I have been working for a while on decoding various bits on the CAN-C (powertrain) network inside our Crossfires. The goal is to be able to read data for instrumentation, and to be able to write data to manipulate new functions, and one day add newer/better/more modern conveniences into a Crossfire. The reason for accessing the CAN bus directly is to use the tools the engineers put there to begin with, and learn to coexist with the bus. Too often, we simply have no understanding, so we apply hacks to get around the network, instead of working with the framework that was carefully engineered into our cars. I am intending that this is a long-term, ongoing thread, with contributions from people who have good knowledge of the system and those who want to learn.

I you don't know anything about CAN bus, there is a plethora of information about the basics of CAN bus, such as these links:
https://www.csselectronics.com/pages...intro-tutorial
https://projects.cs.ru.is/svn/honnun...bus-primer.pdf

This thread is not intended to teach about the basics of CAN, but rather to be a discussion about how to hook up to our vehicle, tools to read it from, and what projects people are doing. I also hope others will contribute to the growing number of identified CAN IDs and the data stored within them. Don't worry if this is over your head. It's not most people's area of expertise. However, if you are an electronics hobbyist and a car nut, then there's a lot to be learned and contributed to here.

There is a discussion brewing on this on SLKWorld, and I will try to bring some of that discussion into this thread, also. Below is from a post I made there, and hopefully, it will kickstart discussion on Crossfire Forum!

These IDs will give you the info you need to get some basic functions up and going. Everything in CAN-world is in hexadecimal, but locations of data are given in offsets in decimal number of bits. ie, offset 0 means that the data starts at bit 0 of the data field for that CAN ID, and offset 26 means that the data we care about starts at the 26th bit. There is also a length (usually abbreviated LEN), which will tell you the range of numbers for that data. If the LEN is 1, then it is a 1 bit flag (0 or 1). If the LEN is 8, then the range is 0-255. Sometimes the LEN is 3, meaning a number of 0-7. It follows a simple binary pattern. Oftentimes, there are several parameters to be found at a single CAN ID (which will make more sense, once you understand that the CAN ID is tied to a particular piece of hardware, like the ECU or TCU). The thing to remember is that none of these are data in English, and almost none are straight numbers. You will need to do some sleuthing and a bit of algebra to get real world numbers. Almost all units are metric, natively, but any system can be applied with said algebra. As humans, we like good round numbers for things, and sometimes we can figure items out, because the engineers who made all of this are humans, too.

Everything I will present will be CAN-C (powertrain) info, unless listed, as the R170/Crossfire only has a CAN-C bus. This is very, very far from a complete list. I will add to it in future posts, and will probably consolidate it all into a future thread. I really hope that some of you will take this info and run with it, helping us as a community to find additional info and how to use it.

The format of the info I will present is as follows:

CAN ID, OFFSET, LEN, Description.
0x0200, 0, 1, brake defect lamp on
0x0200, 1, 1, BAS lamp on
0x0200, 2, 16, vehicle speed
0x0200, 14, 2, brake switch state
0x0200, 50, 14, LF wheel speed for cruise

0x0208, 11, 1, Cruise mode off

0x0212, 0, 16, engine target idle speed

0x0218, 16, 4, target gear
0x0218, 20, 4, actual gear

0x0228, 0, 2, direction LF wheel
0x0228, 2, 14, LF wheel speed
0x0228, 16, 2, direction RF wheel
0x0228, 18, 14, RF wheel speed
0x0228, 32, direction LR wheel
0x0228, 34, 14, LR wheel speed
0x0228, 48, 2, direction RR wheel
0x0228, 50, 14, RR wheel speed

0x0230, 0, 1, W/S driving program
0x0230, 1, 1, driving program switch pressed
0x0230, 4, 4, gear lever position

0x0308, 0, 1, clutch pressed
0x0308, 8, 16, engine RPM
0x0308, 30, 1, check engine lamp on
0x0308, 29, 1, oil lamp on
0x0308, 39, 1, coolant lamp on
0x0308, 32, 1, oil temp high
0x0308, 40, 8, oil temp
0x0308, 48, 8, oil level
0x0308, 56, 8, oil quality

0x0338, 0, 16, transmission output speed

0x0408, 0, 8, fuel level
0x0408, 8, 1, driver door ajar
0x0408, 14, 1, fuel level low light on
0x0408, 40, 16, odometer

0x0410, 7, 1, A/C compressor on
0x0410, 8, 8, refrigerant pressure
0x0410, 40, 8, outside temp

0x0418, 8, 8, transmission driving program
0x0418, 16, 8, transmission temp
0x0418, 31, 1, kickdown switch
0x0418, 32, 4, target gear
0x0418, 36, 4, actual gear

0x0608, 0, 8, coolant temp
0x0608, 8, 8, intake air temp

 

This is a very good list! I think you covered all of the values I am using but I will go in and compare it to mine. Are you using US values? I'll add the formulas I used if needed

 

I am using US values, but of course, converting to any system is pretty straightforward. Compiling formulas for each would probably be very helpful to other players.

 

This is the beauty of digital (binary) hexadecimal language. Good luck with your very beneficial endeavor!


.

 

I've "stuck" this thread. I've wanted to take time and learn the CAN BUS, but between my work, personal life, hiking, motorcycling, there just is not enough time.
But WOW can you do some fun stuff once you learn the system.

 

What about the data bus between the convertible top, the central air/ security module, and the BCM? I have been trying to trace down the convertible top issue with a meter, checking voltages & continuity, from the rear top controller connector. I know the top controller talks to the bcm on a small 3 module network. I see it appears on different pins on the obd connector. My next step was to try & learn & read some bus data to see what I could come up with. Also wondering about what parameters I would need to copy over or change if I replace the bcm with another used one. I'm just getting started w/ my CAN bus (PCAN) tool. Glad to see this new thread!

 

It's all the same bus. The pins on the OBDII connector are for J1850 type diagnostics, only. They are proprietary. You do not copy/program the BCMs. You just get one setup for your model. There are four types. Coupe/Convertible, Limited/SRT6.