: Automotive Technology :

More Coming Soon...

The automobile is on the leading edge of technology right now. Originally implemented for emission controls, computer systems in the modern vehicle are taking on ever increasing duties. Previously ran by all mechanical means, our cars are ever more efficient and reliable because of the complex computer control systems they now possess. While the exact same principals govern how an automobile operates today as they did 100 years ago, a computer can give a vehicle the ability to adapt to it's surroundings in ways never dreamed of leading to virtually maintenance free cars.

This also means the skills and knowledge of yesterdays mechanic are no longer enough to repair these new computerized car systems. It also leads to unprecedented gaps between what an average mechanic can fix and what the dealership can do.

Here at the Packet Sniffers we feel that  information should be free and anyone should be able to repair or modify their own equipment. This extends from obsolete computer systems to modern vehicular electronic systems. And with that we present The Packet Sniffers Guide to Automotive Technology.

In the beginning there was smog. And it was bad. Then in the late 70's California decided it had had enough and mandated that automobile manufacturers had to implement emission control systems on their cars. This was the first incarnation of computers becoming part of everyday vehicles. Fuel injection had been around since the 1950's so the bulk of the work that was needed to accurately control emissions was already done.

From the 1980's until 1995 auto makers used various computer systems that varied from year to year and model to model of car. Part of this new computerization was the inclusion of diagnostic modes to detect malfunctioning parts of the system for the sake of clean air. And that is how "On Board Diagnostics" or OBD came about. This was a loose standard that allowed a technician to retrieve codes from the emission control unit (ECU) when the engine trouble light came on. Originally only dealerships had the tools needed to do this, namely the DRB scan tool for GM/Chrysler cars.

Some cars support 'customer level' code retrieval methods like the '3 key turn' method or other varied ways of code retrieval. However the power of the corporation to keep average people and backyard mechanics from working on their cars is an accepted? reality of our time. But alas, some people are doing something about this. Consumer grade tools for interfacing to OBD systems are getting cheaper and growing in capability. The latest protocols are being reverse engineered and conquered much sooner than the systems of previous decades.

General information about computer systems

BAT Car Auto - Very good resource for OBD codes and retrieval methods:

OBDII - what is it? (Plus code format breakdown Pxxxx)

EFI Theory of operation:

Good article about differences between consumer 'code readers' and pro grade bi-directional scan tools:

Two helpful reference guides are “Sensor Guide” and “OBD II Guide” available from www.carleysoftware.com.

Info about CTM and door locks
Search on "CTM"

Looks like many good articles:

Open Systems for car computers

Toward The Plug-and-Play Car

Good ECU/OBDII Info:

GBA SP for dtec guage:

OBD1 and ALDL hacking (?? --> 1995)

TunerCAT - demoware ECM hacking software/site:

TunerPro - freeware ECM hacking software/site:

D-Cal - Dodge EFI hacking software/Yahoo group:

PocketROM (Romulator) - PROM emulator used by above software for realtime ECI changes:

FAQ for above:

Moates - totally comprehensive promming site, all hardware you could ever want for hacking ODB1 and ALDL systems:

ECM dissassembly/hacking tools/info:

Forums for ECM/EFI tuners/hackers:

Good all around intro site for EFI info:

DIY Automotive Electronics

A <knowledgable> racers PCM tutorial (Full math of what is happening):

ECM hacking (PROM dissassembly):

http://www.diy-efi.org - dead
http://www.fortunecity.com/silverstone/fiat/10/ - related?
http://www.diy-wb.com/info.htm - splinter project of above:
The DIY-WB is a do-it-yourself air-fuel ratio meter based upon the Wideband Oxygen sensor used in certain VTEC Hondas. The product was brought to life by a few dedicated individuals from the DIY_EFI mailing list.

If you are in need of a lab grade, commercial unit, please check other venues. This is project is strictly for the DIYer.

Another home-brew EFI:

MegaSquirt EFI (Open source electronic fuel injection project):

Automotive Security

While not proof positive, I have read some Russian car alarm makers sales brochures that specifically claimed KeeLOQ was known to be broken by Russian car thieves and that their product was superior. Here is some data to get anyone interested in reproducing this a head start.

Chrysler Alarm Systems (Chipped keys and how to reprogram a vehicle):

The CTM (Body Computer) in Dodge vehicles uses the Motorola 68HC908 CPU. Within the 908's EEPROM in your Dodge are the instructions that can decode KeeLOQ encoded messages. Please note that Motorola has it's own RKE system that is not compatible with Microchips KeeLOQ based system - don't get confused.

68HC908 Data Sheet:
http://www.freescale.com/files/microcontrollers/doc/ data_sheet/MC68HC908AB32.pdf

The Dodge CTM schematic & RF info from the FCC's website:
https://gullfoss2.fcc.gov/cgi-bin/ws.exe/prod/oet/forms/reports/Search_Form.hts? mode=Edit&form=Exhibits&application_id=95921&fcc_id=LHJ010

Microchip KeeLOQ Data Sheets
http://www.microchip.com/stellent/idcplg? IdcService=SS_GET_PAGE&nodeId=2074

A DIY KeeLOQ encoder programmer:

This is a Russian website that appears to have hosted the actual licensed C source code for generating KeeLOQ encrypted ciphers. Unfortunately the diskette images do not appear to be on the site any more. sts/othe/ddd/ddd.html+keeloq+crack&hl=en

Nothingface gave a talk at the 2005 HOPE conference about hacking the CAN bus used in 2003 and newer vehicles. His project was called OpenOtto. It appeared to be a collection of source files for writing your own software to control CAN bus attached devices. Unfortunately his project has died off the face of the planet. However his talk can be downloaded here:

Interesting articles about automotive
electronics from a mechanics perspective:

Same author, more general info about flashing PCM's:

Same author, how an automotive engineer perceives network systems in an automobile:

Same author, many articles (including the ones above) available online:

Articles about car computer systems:

War stories about car cpu problems:

Another good troubleshooting war story:


OBD Code Readers (Software & Hardware)

DRB III Official Chrysler scan tool order form and info:

Commodity OS's and vehicles

Lexus's infected by bluetooth worm (Urban Legend - see next article)

Lexus denies claim, F-Secure unable to infect cars



Copyright 2005 The Packet Sniffers - http://www.packetsniffers.org
Web Template by http://www.quickness.uni.cc. All Rights Reserved.