CAN-BUS SuperSniffer

Previously i developed a tool to scan new messages by dumping data from putty into a file.
But I didn't spend much time in making it user friendly, after a while i wanted to get into scanning the BUS again only to find i forgot how the utility i wrote actually works, I then realized that the utillity will be pretty much useless to anyone trying to use it.

So i revamped it completely, and it actually works allot better, you are able to find messages much quicker!

I also realized that after reading this blog that all the information im sharing is now a bit scattered all over the place.

Hopefully this Blog post will clear things up a bit.


Meet "The CAN-BUS Super Sniffer" your new best friend.

Download  - CAN-BUSSuperSniffer.exe.zip

(The download now includes the SuperSniffer, SuperSniffer Source Code, Arduino Sketch & the SeeedStudio MCP Library which you need to import)
 
This software requires the Microsoft Com control
Its included in the Microsoft VB6 Run-time Libraries downloadable here.

Microsoft Visual Basic 6 Runtime Libraries

Or you can download it from an untrusted source but it's not recommended




NOTE!
You have to get the Arduino+CAN-BUS shield to return data in the following format.
<1,2,3,4,5,6,7,8,9>
"<" is used to determine the start of the Message and ">" to determine the end, if the data returned from the arduino over the serial port is not in the mentioned format it will ignore the data coming in.

 I have uploaded the Arduino Sketch code i'm using to Git-Hub, If you are using the same hardware as me, Arduino UNO + Seeed Studio Shield you should be able to just copy and pase without making any changes to the .ino sketch.
https://github.com/mailmartinviljoen/CAN-BUS-Sniffer
Also remember the sketch in the above link is using the Seeedstudion CAN Library so you need to import it into the Arduino IDE
https://github.com/Seeed-Studio/CAN_BUS_Shield

CAN-BUS Super Sniffer Tool Information
The CAN-BUS Super Sniffer tool is designed to help you reverse engineer
a vehicle's CAN-BUS Messaging system in order for you to figure out the meaning of the
messages detected on the CAN-BUS.

***All information in this help file is based on research done on a Jeep JK 2010 2door Rubicon.
If you happen to see incorrect facts please bear in mind its how the information was perceived when
researching and reverse engineering the CAN-BUS. Please use this information "AS IS"
When using this information you use it on your own and cannot hold any one liable if something bad happens.***

Basic CAN-BUS Information to get you started.
In order to get the data readable by the CAN-BUs Super Sniffer, you need an Arduino UNO connected to a Seeed Studio or similar device.
The Seeed studio and similar Arduino Shields are making use of the MCP2551 and MCP2515 CAN Chip, one is in interpiter and the other is a transceiver.
All research has been done on the Interior BUS , which controls all of the internal buttons in the vehicle and is running at 125 kbps
The baud rate is important, if you connect at a lower/higher rate the bus will bot be able to communicate and the system will give an error
in the vehicle, On the Jeep it will beep and various instruments lights will come on as well as the wipers will move up and down.
Also note! – The Arduino connected to the Seeed Studio CAN-BUS shield has 2 serial ports and should not be confused with one another.
The wires connecting to the CAN-BUS of the vehicle should run at 125kbps and the connection between the computer running the Supper Sniffer tool runs at 38400 baud rate, when you see corrupted characters it’s the PC is probably not connecting at the correct rate, althought he software
is set to connect at 38400 on each connection.
More Information
The Interior CAN-BUS messaging system consist out of 9 Bits.
Bit0 = the CAN Message ID  - Each Message ID can broadcast various messages.
Bit1,Bit2,Bit3,Bit4,Bit5,Bit6,Bit7,Bit8
The Arduino sketch is programmed to deliver the messages it finds on the CAN-BUS in the following format.
<CAN_ID,BIT1,BIT2,BIT3,BIT4,BIT5,BIT6,BIT7,BIT8>
an example message will look like this. <680,1,16,255,23,0,0,0,0>
IMPORTANT TO KNOW.
When the Arduino Shield finds messages on the bus its sends the CAN_ID in normal Number format.
But when you send the ID back into the can bus to mimic pressing a button in the vehicle you need to send it in
HEX format, hence the reason why the CAN-BUS Super Sniffer, shows a hex number in the first column
and the full message including the ID bit in number format. So you are able to know to which ID you need to send the detected message.
More Information & examples (The examples are NOT Based on real data and is cannot be used)
ID 286 - Controls around the steering wheel. Left Blinker, Right Blinker,Lights, High Beams, Wipers ect.
ID 680 - Controls on the 4x4 switch pod. Swaybar Disconnect, Lockers front/Back On/Off, ESP electroninc stability program mode.

<680,1,16,0,0,0,0,0,0> = Swaybar disconnect button pressed.
<680,1,17,0,0,0,0,0,0> = ESP Button Pressed
<680,1,18,0,0,0,0,0,0> = Lockers front/Back On/Off button pressed
Note the above is from the same node on the same switch panel in the vehicle, this means that
the node and all its buttons send messages under Message ID 680.
<286,15,20,4> - Left Blinker on (It broadcasts the state on a very regular inverval)
<286,15,16,3> - Right Blinker on (It broadcasts the state on a very regular inverval)
<286,20,16,2> - Lights On (It broadcasts the state on a very regular inverval)
<286,30,16,1> - High Beams On (It broadcasts the state on a very regular inverval)
Although this was done on a Jeep’s Interior BUS, Theoretically this should work on any CAN-BUS driven Vehicle and on any BUS such as the drive terrain.

Connecting the Arduino + CAN-BUS shield to the vehicle’s CAN-BUS.
Since the Radio can be controlled by the CAN-BUS you can TAP into the network via the cable that goes into the Radio.


From the Arduino Connect a USB Cable and ensure all Arduino Drivers are installed.
also ensure when connecting with the Sniffer Tool that you are using the correct COM Port.
From the Tools Menu.
Com settings – Allows you to select the comport to connect to, this is the same port the Arduino IDE is used to program the Arduino UNO
Connect To COM – Connect the software, once connected all data will start to come in from the CAN BUS into the Sniffer tool which will then automatically start to process the data by grouping them by Message id in the Grid List.

Clear ID Ignore List – Will clear the list created to ignore messages by ID.
Clear Message Ignore list – Will clear the list created to Ignore messages.
Clear All data in the list will  - clear the Grid List but data will immediately start to fill it again.

From the List you are able to Double Click a Message and the utility on the left will pop up,

Always Ignore this message – Will ignore this specific message from the BUS I.E if <680, 0,0,0,0,0,0,0,0> was selected to be ignored then <680, 23,0,0,0,0,0,0,0> will not be ignored.

Ignore This ID – Will ignore ALL messages coming from Message ID680

Save – Will save the data to a sequential file in the same directory where the application is running.
Into a file called canmsgname.txt
(It will save it with the ID in the heading of the popup utility screen)

The black text box log, will stream all changed messages to the Log box, and  it will not duplicate messages, you are able to clear the box manually by selecting all text and press delete or backspace.
And when a message comes in which is not in the log , it will appear again.






Emulating CAN-BUS Data (For when you just want to understand how the Super Sniffer Tool Works)

Turn Emulation ON – Will generate CAN-BUS Messages

Send Sample Message – Will send a random message into the system (Not to the can bus even if its connected)











27 comments:

  1. UnknownOctober 13, 2014 at 1:29 PM

    Hi Martin,
    the given download is unfortunately not available any more. Is there any other chance to get your tool beside that way?
    Thanks a lot!

    ReplyDelete
  2. MartinOctober 13, 2014 at 1:52 PM

    Hey Joey yes sorry about that i was using an inferiour hosting provider who wronfully closed my account, ive actuall since updated the program to work beter , when i get a moment i will upload it to my new hosting provider, head over to www.techtinker.co.za im slowly moving all of the info from here onto the techtinker, forum where im able to better structure all my research and also collaborate better with others so we can all learn :-) maybe youl find some more stuff on there that interest you, cheers will let you know once ive uploaded the sniffer application.

    ReplyDelete
  3. MartinOctober 14, 2014 at 10:06 AM

    This comment has been removed by the author.

    ReplyDelete
  4. UnknownOctober 14, 2014 at 10:57 AM

    Amazing! Thank you!

    ReplyDelete
  5. TonyApril 23, 2015 at 1:32 PM

    martin any chance or reloading that file? It is unavailable on both your sources

    ReplyDelete
    Replies
    1. MartinApril 23, 2015 at 10:44 PM

      Hi Tony

      I dont update this blog anymore, I moved all of the content to my forum.
      See this post where you can download the latest version of the software.
      http://www.techtinker.co.za/forum/viewtopic.php?f=14&t=18

      Delete
    2. TonyApril 26, 2015 at 5:39 AM

      Thanks Martin, have been having great fun with the Canbus shield pulling data but killing myself with Excel. Thanks for your blog it inspired me to get into playing with this....

      Delete
  6. TonyApril 26, 2015 at 5:50 AM

    Have the file and appreciate you posting the source code... I was missing the download because I didn't register! Sorry about that...

    ReplyDelete
  7. UnknownDecember 8, 2016 at 2:20 PM

    Hello Martin,

    I'm trying to use the SuperSniffer and I get "runtime error "8020"". Any idea how to overcome this?

    If I open a terminal on COM14 at 38400 I can see this:
    <1794,250,246,163,227,123,221,116,183>
    <128,250,246,163,227,123,221,116,183>
    Any idea what might be the problem?
    Thanks,
    Eyal

    ReplyDelete
    Replies
    1. MartinDecember 10, 2016 at 9:35 AM

      Hi I have no idea a quick google give me this.
      Are you sure you have installed the vb6 runtime libraries, without them the program wont start at all, if your's is starting but gives the error when you connect to the comport it might be related to the link i sent.

      Make absolutely sure nothing else is communicating with the port. Only one Application at a time may talk to it.

      Delete
  8. MartinDecember 10, 2016 at 9:35 AM

    Forgot the link see below.
    https://answers.microsoft.com/en-us/windows/forum/windows_10-update/run-time-error-8020-error-reading-comm-device/a0e4df03-ba48-45cf-b8c3-9bbb2b256e7c

    ReplyDelete
  9. UnknownJanuary 25, 2017 at 12:32 AM

    Seems as your webpage is down, http://techtinker.co.za/

    ReplyDelete
  10. Miguel ChillitupaAugust 15, 2017 at 7:38 PM

    Hi,

    You are connecting directly to the radio. I have de ODB2 - DB9 cable, will this work too?

    Regards,
    Mike

    ReplyDelete
  11. UnknownNovember 27, 2017 at 1:25 PM

    The website is down =(

    ReplyDelete
  12. UnknownDecember 8, 2017 at 5:04 PM

    Thanks for your job !
    Very helpful software ! :D

    ReplyDelete
    Replies
    1. UnknownDecember 8, 2017 at 11:52 PM

      Where did you find working download link?

      Delete
    2. MartinDecember 9, 2017 at 9:34 AM

      Hi , you can just download it from here
      http://www.techtinker.co.za/forum/viewtopic.php?f=14&t=18

      For your convenience I also shared it with google drive
      https://drive.google.com/file/d/1MYBDwSxGof6tajQGUTB61Qzh4EcfXfhX/view?usp=sharing

      I recommend registering on the forum to see the full post it gives you a run-down of how it works.

      NOTE: the software was developed in VB6 which means you need to first download the VB6 run-times before it will work.
      https://www.google.com/search?q=vb6+runtimes&ie=utf-8&oe=utf-8&client=firefox-b&gfe_rd=cr&dcr=0&ei=Wx4sWpyiApKp8wfdgaXYBA

      Cheeers

      Delete
  13. MartinDecember 9, 2017 at 9:38 AM

    Another Note: the software in this blog post is super old :-) The link i provided above is newer and works much better.

    ReplyDelete
  14. ThomasJanuary 5, 2018 at 9:24 PM

    Tried installing VB6 runtimes, Windows 10 machine 32 bit, no worky. getting MScomm32.ocx error

    ReplyDelete
  15. UnknownFebruary 17, 2019 at 11:38 AM

    You need to download mscomm32.ocx and mscomctl.ocx (google), run cmd as Admin and register the ocx with regsvr32 command. Than it will work.

    ReplyDelete
  16. UnknownMay 26, 2020 at 1:27 PM

    All links are dead. this software looks awesome to debug the canbus. If anyone still have a working link that would be great!

    ReplyDelete
    Replies
    1. MartinAugust 24, 2020 at 11:51 AM

      I totally forgot about this blog. In a way the software was ok but not perfect because it would sometimes miss messages which made it a bit unreliable.

      Since then I approached it from a different angle. I created a CLI which runs on an Arduino Mega , the mega is also compatible with the can bus shield meant for the Uno.

      If you are interested -- > https://github.com/mailmartinviljoen/WisperChipCli

      Delete
  17. AnthoniusAugust 5, 2020 at 5:50 PM

    Hi, can you upload "CAN-BUSSUPERSNIFFER.EXE.ZIP" file with source codes somewhere? Thank you much!

    ReplyDelete
  18. DexOctober 6, 2020 at 10:26 AM

    This comment has been removed by the author.

    ReplyDelete
  19. daisyNovember 19, 2020 at 7:01 AM

    does anybody have the file can-bus super sniffer ?

    ReplyDelete
  20. UnknownDecember 27, 2020 at 7:14 PM

    I have been building a canbus sniffer recently. It's built using electron and should be compatible with all platforms. It includes the arduino code as well and runs on an Uno. It does not have many features and is not fully done yet, but if people are interested I could post the link to the github page here. Let me know!

    ReplyDelete
  21. ItrusoftJanuary 27, 2021 at 1:43 AM


    Nice blog for Bus Booking Software in India

    ReplyDelete

Subscribe to: Posts (Atom)