I'm ready start spending some intimate time with the CAN bus...

parb · Tuesday at 1:36 AM

so did i hear it right on the grenadierworks podcast that ineos went to encrypted can bus messages? So i can't tap into the bus and use candump toolkits to see what actually is going on in the car?

I get that i can see a lot on the ODB2 gateway but i would love to spend more time seeing what actually is happening on CAN. Assuming they use a lot of bosch gear i think its not craxy hard to reverse engineer?

Anyone played around with the canbus yet? Does right to repair act (Massachusetts and Wisconsin) get us access to unencrypted canbus messages to explore what actually is going on in the vehicle?

Rupert · Tuesday at 2:02 AM

I don’t have an answer, but I like the way you think!

parb · Tuesday at 2:06 AM

I'll take something basic, like does anyone know of a bundle where its easy to tap into the canbus? Do we even know how many buses they have. i assume we will never quite get to know the details but i would love if i could get my hands on a DBC file and look around the bus a bit...

LRNAD90 · Tuesday at 3:52 AM

Manufactures are already lobbying to 'stretch' current law to prosecute owners for 'modifying' their vehicles..

https://www.autoblog.com/maintenance/automakers-gearheads-car-repairs

Itsdchz · Tuesday at 1:51 PM

parb said:
so did i hear it right on the grenadierworks podcast that ineos went to encrypted can bus messages? So i can't tap into the bus and use candump toolkits to see what actually is going on in the car?

I get that i can see a lot on the ODB2 gateway but i would love to spend more time seeing what actually is happening on CAN. Assuming they use a lot of bosch gear i think its not craxy hard to reverse engineer?

Anyone played around with the canbus yet? Does right to repair act (Massachusetts and Wisconsin) get us access to unencrypted canbus messages to explore what actually is going on in the vehicle?

Par - I have multiple OBD tools that I have acquired for this purpose… nothing yet, but you and I are so on the same page- @GrenX is reportedly in the lead with this endeavor…..

Krabby · Tuesday at 2:10 PM

tristand · Tuesday at 10:21 PM

parb said:
I'll take something basic, like does anyone know of a bundle where its easy to tap into the canbus? Do we even know how many buses they have. i assume we will never quite get to know the details but i would love if i could get my hands on a DBC file and look around the bus a bit...

This might answer at least one of your questions.

I've been meaning to have a snoop but haven't found time yet. I suspect it's not encrypted and is pretty simple, vehicle can and lin systems generally are - apart from firmware update functions.

Tristan

nzmark · Tuesday at 10:28 PM

tristand said:
This might answer at least one of your questions.

I've been meaning to have a snoop but haven't found time yet. I suspect it's not encrypted and is pretty simple, vehicle can and lin systems generally are - apart from firmware update functions.

Tristan

Wow! And thank you!! Got any other interesting images?

Korg · Tuesday at 10:44 PM

parb said:
so did i hear it right on the grenadierworks podcast that ineos went to encrypted can bus messages? So i can't tap into the bus and use candump toolkits to see what actually is going on in the car?

I get that i can see a lot on the ODB2 gateway but i would love to spend more time seeing what actually is happening on CAN. Assuming they use a lot of bosch gear i think its not craxy hard to reverse engineer?

Anyone played around with the canbus yet? Does right to repair act (Massachusetts and Wisconsin) get us access to unencrypted canbus messages to explore what actually is going on in the vehicle?

Better watch out that you don't turn your Grenny into this

NQ94 · Tuesday at 11:47 PM

Korg said:
Better watch out that you don't turn your Grenny into this
View attachment 7918683

CAN injection has likely been worked out in Melbourne. Toyotas are just easier to off load and draw less attention then a young fella in a stolen Grenadier.

parb · Wednesday at 1:04 AM

tristand said:
This might answer at least one of your questions.

I've been meaning to have a snoop but haven't found time yet. I suspect it's not encrypted and is pretty simple, vehicle can and lin systems generally are - apart from firmware update functions.

Tristan

This is helpful. i i will start with the ODB port and see how much the gateway is filtering.
the BMW Motor control unit (8.6) is a well known unit so i suspect its messages won't be super hard to decode.

This will take a minute to figure out..

Korg · Wednesday at 1:50 AM

NQ94 said:
CAN injection has likely been worked out in Melbourne. Toyotas are just easier to off load and draw less attention then a young fella in a stolen Grenadier.

Someone has worked some of it out - Ultimate 9 my throttle controller works fine in the Grenny...maybe that's not CANBUS though.

nzmark · 2026-01-10T08:14:42+0000

parb said:
This is helpful. i i will start with the ODB port and see how much the gateway is filtering.
the BMW Motor control unit (8.6) is a well known unit so i suspect its messages won't be super hard to decode.

This will take a minute to figure out..

I've got a CANbus interface hooked to a Raspberry Pi and the gateway filters almost everything to the OBD port. We need to get behind the gateway, but it's mooted that it's encrypted too.

RY-Journeyman · 2026-01-10T08:34:08+0000

nzmark said:
I've got a CANbus interface hooked to a Raspberry Pi and the gateway filters almost everything to the OBD port. We need to get behind the gateway, but it's mooted that it's encrypted too.

Encrypted canbus so we don’t have the Toyota “easy as pie” theft issue.

NQ94 · 2026-01-10T09:50:07+0000

RY-Journeyman said:
Encrypted canbus so we don’t have the Toyota “easy as pie” theft issue.

Thieves are not looking for Greadiers, they want cars that people know about, want, easy and quick to off load whole or as parts on the black market.

Tazzieman · 2026-01-10T09:55:27+0000

NQ94 said:
Thieves are not looking for Greadiers, they want cars that people know about, want, easy and quick to off load whole or as parts on the black market.

Certainly not anything with as horrific as an overdue service reminder glitch

RY-Journeyman · 2026-01-10T10:08:02+0000

NQ94 said:
Thieves are not looking for Greadiers, they want cars that people know about, want, easy and quick to off load whole or as parts on the black market.

Or ship to Africa in containers. Or steal to order for Eastern Europe or the Middle East. All of which makes all cars fair game. Range rovers and land rovers for a while became almost uninsurable in th UK was what I reads while back. All stolen to order and shipped overseas.

I am glad the Ineos software is locked down. I am delighted nay ecstatic that it can not have over the air updates or be scuttled or hacked by people over the air. And I am delighted it has a key so key relay type thefts are impossible on the Ineos.

Security might be inconvenient yes but secure by design even if it is retro design is a godsend in today’s ever more connected and hackable world.

And a personal update - I still don’t get to drive my grenadier yet. It’s in Christchurch undergoing NZ compliance checks and getting a warrant of fitness in the queue with over 230 vehicles that came off the same ship. Might be a few more days yet.

Search

Search

I'm ready start spending some intimate time with the CAN bus...

parb

Rupert

#4082

parb

LRNAD90

Itsdchz

Krabby

Global Grenadier 76

tristand

Attachments

nzmark

Korg

NQ94

parb

Korg

nzmark

RY-Journeyman

NQ94

Tazzieman

Photo Contest Winner

RY-Journeyman

Similar threads

Latest posts

Share this page