Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Hacking High Speed GMLAN Msg ID's

  1. #1
    Constant Bitrate NOS TANG's Avatar
    Join Date
    Mar 2004
    Location
    OH USA
    Posts
    143

    Hacking High Speed GMLAN Msg ID's

    Hi all. Been working on decoding some ARBID packets off HS GMLAN on 07 and up engines. Not really interested in low speed bus stuff like door locks and such. Most of that has been discovered all ready. I 'm focused on engine data packets, ones destined for other HS nodes and used by the gauge cluster. Specifically hitting the LMM Duramax ECM this week.

    Have a good amount of data captured, and got the easy stuff like gear position and speedo. But now trying to decode the other gauge data like oil pres, temps, tach, load and others. But finding any useful info on this specific protocol is daunting to say the least. Must have read three dozen pages so far, nothing useful. While the same data PIDs can easily be polled by OBD2 tester packets, this requires keeping the ECM in test mode. Which I'm trying to avoid. It's not needed when the info is constantly being broadcast by the ECM to the TCM and BCM for conversion to the LS LAN used by the IP cluster.

    So looking for anyone else who's into this level hacking that's willing to share data. I need it for a engine swap project, but plan to post up all the ARBID's and calc info once they're verified. It's just no fun doing this alone...

    -NOS

  2. #2
    Constant Bitrate NOS TANG's Avatar
    Join Date
    Mar 2004
    Location
    OH USA
    Posts
    143
    200 views, but no one on here is into canbus hacking? Gotta be someone else out there working on these...

  3. #3
    Maximum Bitrate
    Join Date
    May 2012
    Location
    Grandville, MI
    Posts
    854
    Hey I have some ideas for you but requires other software to reverse engineer.

    Due to the delicate nature of that type of thing would require off site discussion.

    I believe the low speed bus has much of the same information which allows for things such as the dash cluster to read stuff without interfering with the high speed bus.
    From what I read the cluster is on the low speed bus and the BCM works as a bridge.

    I suspect the same diagnostic codes that work on the low speed will work on the high speed. However the low speed bus may need some of the parameters to be requested while the high speed bus may just display them full time. I am not sure and have no way to test currently. (Although the GF has a 2013 Silverado...)

    I have a 2003 GM which is 10k low speed GMLan only but I believe in 2006 they went to a 33k low speed bus and 500k high speed CAN Bus.

    Rodney

  4. #4
    Constant Bitrate NOS TANG's Avatar
    Join Date
    Mar 2004
    Location
    OH USA
    Posts
    143
    I have verified that all the standard OBD-II "Tester" commands work on the the high speed bus alone. First by a friend who's done a stand alone 08 engine / trans swap. Second by testing on a running LMM truck. Connected to CAN H/L engine bus feeding the BCM and then disconnected it after starting the engine.

    The BCM does act as the gateway between the high and low speed bus. Also as a standard hub for other nodes. However from my reading and testing, the DLC16 plug provides direct access onto both HS and LS bus. Unlike my 05 MB E320 where the DLC16 plug goes only to a gateway, which acts as a firewall to everything else.

    The Canbus Triple unit has the ability to connect to the low speed 33k, but I haven't tried that yet. Since am focused on the HS bus I've been recording bunch of that data. What I would like to have is a full list of GMLAN OBD-II ID's and math formulas... Same as Torque or other ELM chip apps would use I guess. While likely not the same ARBID set the ECM communicates to the TCM and BCM, they would be worth comparison. Say this cause I've noticed my Benz shared many PIDs with the GM Bosch ECM's I've been testing on.

    Have started working on parts of this offline with another person. If you'd like to join shoot me a PM with some contact info.

  5. #5
    Maximum Bitrate
    Join Date
    May 2012
    Location
    Grandville, MI
    Posts
    854
    Sure I will be PMing you.

    The Method I have should make it relatively easy to reverse engineer the codes available.

    Rodney

  6. #6
    Constant Bitrate NOS TANG's Avatar
    Join Date
    Mar 2004
    Location
    OH USA
    Posts
    143
    Car hacking is proven LEGAL!!

    https://www.eff.org/mention/dmca-rul...or-your-iphone

    Wait, does that mean it was illegal before??


  7. #7
    Raw Wave SNOtwistR's Avatar
    Join Date
    Nov 2009
    Location
    Keswick,On Canada
    Posts
    2,060
    Just wait till you need to make insurance claim. SNO

  8. #8
    Constant Bitrate NOS TANG's Avatar
    Join Date
    Mar 2004
    Location
    OH USA
    Posts
    143
    Quote Originally Posted by SNOtwistR View Post
    Just wait till you need to make insurance claim. SNO
    Bigger question is, what legal repercussions this ruling will have on the all mighty EDR "Black Box" as evidence.

    If your car is "Jail Broken" can the EDR files still be considered a valid, impartial, 3rd person view in a crash reconstruction??? Unfortunately, been there done that... Insurance companies and law enforcement have always accepted the back box data as the gospel. Now those inputs could have legally been modified, before or after an event..


  9. #9
    Raw Wave SNOtwistR's Avatar
    Join Date
    Nov 2009
    Location
    Keswick,On Canada
    Posts
    2,060
    Correct and then you would be 100% responsible for any and all claims, if they can prove you had tampered with it. SNO

  10. #10
    Newbie
    Join Date
    Nov 2015
    Location
    Russia
    Posts
    2
    Quote Originally Posted by NOS TANG View Post
    What I would like to have is a full list of GMLAN OBD-II ID's and math formulas...
    First of all, I apologize for my bad english.

    GM LAN and OBD2 are different standards. OBD2 standard (ISO 15031) is aimed at the environment and is designed to monitor the exhaust gases. GMLAN is a standard (GMW 3110) for the control board network and it is much wider than the OBD2. Therefore look for common CANid for these different systems is meaningless. As an example, look at a request receiving VIN number. Although CANid to request they have the same (7E0), but they are different questions. For OBD2 is 09 02 for the GMLAN is 1A 90. Answer format series USDT CAN frames will also be different.

    For the purposes of the standard OBD2 engine management does not make sense. OBD2 - it is only a diagnostic mode, and therefore the tester is present in the on-board network. For motor control uses the normal mode. GMLAN supports both, standard diagnostic mode and normal mode. CANid and their format in normal operation may differ in various cars, depending on the composition of the controllers in the configuration of the onboard network. Therefore, even knowing CANid one car, there is no guarantee that they are as similar to those in the other car. What would the other ECU engine works correctly in the network, it must be configured correctly and could see other controllers on the bus.

Page 1 of 2 12 LastLast

Similar Threads

  1. Low Speed GMLAN Interface
    By Hebe in forum Engine Management, OBD-II, Engine Diagnostics, etc.
    Replies: 69
    Last Post: 03-24-2015, 05:44 PM
  2. Onstar GMLan & CAN bus GPS hacking
    By Fiberoptic in forum Mp3Car Blog Talk
    Replies: 17
    Last Post: 10-11-2012, 02:15 PM
  3. VPW 4X high speed
    By planethax in forum Engine Management, OBD-II, Engine Diagnostics, etc.
    Replies: 11
    Last Post: 08-11-2010, 12:58 AM
  4. High Speed Data Bragging
    By gthing in forum Wireless Communications
    Replies: 27
    Last Post: 12-09-2006, 01:38 PM
  5. Hacking into Fan speed switch...
    By Dexter in forum Hardware Development
    Replies: 10
    Last Post: 07-12-2005, 12:11 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •