Welcome Anonymous !

[abodah]

Finally, it worked
There was a problem in the connection, wrong pinout of the ODBII port
I can see the data now, and I'll try to program some Visual Basic logger.
Any Ideas how to send data to the bus, like the volume up command for example?
Many thanks

[abodah]

I got to lock and unlock the car
But before i had to use my fob key to wake up the car.

- If anyone knows about the ability of the modified ELM327 to provide a wake up signa? (I tried the ATHV1, but didn't work).
- Also, I need the information about the HVAC messages, from GMLan bible, I knew it starts with 100C00, so I figured out the ArbID to be 0x60, but couldn't figure out the node, so I can log it.

Please anyone can help?
Regards.

[abodah]

I set the AT CF 10 0C 00 00
And the AT CM FF FF 00 00
I couldn't get any 100C00 data, but I got a 100C40 and 100C80.
Also, I got a 100C20, manipulated it, then got the outside temp to change.
On GMLan bible, the 100C40 is described as Antilock_Brake_and_TC_Status, but I think that's a mistake.
Any thoughts?
Regards

[tmk]

abodah -

I think you might have the masks wrong -

I set the AT CF 10 0C 00 00
And the AT CM FF FF 00 00

That looks like a 16 bit mask - can is 29bit and broken down as per the bible - 4 priority, 13 bit arb, 13 bit ECU
So masks should be like 00 00 1F FF for ECU, 03 FF e0 00 for arbid..

It's a pain but that's just the way they did it..

TMK

[abodah]

Thanks TMK, I worked it out

It was 10 0E A0 99
This controls the HVAC controls except for the temp control and external temp switch, I couldn't get to it.

Anyway. As in attached pic, to remove the HVAC control unit, I also need to control the audio. I did controled the most of it through the steering wheel control commands, I now only need the main power switch for the head unit as it is located in the HVAC control in my Series 2 car. Is it controllable? or just an electrical switch?

Thank you.

[abodah]

Sorry, there was a mistake in the previous post. The right value is :


10 0E 20 80

This controls every A/C setting.
Anyone knows about the Head Unit controls, especially the ON/OFF button?

[brentsten]

Wow I can't believe you guys are still at this I gave up months ago when I couldn't wrap my head around building a CAN message, but after staring at the bible and the 29-bit chime page like a couple others mentioned, it finally clicked. Before I was just copying what others had sniffed and injected messages and seeing responses. After figuring out how to break it down to binary then rebuild to hex its finally clear haha.

I found a list of every Global A PID, but unfortunately they don't all correlate to our systems. I've been trying to intercept the message that shuts off the display on the G8 when the vehicle is in motion, but no such luck yet. I'm assuming the source is the BCM and the target is the radio, but I haven't found the addresses for either to sniff. I have no objection to jacking the rear tires off the ground and sniffing the bus while the screen flicks on and off if anyone knows the right masks I should be using?

[jezzab]

Wow I can't believe you guys are still at this I gave up months ago when I couldn't wrap my head around building a CAN message, but after staring at the bible and the 29-bit chime page like a couple others mentioned, it finally clicked. Before I was just copying what others had sniffed and injected messages and seeing responses. After figuring out how to break it down to binary then rebuild to hex its finally clear haha.

I found a list of every Global A PID, but unfortunately they don't all correlate to our systems. I've been trying to intercept the message that shuts off the display on the G8 when the vehicle is in motion, but no such luck yet. I'm assuming the source is the BCM and the target is the radio, but I haven't found the addresses for either to sniff. I have no objection to jacking the rear tires off the ground and sniffing the bus while the screen flicks on and off if anyone knows the right masks I should be using?

There is no packet that turns off the display when moving mate. It reads the vehicle speed and then the head unit uses its stored speed limiter value and does it itself. The VIM (vehicle in motion) mod is just changing that value be it software and DIDs or hardware with EEPROM reflashing.

I would suggest if anyone wants to get serious they have a look at GMW3110 white paper

DIDs are a value that corresponds to an address in the main MPU EEPROM or external EEPROM and means you can access them via gmlan and rewrite them without having to remove the chip or rewrite the entire calibration. For example, It is quite easy to change the startup logo without reading and writing the EEPROM in the head unit and using just the obdii port. Just gotta know where to look

This is how SPS or tis2web configures your head unit after you reflashing it. You don't get any control with SPS though, it just flashes relating to the model etc and or your old setup

[brentsten]

There is no packet that turns off the display when moving mate. It reads the vehicle speed and then the head unit uses its stored speed limiter value and does it itself. The VIM (vehicle in motion) mod is just changing that value be it software and DIDs or hardware with EEPROM reflashing.

I would suggest if anyone wants to get serious they have a look at GMW3110 white paper

DIDs are a value that corresponds to an address in the main MPU EEPROM or external EEPROM and means you can access them via gmlan and rewrite them without having to remove the chip or rewrite the entire calibration. For example, It is quite easy to change the startup logo without reading and writing the EEPROM in the head unit and using just the obdii port. Just gotta know where to look

This is how SPS or tis2web configures your head unit after you reflashing it. You don't get any control with SPS though, it just flashes relating to the model etc and or your old setup

I have access to a CarDAQ, but I don't have any software to go along with it so it's not really worth anything at this point. Plus I'm terrible with coding (I have a program that I use that's preconfigured with settings and I can just read/inject anything on GMLAN by header and data).

Tis2Web is where you don't have any control beyond the model. That pulls the calibration from the web and flashes right through a tech2.

SPS gives you some control though. I've played with it a little and you can actual select the file that gets uploaded. All it would take is some reconfiguring of the stock file in the right places. When looking at the calibration files though, they are in a .zip format and contain around 6 different .bin files. That would be a whole other monster to get into I fear.

[jezzab]

tis2web/SPS flashes the files but you still have to configure it. And all of the bin files it flashes are blank of config data. That data is built "on the fly" and uploaded. You also need to recalculate the CRC in the bin files.

The bin file format is set out as per the white papers I mentioned. Been down that road and have all of the info on it but you are barking up the wrong tree on that one for what you want to do.

You just need to rewrite the correct location in the EEPROM or just send the packet over GMLAN to change the byte via the correct DID