0

I'm trying to reverse engineer the CAN bus codes generated by the steering wheel of a car. I'm interested in a single message, the one that holds the information about what button of the steering wheel has been pressed. I have done that for many different cars but this one is special (?) I found the message that holds the data has for ID 0x3D4. So I logged this specific message many times with/without a different combination of the steering wheel buttons.

The way car works (most of the time) is that a single bit will toggle from 0 to 1 when a button is held down. And go back to 0 when the button is released. This message has a DLC of 8 so there would be potentially enough room for 64 buttons. Now for this car, they have used 4 bits of the second byte for a counter counting from 0 to F. The first byte is the one that is causing a problem. I don't understand how it is generated. It seems to be dependant on the value of the other bytes but does not follow a standard CRC algo... It seems that it also depends on the position of the bytes... Pressing on buttons in the car will change a bit in the data which then changes the value of the first byte. If I generate a fake command to the car without changing the first byte, the car will not react to it.

I would like to find how this first byte is generated so I can generate it myself.

The DLC: 8

CAN bus high speed 500kb/s

CA 0E 80 00 00 04 00 00    
1F 0F 80 00 00 04 00 00    
ED 00 80 00 00 04 00 00    
4A 01 81 00 00 04 00 00    
01 02 81 00 00 04 00 00    
4C 03 81 00 00 04 00 00    
DC 04 81 00 00 04 00 00    
37 05 81 00 00 04 00 00    
1E 06 81 00 00 04 00 00    
8B 07 80 00 00 04 00 00    
25 08 80 00 00 04 00 00   
70 09 80 00 00 04 00 00    
6B 0A 80 00 00 04 00 00    
9B 0B 81 00 00 04 00 00
BE 0C 81 00 00 04 00 00
41 0D 81 00 00 04 00 00    
3E 0E 81 00 00 04 00 00    
1F 0F 80 00 00 04 00 00    
ED 00 80 00 00 04 00 00    
BE 01 80 00 00 04 00 00    
F5 02 80 00 00 04 00 00    
B8 03 80 00 00 04 00 00

I also found these following messages that share the same first byte:

7F 2D 84 00 00 04 00 00
7F 07 81 00 00 04 00 00
7F 03 82 00 00 04 00 00

4C 03 81 00 00 04 00 00
4C 00 84 00 00 04 00 00
4C 07 82 00 00 04 00 00

BE 0C 81 00 00 04 00 00
BE 01 80 00 00 04 00 00
BE 0F 84 00 00 04 00 00
BE 23 88 00 00 04 00 00

More data:

70  09  80  00  00  04  00  00
6B  0A  80  00  00  04  00  00
9B  0B  81  00  00  04  00  00
BE  0C  81  00  00  04  00  00
41  0D  81  00  00  04  00  00
3E  0E  81  00  00  04  00  00
EB  0F  81  00  00  04  00  00
ED  00  80  00  00  04  00  00
BE  01  80  00  00  04  00  00
F5  02  80  00  00  04  00  00
B8  03  80  00  00  04  00  00
28  04  80  00  00  04  00  00
04  05  82  00  00  04  00  00
4B  06  84  00  00  04  00  00
2A  07  84  00  00  04  00  00
26  18  84  00  00  04  00  00
73  19  84  00  00  04  00  00
68  1A  84  00  00  04  00  00
6C  1B  84  00  00  04  00  00
49  1C  84  00  00  04  00  00
B6  1D  84  00  00  04  00  00
C9  1E  84  00  00  04  00  00
BE  0F  84  00  00  04  00  00
4C  00  84  00  00  04  00  00
1F  01  84  00  00  04  00  00
54  02  84  00  00  04  00  00
19  03  84  00  00  04  00  00
89  04  84  00  00  04  00  00
09  25  84  00  00  04  00  00
20  26  84  00  00  04  00  00
41  27  84  00  00  04  00  00
EF  28  84  00  00  04  00  00
BA  29  84  00  00  04  00  00
A1  2A  84  00  00  04  00  00
A5  2B  84  00  00  04  00  00
80  2C  84  00  00  04  00  00
7F  2D  84  00  00  04  00  00
00  2E  84  00  00  04  00  00
D5  2F  84  00  00  04  00  00
27  20  84  00  00  04  00  00
74  21  84  00  00  04  00  00
3F  22  84  00  00  04  00  00
19  03  84  00  00  04  00  00
2B  14  84  00  00  04  00  00
C0  15  84  00  00  04  00  00
E9  16  84  00  00  04  00  00
88  17  84  00  00  04  00  00
26  18  84  00  00  04  00  00
73  19  84  00  00  04  00  00
68  1A  84  00  00  04  00  00
6C  1B  84  00  00  04  00  00
49  1C  84  00  00  04  00  00
B6  1D  84  00  00  04  00  00
C9  1E  84  00  00  04  00  00
1C  1F  84  00  00  04  00  00
EE  10  84  00  00  04  00  00
BD  11  84  00  00  04  00  00
F6  12  84  00  00  04  00  00
BB  13  84  00  00  04  00  00
2B  14  84  00  00  04  00  00
0C  15  88  00  00  04  00  00
25  16  88  00  00  04  00  00
44  17  88  00  00  04  00  00
EA  18  88  00  00  04  00  00
BF  19  88  00  00  04  00  00
A4  1A  88  00  00  04  00  00
02  0B  88  00  00  04  00  00
27  0C  88  00  00  04  00  00
D8  0D  88  00  00  04  00  00
CC  2E  88  00  00  04  00  00
19  2F  88  00  00  04  00  00
EB  20  88  00  00  04  00  00
B8  21  88  00  00  04  00  00
F3  22  88  00  00  04  00  00
BE  23  88  00  00  04  00  00
2E  24  88  00  00  04  00  00
C5  25  88  00  00  04  00  00
EC  26  88  00  00  04  00  00
8D  27  88  00  00  04  00  00
23  28  88  00  00  04  00  00
76  29  88  00  00  04  00  00
6D  2A  88  00  00  04  00  00
69  2B  88  00  00  04  00  00
4C  2C  88  00  00  04  00  00
B3  2D  88  00  00  04  00  00
CC  2E  88  00  00  04  00  00
72  0F  88  00  00  04  00  00
80  00  88  00  00  04  00  00
D3  01  88  00  00  04  00  00
98  02  88  00  00  04  00  00
D5  03  88  00  00  04  00  00
45  04  88  00  00  04  00  00
AE  05  88  00  00  04  00  00
4B  06  84  00  00  04  00  00
2A  07  84  00  00  04  00  00
E2  08  82  00  00  04  00  00
B7  09  82  00  00  04  00  00
AC  0A  82  00  00  04  00  00
A8  0B  82  00  00  04  00  00
8D  0C  82  00  00  04  00  00
72  0D  82  00  00  04  00  00
0D  0E  82  00  00  04  00  00
D8  0F  82  00  00  04  00  00
2A  00  82  00  00  04  00  00
79  01  82  00  00  04  00  00
32  02  82  00  00  04  00  00
7F  03  82  00  00  04  00  00
EF  04  82  00  00  04  00  00
04  05  82  00  00  04  00  00
2D  06  82  00  00  04  00  00
4C  07  82  00  00  04  00  00
E2  08  82  00  00  04  00  00
B7  09  82  00  00  04  00  00
AC  0A  82  00  00  04  00  00
A8  0B  82  00  00  04  00  00
8D  0C  82  00  00  04  00  00
72  0D  82  00  00  04  00  00
0D  0E  82  00  00  04  00  00
D8  0F  82  00  00  04  00  00
2A  00  82  00  00  04  00  00
79  01  82  00  00  04  00  00
32  02  82  00  00  04  00  00
7F  03  82  00  00  04  00  00
EF  04  82  00  00  04  00  00
04  05  82  00  00  04  00  00
2D  06  82  00  00  04  00  00

Following data have been logged while I tried all the buttons available. + a few combinations of the buttons.

76  00  A0  00  00  04  00  00
25  01  A0  00  00  04  00  00
6E  02  A0  00  00  04  00  00
23  03  A0  00  00  04  00  00
B3  04  A0  00  00  04  00  00
58  05  A0  00  00  04  00  00
71  06  A0  00  00  04  00  00
10  07  A0  00  00  04  00  00
BE  08  A0  00  00  04  00  00
EB  09  A0  00  00  04  00  00
04  0A  A1  00  00  04  00  00
00  0B  A1  00  00  04  00  00
25  0C  A1  00  00  04  00  00
DA  0D  A1  00  00  04  00  00
A5  0E  A1  00  00  04  00  00
84  0F  A0  00  00  04  00  00
76  00  A0  00  00  04  00  00
25  01  A0  00  00  04  00  00
6E  02  A0  00  00  04  00  00
23  03  A0  00  00  04  00  00
B3  04  A0  00  00  04  00  00
9F  05  A2  00  00  04  00  00
D0  06  A4  00  00  04  00  00
B1  07  A4  00  00  04  00  00
D3  08  A8  00  00  04  00  00
86  09  A8  00  00  04  00  00
9D  0A  A8  00  00  04  00  00
99  0B  A8  00  00  04  00  00
70  0C  A4  00  00  04  00  00
8F  0D  A4  00  00  04  00  00
F0  0E  A4  00  00  04  00  00
25  0F  A4  00  00  04  00  00
B1  00  A2  00  00  04  00  00
E2  01  A2  00  00  04  00  00
A9  02  A2  00  00  04  00  00
23  03  A0  00  00  04  00  00
B3  04  A0  00  00  04  00  00
C3  05  80  00  00  04  00  00
30  06  90  00  00  04  00  00
51  07  90  00  00  04  00  00
25  08  80  00  00  04  00  00
70  09  80  00  00  04  00  00
6B  0A  80  00  00  04  00  00
6F  0B  80  00  00  04  00  00
4A  0C  80  00  00  04  00  00
B5  0D  80  00  00  04  00  00
CA  0E  80  00  00  04  00  00
1F  0F  80  00  00  04  00  00
ED  00  80  00  00  04  00  00
BE  01  80  00  00  04  00  00
01  02  81  00  00  04  00  00
4C  03  81  00  00  04  00  00
DC  04  81  00  00  04  00  00
37  05  81  00  00  04  00  00
1E  06  81  00  00  04  00  00
7F  07  81  00  00  04  00  00
D1  08  81  00  00  04  00  00
70  09  80  00  00  04  00  00
6B  0A  80  00  00  04  00  00
6F  0B  80  00  00  04  00  00
4A  0C  80  00  00  04  00  00
B5  0D  80  00  00  04  00  00
CA  0E  80  00  00  04  00  00
1F  0F  80  00  00  04  00  00
2A  00  82  00  00  04  00  00
79  01  82  00  00  04  00  00
32  02  82  00  00  04  00  00
7F  03  82  00  00  04  00  00
EF  04  82  00  00  04  00  00
04  05  82  00  00  04  00  00
2D  06  82  00  00  04  00  00
2A  07  84  00  00  04  00  00
84  08  84  00  00  04  00  00
D1  09  84  00  00  04  00  00
CA  0A  84  00  00  04  00  00
CE  0B  84  00  00  04  00  00
27  0C  88  00  00  04  00  00
D8  0D  88  00  00  04  00  00
A7  0E  88  00  00  04  00  00
72  0F  88  00  00  04  00  00
4C  00  84  00  00  04  00  00
1F  01  84  00  00  04  00  00
32  02  82  00  00  04  00  00
B8  03  80  00  00  04  00  00
28  04  80  00  00  04  00  00
C3  05  80  00  00  04  00  00
71  06  A0  00  00  04  00  00
10  07  A0  00  00  04  00  00
BE  08  A0  00  00  04  00  00
69  09  C0  00  00  04  00  00
72  0A  C0  00  00  04  00  00
F4  0B  A0  00  00  04  00  00
D1  0C  A0  00  00  04  00  00
2E  0D  A0  00  00  04  00  00
51  0E  A0  00  00  04  00  00
84  0F  A0  00  00  04  00  00
76  00  A0  00  00  04  00  00
25  01  A0  00  00  04  00  00
6E  02  A0  00  00  04  00  00
B8  03  80  00  00  04  00  00
28  04  80  00  00  04  00  00
C3  05  80  00  00  04  00  00
EA  06  80  00  00  04  00  00
8B  07  80  00  00  04  00  00
25  08  80  00  00  04  00  00
0F  09  80  04  00  04  00  00
14  0A  80  04  00  04  00  00
B8  0B  80  06  00  04  00  00
9D  0C  80  06  00  04  00  00
62  0D  80  06  00  04  00  00
1D  0E  80  06  00  04  00  00
C8  0F  80  06  00  04  00  00
3A  00  80  06  00  04  00  00
C1  01  80  04  00  04  00  00
8A  02  80  04  00  04  00  00
C7  03  80  04  00  04  00  00
57  04  80  04  00  04  00  00
BC  05  80  04  00  04  00  00
95  06  80  04  00  04  00  00
F4  07  80  04  00  04  00  00
5A  08  80  04  00  04  00  00
0F  09  80  04  00  04  00  00
14  0A  80  04  00  04  00  00
10  0B  80  04  00  04  00  00
35  0C  80  04  00  04  00  00
CA  0D  80  04  00  04  00  00
B5  0E  80  04  00  04  00  00
60  0F  80  04  00  04  00  00
92  00  80  04  00  04  00  00
C1  01  80  04  00  04  00  00
8A  02  80  04  00  04  00  00
C7  03  80  04  00  04  00  00
57  04  80  04  00  04  00  00
BC  05  80  04  00  04  00  00
95  06  80  04  00  04  00  00
F4  07  80  04  00  04  00  00
5A  08  80  04  00  04  00  00
0F  09  80  04  00  04  00  00
14  0A  80  04  00  04  00  00
10  0B  80  04  00  04  00  00
35  0C  80  04  00  04  00  00
CA  0D  80  04  00  04  00  00
B5  0E  80  04  00  04  00  00
60  0F  80  04  00  04  00  00
92  00  80  04  00  04  00  00
C1  01  80  04  00  04  00  00
8A  02  80  04  00  04  00  00
C7  03  80  04  00  04  00  00
57  04  80  04  00  04  00  00
BC  05  80  04  00  04  00  00
95  06  80  04  00  04  00  00
23  07  80  02  00  04  00  00
8D  08  80  02  00  04  00  00
D8  09  80  02  00  04  00  00
C3  0A  80  02  00  04  00  00
C7  0B  80  02  00  04  00  00
E2  0C  80  02  00  04  00  00
1D  0D  80  02  00  04  00  00
62  0E  80  02  00  04  00  00
B7  0F  80  02  00  04  00  00
45  00  80  02  00  04  00  00
16  01  80  02  00  04  00  00
5D  02  80  02  00  04  00  00
10  03  80  02  00  04  00  00
80  04  80  02  00  04  00  00
6B  05  80  02  00  04  00  00
42  06  80  02  00  04  00  00
23  07  80  02  00  04  00  00
25  08  80  00  00  04  00  00
70  09  80  00  00  04  00  00
6B  0A  80  00  00  04  00  00
6F  0B  80  00  00  04  00  00
4A  0C  80  00  00  04  00  00
1D  0D  80  02  00  04  00  00
B5  0E  80  04  00  04  00  00
60  0F  80  04  00  04  00  00
3A  00  80  06  00  04  00  00
69  01  80  06  00  04  00  00
22  02  80  06  00  04  00  00
6F  03  80  06  00  04  00  00
FF  04  80  06  00  04  00  00
14  05  80  06  00  04  00  00
3D  06  80  06  00  04  00  00
5C  07  80  06  00  04  00  00
F2  08  80  06  00  04  00  00
A7  09  80  06  00  04  00  00
BC  0A  80  06  00  04  00  00
B8  0B  80  06  00  04  00  00
9D  0C  80  06  00  04  00  00
62  0D  80  06  00  04  00  00
1D  0E  80  06  00  04  00  00
C8  0F  80  06  00  04  00  00
3A  00  80  06  00  04  00  00
69  01  80  06  00  04  00  00
22  02  80  06  00  04  00  00
6F  03  80  06  00  04  00  00
FF  04  80  06  00  04  00  00
14  05  80  06  00  04  00  00
3D  06  80  06  00  04  00  00
5C  07  80  06  00  04  00  00
F2  08  80  06  00  04  00  00
A7  09  80  06  00  04  00  00
BC  0A  80  06  00  04  00  00
10  0B  80  04  00  04  00  00
35  0C  80  04  00  04  00  00
1D  0D  80  02  00  04  00  00
62  0E  80  02  00  04  00  00
B7  0F  80  02  00  04  00  00
45  00  80  02  00  04  00  00
16  01  80  02  00  04  00  00
5D  02  80  02  00  04  00  00
10  03  80  02  00  04  00  00
80  04  80  02  00  04  00  00
6B  05  80  02  00  04  00  00
42  06  80  02  00  04  00  00
23  07  80  02  00  04  00  00
8D  08  80  02  00  04  00  00
D8  09  80  02  00  04  00  00
C3  0A  80  02  00  04  00  00
C7  0B  80  02  00  04  00  00
E2  0C  80  02  00  04  00  00
1D  0D  80  02  00  04  00  00
62  0E  80  02  00  04  00  00
B7  0F  80  02  00  04  00  00
45  00  80  02  00  04  00  00
16  01  80  02  00  04  00  00
5D  02  80  02  00  04  00  00
B8  03  80  00  00  04  00  00
28  04  80  00  00  04  00  00
C3  05  80  00  00  04  00  00
EA  06  80  00  00  04  00  00
4C  07  82  00  00  04  00  00
E2  08  82  00  00  04  00  00
B7  09  82  00  00  04  00  00
AC  0A  82  00  00  04  00  00
A8  0B  82  00  00  04  00  00
8D  0C  82  00  00  04  00  00
72  0D  82  00  00  04  00  00
0D  0E  82  00  00  04  00  00
D8  0F  82  00  00  04  00  00
2A  00  82  00  00  04  00  00
79  01  82  00  00  04  00  00
32  02  82  00  00  04  00  00
7F  03  82  00  00  04  00  00
EF  04  82  00  00  04  00  00
04  05  82  00  00  04  00  00
2D  06  82  00  00  04  00  00
4C  07  82  00  00  04  00  00
E2  08  82  00  00  04  00  00
B7  09  82  00  00  04  00  00
AC  0A  82  00  00  04  00  00
A8  0B  82  00  00  04  00  00
8D  0C  82  00  00  04  00  00
72  0D  82  00  00  04  00  00
0D  0E  82  00  00  04  00  00
D8  0F  82  00  00  04  00  00
2A  00  82  00  00  04  00  00
79  01  82  00  00  04  00  00
32  02  82  00  00  04  00  00
7F  03  82  00  00  04  00  00
EF  04  82  00  00  04  00  00
04  05  82  00  00  04  00  00
2D  06  82  00  00  04  00  00
4C  07  82  00  00  04  00  00
E2  08  82  00  00  04  00  00
B7  09  82  00  00  04  00  00
AC  0A  82  00  00  04  00  00
A8  0B  82  00  00  04  00  00
8D  0C  82  00  00  04  00  00
72  0D  82  00  00  04  00  00
0D  0E  82  00  00  04  00  00
1F  0F  80  00  00  04  00  00
ED  00  80  00  00  04  00  00
BE  01  80  00  00  04  00  00
57  12  80  00  00  04  00  00
1A  13  80  00  00  04  00  00
8A  14  80  00  00  04  00  00
61  15  80  00  00  04  00  00
48  16  80  00  00  04  00  00
29  17  80  00  00  04  00  00
87  18  80  00  00  04  00  00
D2  19  80  00  00  04  00  00
C9  1A  80  00  00  04  00  00
CD  1B  80  00  00  04  00  00
E8  1C  80  00  00  04  00  00
17  1D  80  00  00  04  00  00
68  1E  80  00  00  04  00  00
BD  1F  80  00  00  04  00  00
4F  10  80  00  00  04  00  00
1C  11  80  00  00  04  00  00
57  12  80  00  00  04  00  00
1A  13  80  00  00  04  00  00
8A  14  80  00  00  04  00  00
61  15  80  00  00  04  00  00
48  16  80  00  00  04  00  00
29  17  80  00  00  04  00  00
87  18  80  00  00  04  00  00
D2  19  80  00  00  04  00  00
C9  1A  80  00  00  04  00  00
CD  1B  80  00  00  04  00  00
E8  1C  80  00  00  04  00  00
17  1D  80  00  00  04  00  00
CA  0E  80  00  00  04  00  00
1F  0F  80  00  00  04  00  00
ED  00  80  00  00  04  00  00
BE  01  80  00  00  04  00  00
F5  02  80  00  00  04  00  00
B8  03  80  00  00  04  00  00
43  24  80  00  00  04  00  00
A8  25  80  00  00  04  00  00
81  26  80  00  00  04  00  00
E0  27  80  00  00  04  00  00
4E  28  80  00  00  04  00  00
1B  29  80  00  00  04  00  00
00  2A  80  00  00  04  00  00
04  2B  80  00  00  04  00  00
21  2C  80  00  00  04  00  00
DE  2D  80  00  00  04  00  00
A1  2E  80  00  00  04  00  00
74  2F  80  00  00  04  00  00
86  20  80  00  00  04  00  00
D5  21  80  00  00  04  00  00
9E  22  80  00  00  04  00  00
D3  23  80  00  00  04  00  00
43  24  80  00  00  04  00  00
A8  25  80  00  00  04  00  00
81  26  80  00  00  04  00  00
E0  27  80  00  00  04  00  00
4E  28  80  00  00  04  00  00
1B  29  80  00  00  04  00  00
00  2A  80  00  00  04  00  00
04  2B  80  00  00  04  00  00
21  2C  80  00  00  04  00  00
DE  2D  80  00  00  04  00  00
A1  2E  80  00  00  04  00  00
74  2F  80  00  00  04  00  00
86  20  80  00  00  04  00  00
D5  21  80  00  00  04  00  00
F5  02  80  00  00  04  00  00
B8  03  80  00  00  04  00  00
28  04  80  00  00  04  00  00
C3  05  80  00  00  04  00  00
EA  06  80  00  00  04  00  00
8B  07  80  00  00  04  00  00
F3  48  80  00  00  04  00  00
A6  49  80  00  00  04  00  00
BD  4A  80  00  00  04  00  00
B9  4B  80  00  00  04  00  00
9C  4C  80  00  00  04  00  00
63  4D  80  00  00  04  00  00
1C  4E  80  00  00  04  00  00
C9  4F  80  00  00  04  00  00
3B  40  80  00  00  04  00  00
68  41  80  00  00  04  00  00
23  42  80  00  00  04  00  00
6E  43  80  00  00  04  00  00
FE  44  80  00  00  04  00  00
15  45  80  00  00  04  00  00
3C  46  80  00  00  04  00  00
5D  47  80  00  00  04  00  00
F3  48  80  00  00  04  00  00
A6  49  80  00  00  04  00  00
BD  4A  80  00  00  04  00  00
B9  4B  80  00  00  04  00  00
9C  4C  80  00  00  04  00  00
63  4D  80  00  00  04  00  00
1C  4E  80  00  00  04  00  00
C9  4F  80  00  00  04  00  00
3B  40  80  00  00  04  00  00
68  41  80  00  00  04  00  00
23  42  80  00  00  04  00  00
6E  43  80  00  00  04  00  00
FE  44  80  00  00  04  00  00
15  45  80  00  00  04  00  00
3C  46  80  00  00  04  00  00
5D  47  80  00  00  04  00  00
F3  48  80  00  00  04  00  00
A6  49  80  00  00  04  00  00
BD  4A  80  00  00  04  00  00
6F  0B  80  00  00  04  00  00
4A  0C  80  00  00  04  00  00
B5  0D  80  00  00  04  00  00
CA  0E  80  00  00  04  00  00
1F  0F  80  00  00  04  00  00
ED  00  80  00  00  04  00  00
3D  81  80  00  00  04  00  00
76  82  80  00  00  04  00  00
3B  83  80  00  00  04  00  00
AB  84  80  00  00  04  00  00
40  85  80  00  00  04  00  00
69  86  80  00  00  04  00  00
08  87  80  00  00  04  00  00
A6  88  80  00  00  04  00  00
F3  89  80  00  00  04  00  00
E8  8A  80  00  00  04  00  00
EC  8B  80  00  00  04  00  00
C9  8C  80  00  00  04  00  00
36  8D  80  00  00  04  00  00
49  8E  80  00  00  04  00  00
9C  8F  80  00  00  04  00  00
6E  80  80  00  00  04  00  00
3D  81  80  00  00  04  00  00
76  82  80  00  00  04  00  00
3B  83  80  00  00  04  00  00
AB  84  80  00  00  04  00  00
40  85  80  00  00  04  00  00
69  86  80  00  00  04  00  00
08  87  80  00  00  04  00  00
A6  88  80  00  00  04  00  00
F3  89  80  00  00  04  00  00
E8  8A  80  00  00  04  00  00
EC  8B  80  00  00  04  00  00
C9  8C  80  00  00  04  00  00
36  8D  80  00  00  04  00  00
49  8E  80  00  00  04  00  00
9C  8F  80  00  00  04  00  00
ED  00  80  00  00  04  00  00
BE  01  80  00  00  04  00  00
F5  02  80  00  00  04  00  00
B8  03  80  00  00  04  00  00
28  04  80  00  00  04  00  00
04  05  82  00  00  04  00  00
4B  06  84  00  00  04  00  00
2A  07  84  00  00  04  00  00
84  08  84  00  00  04  00  00
D1  09  84  00  00  04  00  00
CA  0A  84  00  00  04  00  00
CE  0B  84  00  00  04  00  00
EB  0C  84  00  00  04  00  00
14  0D  84  00  00  04  00  00
6B  0E  84  00  00  04  00  00
BE  0F  84  00  00  04  00  00
4C  00  84  00  00  04  00  00
1F  01  84  00  00  04  00  00
54  02  84  00  00  04  00  00
19  03  84  00  00  04  00  00
89  04  84  00  00  04  00  00
62  05  84  00  00  04  00  00
4B  06  84  00  00  04  00  00
2A  07  84  00  00  04  00  00
84  08  84  00  00  04  00  00
D1  09  84  00  00  04  00  00
CA  0A  84  00  00  04  00  00
CE  0B  84  00  00  04  00  00
EB  0C  84  00  00  04  00  00
14  0D  84  00  00  04  00  00
6B  0E  84  00  00  04  00  00
BE  0F  84  00  00  04  00  00
4C  00  84  00  00  04  00  00
1F  01  84  00  00  04  00  00
54  02  84  00  00  04  00  00
19  03  84  00  00  04  00  00
89  04  84  00  00  04  00  00
62  05  84  00  00  04  00  00
4B  06  84  00  00  04  00  00
2A  07  84  00  00  04  00  00
48  08  88  00  00  04  00  00
1D  09  88  00  00  04  00  00
06  0A  88  00  00  04  00  00
02  0B  88  00  00  04  00  00
27  0C  88  00  00  04  00  00
D8  0D  88  00  00  04  00  00
A7  0E  88  00  00  04  00  00
72  0F  88  00  00  04  00  00
80  00  88  00  00  04  00  00
D3  01  88  00  00  04  00  00
98  02  88  00  00  04  00  00
D5  03  88  00  00  04  00  00
45  04  88  00  00  04  00  00
AE  05  88  00  00  04  00  00
87  06  88  00  00  04  00  00
E6  07  88  00  00  04  00  00
48  08  88  00  00  04  00  00
1D  09  88  00  00  04  00  00
06  0A  88  00  00  04  00  00
CE  0B  84  00  00  04  00  00
EB  0C  84  00  00  04  00  00
72  0D  82  00  00  04  00  00
0D  0E  82  00  00  04  00  00
D8  0F  82  00  00  04  00  00
ED  00  80  00  00  04  00  00
BE  01  80  00  00  04  00  00
F5  02  80  00  00  04  00  00
B8  03  80  00  00  04  00  00
28  04  80  00  00  04  00  00
C3  05  80  00  00  04  00  00
EA  06  80  00  00  04  00  00
8B  07  80  00  00  04  00  00

Thanks!

Alex
  • 21
  • 5
  • What makes you think that the first byte is dependent on the following bytes? Are you even sure that the first byte is a checksum? Can you give us a link to the CAN bus documentation that you're using? As written, your question is too specialized and does not contain enough information for us to even guess at an answer. Please update your question with the relevant information. – Jim Mischel Jun 01 '18 at 15:15
  • Try using [reveng](http://reveng.sourceforge.net/). – Mark Adler Jun 01 '18 at 20:03
  • @JimMischel - I have added more info – Alex Jun 02 '18 at 16:58
  • @MarkAdler - Thanks, I will try that. – Alex Jun 02 '18 at 16:59
  • I'm not convinced that the first byte is at all related to the other seven bytes. In the examples you've shown, only the first, second, and third bytes differ. The other five are always `00 00 04 00 00`. You showed us some lines where the first bytes are identical and the other seven differ. Are there are any lines that are identical except for the first byte? – Jim Mischel Jun 02 '18 at 17:54
  • @JimMischel - I have added a large set of data. All the buttons have been pressed on the steering wheel. Byte 4 is changing. But you are right, byte 5 to 8 remain the same. There are always a lot of spare capacities in CAN bus messages for these units so I'm not surprised to see a few bytes remaining unchanged. I can't find identical lines with different first byte. – Alex Jun 02 '18 at 18:05
  • You said: "Now for this car, they have used 4 bits of the second byte for a counter counting from 0 to F." Which 4 bits of the byte? Counting what -- number of time any key is pressed? Does that mean pressing identify keys but different times could generate different codes? – Edy Jun 02 '18 at 22:25
  • @Edy - If you look at the data in the OP you will see that the 4 bits (LSBs) of the 2nd byte increments from 0 to F. The steering wheel unit sends the button status (the message) at least every second, plus every time a button is pressed or released. The counter just counts the number of messages sent. The data is sent regardless whether a key is identified or not. – Alex Jun 03 '18 at 15:40

2 Answers2

0

If your goal is to send an arbitrary known code to the car, a simple way is to use a map to store all the valid 1st bytes, and send it accordingly.

If your goal is to utilize those other bits previously not used (~5 bytes of them), then unfortunately it is not possible from the data you provided. One reason is that there is no way for us to know the ordering of the ~40 currently unused bits even if we knew the algorithm used to generate the 1st byte.

The space of 1 byte values is small, only 256. For any code that you want to send, you could just try 256 times each with a different 1st byte. If any one does anything, then it's probably it. If none does, then maybe that code is invalid altogether?

Edy
  • 462
  • 3
  • 9
  • My goal is to generate the appropriate first byte for any of the possible combinations of the buttons. I thought about mapping the first byte but there are too many combinations, and also there could be a different number of buttons on different car finish (options)... so i might miss a few first byte values. If a bit is not used by the car, I want to leave it unused. I need to find the algorithm used to find the 1st byte, I cannot guess it. If I send the wrong first byte (even once) the car throws up an error to the driver (not in the message). – Alex Jun 03 '18 at 15:50
  • @Alex It seems to me that excluding the 1st byte, only 19 bits (including the 4-bit counter) are varying. That gives you 512k combinations. It'll be painstaking to try to induce all those combinations and record the codes, but once done, 512k isn't a big set to map. – Edy Jun 04 '18 at 01:09
  • @Alex OTOH, there are quite a few arithmetically simple codes that are not breakable by classical computation. For example, the first byte could be an 8-bit discrete logarithm of the rest 56 bits over some base in a large Galois field. – Edy Jun 04 '18 at 01:49
  • I agree that the map is not too massive but I would rather have it calculated on the fly... Do you think that this code is not breakable by classical computation? – Alex Jun 04 '18 at 12:01
  • @Alex I don't know whether this particular code can be "broken", but I do know there *are* hashing methods that ensure the only way to find the mapping of x bits is to calculate the results of O(2^x) inputs. Given this, you could either keep hoping someone crack this code, or start solving the problem using one of the methods that I mentioned (1) enumerate all 512k inputs, or (2) for any interested input, try 256 1st byte and see which one doesn't produce error. – Edy Jun 04 '18 at 16:35
  • @Alex BTW, accessing a pre-calculated map can be done "on-the-fly". In fact, many error control code libraries do that instead of using arithmetic calculations. – Edy Jun 04 '18 at 16:39
0

I can say what it is not. The first byte is not a CRC, nor is it any linear combination of the provided remaining bits over GF(2). It may be some other function of the following bits/bytes.

Mark Adler
  • 101,978
  • 13
  • 118
  • 158
  • That's right. I even tried to throw in the mix 0x3d4 (the message ID) and 0x08 (the DLC) but to no avail... – Alex Jun 03 '18 at 20:52