| : Automotive Technology : |
|
The automobile is on the leading edge of technology right now. Originally implemented for emission controls, computer systems in the modern vehicle are taking on ever increasing duties. Previously ran by all mechanical means, our cars are ever more efficient and reliable because of the complex computer control systems they now possess. While the exact same principals govern how an automobile operates today as they did 100 years ago, a computer can give a vehicle the ability to adapt to it's surroundings in ways never dreamed of leading to virtually maintenance free cars. This also means the skills and knowledge of yesterdays mechanic are no longer enough to repair these new computerized car systems. It also leads to unprecedented gaps between what an average mechanic can fix and what the dealership can do. Here at the Packet Sniffers we feel that information should be free and anyone should be able to repair or modify their own equipment. This extends from obsolete computer systems to modern vehicular electronic systems. And with that we present The Packet Sniffers Guide to Automotive Technology. In the beginning there was smog. And it was bad. Then in the late 70's California decided it had had enough and mandated that automobile manufacturers had to implement emission control systems on their cars. This was the first incarnation of computers becoming part of everyday vehicles. Fuel injection had been around since the 1950's so the bulk of the work that was needed to accurately control emissions was already done. From the 1980's until 1995 auto makers used various computer systems that varied from year to year and model to model of car. Part of this new computerization was the inclusion of diagnostic modes to detect malfunctioning parts of the system for the sake of clean air. And that is how "On Board Diagnostics" or OBD came about. This was a loose standard that allowed a technician to retrieve codes from the emission control unit (ECU) when the engine trouble light came on. Originally only dealerships had the tools needed to do this, namely the DRB scan tool for GM/Chrysler cars. Some cars support 'customer level' code retrieval methods like the '3 key turn' method or other varied ways of code retrieval. However the power of the corporation to keep average people and backyard mechanics from working on their cars is an accepted? reality of our time. But alas, some people are doing something about this. Consumer grade tools for interfacing to OBD systems are getting cheaper and growing in capability. The latest protocols are being reverse engineered and conquered much sooner than the systems of previous decades. General information about computer systems BAT Car Auto - Very good resource for OBD codes and retrieval methods: EFI Theory of operation: Good article about differences between consumer 'code readers' and pro
grade bi-directional scan tools: Two helpful reference guides are “Sensor Guide” and “OBD II Guide” available from www.carleysoftware.com.
Info about CTM and door locks
Open Systems for car computers
Toward The Plug-and-Play Car
Good ECU/OBDII Info:
GBA SP for dtec guage:
TunerCAT - demoware ECM hacking software/site: http://www.tunercat.com/ TunerPro - freeware ECM hacking software/site: http://gmecmedit.markmansur.com/ D-Cal - Dodge EFI hacking software/Yahoo group: http://autos.groups.yahoo.com/group/D-Cal/ PocketROM (Romulator) - PROM emulator used by above software for realtime ECI changes: http://xtronics.com/memory/pktROM.htm FAQ for above: http://xtronics.com/memory/efi_ecu_faq.htm Moates - totally comprehensive promming site, all hardware you could ever want for hacking ODB1 and ALDL systems: http://www.moates.net/ ECM dissassembly/hacking tools/info: http://www.cruzers.com/~ludis/ Forums for ECM/EFI tuners/hackers: http://www.efitune.com/ Good all around intro site for EFI info: http://www.akmcables.com A <knowledgable> racers PCM tutorial (Full math of what is happening): http://para.noid.org/~lj/PCM%20Tutorial/PCMtutorial.htm ECM hacking (PROM dissassembly): http://www.geocities.com/ecmguy.geo/ http://www.diy-efi.org - dead http://www.fortunecity.com/silverstone/fiat/10/ - related? http://www.diy-wb.com/info.htm - splinter project of above: The DIY-WB is a do-it-yourself air-fuel ratio meter based upon the Wideband Oxygen sensor used in certain VTEC Hondas. The product was brought to life by a few dedicated individuals from the DIY_EFI mailing list. If you are in need of a lab grade, commercial unit, please check other venues. This is project is strictly for the DIYer. Another home-brew EFI: http://www.laatikainen.net/efi.htm MegaSquirt EFI (Open source electronic fuel injection project): http://www.bgsoflex.com/megasquirt.html While not proof positive, I have read some Russian car alarm makers sales brochures that specifically claimed KeeLOQ was known to be broken by Russian car thieves and that their product was superior. Here is some data to get anyone interested in reproducing this a head start. Chrysler Alarm Systems (Chipped keys and how to reprogram a vehicle): The CTM (Body Computer) in Dodge vehicles uses the Motorola 68HC908
CPU. Within the 908's EEPROM in your Dodge are the instructions that can decode
KeeLOQ encoded messages. Please note that Motorola has it's own RKE system
that is not compatible with Microchips KeeLOQ based system - don't get
confused. The Dodge CTM schematic & RF info from the FCC's website: Microchip KeeLOQ Data Sheets A DIY KeeLOQ encoder programmer: This is a Russian website that appears to have hosted the actual
licensed C source code for generating KeeLOQ encrypted ciphers.
Unfortunately the diskette images do not appear to be on the site any
more. Nothingface gave a talk at the 2005 HOPE conference about hacking the
CAN bus used in 2003 and newer vehicles. His project was called OpenOtto.
It appeared to be a collection of source files for writing your own
software to control CAN bus attached devices. Unfortunately his project
has died off the face of the planet. However his talk can be downloaded
here: electronics from a mechanics perspective: Same author, more general info about flashing PCM's: http://www.aa1car.com/library/2004/us10430.htm Same author, how an automotive engineer perceives network systems in an automobile: http://www.babcox.com/editorial/us/us70218.htm Same author, many articles (including the ones above) available online: http://www.aa1car.com/carleyware/library.htm Articles about car computer systems:
OBD Code Readers (Software & Hardware) DRB III Official Chrysler scan tool order form and info: Commodity OS's and vehicles Lexus's infected by bluetooth worm (Urban Legend - see next article) Lexus denies claim, F-Secure unable to infect cars
|
|
Copyright 2005 The Packet Sniffers -
http://www.packetsniffers.org
Web Template by
http://www.quickness.uni.cc. All Rights Reserved.
|