PDA

View Full Version : HSLAN ARBID's and Scaling Math



kidturbo
November 4th, 2015, 02:08 PM
Anyone know the math or scaling calculation used on the LMM and up high speed LAN ARBID 0x41C Byte 3 "Oil Pressure Value" ??

I've sorted out all the IC [gauge] related HS CAN packets streaming from the ECM/TCM, but the correct math on Oil Pressure is eluding me.. For EFI and OBDII based messages it works out correctly with 0x5e8 ID byte 4 (A*4) = oil pressures in KPA value.

IE: 0x5e8 fe 0b 3c 41 65 (0x41 / 65 decimal * 4 = 260 kpa or 37.70 psi)

However with 0x41C Byte3 that simple (A*4) equation doesn't work. I've manually logged several values points on the scale, like (100.4psi / 692.2kpa = 0x83 /131d) but the math that works there doesn't match up with (74.8psi / 515.72kpa = 0x62 /98d) and so on down the line. I've tried other commonly used equations like (A*100/255) with no luck..

Thanks

-K

kidturbo
November 6th, 2015, 06:11 AM
Hard to believe no one else has mapped these simple high speed GMLAN ID's yet with Vehicle Spy or other software... There is tons of useful data and commands in there just blowing past everyone. Understanding how this CAN data is used opens up more potential than any options you can add with a tune...

:nixweiss:

kidturbo
November 12th, 2015, 04:55 AM
Ok, here is one maybe someone can answer. Is there a way to add too or modify the "Actual" PID files used in EFI live? Beyond the existing "Calculated PID" options.

I see it typically uses non-standard OBDII commands for things like rail pressure. Which in OBDII would be returned at:
0x07e8 04 41 23 0b a9 00 00 00
Where EFIlive uses
0x05e8 fe 4e 20 00 00 00 4c

The request and return Hz look much faster vs standard OBDII polling structure. I'd like to make some ARBID additions to this pid file for data logging.

Tks

kidturbo
December 13th, 2015, 08:26 PM
Just myself and crickets I guess...

Is it cool to post some EFIlive licensing related zero day vulnerabilities on here?? :angel_innocent:
OK I'll play nice, and just answer my own questions.

To my last one is; it's running Mode 22, Dynamic PID's being used with rapid updates, and the ECM returns the data under ID 0x5e8.
However I did find that the sae_generic file in EFIlive 7.5 lists [3F "Test Device Present - No Operation Performed"] should actually read "3E" correct?
IE; 0x101 fe 01 3e 00 00 00 00 00

--

To my first question. Oil pressures is byte 3 of ARBID 0x4d1 rather than 0x4c1 I'd listed above, which is actually contains the ECT data.

HS GMLAN Truck ECM Data Broadcasted Packets From Gas or Diesel Engines

Name --ArbID -- Byte -- Scaling

RPM -- 0x0c9 -- 2 & 3 --(AB*.25) or (A*256)+B)/4
Oil Pressure PSI -- 0x4d1 -- 3 --(A*0.766)
Fuel Level % -- 0x4d1 -- 6 --(A*100/255)
Throttle Position % -- 0x3d1 -- 2 --(A*100/255)
Temperature C -- 0x4c1 -- 3 -- (A-40)
Speedometer MPH -- 0x3e9 -- 5 & 6 -- (AB/100)

Do those look correct?

Cheers,

-K

Taz
December 14th, 2015, 02:31 AM
... Is it cool to post some EFIlive licensing related zero day vulnerabilities on here?? ...

Do you think some veiled threat from a neophyte will cause the staff at EFILive to react by helping you ?

You should have already been banned from this site ...

kidturbo
December 14th, 2015, 05:15 AM
Don't spaz Taz...

It was a joke to see if any of those 170 reads was actually by someone with a skill set to have provided those answers. Why is it when ever I've posted something beyond a newbie level question, it gets silent around here? And I bet there is plenty of members like yourself who could have answered it, right? For what I've spend on EFI license alone, I could have purchased a top shelf MDI and V3 software this year. So yes I do expect a response from staff for these simple questions.

All I posted was simply an incorrect hex description I found in the SAE_Generic config file for someone to look into. If I'm wrong, please tell me. The other info is all available with higher level CAN tools and a free packet sniffer. So no big secrets there either. Just took me more time to resolve myself than if people would share their experience, rather than being so dang greedy..

BTW, one of these simple bugs wasted 3 hrs of mine and a customers time this week trying to fix a single line in a LB7 DSP5 config. After 4 cal loads and then data logging I realized that changes were never being acknowledged by the ECM. Did a full flash again, and cured. Now I know what's impacting 2 others customers DSP5 setups, which is the primary reason I chose this tool package. So please forgive me for being a bit sarcastic about the lack of support. I hate wasting time searching for answers to stupid stuff. If I wanted to be a dick, I'd have posted that exploit I found on youtube three months ago. But instead, staff can easily verify how many license I've purchased over the past couple months.

:cheers:

GMPX
December 14th, 2015, 09:31 AM
Hard to believe no one else has mapped these simple high speed GMLAN ID's yet with Vehicle Spy or other software... There is tons of useful data and commands in there just blowing past everyone. Understanding how this CAN data is used opens up more potential than any options you can add with a tune...

:nixweiss:

Don't take the lack of responses the wrong way, I didn't actually notice your thread until someone PM'd me, TBH this isn't something EFILive has even looked at. I appreciate there is a lot of good data floating around on the CAN bus between modules in normal operation but this isn't something GM would publish for sale (I assume). Unlike enhanced PID data which the OEM's do offer for sale, I think they have to by law.

Our PID data isn't user configurable but that is certainly something we will be trying to implement when the V8 scantool is fully operational, we accept that sometimes our customers know more than us or know someone who does :hihi:

Re the DSP5 comment for the LB7, sorry to say but the documentation does state....
IMPORTANT For the LB7, any time you are retuning any of the DSP Programs #2 - #4 you will need to perform a full flash of the ECM for the changes to be applied, Program #1 changes can be programmed using just a calibration flash.

At least I think that was your issue from what you described.

Cheers,
Ross

kidturbo
December 14th, 2015, 01:43 PM
Thanks Ross. And no disrespect was intended to your crew. I know there is some very advanced skill set users lurking around here, most in the LML topics. That's why I posted those questions here. But it seems most don't like to share anything that might be worth a dollar sometime. I'm old school, from that hacker era where first to post it gains all due respect.

Actually the Volt guys have probably accomplished more reversing of the GM stuff than anyone else I've found. Sad.. Some of the ARBID's on HSLAN body controls do cross platforms. But my interest purely relates to translating ECM/TCM packets into the older J1939 and other protocols like N2k for marine. Yes GM is very tight lipped, and I recently learned their own engineers prefer Vehicle Spy. A developer over there does some engineering work at GM too. So bits a pieces get leaked, to those who ask nicely. Which I'm sure you've learned.

Unless someone like yourself has discovered where those ID keys are tucked inside an OS, the other option comes down to sorting through hours of hex or binary data packets looking for that one byte that changed on an event. So having an ability compare known values, or trigger events is a huge help. That's all I was after, creating some custom dynamic pids to pop triggers for stuff like torque limiting requests. Ive got a pretty good list of known ID's and scaling going. But a lot more can be accomplished with mode 22 options. Along with another member, we're pretty close to being able to completely scrap the BCM, start and drive any GM by laptop or a smart phone. Could finish that in a day or two if I get this marine thing finished for the guys paying the bills.

On the LB7, yes I found it after the fact. But was expecting something in big red letters when loading that dsp cal. Maybe I was thinking that had been resolved long ago. Someone told me to go look it up.. :-)

Best's

-K