By T.K. Hareendran, contributing writer
A few weeks ago, I decided to buy a couple of cheap OBD-II adapters to start out some ethical hacking experiments. However, when looking for a reliable adapter on the market, you can get a lot of confusing information. This hands-on review will help you to avoid costly mistakes and make the right choice yourself.
Onboard Diagnostics (OBD) refers to any vehicle’s ability to register and report issues that may occur or have occurred within the system. Examples include low-performance, low-fuel economy and heavy emissions. OBD-I was first introduced in 1987 to standardize the onboard diagnostics across the industry. If you own a car built after 1996, however, it probably has an OBD-II port.
OBD-II uses a high-speed, two-wire bus that connects a variety of subsystems and runs at 500 kbps (actually ranging from 125 kbps to 900 kbps). The bus can, therefore, be used to access a wide range of vehicle information, including vehicle speed, engine rpm, oil temperature, and a diversity of other details. While the basic structure of OBD-II is the same for vehicles from different manufacturers, for the most part, the protocols may vary slightly. There are five notable signal protocols that are in use: SAE J1850 PWM, SAE J1850 VPW, ISO9141-2, ISO14230-4 (KWP2000), and ISO 15765- 4/SAE J2480 (CAN-BUS).
The primary style of warning the driver to any trouble that OBD-II detects is via a “check engine” light (or the MIL light). However, literally anyone with a proper scan tool can read the diagnostic trouble codes (DTCs) stored in the system to more specifically determine the problem with the vehicle. Professional mechanics use dedicated handheld scanners to make sense of these diagnostic trouble codes, and with some skill and patience, you can, too.
The OBD-II port allows for a scan tool, or anything else compatible with OBD-II, to be plugged in and access the DTC. The port is usually located under the dash on the driver’s side of the vehicle. It has slots available for 16 pins, but based on the specific signal protocol the vehicle supports, it may not actually use 16 pins. The OBD connector is officially named as SAE J1962 Diagnostic Connector, but is also known by diagnostic link connectors (DLCs), OBD port, or OBD connector, and looks like this:
One popular plug-in dongle for accessing the OBD port is the ELM327 OBD-II adapter. The ELM327 is one of a veritable family of OBD translators from ELM Electronics and contains a pre-programmed PIC18F2480 microcontroller customized with a proprietary code that implements the testing protocols. These devices allow users to obtain information from the OBD-II system when plugged into the car’s OBD-II port and can make that information available via Bluetooth or Wi-Fi. With this dongle as the middle man, abstracting the low-level protocols, you can turn your smartphone or tablet (with the help of a compatible app) into an incredibly handy scanner that reveals detailed information about your vehicle.
Likely, you can find such dongles on eBay, Amazon, AliExpress, or Google using the keywords “ELM327 OBD-II Adapters.” You will get results showing many dirt-cheap ELM327-based OBD-II adapters with Bluetooth or Wi-Fi radio interface from a number of sources. However, most of them are not real ELM327 — they are cheap Chinese knockoffs pretending to be ELM327. (For a look inside one, check out this teardown on EP’s sister site, EDN.) These knockoffs may not properly or fully implement the code for reading the OBD, which, at best, is annoying and, at worst, can mask important safety problems.
When I got my OBD-II adapters (both Bluetooth and Wi-Fi versions) from eBay, with the help of the app “Use freely ELM327” installed on a Windows 10 phone, I first tried the Bluetooth version. (Despite appearances, both the Bluetooth and Wi-Fi ELM327 adapters that I acquired are electronically identical; only their communications interfaces differ.) As an initial test, I just powered the OBD-II adapter with 12 Vdc taken from my lab power supply set to 12 Vdc/500 mA. Next, I sent a few AT commands through the app, and the adapter responded quickly as expected. In my case, the AT-I (status) command returned ELM327 v2.1, indicating the software version in use. Here is a random snapshot:
Some users, though, are reporting that clones marked as “v2.1” are not always what they claim. These clones are actually using a defunct firmware version that is merely masquerading as 2.1. This sleazy trick results in generic adapters that don’t appear to support all of the signal protocols. So be cautious. If you are searching for an adapter that safely plays with all protocols, opt for tried-and-true brands offered by reputable vendors.
If you’re not sure, testing your adapter further is pretty straightforward; just try the Android app “ELM327 Identifier” to assure your adapter’s credibility. ELM327 Identifier sends to your device almost all of the AT commands available and reports which commands the device supports in accordance with the ELM327 official datasheet (up to firmware v2.2). This lets you quickly check if your adapter’s declaration is correct or if it’s a fake adapter.
I’m sure that my adapters come with the correct v2.1 Elm Electronics firmware but don’t use the original (and expensive-to-license) Elm Electronics microcontroller chip. I think that mine use a cheesy chip instead, although with identical functionality and compatibility to the genuine Elm Electronics chip.
Recently, an updated device, the “ELM327 2.2 SM” based OBD-II adapter, has become available, as have its clones. An unfeigned v2.2 adapter has a genuine ELM327 2.2 SM core. To check, take note of the device’s microcontroller chip. The genuine (28-pin) ELM327 2.2 SM chip from ELM Electronics has their logo lasered into the top and has the dimensions of 7 x 18 mm. A clone chip may be square-shaped or may have smaller dimensions.
For the hacker
As you might guessed, it’s not very difficult to interface with a vehicle bus using the cheap Bluetooth (or Wi-Fi) ELM327 adapter. You can then make your own external hardware interfaces to interact with the vehicle in some specific mode or to build spectacular add-ons such as luxurious gauges, blinkers, beepers, heads-up displays, and the like. “Virtudash” is one such hardware design, offering an exciting open-source DIY project that aims to provide car-lovers a low-cost, customizable, and programmable car gauge. The hardware is based on Arduino and a modified ELM327 compatible adapter.
If you are going to create an add-on or the like, something to put on your wish list is the “Freematics OBD-II Emulator.” The emulator is an electronic device that simulates several original vehicle signals, making it an indispensable tool for OBD fiddlers. It saves the fuel and time that would otherwise be spent testing and debugging programs with real cars. Surprisingly, the emulator’s OBD-II female port is similar to the one in a real car; thus, OBD-II-compliant devices that plug into the emulator get powered and work as if plugged into the OBD-II port of a real car.
One final note: There is no “best” OBD-II adapter I can point you to. There are many picks on the market, so if you are out to buy a top-of-the-heap product and not just any middling one, you have to be willing to spend some more money and make your decision only after thorough research. Without such research, a fake version and a genuine version will appear no different from each other. However, there are marked changes between them in terms of safety and reliability!
For more of T.K.’s hands-on reviews, follow these links:
Hands-on review: ESP32 offers a powerful IoT-enabled MCU for novices and pros alike
Hands-on review: getting started with the Intel tinyTILE
Hands-on review: Open-source MinnowBoard Turbot SBC is fast, powerful, and versatile
Hands-on review: Analyze signals with free, open-source sigrok PulseView
Hands-on review: Plug-and-play your way to the IoT with Wio Link
Advertisement
Learn more about Electronic Products Magazine
