CAN Bus Hacking (via PICAN2, Canberry, Panda, ect)

UB2SLOW · 06-16-2018, 06:59 PM

Thought I'd start this thread as searching the internets and boards has yielded nothing for CAN bus hacking (sniff+read+write) specifically related to 2006+ BMWs. Only generic CAN info, which may work just fine on BMWs, but before I start buying the hardware, I wanted to know what others have used to the get the ball rolling and what technical resources or open-source projects you've found helpful.

My current plan is to get the following:
- Komodo CAN DUO Interface (for CAN data analyzing)
- Raspberry Pi 3 B+ (for programmatically sending desired CAN messages/commands using linux can-utils, or something else)
- PiCAN2 (for adding CAN 2.0 A/B + SPI interfaces to Raspberry Pi and interfacing with the vehicles CAN bus via SocketCAN)

I should note, everything I am doing is white hat and on my own vehicle. I just want to make my car "smarter" and make ancillary systems (not safety, or engine management systems) easier and more fun to interface with. I am a software engineer and am completely aware I can brick my bus if not careful.

And a last question, is it correct that the CAN bus is essentially the main information highway with two lanes (CAN high and CAN low) for the transmission of all messages? So I should not need to connect a specific bus, but rather send messages on either CANh or CANl with the correct packet metadata and payload?

P.S. For any other noobs, this is an awesome resource that blew my mind (I haven't finished reading it, yet): http://opengarages.org/handbook/ebook/

Cheers,

Mark

UB2SLOW · 07-25-2018, 10:00 PM

No auto hackers around?

gamesfrager · 07-26-2018, 08:30 AM

You might get more response in the coding forum.
I would have loved for a way to get all CAN data into Android.
Pair it with a Tasker plugin and you're set.
But unfortunately I'm no car hacker.
Still very interested in what you come up with.

opjose · 07-26-2018, 09:32 AM

Your post implies that you view Canbus as having two datapaths like opposing lanes on a highway.

It does not.

CanHigh and CanLow are a differential serial bus.

There is only one active datapath which can be used by connected devices.

Canbus works more like old coaxial computer data networks that required endpoint terminations to tie high and low together to prevent "ringing".

Any device can either send or receive via Canbus, but only one can do so at a time and in only one direction. Arbitration is done by the devices themselves. They listen for quite on the line before sending much like an old fashion phone party line.

808AWD325xi · 01-26-2024, 12:11 PM

Quote:

Originally Posted by UB2SLOW

Thought I'd start this thread as searching the internets and boards has yielded nothing for CAN bus hacking (sniff+read+write) specifically related to 2006+ BMWs. Only generic CAN info, which may work just fine on BMWs, but before I start buying the hardware, I wanted to know what others have used to the get the ball rolling and what technical resources or open-source projects you've found helpful.

My current plan is to get the following:
- Komodo CAN DUO Interface (for CAN data analyzing)
- Raspberry Pi 3 B+ (for programmatically sending desired CAN messages/commands using linux can-utils, or something else)
- PiCAN2 (for adding CAN 2.0 A/B + SPI interfaces to Raspberry Pi and interfacing with the vehicles CAN bus via SocketCAN)

I should note, everything I am doing is white hat and on my own vehicle. I just want to make my car "smarter" and make ancillary systems (not safety, or engine management systems) easier and more fun to interface with. I am a software engineer and am completely aware I can brick my bus if not careful.

And a last question, is it correct that the CAN bus is essentially the main information highway with two lanes (CAN high and CAN low) for the transmission of all messages? So I should not need to connect a specific bus, but rather send messages on either CANh or CANl with the correct packet metadata and payload?

P.S. For any other noobs, this is an awesome resource that blew my mind (I haven't finished reading it, yet): http://opengarages.org/handbook/ebook/

Cheers,

Mark

I do most of my exploration nowadays using a Fedora laptop and various SocketCAN interfaces. can-utils makes it easy to poke around from the cli and manually test payloads prior to any programmatic implementation.

06-16-2018, 06:59 PM	#1
UB2SLOW New Member 6 Rep 24 Posts Drives: '11 135i M Sport Join Date: Feb 2017 Location: Denver, CO iTrader: (0)	CAN Bus Hacking (via PICAN2, Canberry, Panda, ect) Thought I'd start this thread as searching the internets and boards has yielded nothing for CAN bus hacking (sniff+read+write) specifically related to 2006+ BMWs. Only generic CAN info, which may work just fine on BMWs, but before I start buying the hardware, I wanted to know what others have used to the get the ball rolling and what technical resources or open-source projects you've found helpful. My current plan is to get the following: - Komodo CAN DUO Interface (for CAN data analyzing) - Raspberry Pi 3 B+ (for programmatically sending desired CAN messages/commands using linux can-utils, or something else) - PiCAN2 (for adding CAN 2.0 A/B + SPI interfaces to Raspberry Pi and interfacing with the vehicles CAN bus via SocketCAN) I should note, everything I am doing is white hat and on my own vehicle. I just want to make my car "smarter" and make ancillary systems (not safety, or engine management systems) easier and more fun to interface with. I am a software engineer and am completely aware I can brick my bus if not careful. And a last question, is it correct that the CAN bus is essentially the main information highway with two lanes (CAN high and CAN low) for the transmission of all messages? So I should not need to connect a specific bus, but rather send messages on either CANh or CANl with the correct packet metadata and payload? P.S. For any other noobs, this is an awesome resource that blew my mind (I haven't finished reading it, yet): http://opengarages.org/handbook/ebook/ Cheers, Mark
	Appreciate 0 Tweet Quote

07-25-2018, 10:00 PM	#2
UB2SLOW New Member 6 Rep 24 Posts Drives: '11 135i M Sport Join Date: Feb 2017 Location: Denver, CO iTrader: (0)	No auto hackers around?
	Appreciate 0 Quote

07-26-2018, 08:30 AM	#3
gamesfrager Banned 198 Rep 709 Posts Drives: 2011 328i Join Date: Feb 2018 Location: Calgary iTrader: (0)	You might get more response in the coding forum. I would have loved for a way to get all CAN data into Android. Pair it with a Tasker plugin and you're set. But unfortunately I'm no car hacker. Still very interested in what you come up with. Last edited by gamesfrager; 07-26-2018 at 05:00 PM..
	Appreciate 0 Quote

07-26-2018, 09:32 AM	#4
opjose Major 242 Rep 1,353 Posts Drives: 335xi Join Date: May 2016 Location: Md iTrader: (0)	Your post implies that you view Canbus as having two datapaths like opposing lanes on a highway. It does not. CanHigh and CanLow are a differential serial bus. There is only one active datapath which can be used by connected devices. Canbus works more like old coaxial computer data networks that required endpoint terminations to tie high and low together to prevent "ringing". Any device can either send or receive via Canbus, but only one can do so at a time and in only one direction. Arbitration is done by the devices themselves. They listen for quite on the line before sending much like an old fashion phone party line.
	Appreciate 0 Quote