Cracking the CAN Buss
 

Does anyone know how to crack the CAN bus code. What equipment do I need etc.

In order to make my own transmission Electronic Shift Controller, I will have to be able to read the CAN signals to the stock Trans controller.

Are you using the 600 or 560 tranny? I thought the 560 tranny was mechanical so you could just wire the ecu up to the 600 module and skew the 600 tranny sensors to think they are working.

I am using the SL600 trans. What you say is exactly what I'm in process of doing right now, see my latest post's in M120 into 560SL. But in the future I want to loose all this and go with a home grown ECU. Using the MB trans ECU forces me to use the MB twin $10,000,000.00 engine ECU's. First time these ECU's give me any crap I want them gone but I will need to communicate with and know what to tell the trans ECU. I would eventually like to make my own trans ECU.

I don't believe the M120 would be too expensive to own if I could build my own ECUs. But MB is driving these engines to extinction with there proprietary **** and out of sight scanner prices and up yearly upgrades. If I make my own ECU's I control the Horizontal and the Vertical.

Why not just use a standalone megasquirt v2 and a T5? I dont get the impression you like banging gears yourself but the T5 is the easiest tranny swap for almost any custom swap, they are cheap and very upgradable.

Don't think a 6 speed stick with a gated shifter hasn't crossed my mind. There was a guy talking about building bell housings awhile back. I don't know if that ever materialized. But at the moment I have the complete M120 all computers and 722.6 lying around. Right now I'm in the development process. I have the engine running and soon hope to have the car running. As long as that car is running I will have a window of opportunity to crack the CAN code. Once anything goes wrong that window is closed. So I want to do it while I can.

I know I gave you greif back when it was in the concept stage but I admire your persistance. Reverse engineering a module to control the trans is going to make your work to date seem like childs play without an advanced electronics degree and a ton of embedded systems software experience. Having taught myself Assembler, designed built and programed a simple controller module, I can tell you that I would run away screaming from the project that you are presenting for yourself. I honestly think that it would be infinately simpler to sell the electronic trans and buy an earlier (and more reliable IMO) non electronic trans. Given the nature of the car I don't really see the avantage of keeping the electronic trans. Say to hell with all of the sensors, wiring, and interface. Put the early trans in, hook up the vacuum and throttle pressure cable and go.

Do you remember what Admiral Nimitz said when he sunk 3 Japanese ships in the battle of Midway. He said , I suppose I could just turn around now and claim victory but there is only one problem, "I want that 4th ship".

Now for the past 4 years I have already had a car, stock 560SL, that is faster than a Ferrari 308 GTSi in all speed categories with the exception of absolute top speed. The 308 GTSi is Allegedly 10 mph faster. That is Allegedly with a capital A. You will note the 308 has 5 speeds and the 560SL only has 4. If the 560SL had 5 speed it would maintain road superiority in all speed categories over the Ferrari 308 GTSi.

So I guess you could say that with the M120, I could beat the Ferrari 308 GTSi in all speed categories even if the transmission were stuck in 4th gear. I guess I should declare victory and go home, but there is only one problem, "I want that 5th gear" When MB went to 5 gears they unfortunately went electronic.

I suppose your going to tell me that the 560SL and Ferrari 308's are both boat anchors when it comes to performance. I know, but keep it quiet, this whole reply is all just a really good BS story.

You are a man after my own heart :cool:

When someone or something says I can't do something, then I just get more determined to make it happen!

Good link on CANbus here http://www.semiconductors.bosch.de/pdf/can2spec.pdf

...and an analyzer http://www.kvaser.com/index.htm

Cheers,

Richard

Well, the trick I see is not sending/receiving the messages ,but cracking what they mean. There is no standard for the application layer, and I'm certain that manufacturers make at least some kind of effort to encrypt it or to at least make it "fragile", meaning, that any goofing around will shutdown the system (go into limp home mode, for example).

It would take extensive "spying" and recording of an identical operational car, then analyzing, then copying the messages and programming them into a controller. and verifying that the messages do what they are supposed to do (which might be scary).

The controller part is actually pretty easy, there are 8051 based chips as well as PIC chips. Both have compilers, including BASIC compilers (!), cheap or free.

My feeling is that if I can get the bit stream into excel I will have it by the balls. MB does publish the bit stream pattern. I figure for example I could jack up the car turn the key on and rotates one wheel. In this case only the wheel speed sensor should be active on the CAN. Once the wheel speed tag is identified I can put it on the road to develop a wheel speed calibration. I don't need every CAN parameter, just the ones that talk to the transmission.

John, you've got some work cut out for you, if you are determined to use that electronic trans. I really don't understand your desire to use it. You want to use non M/B engine management so the desire to stay strictly M/B shouldn't be a concern. I honestly don't think it is the best trans to use regardless of whether you can effectively communicate with it enough to shift out of first or not. I don't regard it as a very stout piece to start with. It lives behind that engine b/c the power is cut during upshifts and the tranny module softly engages the gears to keep the 12's torque from busting it apart. Without using the M/B hardware with it's software babying the trans you'll find out what I mean. You've got a clean slate, I'd use that as an opportunity to start with something better, even if it is an older design. Mercedes reliability track record over the last ten years makes it evident that they were building cars for profit, not reliability. Just b/c it's newer, doesn't mean it's better.

Actually It may have became a non issue just yesterday. I found a company that makes a stand alone controller for the 722.6. They say they developed this particular controller for the military and that is there only customer so far. I wonder for what. In any case the controller is $750 and the cable is $150. It does not need wheel speed sensors and doesn't talk to the engine. It 's what I call a beautiful thing. They will sell it to me with a satisfaction guarantee. For some reason I get the feeling they want me to develop it for them. In any case that closes the final loop of what to do if I cant get this thing running and have to go with an after market ECU unit for the engine. I now have a transmission solution that doesn't need to talk to the engine and doesn't care about the gear ratio. The older 4 speed MB trans was always the backup plan.

What I am still not sure of, is if this is a plan can put into effect immediately with the existing MB ME ECU's or will I have to go with an after market ECU unit to run the system together. I know the MB transmission control unit sends as outputs over the CAN: internal torque, engaged gear, TC lockup status, overload protection requirement, kickdown and limp-home mode status. I need to ask what would happen if the engine did not see these signals.

So the plan for the moment is to stay the course and use all the stock MB components, and only go with after market stuff if I should run into a problem. I'm actually so close with this I can taste it. Using the stock components also enables me (actually forces me) to have ESP, which is a cool feature I wouldn't mind playing with but it is really making the initial install complex.

http://www.powertraincontrolsolutions.com/content-4.html

That connector is a REALLY expensive military quality Amphenol connector, so it might not be a BS story. I wonder if up-armoring vehicles weighed them down to the point that a tricky transmission controller was required to get the vehicles to move at all (obviously, not HMMV's, etc, I was thinking about armored cars, etc).

I am worried about duxthe1's comments. I do know that newer MB computers pull back on the engine during shifts.

How 'bout a nice Turbo 400? You can't break one of those with a sledge hammer. Not exactly a paragon of efficiency, though...

what about an allison 10 speed?

I'm interested in the CAN bus as well for future reference. I am trying to adapt a gas engine throttle motor to be controlled by my diesel injection pump control circuit. I'm also curious about how I would rig sensor "tricking" components to simulate the presence of the 722.6 if I were able to somehow swap in a manual... hmmmm... Just thinking out loud.