Hacking the GM Low Speed LAN

[Ross]

Modified the file to share with anyone who has the link. Try again.

 

[Ross]

New use case: If we put a arduino between the BCM and the instrument cluster (IC), we could intercept the mileage coming from the BCM, subtract a given offset, and transmit the new mileage to the IC. In hacking terms, it is a man-in-the-middle attack. Then you wouldn't need to send off your ODO to be zeroed, and if you got a new BCM (like I did) then you can just apply the appropriate offset to make the mileage the same as before.

 

[AZmoto]

New use case: If we put a arduino between the BCM and the instrument cluster (IC), we could intercept the mileage coming from the BCM, subtract a given offset, and transmit the new mileage to the IC. In hacking terms, it is a man-in-the-middle attack. Then you wouldn't need to send off your ODO to be zeroed, and if you got a new BCM (like I did) then you can just apply the appropriate offset to make the mileage the same as before.

That's exactly what these guys do.

18 in 1 universal can filter: Search Result | eBay

Buy and sell electronics, cars, fashion apparel, collectibles, sporting goods, digital cameras, baby items, coupons, and everything else on eBay, the world's online marketplace

www.ebay.com

The good news is that the microcontroller is unprotected and can be reprogrammed.

https://dangerouspayload.com/2020/03/10/hacking-a-mileage-manipulator-can-bus-filter-device/

 

[Ross]

Interesting that it is readily available... but for BMWs and other German cars. So far I can't find one for our Cobalts.

Ebay also sells "Digiprog 3 Car Mileage Correction Odometer Adjustment Diagnostic Tool V4.94"
Which claims to do some chevrolet vehicles, but not Cobalt.

 

[AZmoto]

If you buy an STM32F1 programmer with a SWD interface you can re-program the board to do whatever you want.

 

[ServerDummy]

Do you still happen to have your code and wiring diagram? Also were you using a 8mhz or 16 mhz clock on the transceiver module.

 

[Ross]

I was hacking this 3 years ago... I learned that the arduino wasn't capturing all the data. I think it was too slow.
There is more info on this forum about getting data straight off the memory chip on the BCM. More info here.
I need to try the 5V mod mentioned here, and see if I can set the ODO.

 

[ServerDummy]

I knew it was a bit of a long shot but I haven't seen much online about lowspeed gmlan. Im currently working on a opensource driver ADAS called Openpilot and the gmlan lowspeed contains the blind spot monitoring signals as well as some other features not available over regular highseed canbus that are important for self-driving features.

Thanks for the other information ill take a look and see if it may work as well.