ShadowBlade72

Yeah, if only I had a Jeep sitting in the driveway. I'd probably have the thing bricked in an hour lol. It's hard to know when to stop tinkering. "No no, trust me. It has an option to change this setting, so it's totally safe to change it."



Off topic a bit, but mine is in a modded Pelican case. I made myself a mobile pen-testing box with some custom written software to automate much of it.

Picture was a little big, so I decided to link it instead.
Second picture.

SabrToothSqrl

very cool. now add some bluetooth and you could send it commands from your phone.

as for lights w/wipers... my 2012 has a setting for that factory.

I think the real thing we all want to know here is.. how can you defeat the stability control from this system?

Ohh, and can you make all the changes the lock pick does? I'd love destination entry in motion...

ABENDX

Good stuff OP... looking forward to seeing your progress over time.

Plans to open source or ?

ShadowBlade72

Dcgibbons, if you're looking for a partner in crime to help you turn those commands into a CLI GUI, let me know. I'm looking for a good project, and I'm well versed in Bash.

dcgibbons

Yeah if I build anything it'll be open-hardware and open-source. I certainly want all the information I figure out published so others can leverage it.

SabrToothSqrl

very cool stuff.

how about you link the volume and or channel buttons to shift the automatic?

Paddle shift in a JK... Ohhh Yea...

dcgibbons

Possibly, but not just with what I'm doing. You'd have to look at the CAN-C bus used for the power train, and the CAN-IHS that I'm looking at now.

This product for Chargers does some similar things, so it is a possibility: http://www.zautotech.com/tranzformer.html

dcgibbons

If you want to bench test your OEM radio, you can do that by sending this CAN bus message to it once every 100ms or so:


To turn it off,

dcgibbons

And here's a good example of the limitations of interfacing with the bus, which is mostly limited to listening to system changes.

Message id 308 is sent out when the interior dimmer is changed. I've seen the following data so far:
308#0000ff # lights off
308#110000 # daytime - lights on bright
308#122200 # lowest dimmer setting
308#124c00 # next highest
308#12a000 # next highest
308#12c800 # all the way up

It is tempting to want to send your own messages to the bus to have these settings take place, but it doesn't quite work that way.

These messages are generated by the Cab Compartment Node (CCN) whenever it detects changes from the user by using the control stalk. Those messages are listened to by the radio and the TIPM nodes who take action as appropriate - such as dimming the radio lights.

The problem is, the CCN isn't listening for those messages even though it controls a large portion of the lights that are being dimmed. Additionally, it keeps broadcasting the current dimming state every 500ms, so it will override any commands you may send out yourself.

GotGecko

Thanks for that info. Although my JK has the RES, I have a RBZ to play with. Question: does your Jeep have the Infinity amp? If so, do you see commands going to the amp?
I wasn't sure it was on the bus but there seems to be some radio recognition that the amp is present. I think the level drops and two channels are turned off.