Back in 2018, an intriguing journey began with the purchase of a VXDAS Am3011 Obd2 Scanner. The goal wasn’t just to diagnose car troubles, but to delve into the device’s inner workings and explore its potential for repurposing.
This AM3011 OBD2 scanner, with its USB Mini port, buttons, and OBD2 interface, held the promise of hidden capabilities. Disassembling the unit revealed its core components: an STM32F103 SoC, SPI flash memory, voltage regulators, USB data lines, a buzzer, an LCD connector, LEDs, and a button ribbon cable. This seemingly simple setup was a blank canvas for creative exploration.
Initial Exploration and Challenges
The first hurdle was extracting the existing firmware. Despite initial setbacks, collaboration with colleagues led to a breakthrough: the ability to erase the pre-programmed firmware and write custom code. This opened up a world of possibilities, transforming the AM3011 into a platform for personalized applications.
The process began with meticulous pinout tracing and mapping of the PCB, aided by the STM32F103 datasheet. Success came with implementing a simple program that enabled the device to function as a Mass Storage Device (MSD) when connected to a computer.
However, a misstep in disabling the SWD functionality rendered the original device unusable. This highlighted the delicate balance between experimentation and caution when working with embedded systems. Undeterred, the project continued with the acquisition of new devices for further exploration.
Exploring Alternatives and Expanding the Project
The search for alternative devices led to the IsYoung NL100, featuring an NXP LPC1754 MCU and a wealth of information silkscreened onto the PCB. While promising, an accidental damage to the SPI flash chip temporarily halted progress on this front.
Concurrently, an ANCEL AD410 with a color screen and more advanced features was acquired. This device, also based on a GD32F103 SoC, introduced new challenges and opportunities, particularly in understanding the complex pinout of the color LCD screen. Despite reaching out to the manufacturers, obtaining official documentation for the screen proved unsuccessful.
Collaboration with another researcher working on a similar project with a different OBD2 device fostered the sharing of information and code, creating a synergistic environment for tackling common challenges.
Success with the JDiag JD-101
The arrival of a JDiag JD-101 marked a significant turning point. Although equipped with a GD32 microcontroller instead of an STM32, the code compatibility was high. By leveraging knowledge gained from previous devices, particularly the IsYoung NL100’s screen pinout, the screen functionality on the JDiag JD-101 was successfully deciphered.
Connecting to the device via SWD using an ST-LinkV2 debugger allowed for a full chip erase, bypassing the CRP protection and enabling custom firmware to be loaded.
Future Possibilities and Next Steps
With the ability to program the JDiag JD-101, the possibilities are vast. From developing simple games like Tetris to creating a USB HID emulator for security testing or even a CAN bus fuzzer, the repurposed OBD2 scanner can become a versatile tool.
The journey continues with further investigation into the device’s hardware, including the buttons, SPI flash, and CAN transceiver, to unlock its full potential. Future articles will delve into the specifics of writing custom firmware for this device, covering topics such as setting up an STM32 project and utilizing the existing hardware components.
