Author: admin

OBD Security issues

Posted on by admin

OBD Security issues:

Researchers at the University of Washington and University of California examined the security around OBD, and found that they were able to gain control over many vehicle components via the interface. Furthermore, they were able to upload new firmware into the engine control units. Their conclusion is that vehicle embedded systems are not designed with security in mind.

 

There have been reports of thieves using specialist OBD reprogramming devices to enable them to steal cars without the use of a key.The primary causes of this vulnerability lie in the tendency for vehicle manufacturers to extend the bus for purposes other than those for which it was designed, and the lack of authentication and authorization in the OBD specifications, which instead rely largely on security through obscurity.

OBD Standards documents

Posted on by admin

SAE standards documents on OBD-II

  • J1962 – Defines the physical connector used for the OBD-II interface.
  • J1850 – Defines a serial data protocol. There are 2 variants- 10.4 kbit/s (single wire, VPW) and 41.6 kbit/s (2 wire, PWM). Mainly used by US manufacturers, also known as PCI (Chrysler, 10.4K), Class 2 (GM, 10.4K), and SCP (Ford, 41.6K)
  • J1978 – Defines minimal operating standards for OBD-II scan tools
  • J1979 – Defines standards for diagnostic test modes
  • J2012 – Defines standards trouble codes and definitions.
  • J2178-1 – Defines standards for network message header formats and physical address assignments
  • J2178-2 – Gives data parameter definitions
  • J2178-3 – Defines standards for network message frame IDs for single byte headers
  • J2178-4 – Defines standards for network messages with three byte headers*
  • J2284-3 – Defines 500K CAN Physical and Data Link Layer
  • J2411 – Describes the GMLAN (Single-Wire CAN) protocol, used in newer GM vehicles. Often accessible on the OBD connector as PIN 1 on newer GM vehicles.

SAE standards documents on HD (Heavy Duty) OBD

  • J1939 – Defines a data protocol for heavy duty commercial vehicles

ISO standards

  • ISO 9141: Road vehicles — Diagnostic systems. International Organization for Standardization, 1989.
    • Part 1: Requirements for interchange of digital information
    • Part 2: CARB requirements for interchange of digital information
    • Part 3: Verification of the communication between vehicle and OBD II scan tool
  • ISO 11898: Road vehicles — Controller area network (CAN). International Organization for Standardization, 2003.
    • Part 1: Data link layer and physical signalling
    • Part 2: High-speed medium access unit
    • Part 3: Low-speed, fault-tolerant, medium-dependent interface
    • Part 4: Time-triggered communication
  • ISO 14230: Road vehicles — Diagnostic systems — Keyword Protocol 2000, International Organization for Standardization, 1999.
    • Part 1: Physical layer
    • Part 2: Data link layer
    • Part 3: Application layer
    • Part 4: Requirements for emission-related systems
  • ISO 15031: Communication between vehicle and external equipment for emissions-related diagnostics, International Organization for Standardization, 2010.
    • Part 1: General information and use case definition
    • Part 2: Guidance on terms, definitions, abbreviations and acronyms
    • Part 3: Diagnostic connector and related electrical circuits, specification and use
    • Part 4: External test equipment
    • Part 5: Emissions-related diagnostic services
    • Part 6: Diagnostic trouble code definitions
    • Part 7: Data link security
  • ISO 15765: Road vehicles — Diagnostics on Controller Area Networks (CAN). International Organization for Standardization, 2004.
    • Part 1: General information
    • Part 2: Network layer services ISO 15765-2
    • Part 3: Implementation of unified diagnostic services (UDS on CAN)
    • Part 4: Requirements for emissions-related systems

OBD Loggers

Posted on by admin

Data Loggers

obd log

Data loggers are designed to capture vehicle data while the vehicle is in normal operation, for later analysis.

Data logging uses include:

  • Engine and vehicle monitoring under normal operation, for the purpose of diagnosis or tuning.
  • Some US auto insurance companies offer reduced premiums if OBD-II vehicle data loggers[18][19] or cameras[20] are installed – and if the driver’s behaviour meets requirements. This is a form of auto insurance risk selection
  • Monitoring of driver behaviour by fleet vehicle operators.

Analysis of vehicle black box data may be performed on a periodic basis, automatically transmitted wirelessly to a third party or retrieved for forensic analysis after an event such as an accident, traffic infringement or mechanical fault.

Emission Testing

In the United States, many states now use OBD-II testing instead of tailpipe testing in OBD-II compliant vehicles (1996 and newer). Since OBD-II stores trouble codes for emissions equipment, the testing computer can query the vehicle’s onboard computer and verify there are no emission related trouble codes and that the vehicle is in compliance with emission standards for the model year it was manufactured.

In the Netherlands, 2006 and later vehicles get a yearly EOBD emission check.[21]

Driver’s Supplementary Vehicle Instrumentation

Driver’s supplementary vehicle instrumentation is instrumentation installed in a vehicle in addition to that provided by the vehicle manufacturer and intended for display to the driver during normal operation. This is opposed to scanners used primarily for active fault diagnosis, tuning, or hidden data logging.

Auto enthusiasts have traditionally installed additional gauges such as manifold vacuum, battery current etc. The OBD standard interface has enabled a new generation of enthusiast instrumentation accessing the full range of vehicle data used for diagnostics, and derived data such as instantaneous fuel economy.

Instrumentation may take the form of dedicated trip computers,[22] carputer or interfaces to PDAs,[23] smartphones, or a Garmin navigation unit.

As a carputer is essentially a PC, the same software could be loaded as for PC-based scan tools and vice-versa, so the distinction is only in the reason for use of the software.

These enthusiast systems may also include some functionality similar to the other scan tools.

Vehicle Telematics

OBD II is no longer only used by professionals and hobbyists to repair vehicles. OBD II information is commonly used by vehicle telematics devices that perform fleet tracking, monitor fuel efficiency, prevent unsafe driving, as well as for remote diagnostics and by Pay-As-You-Drive insurance. Although originally not intended for the above purposes, commonly supported OBD II data such as Vehicle Speed, RPM, and Fuel Level allow GPS based fleet tracking devices to monitor vehicle idling times, speeding, and over-revving. By monitoring OBD II DTCs a company can know immediately if one of its vehicles has an engine problem and by interpreting the code the nature of the problem. OBD II is also monitored to block mobile phones when driving and to record trip data for insurance purposes

OBD Applications

Posted on by admin

Various tools are available that plug into the OBD connector to access OBD functions. These range from simple generic consumer level tools to highly sophisticated OEM dealership tools to vehicle telematic devices.

Hand-held Scan Tools

A range of rugged hand-held scan tools is available.

  • Simple fault code readers/reset tools are mostly aimed at the consumer level.
  • Professional hand-held scan tools may possess more advanced functions
    • Access more advanced diagnostics
    • Set manufacturer- or vehicle-specific ECU parameters
    • Access and control other control units, such as air bag or ABS
    • Real-time monitoring or graphing of engine parameters to facilitate diagnosis or tuning

Mobile Device Based Tools and Analysis

Mobile device applications allow mobile devices such as cell phones and tablets to display and manipulate the OBD-II data accessed via USB adaptor cables or bluetooth adapters plugged into the car’s OBD II connector.

PC-based Scan Tools and Analysis Platforms

obd usb scanner

A PC-based OBD analysis tool that converts the OBD-II signals to serial data (USB or serial port) standard to PCs or Macs. The software then decodes the received data to a visual display. Many popular interfaces are based on the ELM or STN1110OBD Interpreter ICs, both of which read all five generic OBD-II protocols. Some adapters now use the J2534 API allowing them to access OBD-II Protocols for both cars and trucks.

In addition to the functions of a hand-held scan tool, the PC-based tools generally offer:

  • Large storage capacity for data logging and other functions
  • Higher resolution screen than handheld tools
  • The ability to use multiple software programs adding flexibility

The extent that a PC tool may access manufacturer or vehicle-specific ECU diagnostics varies between software products as it does between hand-held scanners.

OBD-II diagnostic data available

Posted on by admin

OBD2 provides access to data from the engine control unit (ECU) and offers a valuable source of information when troubleshooting problems inside a vehicle. The SAE J1979 standard defines a method for requesting various diagnostic data and a list of standard parameters that might be available from the ECU. The various parameters that are available are addressed by “parameter identification numbers” or PIDs which are defined in J1979. For a list of basic PIDs, their definitions, and the formula to convert raw OBD-II output to meaningful diagnostic units, see OBD-II PIDs. Manufacturers are not required to implement all PIDs listed in J1979 and they are allowed to include proprietary PIDs that are not listed. The PID request and data retrieval system gives access to real time performance data as well as flagged DTCs. For a list of generic OBD-II DTCs suggested by the SAE, see Table of OBD-II Codes. Individual manufacturers often enhance the OBD-II code set with additional proprietary DTCs.

Mode of operation

Here is a basic introduction to the OBD communication protocol according to ISO 15031:

Mode $01 is used to identify what powertrain information is available to the scan tool.

Mode $02 displays Freeze Frame data.

Mode $03 lists the emission-related “confirmed” diagnostic trouble codes stored. It displays exact numeric, 4 digit codes identifying the faults.

Mode $04 is used to clear emission-related diagnostic information. This includes clearing the stored pending/confirmed DTCs and Freeze Frame data.

Mode $05 displays the oxygen sensor monitor screen and the test results gathered about the oxygen sensor.

There are ten numbers available for diagnostics:

  1. $01 Rich-to-Lean O2 sensor threshold voltage
  2. $02 Lean-to-Rich O2 sensor threshold voltage
  3. $03 Low sensor voltage threshold for switch time measurement
  4. $04 High sensor voltage threshold for switch time measurement
  5. $05 Rich-to-Lean switch time in ms
  6. $06 Lean-to Rich switch time in ms
  7. $07 Minimum voltage for test
  8. $08 Maximum voltage for test
  9. $09 Time between voltage transitions in ms

Mode $06 is a Request for On-Board Monitoring Test Results for Continuously and Non-Continuously Monitored System. There are typically a minimum value, a maximum value, and a current value for each non-continuous monitor.

Mode $07 is a Request for emission-related diagnostic trouble codes detected during current or last completed driving cycle. It enables the external test equipment to obtain “pending” diagnostic trouble codes detected during current or last completed driving cycle for emission-related components/systems. This is used by service technicians after a vehicle repair, and after clearing diagnostic information to see test results after a single driving cycle to determine if the repair has fixed the problem.

Mode $08 could enable the off-board test device to control the operation of an on-board system, test, or component.

Mode $09 is used to retrieve vehicle information. Among others, the following information is available:

  • VIN (Vehicle Identification Number): Vehicle ID
  • CALID (Calibration Identification): ID for the software installed on the ECU
  • CVN (Calibration Verification Number): Number used to verify the integrity of the vehicle software. The manufacturer is responsible for determining the method of calculating CVN(s), e.g. using checksum.
  • In-use performance counters
    • Gasoline engine : Catalyst, Primary oxygen sensor, Evaporating system, EGR system, VVT system, Secondary air system, and Secondary oxygen sensor
    • Diesel engine : NMHC catalyst, NOx reduction catalyst, NOx absorber Particulate matter filter, Exhaust gas sensor, EGR system, VVT system, Boost pressure control, Fuel system.

Mode $0A lists emission-related “permanent” diagnostic trouble codes stored. As per CARB, any diagnostic trouble codes that is commanding MIL on and stored into non-volatile memory shall be logged as a permanent fault code.

JOBD and Australian OBD standard

Posted on by admin

JOBD

JOBD is a version of OBD-II for vehicles sold in Japan.

ADR 79/01 & 79/02 (Australian OBD standard)

The ADR 79/01 (Vehicle Standard (Australian Design Rule 79/01 – Emission Control for Light Vehicles) 2005) standard is the Australian equivalent of OBD-II.
It applies to all vehicles of category M1 and N1 with a Gross Vehicle Weight rating of 3500 kg or less, registered from new within Australia and produced since January 1, 2006 for petrol (gasoline) engined cars and since January 1, 2007 for diesel engined cars.
For newly introduced models, the regulation dates applied a year earlier – January 1, 2005 for petrol and January 1, 2006 for diesel.
The ADR 79/01 standard was supplemented by the ADR 79/02 standard which imposed tighter emissions restrictions, applicable to all vehicles of class M1 and N1 with a Gross Vehicle Weight rating of 3500 kg or less, from July 1, 2008 for new models, July 1, 2010 for all models.
The technical implementation of this standard is essentially the same as OBD-II, with the same SAE J1962 diagnostic link connector and signal protocols being used.

EOBD Introduction

Posted on by admin

The EOBD (European On Board Diagnostics) regulations are the European equivalent of OBD-II, and apply to all passenger cars of category M1 (with no more than 8 passenger seats and a Gross Vehicle Weight rating of 2500 kg or less) first registered within EU member states since January 1, 2001 for petrol (gasoline) engined cars and since January 1, 2004 for diesel engined cars.

For newly introduced models, the regulation dates applied a year earlier – January 1, 2000 for petrol and January 1, 2003 for diesel.
For passenger cars with a Gross Vehicle Weight rating of greater than 2500 kg and for light commercial vehicles, the regulation dates applied from January 1, 2002 for petrol models, and January 1, 2007 for diesel models.

The technical implementation of EOBD is essentially the same as OBD-II, with the same SAE J1962 diagnostic link connector and signal protocols being used.

With Euro V and Euro VI emission standards, EOBD emission thresholds will be lower than previous Euro III and IV.

EOBD fault codes

Each of the EOBD fault codes consists of five characters: a letter, followed by four numbers. The letter refers to the system being interrogated e.g. Pxxxx would refer to the powertrain system. The next character would be a 0 if complies to the EOBD standard. So it should look like P0xxx.

The next character would refer to the sub system.

  • P00xx – Fuel and Air Metering and Auxiliary Emission Controls.
  • P01xx – Fuel and Air Metering.
  • P02xx – Fuel and Air Metering (Injector Circuit).
  • P03xx – Ignition System or Misfire.
  • P04xx – Auxiliary Emissions Controls.
  • P05xx – Vehicle Speed Controls and Idle Control System.
  • P06xx – Computer Output Circuit.
  • P07xx – Transmission.
  • P08xx – Transmission.

The following two characters would refer to the individual fault within each subsystem.

EOBD2

The term “EOBD2” is marketing speak used by some vehicle manufacturers to refer to manufacturer-specific features that are not actually part of the OBD or EOBD standard. In this case “E” stands for Enhanced.

OBDII signal protocols

Posted on by admin

There are five signaling protocols that are permitted with the OBD-II interface. Most vehicles implement only one of the protocols. It is often possible to deduce the protocol used based on which pins are present on the J1962 connector:

  • SAE J1850 PWM (pulse-width modulation — 41.6 kB/sec, standard of the Ford Motor Company)
    • pin 2: Bus+
    • pin 10: Bus–
    • High voltage is +5 V
    • Message length is restricted to 12 bytes, including CRC
    • Employs a multi-master arbitration scheme called ‘Carrier Sense Multiple Access with Non-Destructive Arbitration’ (CSMA/NDA)
  • SAE J1850 VPW (variable pulse width — 10.4/41.6 kB/sec, standard of General Motors)
    • pin 2: Bus+
    • Bus idles low
    • High voltage is +7 V
    • Decision point is +3.5 V
    • Message length is restricted to 12 bytes, including CRC
    • Employs CSMA/NDA
  • ISO 9141-2. This protocol has an asynchronous serial data rate of 10.4 kBaud. It is somewhat similar to RS-232; however, the signal levels are different, and communications happens on a single, bidirectional line without additional handshake signals. ISO 9141-2 is primarily used in Chrysler, European, and Asian vehicles.
    • pin 7: K-line
    • pin 15: L-line (optional)
    • UART signaling
    • K-line idles high, with a 510 ohm resistor to Vbatt
    • The active/dominant state is driven low with an open-collector driver.
    • Message length is restricted to 12 bytes, including CRC
  • ISO 14230 KWP2000 (Keyword Protocol 2000)
    • pin 7: K-line
    • pin 15: L-line (optional)
    • Physical layer identical to ISO 9141-2
    • Data rate 1.2 to 10.4 kBaud
    • Message may contain up to 255 bytes in the data field
  • ISO 15765 CAN(250 kBit/s or 500 kBit/s). The CAN protocol was developed by Bosch for automotive and industrial control. Unlike other OBD protocols, variants are widely use outside of the automotive industry. While it did not meet the OBD-II requirements for U.S. vehicles prior to 2003, as of 2008 all vehicles sold in the US are required to implement CAN as one of their signaling protocols.
    • pin 6: CAN High
    • pin 14: CAN Low

All OBD-II pinouts use the same connector, but different pins are used with the exception of pin 4 (battery ground) and pin 16 (battery positive).

What’s OBD-II?

Posted on by admin

OBD-II is an improvement over OBD-I in both capability and standardization. The OBD-II standard specifies the type of diagnostic connector and its pinout, the electrical signalling protocols available, and the messaging format. It also provides a candidate list of vehicle parameters to monitor along with how to encode the data for each. There is a pin in the connector that provides power for the scan tool from the vehicle battery, which eliminates the need to connect a scan tool to a power source separately. However, some technicians might still connect the scan tool to an auxiliary power source to protect data in the unusual event that a vehicle experiences a loss of electrical power due to a malfunction.

 

Finally, the OBD-II standard provides an extensible list of DTCs. As a result of this standardization, a single device can query the on-board computer(s) in any vehicle. This OBD-II came in two models OBD-IIA and OBD-IIB. OBD-II standardization was prompted by emissions requirements, and though only emission-related codes and data are required to be transmitted through it, most manufacturers have made the OBD-II Data Link Connector the only one in the vehicle through which all systems are diagnosed and programmed. OBD-II Diagnostic Trouble Codes are 4-digit, preceded by a letter: P for engine and transmission (powertrain), B for body, C for chassis, and U for network.