I'm trying to use my smartphone to move my cars windows up and down. I recorded the CAN traffic two times by using AT MA. First time I just turned the ignition on. The second time I pushed the buttons for the electric windows.
I guess the PIDs for the window are the ones which didn’t occur in my first log file…
Now I want to try this by sending the bytes back but how can this be done with the ELM 327?
This is a message I received:
400 23 00 00 00 00 00 00 00
I already tried to set the header by doing:
AT SH 400
And then I wrote the remaining bytes to the stream:
23 00 00 00 00 00 00 00
But this seems not to be the cheat…
Cheers,
Stefan
Related
I was reading in the CANopen device number EL6751-0010, of course, using the SDO reading command, which I did as follows:
603 | 40 7A 60 00 00 00 00 00
and gave me the following error:
583 | 80 7A 60 00 00 00 02 06
I realized that this object does not exist.
What should I do to find all the objects of an Object Dictionary?
Finally, I can write and read code in the right place.
I am trying to remote authentication for tachograph. I have a problem between tachograph and can bus communication. i am successful open session 10 7E and send company card ATR. But when i passed to authentication of company card.
i send : 0x31,0x01,0x01,0x80,0x03.
tacho respond: 10 0C 71 01 01 80 04 00
i send fc : 30 00 14 00 00 00 00 00
but tacho not respond me. Can anyone give me any idea?
I'm programming a low level communication with an Epson tm-t88iv thermal printer on a Linux device, which receives only hexadecimal packages. I have read the manual trying to understand how the checksum is built but i can't manage to recreate it.
the manual says that the checksum are 4 bytes representing the 2 bytes sum of all the data in the package sent.
I have currently four working examples I found by listening to a port on a windows computer with a different program. the last 4 hexadecimals are the checksum (03 marks the end of the data and is included in the checksum calculation, according to the manual).
02 AC 00 01 1C 00 00 03 30 30 43 45
02 AC 00 00 1C 80 80 1C 00 00 1C 00 00 1C 03 30 32 32 31
02 AD 07 01 1C 00 00 1C 31 30 03 30 31 35 33
02 AD 00 00 1C 80 80 1C 00 00 1C 00 00 1C 03 30 32 32 32
I have read somewhere that there is a sum32 algorithm but i can't find any example of it or how to program it.
Wow, this is a bad algorithm! If someone else finds himself trying to understand Epson's terrible low-level communication manual, this is how the check-sum is done:
The checksum base is 30 30 30 30
Sum in hexadecimals all of the data package (for example, 02+89+00+00+1C+80+80+1C+00+01+1C+09+0C+1C+03 = 214)
Then separate the result digit by digit, if its a letter add 1 to the value (for example B2 would be 2|1|4).
sum it to the checksum base number by number starting from right to left (this would be a checksum of 30 32 31 34).
Note: It works perfectly, but for some reason the examples I posted above don't seem to match so much. They are all the printers response, but slightly after it got a hardware problem and had to be reformatted by technical support, so maybe it got fixed.
I hope it helps somebody somewhere.
I'm trying to get the url of the *.flv from any youtube video. I used wireshark to analyize the traffic. I have also an addon for firefox which downloads the videos from youtube. It has a feature where I can see the direct url to the *.flv video.
So far I got this :
http://r1---sn-i5onxoxu-i5hl.c.youtube.com (it's the host) This matches to what the downloaders url is.
followed by
"videoplayback?" and then some video specific stuff I guess. And that's exactly what I cannot figure out. The downloader starts with the host, followed by this and then some other stuff.
What I did was capturing the packages. Then I searched in http requests for "/videoplayback?...". I just added it to the host but it doesn't work.
Can someone help me? What do I have to put after the host? And where do I find it?
This is what I figured out so far.
I watched the same video Wireshark - Using Dumpcap to capture to disk by Mike Pennacchi.
After capturing the packets and saving the file, apply the following display filter:
http.request.full_uri contains "range"
There are 3 packets displayed in my file:
735
2708
4615
Select the first packet, go to Packet details and expand Hypertext Transfer Protocol.
Right-click on Full request URI [truncated]: and select Copy -> Value and paste the url in a text file.
Copy also the url's (see Note) from the other packets and you get a list similar to this one:
http://r2---sn-5hn7zn7k.c.youtube.com/videoplayback?algorithm=throttle-factor&burst=40&cp=U0hWR1FUTl9GT0NONl9JTlJBOlBwSjNTRTA0azVw&cpn=B84QkSbXB7EAaDfs&expire=1372190015&factor=1.25&fexp=935500%2C910100%2C929227%2C916613%2C921047%2C928201%2C901208%2C929123%2C929915%2C929906%2C929907%2C929125%2C925714%2C929917%2C929919%2C931202%2C912512%2C912515%2C912521%2C906838%2C904488%2C906840%2C931910%2C931913%2C932227%2C904830%2C919373%2C933701%2C904122%2C900816%2C926403%2C909421%2C912711%2C935102&id=6ca6b1fa4c861ff9&ip=my ip address&ipbits=8&itag=34&keepalive=yes&key=yt1&ms=au&mt=1372168727&mv=m&newshard=yes&range=13-1781759&ratebypass=yes&signature=D8D28CBCD4AAC5F46901397219F62CB04D3C6290.114129F2F93249AC4D88DF184C7D47C9929B3232&source=youtube&sparams=algorithm%2Cburst%2Ccp%2Cfactor%2Cid%2Cip%2Cipbits%2Citag%2Csource%2Cupn%2Cexpire&sver=3&upn=9RmkbstttTM
http://r2---sn-5hn7zn7k.c.youtube.com/videoplayback?algorithm=throttle-factor&burst=40&cp=U0hWR1FUTl9GT0NONl9JTlJBOlBwSjNTRTA0azVw&cpn=B84QkSbXB7EAaDfs&expire=1372190015&factor=1.25&fexp=935500%2C910100%2C929227%2C916613%2C921047%2C928201%2C901208%2C929123%2C929915%2C929906%2C929907%2C929125%2C925714%2C929917%2C929919%2C931202%2C912512%2C912515%2C912521%2C906838%2C904488%2C906840%2C931910%2C931913%2C932227%2C904830%2C919373%2C933701%2C904122%2C900816%2C926403%2C909421%2C912711%2C935102&id=6ca6b1fa4c861ff9&ip=my ip address&ipbits=8&itag=34&keepalive=yes&key=yt1&ms=au&mt=1372168727&mv=m&newshard=yes&range=1781760-3563519&ratebypass=yes&signature=D8D28CBCD4AAC5F46901397219F62CB04D3C6290.114129F2F93249AC4D88DF184C7D47C9929B3232&source=youtube&sparams=algorithm%2Cburst%2Ccp%2Cfactor%2Cid%2Cip%2Cipbits%2Citag%2Csource%2Cupn%2Cexpire&sver=3&upn=9RmkbstttTM
http://r2---sn-5hn7zn7k.c.youtube.com/videoplayback?algorithm=throttle-factor&burst=40&cp=U0hWR1FUTl9GT0NONl9JTlJBOlBwSjNTRTA0azVw&cpn=B84QkSbXB7EAaDfs&expire=1372190015&factor=1.25&fexp=935500%2C910100%2C929227%2C916613%2C921047%2C928201%2C901208%2C929123%2C929915%2C929906%2C929907%2C929125%2C925714%2C929917%2C929919%2C931202%2C912512%2C912515%2C912521%2C906838%2C904488%2C906840%2C931910%2C931913%2C932227%2C904830%2C919373%2C933701%2C904122%2C900816%2C926403%2C909421%2C912711%2C935102&id=6ca6b1fa4c861ff9&ip=my ip address&ipbits=8&itag=34&keepalive=yes&key=yt1&ms=au&mt=1372168727&mv=m&newshard=yes&range=3563520-5347327&ratebypass=yes&signature=D8D28CBCD4AAC5F46901397219F62CB04D3C6290.114129F2F93249AC4D88DF184C7D47C9929B3232&source=youtube&sparams=algorithm%2Cburst%2Ccp%2Cfactor%2Cid%2Cip%2Cipbits%2Citag%2Csource%2Cupn%2Cexpire&sver=3&upn=9RmkbstttTM
Check the range; it is in these long url's:
range=13-1781759
range=1781760-3563519
range=3563520-5347327
Copy the first url and paste it in your browser.
Now you can download and save the first fileas videoplayback_Pennacchi01.
Repeat the steps for parts 2 and 3.
There are a couple of steps to go, before you can play the file.
Open the file videoplayback_Pennacchi01 in a hex editor.
The file starts with:
12 00 03 4B 00 00 00 00 00 00 00 02 00 0A 6F 6E ...K..........on
Prepend the the FLV header:
46 4C 56 01 05 00 00 00 09 00 00 00 00 FLV..........
Now the file looks like:
46 4C 56 01 05 00 00 00 09 00 00 00 00 12 00 03 FLV.............
4B 00 00 00 00 00 00 00 02 00 0A 6F 6E 4D 65 74 K..........onMet
Move you cursor to the end of file 01.
Open files 02 and 03 and copy and paste the content of the files into file 01.
Now you are ready to play the video.
Note 1
These links expire after some time: expire=1372190015
Convert Unix timestamp to Readable Date/time: Tue, 25 Jun 2013 19:53:35 GMT
You can also reconstruct the FLV file from the capture file.
Go to File -> Export Objects -> HTTP
look for Content Type video/x-flv.
Select the first one, hit Save As ans save the file.
Save also the other 2 parts.
Merge the files in order and prepend the FLV header.
Note 2
It used to be very easy. Apply display filter (http.request.method == "GET") and grab the URL from GET request containing /get_video?video.... But things have changed...
Why does bios read at partition's boot record at 0000:7c00 ? What is special about that address ? what ':' doing in referencing an address ?
The simple answer is that 7C00h is 1k (512 bytes for the boot sector plus an additional 512 bytes for possible boot sector use) from the bottom of the original 32k installed memory.
The happy answer is that org 7C00h has become synonymous with boot sector - boot loader programming.
The ":" is a holdover from segmented memory days, when PCs ran in real mode and could only do 64K at a time. The number to the left of the ":" is your segment, the number to the right is your address.
The windows debug command accepts this notation if you want to poke around in memory yourself:
C:\Users\Seth> debug
-d0000:7c00
0000:7C00 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0000:7C10 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0000:7C20 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0000:7C30 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0000:7C40 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0000:7C50 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0000:7C60 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0000:7C70 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
With regard to this particular address, it's just an address that was picked to load the MBR, See: https://web.archive.org/web/20140701052540/http://www.ata-atapi.com/hiwmbr.html
"If an MBR is found it is read into memory at location 0000:7c00 and INT 19 jumps to memory location 0000:7c00"
In the original IBM PC it was thought inconceivable to have more than 32K RAM. In segmented addressing terms this is 0000:8000 where 8000 hex is 32768 decimal. The fashion of the time was for the BIOS POST conclude by loading the Boot Sector of the floppy in A: or the Master Boot Record of the hard drive in C: at the location 512 bytes below the top of memory which means subtract 0200 hex from 8000 hex to get 7C00. So the boot sequence loaded the first valid 512 byte first sector into, and then set the Instruction Pointer to 0000:7C00 to execute it. I used to write the code for these first sectors to load the operating system.
Read this article:
http://en.wikibooks.org/wiki/X86_Assembly/Bootloaders
From the above URL, BIOS (which is effectively PC hardware) will make the jump to memory at 0000:7c00 to continue execution in 16-bit mode.
And to quote from above:
A bootloader runs under certain conditions that the programmer must appreciate in order to make a successful bootloader. The following
pertains to bootloaders initiated by the PC BIOS:
The first sector of
a drive contains its boot loader.
One sector is 512 bytes — the last
two bytes of which must be 0xAA55 (i.e. 0x55 followed by 0xAA), or
else the BIOS will treat the drive as unbootable.
If everything is in
order, said first sector will be placed at RAM address 0000:7C00, and
the BIOS's role is over as it transfers control to 0000:7C00. (I.e. it
JMPs to that address)
So from bootup, if u want the CPU to start executing your code, it has to be located in memory at 0000:7c00. And this part of the code is loaded from the first sector the harddisk - also done by hardware. And it is only the first sector which is loaded, the remaining of other parts of the code then have to be loaded by this initial "bootloader".
More information on harddisk's first sector and the 7c00 design:
http://www.ata-atapi.com/hiwdos.html
http://www.ata-atapi.com/hiwmbr.html
Please don't confuse with the starting up mode of the CPU - the first instruction it will fetch and execute is at physical address 0xfffffff0 (see page 9-5):
http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-vol-3a-part-1-manual.pdf
and at this stage it is executing non-volatile (meaning you cannot reprogram it easily, and thus not part of bootloader's responsibility) BIOS code.