After connecting the device, you can check messages produced by the device driver:
dmesg
[ 8603.743057] CAN device driver interface
[ 8603.748745] peak_usb 3-2:1.0: PEAK-System PCAN-USB adapter hwrev 28 serial
FFFFFFFF (1 channel)
[ 8603.749554] peak_usb 3-2:1.0 can0: attached to PCAN-USB channel 0 (device
255)
[ 8603.749664] usbcore: registered new interface driver peak_usb
This is the cheapest solution to get some data from your vehicle's ECU.
The communication based only on queries, which must be sent from "client" side to elm327 controller. Also this thing is slow.
In order to get "pure" CAN signals and be able to control the devices in your car - it's better to get more expensive USB->CAN devices.
Install screen and enter the tty device session with a standart baud rate:
sudo apt install screen
sudo screen -L /dev/ttyUSB0 38400
Log file will be created at the current workdir.
And then you're ready to send commands to the elm327, like this:
atz
// or
01 <PID>
See the Service 01 section for all needed PID codes and returned bytes decoding.
For example, here are queries for the engine RPM, vehicle speed and transmission actual gear:
01 0C
01 0D
01 A4
In case of RPM, we get two bytes, which must be converted as: (256*A + B) / 4 (A and B - decimals).
Speed encodes with one byte hex value, the decimal result will be in range 0...255, in km\h.
You can also get access to the CAN usinf the same PIDs, see the wiki article above for more info.
Remember, that the device version (from atz output) matters, since your elm327 may not support some communication protocols (another words - not all the cars and elm327 devices are compatible).
From pratice, it's better to have v1.5 elm.
Install socat:
sudo apt-get install socat
dmesg | grep tty
Line below creates a pair of VSP’s:
socat -d -d pty,raw,echo=0 pty,raw,echo=0
Connecting executable:
socat -d -d pty,raw,echo=0 "exec:myprog ...,pty,raw,echo=0"
where the executable myprog will be connected with the VSP through stdio.
Such device is the best option for "car hackers", since it gives direct access to the OBD-CAN bus on a high speed.
Install can-utils:
sudo apt-get update
sudo apt-get install can-utils
Load relevant linux kernel modules:
sudo modprobe can
sudo modprobe vcan
sudo modprobe slcan
sudo modprobe can-dev
Make it loads at boot time:
sudo vi /etc/modules
...
# CAN-related modules
can
vcan
slcan
can-dev
...
Add virtual CAN bus to do some tests:
sudo ip link add vcan0 type vcan
Verify the interface loaded properly with ifconfig and ensure a can0 interface is now present:
ifconfig can0
Example output:
can0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP RUNNING NOARP MTU:16 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Set the bus speed:
sudo ip link set can0 type can bitrate 500000
sudo ip link set up can0
// or
ifconfig can0 up
For external CAN devices, like CAN232/CANUSB serial adapters, CANtact and etc.
sudo slcand -o -c -s4 /dev/ttyUSB0 can0
// or
sudo slcand -o -s4 -t hw -S 3000000 /dev/ttyUSB0 can0
To set the right interface speed via flag -s - go to the table at the first link.
The speed depends on connection protocol.
Linking via ifconfig:
sudo ifconfig can0 up
or via ip link:
sudo ip link set up can0
Use down to erase the link.
Listen to CAN messages and print it to stdout (or write to file) along with timedeltas in seconds:
candump -td vcan0 > /tmp/vcan.log
or create log file through the candump attribute (creates a log file in a current dir.):
candump -td vcan0 -l
Send messages manually (remember, that data field can be 0-8 bytes long):
cansend vcan0 <ID>#<DATA_FIELD>
Example:
cansend vcan0 123#11AABBCCAABBCC
For real-time reverse engineering, use cansniffer:
cansniffer -c can0
You'll see the colored bytes only if they changed over time.
Links:
- http://opengarages.org/handbook/ebook/#calibre_link-226;
- https://elinux.org/Bringing_CAN_interface_up;
- https://github.com/gribot-robotics/documentation/wiki/Installing-SocketCAN;
- https://www.peak-system.com/fileadmin/media/linux/index.htm
- https://en.wikipedia.org/wiki/ELM327;
- https://news.voyage.auto/an-introduction-to-the-can-bus-how-to-programmatically-control-a-car-f1b18be4f377;
- https://github.com/norly/elmcan;
- https://github.com/deshi-basara/libreXC/wiki/ELM327-AT-Command-Set;
- https://en.wikipedia.org/wiki/OBD-II_PIDs;
- https://kb.iu.edu/d/acuy;
- https://codeseekah.com/2012/02/22/elm327-to-rs232-in-linux/;