Technical PROJECT: Hacking Fiat Grande Punto CAN BUS with Arduino and AlfaOBD

Currently reading:
Technical PROJECT: Hacking Fiat Grande Punto CAN BUS with Arduino and AlfaOBD

anyzunstudios

Grande Punto "FastLine"
Joined
Aug 17, 2016
Messages
181
Points
51
Location
Spain
Hi everyone, this is my first post. Maybe I am not posting this in the right place, but I know that some moderator will change this to the right thread. :D

Whatever, this is my first Fiat Grande Punto CAN BUS Hack 100% made by me, and I am proud of it, and I want to share it to all of you.

Basically, I have made a CAN BUS Sniffer and Spoofer, using an OBDII ELM237 Bluetooth clone, an Arduino and two Bluetooth modules. Also, I have used AlfaOBD application for Android to see what it does exactly, and what codes is using to for example, check Steering Wheel Angle, or even Spoof fakes codes to enable errors like water temperature lamp turns on, and even disabling ABS(this one really disables ABS).

So basically, I have "cheated" AlfaOBD App with an Arduino with two Bluetooth modules, one of them is an Slave to make possible connect Android phone with the Arduino, and other Bluetooth module works as Master, that auto-connects with ELM237 Bluetooth clone. Once the Master connects to ELM237, I can connect with my Android phone with the Slave Bluetooth simulating that is the ELM237, and every code that is sent between ELM237 and AlfaOBD at my phone is Sniffed, so I can know what configuration is using, what codes are sent and received, and also I can Spoof codes to the CAN BUS line simulating that I am AlfaOBD App, with a Serial Monitor.

I don't know if anyone is interested on it. Please let me know and I will share more info about it.

Greetings.
 
Welcome! Very interesting hack. I have tried my self to spoof the codes send from multiecuscan so I could send infos to LCD on the dashboard but I failed.

Have a look here

[ame]https://youtu.be/NtkmyAz1vjg[/ame]

Too bad he didn't share any information...
 
I did more or less the same using com2com - faked elm327 interface with a simple c program and probed the whole collection of Multi ECU Scan commands. Did that for IAW 4AF and Bosch ME7.9.10 as these were the most interesting for me, but it would work for any ECU that MES supports.

Purely software solution. Had no idea one needs so much hardware to do it ;P
 
Wow! That's impressive! It's all a closed book to me, (I'm too old for this sort of thing) but in the future, I'm convinced the DIY mechanic's toolbox will have a computer in it, rather than what's in my tool box! Do, please keep us up to date with your findings! Part of me finds the ability to communicate with the car's safety systems quite scary (especially if remote connectivity can be established - as was famously the case with Chrysler a few years ago) but the other part of me finds it quite empowering for the DIY owner!
 
Why did you use a second bluetooth module? As the ELM chip uses serial communication to the USB chip or bluetooth module you could simply monitor the serial communications at the ELM chip.

Robert G8RPI.

I use two modules, one is for connect ELM327 with Arduino, and the other one is for connect cellphone with Arduino and make Serial connection.

I have attached a basic scheme, where:
-Red dotted line: Common/Old directly BT connection
-Red (no dots) line: New BT connection
-Black Line: wired connections

*Note: ELM327 is connected at DataLink port (OBDII Car Connector).

I hope you all understand the idea.

Greetings!
 

Attachments

  • 1472123825228.jpg
    1472123825228.jpg
    39.6 KB · Views: 587
Welcome! Very interesting hack. I have tried my self to spoof the codes send from multiecuscan so I could send infos to LCD on the dashboard but I failed.

Have a look here

https://youtu.be/NtkmyAz1vjg

Too bad he didn't share any information...

I know about this video. It is very bad that no one gives any info, but I will make a how to really soon, and I hope that if someone discovers something New, please share info with us, because that is my goal, give a basic how to, and then, community will keep helping sharing info about fiat codes. For example, I am decoding Steering Wheel system because I want to add Fog Lights as directional lights, and when I turn right or left, a Fog lamp turns on and improve light quality at a curve.

Greetings!
 
I know about this video. It is very bad that no one gives any info, but I will make a how to really soon, and I hope that if someone discovers something New, please share info with us, because that is my goal, give a basic how to, and then, community will keep helping sharing info about fiat codes. For example, I am decoding Steering Wheel system because I want to add Fog Lights as directional lights, and when I turn right or left, a Fog lamp turns on and improve light quality at a curve.

Greetings!
It's an interesting idea, but fog lights have a really short range - maybe 10 metres in front of the bumper - if that! You would really need driving lights in the place of the fog lights, to make a difference, I think.
 
I use two modules, one is for connect ELM327 with Arduino, and the other one is for connect cellphone with Arduino and make Serial connection.

I have attached a basic scheme, where:
-Red dotted line: Common/Old directly BT connection
-Red (no dots) line: New BT connection
-Black Line: wired connections

*Note: ELM327 is connected at DataLink port (OBDII Car Connector).

I hope you all understand the idea.

Greetings!

Hi,
It just seems a bit convoluted. You could have just monitored the serial data going in and out of the ELM 327 chip in the car adaptor (two wire and ground to the PC or Arduino) but I guess I have a hardware bias. I do like to see data as close to the source as possible, before it's gone through a extra layer of hardware and software.


Keep us informed of how you get on.


Robert G8RPI
 
I know about this video. It is very bad that no one gives any info, but I will make a how to really soon, and I hope that if someone discovers something New, please share info with us, because that is my goal, give a basic how to, and then, community will keep helping sharing info about fiat codes. For example, I am decoding Steering Wheel system because I want to add Fog Lights as directional lights, and when I turn right or left, a Fog lamp turns on and improve light quality at a curve.

Greetings!

Your project sounds complicated. All I want is to show on the lcd information like intake temp, coolant temp, fuel trims etc, timing, voltage etc

All I know is that I have to use RADIO information (station/mp3 info) to write these information to LCD but I cannot even read these values in the first place...
 
Your project sounds complicated. All I want is to show on the lcd information like intake temp, coolant temp, fuel trims etc, timing, voltage etc

All I know is that I have to use RADIO information (station/mp3 info) to write these information to LCD but I cannot even read these values in the first place...

In that case, you might create a RDS radio station with a Raspberry Pi, and use an Obdii Python library that exist.
 
related article here :
http :
//
www
alfa147-france.net/forum/viewtopic.php?t=53974&postdays=0&postorder=asc&start=0
 
related article here :
http :
//
www
alfa147-france.net/forum/viewtopic.php?t=53974&postdays=0&postorder=asc&start=0
Hey man, nice one!
I am actually trying to to something like so, and I found something interesting, you need ELM327 (that supports Yellow cable) and the following commands:

ATZ
ATSPB <---optional
ATMA <---the real bomb!

And you will get something like this
_20170428_151436.JPG

I am working now, so maybe after this awesome discover (one more time, thanks by our brothers owners of Alfa vehicles) we have cool things like this ?
 
you need ATH1 to see headers that will tell you where the messages come from !
 
Hi Friend, how are you?


I have one Bravo Tjet, do you think thas is possible do it in my car?


What do I do?


Tks a lot for your help.


Best Regards.


Jose Pires


Hi everyone, this is my first post. Maybe I am not posting this in the right place, but I know that some moderator will change this to the right thread. :D

Whatever, this is my first Fiat Grande Punto CAN BUS Hack 100% made by me, and I am proud of it, and I want to share it to all of you.

Basically, I have made a CAN BUS Sniffer and Spoofer, using an OBDII ELM237 Bluetooth clone, an Arduino and two Bluetooth modules. Also, I have used AlfaOBD application for Android to see what it does exactly, and what codes is using to for example, check Steering Wheel Angle, or even Spoof fakes codes to enable errors like water temperature lamp turns on, and even disabling ABS(this one really disables ABS).

So basically, I have "cheated" AlfaOBD App with an Arduino with two Bluetooth modules, one of them is an Slave to make possible connect Android phone with the Arduino, and other Bluetooth module works as Master, that auto-connects with ELM237 Bluetooth clone. Once the Master connects to ELM237, I can connect with my Android phone with the Slave Bluetooth simulating that is the ELM237, and every code that is sent between ELM237 and AlfaOBD at my phone is Sniffed, so I can know what configuration is using, what codes are sent and received, and also I can Spoof codes to the CAN BUS line simulating that I am AlfaOBD App, with a Serial Monitor.

I don't know if anyone is interested on it. Please let me know and I will share more info about it.

Greetings.
 
Hi Friend, how are you?


I have one Bravo Tjet, do you think thas is possible do it in my car?


What do I do?


Tks a lot for your help.


Best Regards.


Jose Pires
Hello,
Of course it can be done! I dont know if you will need an adapter for some units, but for sure you will able to do same as I, the system is different, but you can build a system like I described at top of this post. I will try to make a tutorial of this project.
For now, I can make whatever I want with my car, turn on or off stuff, lock and unlock doors, turn on lights, and playing with correct parameters and some tech knowledge, you can lock or unlock your car with your voice / Phone / proximity sensor, automate stuff like lights, control your Phone music with Steering buttons, and much more! Everything is possible!

By the way, where are you from? I'm from Spain, and your name looks Spanish.

Kind regards,
Julio.
Hi Friend, how are you?


I have one Bravo Tjet, do you think thas is possible do it in my car?


What do I do?


Tks a lot for your help.


Best Regards.


Jose Pires
 
Great Job.


You make a coennctions directly in canbus line?


Until now I Can´n understand, but is very good have informations directly in dashboard.




Jose Pires






I use two modules, one is for connect ELM327 with Arduino, and the other one is for connect cellphone with Arduino and make Serial connection.

I have attached a basic scheme, where:
-Red dotted line: Common/Old directly BT connection
-Red (no dots) line: New BT connection
-Black Line: wired connections

*Note: ELM327 is connected at DataLink port (OBDII Car Connector).

I hope you all understand the idea.

Greetings!
 
Back
Top