Day 2 kicked off, surprisingly on time, with John Hardy from the UK. John returns again as our overseas battery testing expert. He reviewed his earlier battery testing methodology and cell types.
The Headway 38120S cell had no detectable voltage drift but the first cell failed after 600 discharge / charge cycles.
He tested a shunt balancing product which simply destroyed the pack in under 100 cycles. He is a fan of bottom-balancing your pack before assembly.
His CALB CA40fi cells lived beyond 2000 charging cycles and each of the 8 cells showed nearly identical voltage profile on the 2000th cycle, which is exactly what we want in our batteries.
John's full testing history shows that Lithium Ion batteries have no discernable drift and an extremely long charging cycle life.
John then moved to his current (no pun intended) testing of the Tesla-style 18650 LiFePO4 cells. He has developed a new charging algorithm so has asked us to not talk about his ideas until they're protected. I will say it's very sophisticated and looks very good! Hoping to hear good things in the future.
Session: Collin Kidder – CAN Bus Hacking Hardware And Software
Collin's work writing software to collect and analyze CANbus traffic of existing OEM automotive components has formed the cornerstone of the reverse-engineering innovation of the world-wide EVTV team. Due to his efforts we now can control the charger and DC-DC converters from Chevy Volts, the motor and controller for UQM/Coda vehicles, the motor and controller from Siemens/Azure Dynamics DMOC and the motor and controller from the Tesla Model S.
Collin recommends the EVTV CANDue 2.0 board as it has two complete isolated 2-wire and 1-wire CANbus connections, a temperature sensor, a MicroSD memory card slot for massive data logging and a 256kb EEPROM for persistent data storage. It is a standard Arduino shield, meant to be stacked on top of a standard Arduino Due processor board.
Another option is the EVTV Due board, which combines the features of an Arduino Due and a CANDue 2.0, but does not have a 1-wire CANbus port. It has a much stronger USB port and screw terminals for power and CANbus wiring.
Jack has developed a plug-and-play device in a box to plug directly into a Tesla Model S diagnostic port which is native CANbus and Tesla cannot disable it.
GVRET is Collin's CANbus sniffing tool, driving the hardware to capture all CANbus traffic. It is Arduino firmware and is flashed into one of the above boards.
SavvyCAN is a QT5-based app which is used to analyze the CANbus data captured by the hardware and GVRET. QT5 supports Windows, Linux and MacOS. It has sophisticated tools to visualize and filter messages and can also play back messages onto a live CANbus. This is critical to fast development of an independent controller for an OEM CANbus device with no manufacturer documentation.
DBC files are used to define signals that flow on a CANbus. As you reverse-engineer a device, DBC files save the knowledge gained and help SavvyCAN interpret the format of specific messages.
The reverse-engineering process is as follows:
- Find a convenient place to plug into the CANbus.
- Capture some bus traffic to see if it's working
- Go for a drive and capture real bus traffic
- Perform small discrete functions and save the traffic into separate small files, such as open the door lock, close the door lock, shift into neutral, press the brake pedal, etc.
- Launch SavvyCAN and isolate the meaningful messages
- Define newly discovered messages in a DBC file
- Play captured or synthesized messages back on the bus and see what happens
- Write software in a controller to perform that specific function.
Note that this is *not* easy and you will get better at message analysis as you see more devices and more ways of representing data.
Collin gave us a guided tour of SavvyCAN. There are many, many ways to visualize the data to help you find patterns and values leading to your solution.
We have to break for lunch, Collin will continue again later this afternoon.
Session: Craig Smith - Car Hacker's Handbook 2014. – Politics and Legal Environment of Automotive Security
We moved into the workshop area where Jack's Tesla drivetrain test bench is located. He showed us the control panel which operates contactors and simulated the brake pedal. He showed us the Arduino code that drives commands to the motor controller, and then he engaged drive and spun the unit up. He demonstrated forward, reverse and neutral and creep mode.
For longer video and a far more detailed description of the reverse engineering of the Tesla drivetrain, please see the relevant EVTV videos here.
Now we're packing up to go to the BBQ at Jack's house. It looks like this will be the first year we don't get rained out.