Building a CAN Bus Sniffer

I needed a way to sniff the interior CAN bus of my Jeep Wrangler to debug my audio problems.  After some internet sleuthing I can across these sites:

It was apparent that I could build a sniffer, though it would cost a few bucks.

Copperhill Technologies sells a CAN bus interface and enclosure for the RaspberryPi 3. I was already familiar with the Pi having done some work on a Pi Zero so I bought them both along with a new Pi 3B.

The nice thing about this interface is its built in switching power supply that accepts 12V outputs 3.3V directly to the Pi.  Perfect!  12V is readily available inside the Jeep.

I didn’t want to have to cut either of the Jeep/Seicane harnesses because I still wasn’t completely convinced I’d keep the unit.  It was not easy but I did find male and female harnesses from Metra.  There are cheaper versions out there but I could not get shipping to Canada.

Link: Stereo/head unit female end

Link: Jeep Wrangler factory male end

I soldered these together so that they fit in between the Seicane and the Jeep harnesses. I tapped into the CAN bus +/- lines and the 12V/0V wires for the powering the Pi. All I had laying around was 22 gauge solid connection wire to get these voltages to the Pi but it made do.

Everything I needed.
Pinout of the female harness.

On the RaspberryPi side I soldered the male end of a 4-pin I2C connector purchased from Amazon (link) to the wires I had just spliced in between the harnesses.  I tinned the leads of the female half of that same cable and stuck them into the CAN bus interface.

Voila, almost looks like I know what I’m doing!

This left me with a harness I could plug directly between the stereo and the jeep without needing to permanently splice any wires inside the vehicle. It had a three foot lead that I could plug in/out of the Raspberry Pi using the I2C connector that carried +12V, 0V, CAN+ and CAN-.

Software

After setting up Raspbian it was easy to follow the instructions here to get the CAN interface up and running under Linux.  There happens to be a really nice CAN package for Linux already available called can-utils.  All I had to do was compile it on the Pi and I could start sniffing the bus.

Testing

The next step was to wire everything up to the Jeep. The Pi powered up the very first try!  Whew!  In order to connect to the Pi I used my phone as a WiFi hotspot and ssh’d in from a laptop. I used “ip neigh” on an Android terminal to view the IP address the Pi acquired through DHCP.

Things went south quickly after that. When I turned the Jeep’s ACC on the instrument cluster display went wonky.  After a bit of debugging and re-reading Chad’s blog the fix was simple: I had set the wrong speed on when configuring the CAN interface in Linux.  It runs at 125 Kbps not the 500 Kbps I had originally specified in the /etc/network/interfaces file.

First thing I did was to sniff the bus to see messages coming out of the Seicane’s CAN adapter.  I knew to look for id = 0x3d9 from the Chad’s blog so it was easy enough to find.  Here it is:

3d9 1c 0a 0a 0a 0a 00

0x3d9 – device address
0x1c – amplifier gain (0x0 – 0x26)
0x0a – balance (0x1 – 0x14)
0x0a – fade (0x1 – 0x14)
0x0a – bass (0x1 – 0x14)
0x0a – mid (0x1 – 0x14)
0x0a – treble (0x1 – 0x14)

This told me the following:

  • The gain (volume) was set to 28 out of max value of 38 – very high.
  • 0x0a = decimal 10, which is right in the middle of the available range. Balance, fade, bass, mid, treble were all neutral. This is the default setting with the factory stereo.

There’s lots of other messages there as well but I’ll leave that to a future post.