Any CAN BUS sniffing experience in this forum?

kdmport · May 11, 2018, 10:34:21 AM

I am doing a swap with a 2016 F150 ecoboost 3.5L. I'm trying to keep the transfer case instead of switching to a manual one. Long story short I need to inject the proper CAN msgs onto the HS3 bus to the Transfer Case Control Module so it will shift into 4H and 4L.

Mainly - I'm looking to verify the 4 wheel speed sensor IDs and the Steering Position Angle ID from the ABS module.

I'm new to CAN BUS sniffing, using an Arduino and SEEED CAN BUS shield (both read and write) - so any experience out there is appreciated!

SHOdded · May 11, 2018, 11:31:51 AM

ecoboostsho can likely help here. He sniffed out info to help customize Torque Pro for the SHO.

ecoboostsho · May 12, 2018, 10:00:26 AM

Quote from: kdmport on May 11, 2018, 10:34:21 AM
I am doing a swap with a 2016 F150 ecoboost 3.5L. I'm trying to keep the transfer case instead of switching to a manual one. Long story short I need to inject the proper CAN msgs onto the HS3 bus to the Transfer Case Control Module so it will shift into 4H and 4L.

Mainly - I'm looking to verify the 4 wheel speed sensor IDs and the Steering Position Angle ID from the ABS module.

I'm new to CAN BUS sniffing, using an Arduino and SEEED CAN BUS shield (both read and write) - so any experience out there is appreciated!

I'd be happy to try and help although I've got a ton going on this weekend so I may not be very responsive until Monday. Take a look at this thread for what I did to sniff out the PIDs.

https://r.tapatalk.com/shareLink?url=http%3A%2F%2Fwww%2Eecoboostperformanceforum%2Ecom%2Findex%2Ephp%3Ftopic%3D3141%2E0&share_tid=3141&share_fid=56487&share_type=t

(Hopefully that works I'm on my phone)

I haven't messed with this for some time and while I've used an Arduino I haven't heard of the add on you are using. May have to check that out. First you need to determine the module address of the module you are trying to talk with. You should be able to do that by leveraging a well known PID that talks to it and just see what the hex address is. After that you could intercept it and then try to replay what you are doing on the CANBUS. That said I don't have much experience sending messages in the bus just reading them but if the Arduino Shield makes that easier then that would solve that challenge.

Sent from my XT1650 using Tapatalk

kdmport · May 12, 2018, 11:25:59 AM

@ecoboostsho - very nice work. So you started at 0x000, or in your nomenclature 22000, and just incremented up from there getting results (maybe skipping known obdii)? I hadn't really thought of that approach.

These PIDs are like mining for bitcoin...

The CAN BUS shield is basically a network device that can read/write from/to the CAN BUS. You can even set the baud rate for LS, MS, and HS CAN. In my case I just spliced into the HS3 CAN network and then it prints to a serial monitor or you can log to a file/SD card.

How did you back out the equations from the values to get the math? Just reverse engineer the returned values to known values?

Too bad you don't own a 2016 F150 and did all this work for me....

ecoboostsho · May 14, 2018, 09:15:41 AM

Well I actually didn't increment through them - I used a scan tool that already knew what the PID's were and then sniffed the bus to actually see what the PID was. That may be a challenge in your situation since if you don't know what messages to send and/or the PID then my method doesn't really help you.

As for the equations they were also reverse engineered in most cases either by finding two points on a line and doing some math or using some common sense logic along with trial and error.

So back to your issue - if you knew of a scan tool that could send the proper messages you could watch that with a serial sniffer and then try to replicate it with your arduino setup. Beyond that as I mentioned above if you don't know the PID and can't replicate it then that is going to be significantly challenging...

kdmport · May 14, 2018, 10:34:01 AM

I agree, I need more insight into the addresses.

I think I'm going to see if I can manually control the shift motor through the Arduino and a couple of relays. If so, I know I can at least use the transfer case and keep going with my rebuild.

Then I can sniff my brother's F150 HS2 network which has the TCase control module and ABS module to see if I can capture what is going on. It just isn't feasible without having either the components or knowing the addresses.

Thanks for the response.

kdmport · May 17, 2018, 10:10:01 AM

For future search prosperity, I haven't successfully been able to inject a CAN message to shift into 4wd. I have however been able to use the Arduino plus a relay shield and Nextion interface to control the shift motor on the transfer case.

I'll look to do a write-up when I can.

ecoboostsho · May 17, 2018, 01:44:18 PM

Quote from: kdmport on May 17, 2018, 10:10:01 AM
For future search prosperity, I haven't successfully been able to inject a CAN message to shift into 4wd. I have however been able to use the Arduino plus a relay shield and Nextion interface to control the shift motor on the transfer case.

I'll look to do a write-up when I can.

That would be awesome! I'd like to use a setup like yours to have car put the advance Trac stability control in "sport" automatically without pushing the button every time. I was thinking I may be able to do that with a PID...

Sent from my XT1650 using Tapatalk

kdmport · May 18, 2018, 11:25:24 AM

QuoteI was thinking I may be able to do that with a PID...

If you knew the PID, or could monitor the BUS when you select/deselect, theoretically that should work.

RAYJAY · May 19, 2018, 10:56:30 PM

try here

https://www.garagejournal.com/forum/showthread.php?t=147380&page=139

or here

https://www.ford-trucks.com/forums/1151372-1966-f100-250-projects-page-f250-ranger-482fe-f100-short-bed-f100-ranger-twin-turbo-boss-429-a-23.html

PDSHO · May 20, 2018, 05:54:29 PM

CAN BUS!
I thought you were talking about weed sniffing!

Greg

kdmport · May 21, 2018, 01:28:52 AM

@rayjay Those are massive threads. I don't know how he does all that work AND post it all. In fact, I was originally going to do a mild restoration on the Bronco, saw that thread, and thought 'why not, sounds fun'. I'm on budget now, but could easily blow through it building like that... His work and ingenuity are pretty impressive!

I didn't see anything specific on the 4wd spoofing ABS unless I missed it - a lot there. I think from my first read he was just grafting the old onto the new, keeping all the electronics and hardware, but I could be wrong.

@pdsho - I am in CO, but no, no weed sniffing here...

RAYJAY · May 21, 2018, 06:13:01 PM

join an send him a pm he a really great guy