khan@mrcnext.cso.uiuc.edu (Scott Coleman) (04/20/91)
esupg@warwick.ac.uk (Andrew Bargery) writes: >However, my personal favorite to ensure your car is there when you get back: >(I don't know if any one has actually tried this...) >With the increased use of ECUs in cars, why not have the software encoded by a >DES algorithm? Unless you know the password, it's going to be >just-a-little-tricky to hot wire :-) This doesn't stop someone with a towtruck, however. :( Speaking of hacking engine computers, what sort of development system would one have to have in order to make such changes? Even with a long extension cord, using a desktop PC as a development system is a little difficult. ;-) I can see using a portable, but portables have funky expansion slots (when they have expansion slots at all!) which means you can't plug in the usual logic analyzer type expansion cards. Has anyone out there actually put together a portable development system? Or are all these mods made by hauling the PC out to the garage workbench? -- Scott Coleman tmkk@uiuc.edu University of Illinois at Urbana-Champaign "If a software computer consultant believes her gonads are ruled by the moon, then none of us is safe." - Karla Jennings
lusky@ccwf.cc.utexas.edu (Jonathan R. Lusky) (04/22/91)
In article <khan.672161044@mrcnext> khan@mrcnext.cso.uiuc.edu (Scott Coleman) writes: >Has anyone out there actually put together a portable development system? >Or are all these mods made by hauling the PC out to the garage workbench? >Scott Coleman tmkk@uiuc.edu >University of Illinois at Urbana-Champaign As a matter of fact, my pc is currently residing on my garage workbench, with an rs232 cable running accross the floor and into my truck. I've got an Electromotive programmable ignition system (they also make an injection system). I'll be using a laptop soon, just waiting for central purchasing to cut a check :(. All of the programmable ECM's I've seen have an rs-232 port and are intended to be used with a pc-compatible laptop. Jonathan R. Lusky University of Texas at Austin lusky@ccwf.cc.utexas.edu Society of Automotive Engineers (512) 471-5399 Chairman, Natural Gas Vehicle Project ETC 1.204F IRC Admin, minnie.cc.utexas.edu
tmkk@uiuc.edu (Scott Coleman) (04/22/91)
In article <47590@ut-emx.uucp> lusky@ccwf.cc.utexas.edu (Jonathan R. Lusky) writes: > All of the programmable ECM's I've seen have an rs-232 port and are intended >to be used with a pc-compatible laptop. That's interesting - does the same hold true for the computers found in most cars these days, or are there general exceptions (i.e. Fords have the RS232 port, GM cars don't)?
rhaar@albert.cs.gmr.com (Robert L. Haar CS50) (04/22/91)
In article <1991Apr22.131521.2622@ux1.cso.uiuc.edu>, tmkk@uiuc.edu (Scott Coleman) writes: |> |> In article <47590@ut-emx.uucp> lusky@ccwf.cc.utexas.edu (Jonathan R. Lusky) writes: |> > All of the programmable ECM's I've seen have an rs-232 port and are intended |> >to be used with a pc-compatible laptop. |> |> That's interesting - does the same hold true for the computers found in |> most cars these days, or are there general exceptions (i.e. Fords have the |> RS232 port, GM cars don't)? In general, the answer is no. Many original equipment engine controllers have serial ports for diagnostics, but, as far as I know, none are RS232. And they won't do what you want anyway, since they don't allow modifying the code - that is in ROM. A couple of related notes: It is not terribly hard to get better performance (at least in some limited operating range), but the ususal tradeoff is much higher emissions. For this reason, both the EPA and California's ARB are likely to crack down on modified ECM's and will require vehicle manufacturers to take steps to prevent "tampering" with the ECM software some time in the future. (note - ECM is GM talk fro engine control module. Other companies use names like ECU.) The diagnostic datalink (car talk for serial communications line) in most cars uses proprietary protocols and the message formats etc. can vary from one year or car line to another. Many of these are widely known, but may still be considered proprietary information by the manufacturers. Many vehicle diagnostic tool vendors sell equipment called scan tools that plug into the diagnostic datalink and monitor or interrogate the ECM. Even Sears sells them. Some of the more sophisticated ones are PC based. The Society of Automotive Engineers (SAE) has been working for several years on standardizing communications between vehicle modules and with off-board test/diagnostic equipment. One particular effort is called Class B communications. This is aimed at medium speed communications between micro-based modules and includes communications with external equipment such as service diagnostic and manufacturers test equipment. This protocol is maturing well and receiving good acceptance within the industry. It is in SAE document J1850, and is often called the J1850 datalink. J1850 is nothing like RS232. It is a CSMA/CD protocol with non-destructive, bitwise contention that can operate at 10K bps (single wire) or 40K bps (dual wire). C.A.R.B. is writing J1850 in regulations, requiring its use for emissions testing starting in 1995. EPA is likely to fool suit. If there is sufficient interest, I can put together some articles on these communcations protocols. Let me know. Most of the traffic on this group has been more like "which tires should I use" or "how do I know if my brakes are worn out?" These are valid topics, but I am not sure that there are enough interest people to justify my time in writing about more narrow-interest topics. Bob Haar InterNet : rhaar@gmr.com Computer Science Dept., G.M. Research Laboratories DISCLAIMER: Unless indicated otherwise, everything in this note is personal opinion, not an official statement of General Motors Corp.
tmkk@uiuc.edu (Scott Coleman) (04/22/91)
In article <51335@rphroy.UUCP> rhaar@albert.cs.gmr.com (Robert L. Haar CS50) writes: >|> >|> That's interesting - does the same hold true for the computers found in >|> most cars these days, or are there general exceptions (i.e. Fords have the >|> RS232 port, GM cars don't)? > >In general, the answer is no. Many original equipment engine controllers >have serial ports for diagnostics, but, as far as I know, none are RS232. >And they won't do what you want anyway, since they don't allow modifying >the code - that is in ROM. Well, part of what I want to do *is* the diagnostics - no point in paying a mechanic if I can do it myself - but another reason for having a custom ROM in the ECU is security. An earlier post suggested modifying the ROM code to disable the engine unless a security code was entered. This is the last thing a thief will expect, and unless he has a spare ECU ROM chip of the correct type handy AND he takes everything apart to replace it, there's not much he can do to counter it (except tow the car away, which virtually nothing can prevent). >If there is sufficient interest, I can put together some articles on >these communcations protocols. Let me know. I, for one, would be interested in articles of this nature.
ajb@iti.org (Al Boehnlein) (04/23/91)
I just had a problem with my Crysler LeBaron. I have the manuals and they say that if you turn the key on/off/on/off/on in 5 seconds it will flash the error code. Sure enough, it flashed a 51 and a 55. The 55 is end of message, the 51 is for oxegen circut stuck on lean. I repalaced the O2 sensor and it runs fine. The dealer wanted $35 to diagnose it. My manual also talks about hooking up a device to exercise various functions. Does anybody have information on if/how one might do this with a pc? They want $1000 for a hand held terminal. ajb
stigall@bronze.ucs.indiana.edu (john stigall) (04/23/91)
You have the Chrysler diagnostic codes? Can you E-mail or post the
common ones, or if copyrights don't permit this, what's the source
of your manuals?
--
John Stigall - Indiana University Computing Services Network | Waiting for
750 N. State Rd. 46 Bypass, Bloomington, Indiana 47405 | Amateur Radio
(812)855-9255 stigall@ucs.indiana.edu | Callsign...roger@hpnmdla.hp.com (Roger Petersen) (04/23/91)
In sci.electronics, Scott Coleman <khan@mrcnext.cso.uiuc.edu> writes: | Speaking of hacking engine computers, what sort of development system would | one have to have in order to make such changes? Even with a long extension | cord, using a desktop PC as a development system is a little difficult. ;-) | | I can see using a portable, but portables have funky expansion slots (when | they have expansion slots at all!) which means you can't plug in the usual | logic analyzer type expansion cards. They use portables! About 2 years ago, IEEE Spectrum magazine ran an article on a couple of guys who went into business selling custom ROMs for your car. They showed a picture of one of the engineers sitting in the passenger seat of a car (a BMW?), with a portable PC on his lap, and a ROM Emulator connected to the car's computer. Apparently (I'm just guessing here, based on what I would do), what they did was disassemble the car's program, or else use a logic analyzer to watch accesses to the ROM tables, figure out how it worked, then download new and improved data into the ROM emulator and try it out. It looked like a REALLY fun job! ("You mean -- you make money doing this?!") But you figure they have to rent or lease a bunch of expensive cars to do their R&D, which probably explains the high cost of the aftermarket ROMs. Roger
nagle@well.sf.ca.us (John Nagle) (04/23/91)
khan@mrcnext.cso.uiuc.edu (Scott Coleman) writes: >esupg@warwick.ac.uk (Andrew Bargery) writes: >This doesn't stop someone with a towtruck, however. :( >Speaking of hacking engine computers, what sort of development system would >one have to have in order to make such changes? Even with a long extension >cord, using a desktop PC as a development system is a little difficult. ;-) Some years ago, I worked with some of the people at Ford Motor who were dong software for the Ford EEC IV (which Intel sells as the 8061). They had several stages of development system. The first stage was a completely simulated system running on a PDP-10 mainframe. The simulation included not only the CPU, but a simulation of the vehicle electronics and the engine. This was used for the early stages of development. The next stage, where most of the work was done, consisted of a benchtop setup of all the engine control electronics, (including an ignition coil and spark plug!), connected to an analog computer simulating the engine. Here you could step on the gas and watch the tach wind up. This rig was usually used with an in-circuit emulator for the CPU. The next stage involved a real engine on a test stand, connected up to an in-circuit emulator. Remote controls allowed downloading programs and running the engine without having to program from the noisy dyno lab. A TV camera provided a view of the engine under test. Emissions measurement gear was used at this stage, and most of the emissions and mileage optimizations were debugged on the test stand. It was possible to debug code at this stage, but usually by this point only parameters were being changed. Vehicle testing involved a guy sitting in the right seat of the car with a keyboard, tweaking parameters that would eventually be placed in ROM. By this point the code was in PROM. John Nagle
ajb@iti.org (Al Boehnlein) (04/23/91)
stigall@bronze.ucs.indiana.edu (john stigall) writes: >You have the Chrysler diagnostic codes? Can you E-mail or post the >common ones, or if copyrights don't permit this, what's the source >of your manuals? I ordered the manuals from Chrysler. I got 3 manuals for $30. The codes differ slightly depending on the type of engine. I don't feel like typing them all in, but if you have a specific code you want me to look up, I can. I have the 1986 manual for the lebaron and similare cars. ajb
lusky@ccwf.cc.utexas.edu (Jonathan R. Lusky) (04/24/91)
In article <1991Apr22.131521.2622@ux1.cso.uiuc.edu> tmkk@uiuc.edu (Scott Coleman) writes: > >In article <47590@ut-emx.uucp> lusky@ccwf.cc.utexas.edu (Jonathan R. Lusky) writes: >> All of the programmable ECM's I've seen have an rs-232 port and are intended >>to be used with a pc-compatible laptop. > >That's interesting - does the same hold true for the computers found in >most cars these days, or are there general exceptions (i.e. Fords have the >RS232 port, GM cars don't)? Sorry, the only way I know of to reprogram a factory ECM is to burn a new prom and pop it in... I was only referring to aftermarket systems (Electromotive, Haltech, etc).
rambler@pnet51.orb.mn.org (Dan Meyer) (04/24/91)
YES! Please give us more info on these beasties! Thanks.
-- Dan
Remember: " Buffalo never Oink " Seen on a South Dakota travel brocure.
Advertisment: Try the Railway Post Office , a railfan BBS ! (612) 377-2197.
UUCP: {crash tcnet}!orbit!pnet51!rambler
INET: rambler@pnet51.orb.mn.orgbilly@tcom.stc.co.uk (Billy Khan) (04/25/91)
Can anyone send us the performance, engine size statistics for the Porsche range? Ideally, The 911, 924, 928, 944 and if you can find it 959. Cheers. Drew (There is no substitute!)
KXN2@psuvm.psu.edu (Karl Nordstrom) (04/26/91)
I have been reading a book on Bosch fuel injection this spring. It has only one chapter on high-performance applications. The author thinks that it is too difficult to modify production electonic fuel injection systems. Also, any aftermarket mofification for performance would come with a loss of overall drivability. All this assumes you aren't changing the engine configuaration significatly at the same time. But what if that is just what I want to do? It only lightly cover racing applications. It says for about $20K Bosch would burn you a couple of eproms to match your race car. He doesn't mention if anyone else is providing that kind of service. Does anyone sell custon eproms programmed to a customers unique engine?