2014 GC Can Bus Hacking Fun! - JeepForum.com
 3Likes
Reply
 
LinkBack Thread Tools
post #1 of 17 Old 10-30-2016, 10:57 AM Thread Starter
Pitchlynn
Registered User
2014 WK 
 
Join Date: Oct 2007
Location: Bend, OR
Posts: 67
2014 GC Can Bus Hacking Fun!

Following in others foot steps I've gained access to my 2014 GC's can bus. First order of business is a work around for a flaky passive entry problem that jeep service has not been able to fix. Then on to whatever fun projects.

Short video unlocking and locking the doors:
https://youtu.be/xMXb1stRlsQ

Websites that got me going:
http://chadgibbons.com/2013/12/29/ha...erior-can-bus/
https://www.raspberrypi.org/forums/v...?f=44&t=141052

Hardware is a $5 raspberry pi zero and a $3 generic can bus controller. The PC is only for initial testing until I write a program to run on the pi zero that will live in the jeep. The JK hack I referenced used aftermarket connectors to make a harness that goes inline with the radio but I have not been able to find the equivalent connectors for the WK2 probably because you would looks a lot of functionality if the Uconnect radio was replaced. I'll have to find a clean way to tap into the can bus wires. Right now the radio is removed and I am connecting to the pins on the connector

The basic idea is that you use a cansniffer utility to figure out what the can bus messages are when you push buttons or other events happen. Then you can use the cansend utility to send a message onto the jeeps can bus.

Pitchlynn is offline  
Sponsored Links
Advertisement
 
post #2 of 17 Old 10-30-2016, 07:46 PM
2001WJv8
Registered User
2015 WK 
 
Join Date: Nov 2008
Posts: 1,136
Garage
fun, i wouldn't try any of that as it's clearly voodoo and blackmagic going on in there

i can smash things with a hammer though
Dabitz, CG27519 and jswilliams86 like this.

'15 WK2 Diesel 4x4 ORII, Nitto TG2 275/65r18, BORA 1"f/1.25"r spacers, RRO super sliders
2001WJv8 is offline  
post #3 of 17 Old 11-03-2016, 11:08 PM Thread Starter
Pitchlynn
Registered User
2014 WK 
 
Join Date: Oct 2007
Location: Bend, OR
Posts: 67
Wow no interest on this one! Oh well, I'm having fun with it. Turns out the unlock command I found didn't work when armed. In fact the unlock button is disabled so you can't use the coat hanger trick. I had to move from the interior can bus to can c which is also available on the back of the uconnect radio. Once there I found the disarm/unlock command for both passive entry and keyfob. I now have my flaky passive entry "fix" fully implemented. Raspberry Pi Zero boots up straight into a custom python program I wrote that looks for the passive entry disarm/unlock command and if the lights don't turn on in response to a successful entry, the disarm/unlock command is issued again by my program. The power light on the Pi stays on solid when the can bus is quite and program is running and it blinks off for every can message that chatters across the bus so I'll be able to see some response when trying to open the door.

Now to find out if it works! That won't take long because the jeep fails to do it's job once a day consistently.
Pitchlynn is offline  
 
post #4 of 17 Old 11-04-2016, 06:51 AM
Jurassic_Jeep
Registered User
2014 WK 
 
Join Date: Nov 2014
Location: Edmonton
Posts: 328
interest!

Are you able to change and SAVE things or just view them (i.e. are you like a printer)?

2014 Jeep Grand Cherokee Summit 4x4 3.6L V6.
Jurassic_Jeep is offline  
post #5 of 17 Old 11-04-2016, 06:55 AM
ColdCase
My Reality Check Bounced
 
ColdCase's Avatar
2011 WK 
 
Join Date: Sep 2009
Location: New England
Posts: 9,687
Quote:
Originally Posted by Pitchlynn View Post
Wow no interest on this one! Oh well, I'm having fun with it. Turns out the unlock command I found didn't work when armed. In fact the unlock button is disabled so you can't use the coat hanger trick. I had to move from the interior can bus to can c which is also available on the back of the uconnect radio. Once there I found the disarm/unlock command for both passive entry and keyfob. I now have my flaky passive entry "fix" fully implemented. Raspberry Pi Zero boots up straight into a custom python program I wrote that looks for the passive entry disarm/unlock command and if the lights don't turn on in response to a successful entry, the disarm/unlock command is issued again by my program. The power light on the Pi stays on solid when the can bus is quite and program is running and it blinks off for every can message that chatters across the bus so I'll be able to see some response when trying to open the door.

Now to find out if it works! That won't take long because the jeep fails to do it's job once a day consistently.
Nice job. Does your Jeep have QL?

On other FCA vehicles some have had luck using autoenginutity's system and manual data manipulation to add sales codes and modify operations like keeping fog lights on with high beams. I've got a thread bookmarked somewhere, will try to find it when back in town.

https://www.autoenginuity.com/produc...mily-ei04.html

Current: 2011 Grand Cherokee Overland V8, 2009 Liberty Rocky Mt V6
Previous: 2000 Grand Cherokee Laredo I6, 1979 CJ7 I6 Quadratrac
ColdCase is offline  
post #6 of 17 Old 11-04-2016, 09:11 AM Thread Starter
Pitchlynn
Registered User
2014 WK 
 
Join Date: Oct 2007
Location: Bend, OR
Posts: 67
Quote:
Originally Posted by Jurassic_Jeep View Post
interest!

Are you able to change and SAVE things or just view them (i.e. are you like a printer)?
I can view messages and send messages but I'm not permanently altering anything on the jeep. Merely monitoring what is happening and controlling devices normally controlled by other modules or buttons in the jeep.

I've simply introduced my own device on the can bus that can receive and send messages with all the existing devices in the jeep. My device contains its own operating system and program that I wrote and can update and change to my liking. I had to reverse engineer the messages going between the existing devices so I would know what to listen for and what commands to send.
Pitchlynn is offline  
post #7 of 17 Old 11-04-2016, 09:34 AM Thread Starter
Pitchlynn
Registered User
2014 WK 
 
Join Date: Oct 2007
Location: Bend, OR
Posts: 67
Quote:
Originally Posted by ColdCase View Post
Nice job. Does your Jeep have QL?

On other FCA vehicles some have had luck using autoenginutity's system and manual data manipulation to add sales codes and modify operations like keeping fog lights on with high beams. I've got a thread bookmarked somewhere, will try to find it when back in town.

https://www.autoenginuity.com/produc...mily-ei04.html
Yes, it has QL. Are you thinking override the ride height?

I checked out that link to autoenginuity. Looks like they are doing some cool stuff. I think for a lot of that I would need a programmer tool to sniff what messages it is sending to the jeep to change settings. There would be no way to reverse engineer this without a tool in hand. Or, if the information was open sourced that would work too.
Pitchlynn is offline  
post #8 of 17 Old 11-04-2016, 10:50 AM
Jurassic_Jeep
Registered User
2014 WK 
 
Join Date: Nov 2014
Location: Edmonton
Posts: 328
Quote:
Originally Posted by Pitchlynn View Post
I can view messages and send messages but I'm not permanently altering anything on the jeep. Merely monitoring what is happening and controlling devices normally controlled by other modules or buttons in the jeep.

I've simply introduced my own device on the can bus that can receive and send messages with all the existing devices in the jeep. My device contains its own operating system and program that I wrote and can update and change to my liking. I had to reverse engineer the messages going between the existing devices so I would know what to listen for and what commands to send.
Got it. You're basically a user, but not a administrator. If you can figure out a way to alter things, I would pursue this feat. There are some minor tweaks I wouldn't mind doing, such as, detecting when a passenger is present, so they could type addresses in the navigation while the vehicle is moving (this can work in conjunction with the passenger warning seat-belt sensor).

Thanks for sharing.

2014 Jeep Grand Cherokee Summit 4x4 3.6L V6.
Jurassic_Jeep is offline  
post #9 of 17 Old 11-04-2016, 11:31 AM
ColdCase
My Reality Check Bounced
 
ColdCase's Avatar
2011 WK 
 
Join Date: Sep 2009
Location: New England
Posts: 9,687
Quote:
Originally Posted by Pitchlynn View Post
Yes, it has QL. Are you thinking override the ride height?

I checked out that link to autoenginuity. Looks like they are doing some cool stuff. I think for a lot of that I would need a programmer tool to sniff what messages it is sending to the jeep to change settings. There would be no way to reverse engineer this without a tool in hand. Or, if the information was open sourced that would work too.
Yeah, thats the tuff part, to reliably sniff and modify. Given you have QL, you may want to probe that area.

I was thinking out loud that it may be nice for some here to prevent QL automatically dropping out of ORA1 level. I don't really have a clue what to look for and where you could intercept the messages, perhaps at the QL controller itself. I forget how many independent buses are in the WK2. Perhaps complicated for sure. You may also need a piece(s) of hardware that stores and forwards messages so you can block/modify them.

Years ago I worked on a program where several organizations tried unsuccessfully to modify/reverse engineer an old product to do something a little different. We found an inexpensive way to manipulate the interfaces to provide the desired function... that was a nice technical award and bonus

Current: 2011 Grand Cherokee Overland V8, 2009 Liberty Rocky Mt V6
Previous: 2000 Grand Cherokee Laredo I6, 1979 CJ7 I6 Quadratrac
ColdCase is offline  
post #10 of 17 Old 11-04-2016, 11:49 AM Thread Starter
Pitchlynn
Registered User
2014 WK 
 
Join Date: Oct 2007
Location: Bend, OR
Posts: 67
Quote:
Originally Posted by ColdCase View Post
Yeah, thats the tuff part, to reliably sniff and modify. Given you have QL, you may want to probe that area.

I was thinking out loud that is may be nice for some here to prevent QL automatically dropping out of ORA1 level. I don't really have a clue what to look for and where you could intercept the messages. Perhaps complicated for sure. You may also need a piece(s) of hardware that stores and forwards messages so you can block/modify them.
The store and forward method would be the way I would approach it. I'm not planning to start severing wires to implement something that invasive though in my own jeep.

I'm having fun with this but at the same time don't want to get in too deep. Will see where this takes me
Pitchlynn is offline  
post #11 of 17 Old 11-04-2016, 01:01 PM
ColdCase
My Reality Check Bounced
 
ColdCase's Avatar
2011 WK 
 
Join Date: Sep 2009
Location: New England
Posts: 9,687
In case there is anything relevant or interesting, this is one of the RAM discussions. I think perhaps chargers have one going too.

http://www.ramforum.com/f26/enabling..._dealer-84920/

Current: 2011 Grand Cherokee Overland V8, 2009 Liberty Rocky Mt V6
Previous: 2000 Grand Cherokee Laredo I6, 1979 CJ7 I6 Quadratrac
ColdCase is offline  
post #12 of 17 Old 11-14-2016, 10:17 AM
split71
Registered User
 
Join Date: Nov 2016
Posts: 18
Can any of you who have been successful with this post the part list they used?
split71 is offline  
post #13 of 17 Old 11-14-2016, 11:31 AM Thread Starter
Pitchlynn
Registered User
2014 WK 
 
Join Date: Oct 2007
Location: Bend, OR
Posts: 67
Here is what I used to gain access to the can bus:
- Raspberry Pi Zero (Any version Raspberry pi will work but this one has the lowest power consumption and cheap at $5)
- Some way to power the raspberry pi. I'm using a usb cable to a USB cigarette lighter adapter.
- Wire to make the connections between the raspberry pi and can controller.
- Wire to connect to can bus on the back of the radio. I couldn't find any after market connectors to make an adapter and avoid cutting/splicing into the factory wiring. Instead I located the terminals of interest in the back of the radio connector and inserted a striped wire end next to the terminal. I tinned the wire end with solder so that it would be rigid but soft enough to make a good connection. A little cheesy but it worked great.
- Can controller. I think any controller based on the MCP2515 chip will work but to avoid problems I went with the exact controller from the guide I was following. There was no part number but there is a name "Niren" and a logo printed on the board. Here is the exact one I purchased (came in a three pack): http://www.ebay.com/itm/191950084410...%3AMEBIDX%3AIT. If you use this board, make sure to follow the guide from raspberrypi.org that I linked to in my first post and make the modification to separate the 3.3V and 5V power for the 2 different chips on the board

The best way to reproduce exactly what I did is to follow the guide from raspberrypi.org that linked to in my first post.
Pitchlynn is offline  
post #14 of 17 Old 11-15-2016, 09:20 AM
split71
Registered User
 
Join Date: Nov 2016
Posts: 18
Excellent, thank you for the follow up! I will be purchasing these and tinkering
split71 is offline  
post #15 of 17 Old 11-16-2016, 06:23 PM
split71
Registered User
 
Join Date: Nov 2016
Posts: 18
Did you purchase the USBTin? I looked through the article on Raspberry Pi's site, but they didn't explicitly mention the need for the USBTin piece of hardware.
split71 is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the JeepForum.com forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid e-mail address for yourself.



Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome