GMLAN SW-CAN Message woes

**Jakob Perry** · 10-05-2011, 02:12 AM

Joining in on this conversation. Brad has been very helpful! I think I'm starting to get some relevant data, but its still tricky to decode. I need to keep studying the 29 bit header part so i understand whats happening.

My main issue at the moment is that I cannot get the doors to lock/unlock. I don't think i have the same can id as some of the other GM cars. mine is a 2011 Camaro.

Interestingly, besides canID 40, these are the only ids that show up for me:
99
60
80
58
62
8e
59
bb
a9
67
97 (onstar)

They are the 4th set i believe of this packet:

10 81 40 99 00 00
10 8E 00 80 0B 0A 05 02 00 35
10 AE C0 BB 0F FF FF FF FF 80 00 30

do any of those can ids ring a bell?

**tripzero** · 12-12-2011, 07:34 PM

Originally Posted by Jakob Perry

Joining in on this conversation. Brad has been very helpful! I think I'm starting to get some relevant data, but its still tricky to decode. I need to keep studying the 29 bit header part so i understand whats happening.

My main issue at the moment is that I cannot get the doors to lock/unlock. I don't think i have the same can id as some of the other GM cars. mine is a 2011 Camaro.

Interestingly, besides canID 40, these are the only ids that show up for me:
99
60
80
58
62
8e
59
bb
a9
67
97 (onstar)

They are the 4th set i believe of this packet:

10 81 40 99 00 00
10 8E 00 80 0B 0A 05 02 00 35
10 AE C0 BB 0F FF FF FF FF 80 00 30

do any of those can ids ring a bell?

my door locks are a single message. To figure it out, I hit the keyfob lock key 4 or 5 times and log the results. Find codes that only show up 4 or 5 times and then push those back on the bus. If one of them works, victory!

**chewwtoy** · 12-16-2011, 09:49 PM

Originally Posted by Jakob Perry

Joining in on this conversation. Brad has been very helpful! I think I'm starting to get some relevant data, but its still tricky to decode. I need to keep studying the 29 bit header part so i understand whats happening.

My main issue at the moment is that I cannot get the doors to lock/unlock. I don't think i have the same can id as some of the other GM cars. mine is a 2011 Camaro.

Interestingly, besides canID 40, these are the only ids that show up for me:
99
60
80
58
62
8e
59
bb
a9
67
97 (onstar)

They are the 4th set i believe of this packet:

10 81 40 99 00 00
10 8E 00 80 0B 0A 05 02 00 35
10 AE C0 BB 0F FF FF FF FF 80 00 30

do any of those can ids ring a bell?

So you have the right idea, unfortunately this vehicle is a bit unique. This is because the Body Control Module is responsable for unlocking the doors AND receiving the RKE key fob commands so there is no reason for there to be a CAN BUS message to control the locks on this using the RKE messages. So don't bother with pressing the key fob and trying to find a command to replicate, this won't work.

HOWEVER, OnStar has a message it sends to control the locks. So you can simply watch for that message:
Unlock Drivers Door is: 0x1024E097 00 02 FF
Unlock All Doors is: 0x1024E097 00 03 FF
Lock All Doors is: 0x1024E097 00 01 FF

If you are going to do an Unlock or Lock from a Sleeping bus you will need to send a High Voltage Wakeup and a VNMF Frame (0x641 01 FF FF FF FF FF FF FF will work)

And if you need to turn on your heated seats try this sequence:
0x102A0099 04 (Send multiple times to simulate multiple heated seat button hits)
delay 100 ms
0x102A0099 00 (Send this to simulate release of the button)

Want to remote start your car (works only if you have a factory remote start installed and enabled), send this sequence:
0x1024E097 80 01 FF
delay 200ms
0x1024E097 00 00 FF

and Cancel Remote start with:
0x1024E097 40 00 FF
delay 200ms
0x1024E097 00 00 FF

**tripzero** · 01-13-2012, 05:33 PM

Is that heated driver or passenger seat (or both)?

Originally Posted by chewwtoy

So you have the right idea, unfortunately this vehicle is a bit unique. This is because the Body Control Module is responsable for unlocking the doors AND receiving the RKE key fob commands so there is no reason for there to be a CAN BUS message to control the locks on this using the RKE messages. So don't bother with pressing the key fob and trying to find a command to replicate, this won't work.

HOWEVER, OnStar has a message it sends to control the locks. So you can simply watch for that message:
Unlock Drivers Door is: 0x1024E097 00 02 FF
Unlock All Doors is: 0x1024E097 00 03 FF
Lock All Doors is: 0x1024E097 00 01 FF

If you are going to do an Unlock or Lock from a Sleeping bus you will need to send a High Voltage Wakeup and a VNMF Frame (0x641 01 FF FF FF FF FF FF FF will work)

And if you need to turn on your heated seats try this sequence:
0x102A0099 04 (Send multiple times to simulate multiple heated seat button hits)
delay 100 ms
0x102A0099 00 (Send this to simulate release of the button)

Want to remote start your car (works only if you have a factory remote start installed and enabled), send this sequence:
0x1024E097 80 01 FF
delay 200ms
0x1024E097 00 00 FF

and Cancel Remote start with:
0x1024E097 40 00 FF
delay 200ms
0x1024E097 00 00 FF

**tripzero** · 01-14-2012, 03:18 PM

I can't manage to get the bus to wake up. I do this:

1) high voltage on (athv1)
2) switch to 11bit mode
3) send the network wake up (621 01 FF FF FF FF 00 00 00)
4) switch back to 29bit mode
5) send remote start (080080B0 01 0B)
6) high voltage off (athv0)
...

The same sequence works when I manually wake up the network by pressing a button on my actual fob. Do I have something messed up in my sequence? For the record, I also tried 0x641 01 FF FF FF FF FF FF FF.

Also, my door unlock command seems to be trying to lock the doors: (080080B0 03 01).

EDIT: door unlock didn't work because I had the data backwards. Should be (080080B0 01 03).

**chewwtoy** · 01-16-2012, 09:24 PM

Originally Posted by tripzero

I can't manage to get the bus to wake up. I do this:

1) high voltage on (athv1)
2) switch to 11bit mode
3) send the network wake up (621 01 FF FF FF FF 00 00 00)
4) switch back to 29bit mode
5) send remote start (080080B0 01 0B)
6) high voltage off (athv0)
...

The same sequence works when I manually wake up the network by pressing a button on my actual fob. Do I have something messed up in my sequence? For the record, I also tried 0x641 01 FF FF FF FF FF FF FF.

Also, my door unlock command seems to be trying to lock the doors: (080080B0 03 01).

I don't really know ELM too well, so I will just say, that the AT HV1 needs to be followed by a message with the ID of 0x100. then AT HV0. The whole thing doesn't need to be High Voltage just one message at the beggining...

**chewwtoy** · 01-16-2012, 09:25 PM

Originally Posted by tripzero

Is that heated driver or passenger seat (or both)?

Just the Driver.

**tripzero** · 01-17-2012, 03:10 PM

Originally Posted by chewwtoy

I don't really know ELM too well, so I will just say, that the AT HV1 needs to be followed by a message with the ID of 0x100. then AT HV0. The whole thing doesn't need to be High Voltage just one message at the beggining...

So in other words:

1) high voltage on (athv1)
2) switch to 11bit mode
-->2a) send message with id 0x100: (100 FF FF FF FF FF... something like that)
-->2b) athv0
3) send the network wake up (621 01 FF FF FF FF 00 00 00)
4) switch back to 29bit mode
5) send remote start (080080B0 01 0B)

Awesome, I'll give it a try. Thanks.

**chewwtoy** · 01-25-2012, 08:43 AM

Also make sure you have at least 100ms of space between some the messages... This will ensure that the module is ready to receive input.

Plus the 0x100 message do not need any data. (You can add it if you like, but it's not needed)

**tripzero** · 02-03-2012, 01:07 PM

What's the standard procedure for knowing when things go to sleep? Right now I'm sending a wakeup and initializing the virtual network every time I send a command. This seems inefficient.

Also, strangely since I added the 0x100 message, my remote start command doesn't seem to be working correctly. I see the lights go on/off like it normally does when it remote starts but the engine never turns. Keyfob still works. All my other commands seem to work still as well. I will keep toying...