS Sniffers?

Weird Tolkienish Figure

Re: CANBUS Sniffers?

Weird Tolkienish Figure

Re: CANBUS Sniffers?

Kamaji

Re: CANBUS Sniffers?