Aston Martin V8 Vantage

[digitalsolo]

Found some Z06 axles for a good deal.  Those will be my donors for the inners.   Picking up torque tube next weekend, and should get a chance in the next week or so to tap the CANbus at the CEM.  I did buy some more pins to build out the connectors (I have a "standard" connector I use for CANbus taps, which might mean I do too much CANbus tapping...).

[Exidous]

What do you use? I just use DTM 2 or 4 pin if powered. Would like a smaller alternative though. Something 3A rated would be cool. I know someone makes a smaller Deutsch style but they are motorsport and crazy expensive.

[digitalsolo]

I have DT 2 pin for unpowered, DTM 4 pin for powered.

[digitalsolo]

Random pic of my car from a recent cruise with our local driving club:



No useful progress, just a good picture. 

[tai-lun]

Is there a bad picture of an Aston? hehe, looks wicked standing still already dude.

[digitalsolo]

Hoping to get the CANbus hacking looms in place on this the weekend of the 28th.   I'm really excited to start this project properly.   Also I'm excited to not have a spare Corvette drivetrain to trip over in my shop.

[kinger]

Does CANbus hacking work on any car?  I would like to see some CAN messages on my Raptor, what type of hardware and software do you like?  Or maybe a good site with lots of good info I could study up on?  Thanks!!

[digitalsolo]

CANbus is, in every example I've seen, unencrypted.   So yes, any car is hackable.   It's not for the faint of heart though, if the values aren't published.   I'm 4-5 hours into working through the messages on my car, to try and find a specific few messages on a fairly quiet data bus.   I use a tool called a Kvaser Leaf, but there are lots of CAN tools out there that are cheaper than that.

Specifically, I'm looking for:

Vehicle Speed (found 4x channels with wheel speeds, not sure if I need to send 1 or all of these to the chassis)
RPM (found this pretty easily)
Engine Temp (lost on this one still, but I'll figure it out)

I'm working on a video for the process, but it's basically this:
1. Review diagrams, find where to sniff CANbus
2. Add a "tap" to the wires at this point (I soldered in a twisted pair of TXL wires to a DT connector)
3. Find CANbus speed/format.  Most scanners can auto-populate this via trial/error.
4. Start sniffing while doing things that you can "find" in the results.   Pressing throttle pedal to look for DBW position, revving engine to find RPM, driving to find wheel speed, etc..
5. I import this data into Excel in CSV, so that I can sort by CANID and look for trends.   You could probably get fancy and lean on an AI/ML tool to automate this some, but I'm not going to get that fancy.
6. If you want to inject data, you can setup your scanner to inject data and see if you see it on the bus, and if it has the results you want.   In my case, I sent my RPM setting and watched the tach jump.   Once I get all of the settings, I'll pull power to the ECU and inject all of the dash settings I want, and make sure they respond as expected.   It's hard to inject with the ECU on bus, as it's spamming data all the time that will conflict with your injected data.

It's a tedious process, but once I'm done I'll organize the data and share it publicaly.  It's a little annoying as some companies have done this already, and it wouldn't really impact them to share the data out, but they choose not to.  Oh well.  I'll do it myself.

[kinger]

CANbus is, in every example I've seen, unencrypted.   So yes, any car is hackable.   It's not for the faint of heart though, if the values aren't published.   I'm 4-5 hours into working through the messages on my car, to try and find a specific few messages on a fairly quiet data bus.   I use a tool called a Kvaser Leaf, but there are lots of CAN tools out there that are cheaper than that.

Specifically, I'm looking for:

Vehicle Speed (found 4x channels with wheel speeds, not sure if I need to send 1 or all of these to the chassis)
RPM (found this pretty easily)
Engine Temp (lost on this one still, but I'll figure it out)

I'm working on a video for the process, but it's basically this:
1. Review diagrams, find where to sniff CANbus
2. Add a "tap" to the wires at this point (I soldered in a twisted pair of TXL wires to a DT connector)
3. Find CANbus speed/format.  Most scanners can auto-populate this via trial/error.
4. Start sniffing while doing things that you can "find" in the results.   Pressing throttle pedal to look for DBW position, revving engine to find RPM, driving to find wheel speed, etc..
5. I import this data into Excel in CSV, so that I can sort by CANID and look for trends.   You could probably get fancy and lean on an AI/ML tool to automate this some, but I'm not going to get that fancy.
6. If you want to inject data, you can setup your scanner to inject data and see if you see it on the bus, and if it has the results you want.   In my case, I sent my RPM setting and watched the tach jump.   Once I get all of the settings, I'll pull power to the ECU and inject all of the dash settings I want, and make sure they respond as expected.   It's hard to inject with the ECU on bus, as it's spamming data all the time that will conflict with your injected data.

It's a tedious process, but once I'm done I'll organize the data and share it publicaly.  It's a little annoying as some companies have done this already, and it wouldn't really impact them to share the data out, but they choose not to.  Oh well.  I'll do it myself.

This is the process I have seen on youtube it looks awful.  LOL  I was hoping that there was more modern software and standard CAN ID addresses that most cars use that would make it easier.  I would want it to turn off lights in the dash for sensors and stuff I removed during the swap, those seem exponentially harder as its a static number that doesn't change like RPM or something.  It really is cool stuff just seems to labor intense right now. 

Too bad there aren't companies that would do all this work and sell you the addresses for the car LOL 

[Exidous]

Fortunately, it's one of those things the human brain is good at looking for. Patterns and changes. I'd expect an encrypted bus would add too much latency with crc, timing and decryption. Plus, the dealers would have issues if bet.
It's still convoluted when. You change say pedal position and you see 4 separate IDs start to change. Inj pw, torque, pedal position and ignition angle just to start.

[digitalsolo]

Yeah, it's a right PITA for sure.  Haha.

Turning off lights and such will be almost impossible unless you have a stock vehicle to go of.  Most likely you need to simulate sensor data or module handshakes to do so, and those may vary based on RPM, speed, temperature, etc.

On the Aston, I plan to get the stock fuel level (easy, it's not using the ECU), tach, speedo and temp gauge to work.   There are a bunch of LCDs on the dash that show other stuff.   I expect some/all of those may be pissed still, in which case I'll remove them from the circuit board and install my own to drive with an Arduino or something.   I have no desire to simulate 100% of factory ECU behaviors to the chassis, just enough to make the systems I need to work, work.

[digitalsolo]

CAN hacking done.

I can now control, at will:

Dash Wakeup/Keepalive
RPM
Coolant Temp
Vehicle Speed
ABS Light
Traction Control Light

Vehicle Speed, ABS Light and Traction Control Light are all controlled by the ABS module, and don't appear to need the engine computer at all.   I'm told that the other one of these that was built always had a TRAC light on, though, so I'm guessing losing the engine computer makes the ABS computer angry.   If that's the case, I can send a message every 100ms to keep that light off (or maybe just send a message to make the ABS computer happy to begin with).

The other controls all simply command status, and I've mapped transmit times from the stock ECU, so I'll replicate that on the new controls.  The dash still has a few warning lights for electrical system, etc, that I think happen because it's not receiving some data from the ECU.  I need the "keep-alive" to... keep it alive... long enough to validate I can shut those off.  I'm going to program an Arduino talk on the bus as my current test program can only send one message at a time.  Once I have the Arduino setup, I can mimic a constant stream of data, which should let me send "everything is happy" messages to the dash constantly, which should squelch any warning messages.

I need to sort out the math for converting the RPM signal to display correctly, but that's easy enough.   Coolant temp just has a sweep of decimal values from 95 - 185 to go from "C" to "H" on the dash, so I can just map those temps however I like from the stock computer.

I feel like this is really the hardest part of the swap, as I don't have documents to work on.   Making it fit is just cutting/welding, no big deal.  Wiring work is complex, but I have diagrams from both cars, so it's just a matter of clean integration.  CAN data control is completely undocumented, so I had to forge my own way on this bit.

I'll have a video put together shortly.  I want to get the Arduino in and programmed/controlling things to finalize everything, then I'll edit it (poorly) and share it out. 

[Exidous]

I ended up doing the same on my car albeit with two pwm outputs to the stock gauges. Played with the duty to get the stock gauges to read how I wanted. Pretty darn useful. Via can would be more difficult initially but more accurate in the long run. The FD cluster uses the same "motors" for all gauges except the fuel.

Any plans on doing anything with the exhaust to make it a bit more exotic than the typical LS?

[digitalsolo]

Exhaust wise, not a whole lot.  I've got C7 headers (1 7/8") into a 3" x-pipe, which will feed the aftermarket muffler I had with the Vantage engine.  It also has bypasses that I can control that basically makes it straight pipes.

I expect it should sound good, but probably like a Corvette mostly.

[kinger]

Exhaust wise, not a whole lot.  I've got C7 headers (1 7/8") into a 3" x-pipe, which will feed the aftermarket muffler I had with the Vantage engine.  It also has bypasses that I can control that basically makes it straight pipes.

I expect it should sound good, but probably like a Corvette mostly.

I really want to try a 180 degree header someday with a LS in an exotic like this.  Sounds sick!