The0retical: Eavesdropping on the CAN bus is simple! In fact a decent ELM clone (scantool.net) can be used to monitor CAN network traffic. It isn't great at it, but it can do a lot! We use some higher priced adapters that just the chipset costs more than a eBay ELM adapter. This is pictured in Keith's post. Plug into the DLC (OBD2 connector for the uninitiated) and you'll see lots of bus traffic! Most vehicles ALL of the CAN networks can be accessed via the DLC. The standard location (pins 6 and 14) are the only "required" locations for CAN. There are lots of undefined spots on the connector that a manufacturer can use for a low speed bus for things like HVAC etc..
Why encrypt a data stream that is in a box that can't be opened? In reality its somewhat pointless. Unless you have physical access to a vehicle's wiring, you can't interface with the CAN bus. Manufacturers get in trouble when they forget certain vectors like bluetooth in radios cough Chrysler cough Jeep. Interesting side note, there is a new variant of CAN that is backwards compatible with CAN 2.0 (what we currently use predominantly) called CAN FD. This stands for flexible data. It can send 64 bytes of data in the same time CAN 2.0 sent 8. This opens the door for secure communication as each message now has room for unique keys etc.
To answer if its encrypted I'd have to ask you if you can understand this:
What if I told you that this data all contained MAP sensor reading, the absolute position of the steering rack, Steering effort, current gear, brake switch, estimated torque, accelerator position, engine speed, vehicle speed, and the X and Z axis acceleration of the vehicle. Hexidecimal without any reference point is one form of encryption.
A "consumer" solution is available today. Give me a ring :) It might be a bit to get you started but I have plenty of units on the shelf. Really if you want to mess with CAN things, get a RaspberryPi or Arduino and start there. When you want some advanced functionality, give me a call.
The process was rather simple to start. I spent four days at FM sitting in ND's poking and proding every function of the car. I had never looked at CAN data from an ND (or a Mazda for that matter) until then and I walked away with 40-50% of the know-how I have on the platform today. The rest of it came down to countless "Hey Keith, try this. Hey Keith try this and get me a log. Keith, did it do the thing? Keith, KEITH" The one nice thing is that I had already mapped out the GM values required from previous work with other conversions under private label.
Keith: In that photo we were listening to the vacuum pump module to simulate its CAN messages via our hardware so you could remove it from the vehicle without other modules complaining. This would be something that OP would need to do. Install that sweet new Skyactiv Engine in X car? It's going to complain it doesn't have a vacuum pump!
Also yes, I left FM and bought a ND about a month or so later as I'd always wanted a Miata but never felt like I fit...spending 2-3 days straight sitting in one helped me realize I do fit!
)
