Creating an automotive CAN bus device - challenges?

Thread Starter

MrSoftware

Joined Oct 29, 2013
1,579
Can someone please give me a brief overview of potential challenges or pitfalls of creating an aftermarket add-on CAN bus device for Toyota and/or Chrysler vehicles? I'm well versed in software and reasonably good with hardware, but new to CAN bus, and specifically CAN bus in the automotive environment. My goal is to make a device that plugs in as just another node on the CAN network, and can communicate on the network to detect and toggle the state (on/off) of select buttons on the dash board.
 

Papabravo

Joined Feb 24, 2006
12,500
Can someone please give me a brief overview of potential challenges or pitfalls of creating an aftermarket add-on CAN bus device for Toyota and/or Chrysler vehicles? I'm well versed in software and reasonably good with hardware, but new to CAN bus, and specifically CAN bus in the automotive environment. My goal is to make a device that plugs in as just another node on the CAN network, and can communicate on the network to detect and toggle the state (on/off) of select buttons on the dash board.
It depends on if the protocol for on-vehicle applications is open or proprietary. The hardware is pretty straightforward, but the use of message identifiers will make all the difference between a functional device and a brick. I'm guessing that anything to do with engine control is a closely guarded secret. CAN actually drives the folks concerned with vehicle security nuts because it is inherently insecure. If you can compromise the radio I'm told you can control the vehicle.
 

bwilliams60

Joined Nov 18, 2012
1,199
There are many similar threads on AAC and other sites which outline the issues younare going to run into. @Papabrovo is right in his statememt regarding the hardware but I think your biggest barrier is going to be in cracking the proprietary communication language and then proframming your device to communicate with said system. There are ways to take over existing systems using CAN sniffers and recorders but I have never seen anyone crack an automotive system and add on to it other than to add factory featurrs and parameters. Let us knkw if you find iut anything.
 

JohnInTX

Joined Jun 26, 2012
3,816
If you can compromise the radio I'm told you can control the vehicle.
This might be of interest. GM hired these guys after their exploits.

For the TS, you might find some info in the vehicle service manuals. For perspective on doing it yourself, I once did a project for a big outfit to interface some of their new controllers with legacy CAN based IO and control boards. The legacy documentation had been long lost so they bought an intern and she spent the summer running and documenting the messages and IDs. Even with the basic knowledge of how the overall system worked, it took a long time and the resulting document ran hundreds of pages. The take-away is 'it ain't trivial'. Even if you cracked the code, you'd have to ensure that you didn't miss anything and that your product would not interfere with things like ABS or driving assist features, particularly if you were adding message IDs to the mix. Not something to be taken lightly.

Just my .o2
 

Attachments

Papabravo

Joined Feb 24, 2006
12,500
This might be of interest. GM hired these guys after their exploits.

For the TS, you might find some info in the vehicle service manuals. For perspective on doing it yourself, I once did a project for a big outfit to interface some of their new controllers with legacy CAN based IO and control boards. The legacy documentation had been long lost so they bought an intern and she spent the summer running and documenting the messages and IDs. Even with the basic knowledge of how the overall system worked, it took a long time and the resulting document ran hundreds of pages. The take-away is 'it ain't trivial'. Even if you cracked the code, you'd have to ensure that you didn't miss anything and that your product would not interfere with things like ABS or driving assist features, particularly if you were adding message IDs to the mix. Not something to be taken lightly.

Just my .o2
My source was a fellow ham over coffee at Field Day. Having worked on the development of DeviceNet, a CAN based open standard for factory floor networks, I understood exactly what he was afraid of.
 

narkeleptk

Joined Mar 11, 2019
375
you'd have to ensure that you didn't miss anything and that your product would not interfere with things like ABS or driving assist features, particularly if you were adding message IDs to the mix. Not something to be taken lightly.

Just my .o2
This is a good point. I run into a lot of aftermarket devices that are not even tied in to the can network directly but just tied into oem modules and still cause a lot of trouble. Many instances I have seen SRS and/or ABS shut down because of the malfunctions. Now imagine the consumer gets into an accident because their brakes lock up and they are severely injured because the airbags did not deploy. The cause ends up coming back to your device shutting some modules down because of a simple communication issue. I would be sure to get some legal advice first if you succeed in your prototypes and looking to put something on the market.
 

Thread Starter

MrSoftware

Joined Oct 29, 2013
1,579
Thanks everyone for the excellent info. I would have expected auto makers to use separate networks for mission critical (engine, brakes, safety) and non-critical (A/C, radio, etc.) devices, perhaps with a gateway in-between. But it sounds like this might not be the case?

As with so many ideas these days, during my search for info I stumbled upon an existing product that looks nearly identical to what I'm trying to do. Basically it remembers the state of some dashboard button (on/off), and returns them to the remembered state each time the car is started. As best I can tell from their web site, the device attaches as a CAN node, or maybe a LIN device. Are they perhaps using some different method that I'm missing?

https://www.smartstopstart.com/easy-installation1.html
 

narkeleptk

Joined Mar 11, 2019
375
I dont know Much about the networks specifically but from working around them from what Obcan tell, Some makes/models have multiple networks but most of the important stuff is still grouped together. It can vary greatly and many cars before 2006 do not use can yet. Cars 2000-2010 a lot of time just have 1 or 2 networks. Newer cars are starting to use more and more smaller networks because every function on your car now needs its own ecu (instead of trying to control multiple devices from one unit like the olden days)

commonly broken up like this and many are not can but a mix of different protocals.
~powertrain components (engine,trans,abs,power distribution, etc...),
~body components (bcm,srs,instrument cluster, radio, comfort, etc...),
~& sometimes one is set up for diagnostics.
 
Last edited:

bwilliams60

Joined Nov 18, 2012
1,199
Just to expand a bit on what @narkeleptk has said, most manufacturers in the automotive industry are quickly moving to CAN because of its communication speed and the next step will be FlexRay which is 10x faster again than CAN. So to put it into perspective, generally safety devices or devices which can put a person in peril (engine,ABS, SRS, TCU) are going to be high speed and therefore run at up to 1Gb/s in data. Other devices such as infotainment and non safety items will run at lower speeds and there can be several different CAN networks which must still share data. In this case a gateway is used to control traffic like a train station. Data comes in at different speeds and is diverted to its destination through the gateway.
There may be plug and play devices out there but I am not aware of them. I am more familiar with Heavy Truck but very similar to car. If you want to add a feature, like a snow plow, you would go into features and parameters and add it through the software. When I was on the floor, I was a certified programmer with International and could write the software for certain applications but I had to be certified and jump through hoops to enact the program I had written. The liability issue as mentioned above was the greatest stumbling block so all software was scrutinized by engineers above me before being approved. So cars won't be any different. They don't want the average Joe to go into the system and change things.
Good luck with your adventure. If you make headway, let us know. I am always looking to learn more.
 

BobaMosfet

Joined Jul 1, 2009
834
This is a good point. I run into a lot of aftermarket devices that are not even tied in to the can network directly but just tied into oem modules and still cause a lot of trouble. Many instances I have seen SRS and/or ABS shut down because of the malfunctions. Now imagine the consumer gets into an accident because their brakes lock up and they are severely injured because the airbags did not deploy. The cause ends up coming back to your device shutting some modules down because of a simple communication issue. I would be sure to get some legal advice first if you succeed in your prototypes and looking to put something on the market.
As an addition to this remark, many people who have smaller efforts, or smaller endeavors do not realize that every company that provides some product or service to the public, where there is any possible liability, must have liability insurance high enough to cover any reasonable eventuality. I've seen fantastic startups and ideas die right there, because they couldn't afford the biz insurance.
 

BobaMosfet

Joined Jul 1, 2009
834
It depends on if the protocol for on-vehicle applications is open or proprietary. The hardware is pretty straightforward, but the use of message identifiers will make all the difference between a functional device and a brick. I'm guessing that anything to do with engine control is a closely guarded secret. CAN actually drives the folks concerned with vehicle security nuts because it is inherently insecure. If you can compromise the radio I'm told you can control the vehicle.
Yes, this information is held in security by all auto makers. In fact, in some jurisdictions it is illegal to even interface with the system without certification-- and certs cost quite a bit.
 
Top