Yes, exactly, the MidCity one is the one I was thinking of! But yeah, if I were to get an EZS it would be a non-virgin one from a wrecked car. They seem to be going for around $100 USD with a matching key. Unfortunately I have not been able to find much documentation on the EZS module, all of the search results are clogged up with talk about key cloning and eeprom dumping etc, which is not the information I want.

As far as the trunk, there seem to be several PIDs labeled for "remote boot lid closing". Have a look at 0x018 or 0x019. I have not thought to sniff what happens when you pull the trunk switch.

 

That's great as our goals are the same. I'm using mr3020 router with OpenWRT as it has build-in wifi (new versions of rpi have wifi as well, but I dont own any of them). And outside of this can bus hacking things, I'm an iOS/macOS developer

 

Brings joy to my heart seeing this thread flourish again! I just wish we were all local so we could get together and jam.

 

Those little boxes are awesome! OpenWRT is so flexible. My day job is also in software development.

I live in the Santa Cruz area but work in the South bay. So almost local, if you're in Oakland! I've been keeping my eye on your build!

 

Is it possible to create a menu structure which can be controlled by the steering wheel buttons?

 

Oh my gosh! I'm thrilled to see the progress here! And those pictures of the cluster with the lines and text, amazing.

A menu structure could be possible easily by keeping track of the current menu/selected item on a Pi or any written application, then when detecting the steering wheel buttons, you push a new line of text to the screen - I would like to do this to have a few options just like 'Say Thanks' [Indicator left, then right, then left] and 'Windows all up' [Self explanatory].

Does anyone know if the recirculated air button when held sends an all windows up/down code??

I have been absent on making any progress with this but I've recently changed to a W216, hoping to continue my project. I wonder how much of the LCD speedometer I can mess with. I was thinking an LVDS solution to an android device to get navigation directly in front of me would be nice.

Looking back at this thread has got me motivated once again. Nice work all round! Well done.

 

Hello guys. does anyone perhaps have the PIDS to open and close the CD changer door mechanism. I cannot find my logs on the W211 and don't have a car to read the messages.

Many thanks

 

Kabeldavido.de used to sell a DVD enabler that allowed the CD changer door to open without having a CD changer in it. However, I just checked the site and can no longer find it.

 

Here's what I installed in order to allow the trunk lid to be closed using my key fob:

https://www.kufatec.de/shop/de/heckk...-e-klasse-w211

 

I built my own circuit before to handle this problem.

 

I want to use a CANBUS emulator for bench testing the CD door after repair and not for in car use.

 

Look into Linux and socketcan, you can buy an 80$ usb2can module and record, modify, get bus statistics and replay any captured bus information. Unlimited filters, etc.

 

Thanks for the reply Mitch. I use my own design CANBUS interface which uses a AT90CAN132 RISC chip.I also have interfaces from Microchip, CANDIP and some others as well. My problem is I cannot get a W211 to read the CAN messages for my application.

 

I understand, are you at least able to read packets from the bus with your device(s)?

 

Yes my device can read packets from multiple locations simultaneously and also send messages at the same time. Basically I asked if anyone had the CDC door CANBUS pids as I cannot find my logs on the W211. Failing getting help on the forum I must find a car to read the data. Thanks anyway.

 

Sdscan can read data and show exactly what ID is assigned to what message.

 

Hi Forum,

I've started can bus hacking my Android head unit radio for my A class W169.

I have a raspberry pi with mcp2515/tj1015 can controller/transceiver connected to the android radio.

I can send at 83.3 kbps and get can acks from radio in deep sleep or up.

I haven't found out what message to send to get the radio up from deep sleep yet, use Acc-Wire for now.

May be somebody can send me a can bus trace and I try to send it to my radio and then filter out what messages to send to the radio to get it up.

 

Due to the world wide exclusiv excellent information in this thread I now found out how to switch on my Android head unit radio by can bus after 1,5 months research.

I have to send id 0 FF two times to switch it on, id 0 00 to switch it off, all at 83 (,3 ??) kbps

with raspberry pi socket can this is:

sudo ip link set can0 up type can bitrate 83300 loopback off

cansend can0 000#FF
cansend can0 000#FF

cansend can0 000#00

especially helpful was:

https://github.com/jumph4x/can-bus-w211

describing lots of can ids including id 0 Byte 0 containing KL15 bits (Ignition / Acc)

 

Awesome! Another socketcan user. I really wish that the socketcan formatting would be a common format for all non-socketcan based software.

 

I'm lucky if I can turn on my lights, let alone get into this level of detail on Can B hacking. Kudos

 

Forgot about that thread, actually thought it's dead already. Glad to see that there's still some interest.

The short answer is no. But if you really want it, it can be done somehow. Instrumental cluster is very limited, it's designed to do what it does. It doesn't support creating of additional menu, but you can change existing menu, like service menu, but for this you need to inject you device between instumental cluster and CGW. Another option is to draw it on phone, or navi, or music menu. Unfortunately, that menus are also limited and you can draw only 2 big text lines in the center and 1 small text line at the top. The third option is to draw whatever you want with diagnostic messages, you can draw text, lines, squares and even single pixels, but for each command it takes about a second to update, so if you want to draw a menu with 5 text lines it will take 5 seconds



Sorry, but there's no PIDS for this door. The button on that door is connected directly to the controller that opens and closes that door. It can't be controlled over the CAN Bus.

 

I want to test a comand ntg 2.5 system on bench from an mercedes w211.
I have a arduino connected to a can shield with mcp2515 chip.
I search the ignition on can keys for sending over canb.
Can anybody help here ?

many thanks in advance

is this correct sketch with can keys for ignition on ???

// CAN Send Example
//

#include <mcp_can.h>
#include <SPI.h>

MCP_CAN CAN0(10); // Set CS to pin 10

void setup()
{
Serial.begin(115200);

// Initialize MCP2515 running at 8MHz with a baudrate of 80kb/s and the masks and filters disabled.
if(CAN0.begin(MCP_ANY, CAN_80KBPS, MCP_8MHZ) == CAN_OK) Serial.println("MCP2515 Initialized Successfully!");
else Serial.println("Error Initializing MCP2515...");

CAN0.setMode(MCP_NORMAL); // Change to normal mode to allow messages to be transmitted
}

byte data[1] = {0xff};

void loop()
{
// send data
byte sndStat = CAN0.sendMsgBuf(0x000, 0, 1 , data);
if(sndStat == CAN_OK){
Serial.println("Message Sent Successfully!");
} else {
Serial.println("Error Sending Message...");
}
delay(100); // send data per 100ms
}

 

Does anyone have code to share to control the buzzer inside the cluster?

 

Buzzer is controlled within the cluster and can't be driven via the bus

 

@enzo80,
Firstly the bus speed is 83.3kb not 80! Start there first