VW Can Bus Hacking With SavvyCan & Cantact

VW Can Bus Hacking With SavvyCan & Cantact - Voltlog

Рет қаралды 52,381

Күн бұрын

High quality PCB Services pcbway.com In this video I’m gonna walk you through the process that I use for hacking a VW cluster CAN bus(PQ35 platform, MFA cluster). The tools that I’m going to be using today are very accessible price wise and open source on top of that. As hardware I’m going to be using the Cantact usb to can bus adapter, this is going to allow a computer and operating system to access and communicate on the CAN BUS. As software I’m going to be using Savvycan which is once again an open source GUI tool for hacking and reverse engineering CAN BUS data. Links for places where you can order the Cantact hardware and download Savvycan will be placed in the description below.
→Cantact USB-CAN Adapter
CANdo clone voltlog.com/y/bwh3u
CANable clone voltlog.com/y/ojgqk
→VW PQ35 harness with gateway voltlog.com/y/8g5sa
→Cantact wiki voltlog.com/y/raos7
→Candlelight firmware wiki voltlog.com/y/j82ze
→Candlelight firmware binary (8b2b2b4.bin) voltlog.com/y/iq29k
→SavvyCan github voltlog.com/y/dols2
→SavvyCan release binary voltlog.com/y/jki3g
→VirtualBox voltlog.com/y/mdle0
→Commands used in the video
#install dfu-util using this command
sudo apt install dfu-util
#flash new firmware using this command
sudo dfu-util --dfuse-address -d 0483:df11 -c 1 -i 0 -a 0 -s 0x08000000 -D gsusb_cantact_8b2b2b4.bin
#check gs_usb kernel module is enabled
sudo modprobe gs_usb
#check available can interfaces
sudo ip link show
#configure can0 for desired speed
sudo ip link set can0 type can bitrate 500000
#bring up can0
sudo ip link set up can0
#check can0
sudo ip -det link show can0
→Support the channel via Patreon, Paypal or Bitcoin
www.voltlog.com/donations
→Blog Post
www.voltlog.com/
#VoltLog #CAN #VW

Пікірлер: 76

@simonstergaard 3 жыл бұрын

Super interesting. looking forward to next episode.

@ecaredu2022 2 ай бұрын

CAN BUS kzfaq.info/get/bejne/e9l7o8WVt728ioE.html

@ristomatti 3 жыл бұрын

You're one ambitious man. Interesting stuff even if tweaking cars is not on my todo list. Good luck with the project!

@voltlog 3 жыл бұрын

thank you!

@hubmartin 3 жыл бұрын

Nice project idea. I studied a lot of about CAN but never tried anything in person. And this instrument cluster seems like good starting point so you don't brick your car... :)

@voltlog 3 жыл бұрын

That's something I'm afraid, when I start moving to the car, I wouldn't want to brick it 😂

@wi_zeus6798 3 жыл бұрын

Wow, what a cool project this will be! I am very excited to follow the journey :)

@voltlog 3 жыл бұрын

Awesome, thank you!

@ecaredu2022 2 ай бұрын

CAN BUS kzfaq.info/get/bejne/e9l7o8WVt728ioE.html

@fuzzs8970 2 жыл бұрын

Nice video. Would love to hear more on can interfacing. Thank you

@martoel 3 ай бұрын

Great video and stuffs. Looking forward to see your progress

@ecaredu2022 2 ай бұрын

CAN BUS kzfaq.info/get/bejne/e9l7o8WVt728ioE.html

@electronic7979 3 жыл бұрын

Helpful video. I liked it

@fullwaverecked 3 жыл бұрын

Awesome video! Made my day. Thank you!

@voltlog 3 жыл бұрын

So glad!

@ladislavradoczi3179 2 жыл бұрын

WOW AWESOME video :) waiting for resume :)

@FrankGraffagnino Жыл бұрын

super useful... going to have to check out SavvyCan!

@daku1975 2 жыл бұрын

Generate new menu on this cluster is impossible, but override existing is possible :) like I do. BTW Nice video, with large amount of details

@thanwinaung2107 3 жыл бұрын

Great video.

@yehcarl3472 Жыл бұрын

Great video for me

@Diski76 3 жыл бұрын

Thank you man, grat job

@ecaredu2022 2 ай бұрын

CAN BUS kzfaq.info/get/bejne/e9l7o8WVt728ioE.html

@davitshermadini7775 Жыл бұрын

very nice!

@flo_neke 3 жыл бұрын

Salute Cred ca vw foloseste 2 standarde pentru clusterele de pq35. Stiu ca cele cu ecran rosu sunt un standars si cele albe alt standard.

@UpcycleElectronics 3 жыл бұрын

Very cool project. There's an in depth YT series on the CAN bus with Pete on Sparkfun's channel from around a year ago. I watched it, but TBH I didn't understand most of it. I haven't done a project with CAN so it was difficult to contextualize the depth he went into. From a high level abstract perspective, I get the impression CAN is kinda like I2C but more robust, faster, and capable of communication over much longer distances?

@voltlog 3 жыл бұрын

I try to look at things differently, at least when I'm just starting out with something new. I don't need to know all the inner details to get something working: I need to know it's a differential bus so I will need two wires and a special hw driver and there is some protocol for signaling but that is taking care by the CAN interface implementation inside the microcontroller. Next I need to know that each message has a CAN ID and some data bytes. The rest is pretty much not important in this early stage.

@UpcycleElectronics 3 жыл бұрын

@@voltlog I get lost really fast when I do that kind of approach. Even when I manage to pull off a task, if I don't intuitively ground my thought process I will forget everything I should have learned. It's kinda why I explore a lot, I'm mostly trying to fit pieces together to build on intuitively later. ...Probably means I'm just dumb, but I don't care. In the Nintendo GnW project, there are two cool chips they used that have part numbers with datasheets. If you need a single cell lithium controller that can charge and handle powering the circuit from USB, the BQ24072 from TI is what they used. The circuit looks pretty simple, and the datasheet, at first glance looks good. They also used a little PMOS switch to cut off power to the LCD controller and flash chip. It's a Toshiba part number SSM6J412TU and comes in a little 6 pin SMD. It's capable of decent loads, but the real kicker is that it works with logic levels all the way down to 1.5volts. It's the first time I've seen a power FET that works that low. I haven't needed anything like that or gone looking, but I will have the circuit block documented soon. I was working on it in kicad earlier today. Good luck with the CAN bus buddy :-) -Jake

@voltlog 3 жыл бұрын

@@UpcycleElectronics Thanks, you too!

@acoustic61 3 жыл бұрын

All automotive technical information should be open source! When you buy a car, the manufacturer should supply all technical information so you can work on your own car that you paid for! Period!

@voltlog 3 жыл бұрын

I agree but that also brings a bunch of security risks these days.

@acoustic61 3 жыл бұрын

@@voltlog We just voted on the "Right To Repair" which requires auto manufacturers to give up proprietary technical information so independent repair shops can service our vehicles. Of course, car dealers and manufacturers are against it. It's all about money! massrighttorepair.org/

@marcelhh2101 3 жыл бұрын

@@voltlog why security risks? When you make it opensource, other security research experts can have a go with it. Now its security by obscurity, and thats a bad practice.

@voltlog 3 жыл бұрын

@@marcelhh2101 I am not a security expert so I can't say what the correct approach is but where would you draw the line as to what is disclosed and what not? Who is gonna take the blame once hackers gain access and override the controls of your car because of information that was published as open-source by the manufacturer? I support the right to repair but I think the consequences of opening everything could be serious.

@florinm3960 3 жыл бұрын

@@marcelhh2101 Working for company that produces automotive ECUs I would say that what you propose it’s not feasible from different perspectives. First its like VoltLog mentioned, there are a lot security reasons for that will be never open source, one example will be related with key or imobilizer of your car, excluding form this discission about milleage. I’m thinking that you will be not happy If one guy will sole your car because he researched open source software of your car. Second, software its tested by manufacturer of the ECU, OEM and also by a third party company hired by OEM to test security of their product. Third reason its that starting with these year EU introduced a more comprehensive set of regulations for cybersecurity for automotive manufactures.

@piercetkwong 3 жыл бұрын

ip link show command did not show that the can0 is up. It didn't even show can0 .

@iconam9283 Жыл бұрын

Thank you for the information! Hoping for some guidance. I am interested in updating the window/mirror adjustment switch in my vehicle to that of a newer year model. My question is how do I decode the data from the current switch module and match it to the new one? This upgrade is common in Russia and is done by changing resistance in the new switch, I believe. However, it is difficult to get in contact with them so I would love to create my own. Thank you so much!

@ecaredu2022 2 ай бұрын

CAN BUS kzfaq.info/get/bejne/e9l7o8WVt728ioE.html

@vincepatti8978 3 жыл бұрын

The usb - can adaptor you are using looks like a different model to the those you have linked to? Will the adaptors in the link work with SavvyCAN and Candlelight firmware?

@voltlog 3 жыл бұрын

For best results try to get the same. The link I placed will show you at least 5 different listings with the exact same adapter.

@vincepatti8978 3 жыл бұрын

@@voltlog The module you show in overlay at 0:50 is different to the one you are using at 6:32 (2 screw terminals vs 4 screw terminals and some minor pcb differences) do they both use the same microcontroller and work with the firmware and software you link to? As far as I can tell first is CANdo clone and second is CANable clone?

@voltlog 3 жыл бұрын

@@vincepatti8978 I use the Canable clone with 4 terminals, however the outer ones are GND and 5V which you wouldn't use anyway. I've added a second link to canable specific dongle however I suspect the two are identical and they will work with the same firmware.

@nitinnamde5113 Жыл бұрын

can u recover cs and pin of vw 2020 instrument cluster by this software

@chachouamohamed8557 Жыл бұрын

Great job bro ..I can ask you where was fi'nd diagremmes dash Renault symbol and I can connect with can bus for manipular in other cars ?

@ecaredu2022 2 ай бұрын

CAN BUS kzfaq.info/get/bejne/e9l7o8WVt728ioE.html

@i-HassanKhan 3 ай бұрын

hey VoltLog great stuff bro, i was wondering if you can help me in finding can ids for toyota corolla 2019 model or newer

@jp2en 11 ай бұрын

is there any "next" video?

@radarprogramallcarinuae 2 жыл бұрын

I have honda I need cancel radar cruise can bus Can do it ?

@lucapesce3335 3 жыл бұрын

I ordered one of this adapter immediately after your video :-) I received a reengineered PCB (also with a GD32 instead of STM32, but that's not the point) ...there is no more a "boot" jumper or, maybe, it is simply unpopulated, I have to check thoroughly. Wondering if anyone knows this new board.

@voltlog 3 жыл бұрын

If you ordered the one I showed and yet received something else I would recommend you open a dispute for that order and request a refund. Show an image of what you received, you will get the refund 100%.

@lucapesce3335 3 жыл бұрын

@@voltlog Sure, thank you, it's gone exactly this way and I considered this option but so far the item is working, it's a little more compact, the cpu is a little more powerful (on paper) althought electrically equivalent and the seller declares it compatible with candlelight ...I'm going to flash it and see if this bricks it, then I decide about dispute :-)

@voltlog 3 жыл бұрын

If I had to guess, I would say it would work, those G32's pretty much run the same code without any major issues. I would be unhappy if I didn't have the boot jumper to be able to easily flash different firmware. If it's just unpopulated it's still okay.

@ChyeThiamTan 3 ай бұрын

What is the difference between CANdo and CANable? Can I still buy them now ?

@radarprogramallcarinuae 2 жыл бұрын

What is name this adapter tool?

@GraxGool 2 жыл бұрын

Hello, I want to do something like you and want to ask about progress, how it's going? Do you have any working concept?

@igorordecha 5 ай бұрын

One year later, any update?

@EdwinNoorlander 3 жыл бұрын

I’m looking for information about the Audi can bus. I think that muts of the information is the same with VW and Skoda

@voltlog 3 жыл бұрын

It can be very similar although message IDs can be different and can bus architecture can be different depending on the platform but the same rules apply.

@EdwinNoorlander 3 жыл бұрын

@@voltlog thanks. I’m thinking of a device like this. freematics.com/pages/products/freematics-one/

@JoshLederer 2 жыл бұрын

@@EdwinNoorlander Did you end up getting that device?

@EdwinNoorlander 2 жыл бұрын

@@JoshLederer no. but i haven’t found the time yet.

@JoshLederer 2 жыл бұрын

@@EdwinNoorlander OK, no worries figured I would ask. I’m about to start messing around with CAN bus.