OBD - II
On-Board Diagnostics (OBD) ( SAE J1962 ) is a diagnostic system in vehicles for detecting any errors in the car's network ( includes BCM, engine, and other car parts). Maybe you had seen some malfunction indications in our car just like a door lock beep.
Obviously, when a node/part is malfunctioning we will visit a service center/mechanic in a modern way of solving the problem we can use an OBD2 scanner to identify the exact malfunctioning part.
He will identify the OBD2 port ( mostly under the driver's seat or near the driver's wheel / some times hidden inside) on our car and connects a scanner that is capable to send some diagnostic trouble codes to understand the malfunction. This will be done without tearing the car apart.
Image courtesy: stock exchange.
OBD2 is like a method/protocol to communicate with the CAN bus. Since 2008 it has been mandatory in all cars in the US mostly all new cars Nowadays have an OBD2 port Some old cars might not support even they have a port.
Image courtesy: CSS electronics.
This started when Volkswagen introduced the first onboard computer system with scanning capability, in 1988 Society of Automotive Engineers (SAE) recommended a standard diagnostic connector and set of diagnostic test signals, The California Air Resources Board (CARB) required that all new vehicles sold in 1991 and after have some basic OBD capability. The connector and its placement are not standardized.
OBD2 have a vast range of PID's (Parameter Identification Location) which are available to be logged in the maximum number of Modern car which not just made with some mechanical parts.
In a way, we are getting human-readable information of various parts from the vehicle regarding the parts that are connected.
(Wikipedia has a detailed article on standard OBD2 PIDs)
An OBD2 message is of an 11-bit identifier and 64-bit data, It is divided as follows,
Image courtesy: CSS electronics.
An identifier is used to distinguish Request ( ID 7DF ) and Response ( ID 7E8 to 7EF ) messages.
For a request, this will be from 01-0A, and in response, this varies from 41-4A.
- 0x01: Shows current data. Sending a PID of 0x00 returns 4 bytes of bit-encoded available PIDs.
- 0x02: Shows freeze frame data and the PID value remains the same as 0x01, but the data will be from the frozen state.
- 0x03: Shows stored ( confirmed ) diagnostic trouble codes.
- 0x04: Erases DTCs & clears diagnostic history, Even refurbishes the DTCs and frozen data.
- 0x07: Shows "pending" diagnostic codes, Displays codes that have shown up once but that hasn't been confirmed; status pending.
- 0x08: Controls operations of the onboard component/system It allows a technician to activate and deactivate the system actuators manually. System actuators allow drive-by-wire operations and physically control different devices. These codes aren't standard, so a common scan tool won't be able to do much with this model. Dealership scan tools have a lot more access to vehicle internals and are an interesting target for hackers to reverse engineer.
- 0x09: Requests vehicle information, Several pieces of data can be pulled with mode 0x09.
- 0x0a: Permanent diagnostic codes This mode pulls DTCs that have been erased via mode 0x04. These DTCs are cleared only once the PCM has verified the fault condition is no longer present.
We can connect an OBD2 scanner/data logger to the connector and we can communicate (request) through the CAN bus and correspond ECU's will respond to that.
- 1. The Car Hackers Handbook a guide for the penetration tester.
- 2. https://www.csselectronics.com/screen/page/simple-intro-obd2-explained.