undefined | Better HN

0 pointslucaspiller9y ago0 comments

Just to clarify, the no-name Bluetooth OBD-II adapters a lot of people use come with a default PIN of 0000 or 1234 - that can't be changed - and the OBDII port is usually powered even with the vehicle switched off and locked.

However, how much you can do really varies depending on the vehicle. I have a 2010 Prius and the OBD-II port is powered when locked and switched off, but the computer isn't active (so the port can't be used) unless the vehicle is switched on. Also the port itself is mainly read-only in my case, other than opening windows there isn't much I can do through it (I wanted to add remote-start, but it's not possible).

0 comments

6 comments · 1 top-level

avs7339y ago· 5 in thread

Just to clarify...the ports ARE NOT read only. They are very much writeable. The devices you mention just give a readonly interface.

The OBDII protocol itself is read only. OBDII requires a subset of parameters to be readable through an SAE (society of automotive engineers) developed protocol using the standard port. This occurs through reading of data that is regularly broadcast onto the CANBUS itself. In effect, OBDII runs on top of the CANBUS, with the connector in the cabin allowing access to OBDII via the CANBUS.

However, the ports are much more capable and include direct connects to just about every system. CANBUS actually interconnects The CANBUS itself is typically a 'security through obscurity' approach where tuners are forced to reverse engineer CANBUS packets to access the networked exchange of information within the vehicle. In fact, 7 of the 16 pins in the connector are 'manufacturers discretion'. CANBUS gives access to it all, if you speak the language. OBDII is a 1pg sheet of translations.

You can see the results of this through examples like that published in 2015 by Wired[0]. That was possible because the infotainment system and the engine, and transmission, and body control module, etc. are all connected to the same CANBUS...and information on the network is fully trusted once you know the language.

[0]https://www.wired.com/2015/07/hackers-remotely-kill-jeep-hig...

BoorishBears9y ago

I've owned cars where the ODBII port couldn't do (that) much more than the required subset of reads, and only a second port with access to the CAN network (that required disassembling part of the dash to access) was able to do things like what that link describes

mtreis869y ago

https://hackaday.io/project/6288/logs

Someone hacked VW Canbus to play video games on the dashboard of a polo.

tyingq9y ago

>The OBDII protocol itself is read only

I'd say "read mostly". Clearing the CEL with mode 4, for example, would cause your vehicle not to pass a state inspection until it went through a drive cycle...which can be quite a while.

Mode 8 is more troublesome. It's not as standardized, so you have to know vehicle and model specifics. But you can actively manipulate real physical things in the car, canister vents opening/closing, etc.

So, not as wild west as unconstrained CAN bus access, but not really read-only either.

patcheudor9y ago

>So, not as wild west as unconstrained CAN bus access, but not really read-only either.

I'd say mode eight makes it absolutely the wild west. In addition to clearing the CEL, I can use my CAN bus to program everything from the TPMS IDs for my wheels all the way to the pre-sets in my radio along with everything in-between including the amount of power steering and brake assist applied.

1 more reply

avs7339y ago

fair enough correction...thank you. I was being overly simplistic.

j / k navigate · click thread line to collapse