I am an electronics enthusiast and a "universal repairman" with more than 20 years of repair experience. Here are some of my repair stories.
As mentioned earlier, I am very unfamiliar with brand B, so I came here biting the bullet. The inspection found that the license of the host computer software had expired and stopped running, causing on-site problems. Sure enough, I encountered a tough nut.
If it were a local project and the investment cost was not high, I would accept the loss. After all, the industry circle is small, and it is best not to get involved in economic disputes. But this is an out-of-town project. Not to mention wasting a day, the explicit costs such as vehicle consumption, fuel consumption, and road and bridge tolls are too high, so we will lose money properly.
Is my wisdom in the first half of my life about to collapse? The dealer Mr. W’s longing eyes and my shriveled wallet made me deep in thought. They are not willing to give in.
Otherwise try to crack it. It is no longer realistic to crack the software, let’s start with the hardware.
Cracking ideas: test CAN message parameters -> find a project that is running normally, intercept the reset command -> return to the project, simulate reset -> check the scene -> receive payment, cheers.
Step one: Test the CAN message parameters and check the feasibility. Disconnect the CAN communication line going to the scene from the host computer, connect the "CAN analyzer" of a railway aviation company to the CAN network on site, open the virtual serial port with serial port software on the notebook, and try the baud rates one by one. At 10K, I happily received the message. The message format is: [19DA1860] [08] 06 EB E5 68 57 BF D2 30. Among them, 0x19DA1860, which must be CANID in CAN2.0B format, is used to represent the distribution box on site; 0x08 represents the number of data bytes; 0xEB E5 68 57 BF D2 30 represents data, and the specific meaning is unknown.
Step 2: Call the dealer and ask if there are any projects nearby. The dealer said, "Yes, it's the same item that was repaired when we first met." So I pretended to be a maintenance worker serving that project, and entered the fire control room with a guilty conscience. I looked around and saw that the B brand host was broken and the power indicator light was not on. After some inspection, I gave up decisively.
I called the dealer again and asked the dealer to find another project that was in the commissioning period. So I pretended to be a technician from Brand B and once again entered the control room with a guilty conscience. I still use a certain railway airline to connect to the CAN network. After some operations on the host computer, I successfully intercepted a bunch of CAN data on the notebook. When I came out, it was already 9 o’clock in the evening. Everything went well. I was satisfied and found a place to live, and then ate Treat yourself to the 20 yuan Wallace set meal. A night of silence.
Step 3: The next morning, rush to the project, set up your laptop, and disconnect the host computer from the on-site CAN. Connect the "CAN analyzer" of a certain railway airline to the on-site line, and simulate and send the data intercepted yesterday on the laptop. I briefly analyzed the rules and found that 0x00000020 seems to be a public address, so the command with CANID 0x00000020 can be simulated and sent first. As mentioned earlier, when a certain railway airline sends data, it must send it in the format: "0xAA CC [32-bit CANID] [length] specific data DD". Apply the data intercepted yesterday according to the above format. When the second message is sent, there are multiple responses immediately on site. Looks like there's something going on.
Step 4: Go to the scene to check, dear, friends of the sign lights, they are all alive, they are shining with green light, staring at me like pairs of clear big eyes, as if they are giving me praise with their eyes. Return to the host computer, connect the on-site CAN back to the host computer, and go to the site to check. Some partition lights are not on. It must be that the host computer is playing tricks again. Disconnect the host computer, follow step three again to send the command, conduct a comprehensive inspection of the site, and all the lights will be on. Naais! So happy.
Step 5: Call the manager and ask the property to inspect and confirm. I called the dealer, Mr. W, and he happily transferred the travel expenses. cheers!
The problem was temporarily suppressed and money was made, but the system was not completely solved. Mr. W also hopes that the fire host can be linked when there is a fire alarm so that the emergency lighting on site can be lit. Because the host computer software is causing trouble, this function cannot be implemented. If the software authorization problem of the host computer continues to be unresolved, and Mr. W has financial support, I plan to crack the linkage command, and then save a piece of hardware to replace the host computer to send reset and linkage commands.
I'm looking forward to it, but Mr. W's wallet shouldn't be looking forward to it.
(Code is not easy to write, please indicate the source when reprinting)