Join Date: Apr 2008
Location: Austin, TX
Thanked 18 Times in 5 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
I know its against the rules to resurrect an old thread, but as the OP I decided it was time to share the amazing progress I've achieved on Powernet (even CUSW) vehicles.
I have managed to successfully reverse engineer the Powernet and CUSW vehicle message matrix (VMM). I know the format of EVERY message that is going through the CAN-C, CAN-IHS, and CAN-AT buses on Powernet and CUSW architectures (except for CAN-AT on CUSW as it doesn't exist). I did this using a combination of isolating each module (disconnecting each one, and bridging communication to the rest of the car, reverse engineering, among getting much more advanced such as dumping the modules memory and reading the disassembly to determine the VMM).
So using this on my Chrysler 300S 2012 with Powernet, I have been able to completely replace my ACC module with my *own* implementation (using code I wrote which talks to a CAN transceiver on a Raspberry Pi) to enable features such as Stop-And-Go (really AWESOME in bumper to bumper traffic) and even remote control gas and brake via Xbox controller (which is not practical and for fun only). I am working on using GPS data combined with computer vision to stop at stop signs, stop lights, etc.
I have made some videos and will post them on YouTube soon and will provide a link.
But basically I have successfully "hacked" my computer on wheels. I can do anything from change the climate control, to controlling exterior and interior lights (every single one, something as mundane as the license plate light). I can even detonate the AIRBAGS (which I've of course never tried but from the information I have no reason to believe it will not work). It has taken me years in my spare time to pull this off but I have succeeded.
I have also enabled SRT pages on my non-SRT vehicle in both the UConnect and the EVIC. It is really neat to have those screens. This was accomplished by determining which UDS (unified diagnostic services) data identifier used to write to the CBC (Common Body Controller) which changes the "Performance Pages Present" to 1 (enables in Uconnect) and "Is Vehicle SRT" to 1 (enables in EVIC). I can even change "Vehicle Model" to think its Jeep, so when the Uconnect and Evic boots, its shows the Jeep logo. That's just scratching the surface. I can modify the entire vehicle configuration. Add ParkAssist to your car? No problem, I know what the data identifier to set that Present = 1. In addition I have changed the Vehicle Max Speed to remove the speed limiter.
I pretty much have the car's CAN bus and modules at my fingertips. Have been using my stop-and-go ACC for about a year now and it has been flawless. I've also added a few gimmick features such as auto blinker when approaching a turn (as long as your route is in GPS), to enabling "Police Car Mode", so when you put the light knob all the way down to the last detent, ALL interior lights go off, and much more.
Quick background, I am a software and hardware engineer for a company in downtown Austin. In my spare time this is what I did, day and night - a kind of obsession if you will.
Another thing to mention, my younger brother has a 2014 Jeep (CUSW architecture). As those are equipped with EPS (electric power steering, full), I was actually able to plug into his diagnostic port and activate the steering torque overlay interface, and was able to turn his steering wheel left or right straight from my code. It was AWESOME! The possibilities of self controlling one's own steering wheel via TWO CAN bus wires is amazing. I already have computer vision algorithms ready to go to enable "full lane keep assist" (albeit illegal if you have yours hands off the wheel, but the coolness factor is outstanding).
So if anyone else is interested in my breakthrough, just reply in this thread - especially with any ideas you may have. I should have YouTube videos up soon.
Take care everyone,
Last edited by whisla13; 08-07-2014 at 04:33 AM.