• Steel Soldiers now has a few new forums, read more about it at: New Munitions Forums!

  • Microsoft MSN, Live, Hotmail, Outlook email users may not be receiving emails. We are working to resolve this issue. Please add support@steelsoldiers.com to your trusted contacts.

AMMPS Generator Series Remote Data

R

R1ckyb0nd

Member
47
11
8
Location
Ct
R

R1ckyb0nd

Member
47
11
8
Location
Ct
Icesythe7 said:
C++ just on my computer using a virtual com port at the moment, once I understand how it works I can port it to an stm32 (Arduinos will not be able to communicate since they have some lines tied high[unless you make a new pcb and reroute them but why use an arduino anyway when better MCU's exist like esp's stm32's and pico's XD]), I posted above how you can do the same with com0com and the code
Click to expand...
I understand using C++ and a microcontroller. But what are you using to base your emulator code off of if we do not understand the connection and data yet.

Are you hoping the DLLs that come with inpower are able to do the generator side. Or do you have the generator side code?.
 
I

Icesythe7

Active member
Steel Soldiers Supporter
145
219
43
Location
Indiana, USA
R1ckyb0nd said:
I understand using C++ and a microcontroller. But what are you using to base your emulator code off of if we do not understand the connection and data yet.

Are you hoping the DLLs that come with inpower are able to do the generator side. Or do you have the generator side code?.
Click to expand...
I'm just emulating a valid response to understand the data...for example kloppk posted above that "93 2 28 28 91" is a fuel level request and the response from his genset is " 93 2 FB 2 68" what does this mean? If we look at the response we can see we need to echo back the command "93" with the size of the data we are sending "FB 2" (if we convert that to 16 bits it would be 0x02FB which in decimal is 763 or 76.3% fuel level followed by a checksum of "68" so to validate this is all correct assumptions in my emulator i can test by sending different responses to this request like "93 2 EF 1 7D" this should make the software think fuel level is 49.5%
echo back command(93), size of data we are sending(2 bytes), the data (EF 1[495 aka 49.5%]), and the checksum 7D (93 xor EF xor 1), idea is once we can emulate the comms by understanding the data we can then code the software onto an mcu or make other diagnostic programs or make autostart etc without needing the expensive remote boxes etc

Basically make logical educated assumptions of how the data works, create an emulator to test those assumptions, since I have the software that monitors the data I can attempt to change the data sent back to the software and see if the changes I made are properly read by the software...if the software understands my responses and changes accordingly then it is no longer an assumption and that is how the communication should be interputed...which it is in this case its actually pretty simple just time consuming testing and coding it all
 
Last edited:
R

R1ckyb0nd

Member
47
11
8
Location
Ct
I was able to go to the 1071 and gather some data, @kloppk I was able to get the remote monitor and inpower software to work with windows 10 no problem.

I used https://freeserialanalyzer.com/ to capture the flow of data between the remote monitor software and the Genset.

I can share the capture file with anyone through Google Docs, if you want to take a look at it. It has it in a ready state and then started, and running without a load.

Also there seems to be two free spots that I can tap into the Canbus, the 9 pin Canbus Diag port and a three pin connector off a split.
 

Attachments

Last edited:
I

Icesythe7

Active member
Steel Soldiers Supporter
145
219
43
Location
Indiana, USA
After rechecking more of the data the checksum is actually just all the bytes xored so "93 2 28 28" -> 93 ^ 2 ^ 28 ^ 28 = 91 so sent message = "93 2 28 28 91"

code for this here (currently making a small library to handle everything)

C++: 
    static std::string toString(const std::vector<uint8_t>& data) {
        if (data.empty()) return "no data...";

        constexpr const char* hex = "0123456789ABCDEF";
        std::string result;

        result += "0x";
            result += hex[(data[0] >> 4) & 0x0F];
        result += hex[data[0] & 15];

        for (size_t i = 1; i < data.size(); ++i) {
            result += ", 0x";
            result += hex[(data[i] >> 4) & 0x0F];
            result += hex[data[i] & 0x0F];
        }
        return result;
    }

    uint8_t read() const {
        // add isConnected check
        uint8_t result = 0;
        DWORD bytes_read = 0;

        ReadFile(com_port_, &result, 1, &bytes_read, nullptr);
        return result;
    }

    bool write(const uint8_t command, std::vector<uint8_t> data) const {
        // todo make sure connected
        const auto data_amount = static_cast<uint8_t>(data.size());
        data.insert(data.begin(), command);
        data.insert(data.begin() + 1, data_amount);
        data.emplace_back(calcChecksum(data));
        printf("Sending [%s]\n", toString(data).c_str());
        return WriteFile(com_port_, data.data(), static_cast<DWORD>(data.size()), nullptr, nullptr);
    }

    static uint8_t calcChecksum(const std::vector<uint8_t>& data) {
        std::uint8_t checksum = data[0];
        for (std::size_t index = 1; index < data.size(); ++index)
            checksum ^= data[index];
        return checksum;
    }

    bool handshake() const {
        // temp
        for (int i = 0; i < read() + 1; ++i) {
            read();
        }

        static std::vector<uint8_t> response = { 0x00, 0x00, 0x01 };
        return write(0x83, response);
    }
 
Last edited:
I

Icesythe7

Active member
Steel Soldiers Supporter
145
219
43
Location
Indiana, USA
@kloppk I'm getting an unknown request (referencing your pic above) I'm trying to emulate all the responses of your 1030 however the software is requesting
"93 2 8 0 99" any idea what this request could be? I dont see it on the list above...below is an example from my debug.


Code: 
Connected to port COM6

Received command -> 0x83 // handshake
Sending [0x83, 0x03, 0x00, 0x00, 0x01, 0x81]

Received command -> 0x86 // baud request
Sending [0x83, 0x03, 0x00, 0x00, 0x01, 0x81]

Received command -> 0x93 // unknown data request but replying with your gensets data
Command 0x93 contains -> [0x62, 0x29]
Sending [0x93, 0x01, 0x00, 0x92]

Received command -> 0x93 // unknown request unsure how to respond
Command 0x93 contains -> [0x08, 0x00]
Sending [0x93, 0x01, 0x00, 0x92]

Received command -> 0x86 // invalid response from above thinks baud is bad so tries to reset baud
Sending [0x83, 0x03, 0x00, 0x00, 0x01, 0x81]
Received command -> 0x86
Sending [0x83, 0x03, 0x00, 0x00, 0x01, 0x81]
Received command -> 0x83
Sending [0x83, 0x03, 0x00, 0x00, 0x01, 0x81]
Received command -> 0x86
Sending [0x83, 0x03, 0x00, 0x00, 0x01, 0x81]
Received command -> 0x93
Command 0x93 contains -> [0x62, 0x29]
Sending [0x93, 0x01, 0x00, 0x92]
Received command -> 0x93
Command 0x93 contains -> [0x08, 0x00]
Sending [0x93, 0x01, 0x00, 0x92]
Received command -> 0x86
Sending [0x83, 0x03, 0x00, 0x00, 0x01, 0x81]
Received command -> 0x86
Sending [0x83, 0x03, 0x00, 0x00, 0x01, 0x81]
// unsupported device error
 
R

R1ckyb0nd

Member
47
11
8
Location
Ct
When reviewing my capture, it seems the remote monitoring software and the generator are trying to negotiate the fastest baud rate possible. It send a bad rate request, gets and ack. Then sends char and other data stream settings. Then does this several times with faster baud rates. Then it starts sending requests for data
 
I

Icesythe7

Active member
Steel Soldiers Supporter
145
219
43
Location
Indiana, USA
R1ckyb0nd said:
When reviewing my capture, it seems the remote monitoring software and the generator are trying to negotiate the fastest baud rate possible. It send a bad rate request, gets and ack. Then sends char and other data stream settings. Then does this several times with faster baud rates. Then it starts sending requests for data
Click to expand...
Yes that is what it does, can you add me to your capture by chance? lucasloveless90@gmail.com
 
I

Icesythe7

Active member
Steel Soldiers Supporter
145
219
43
Location
Indiana, USA
R1ckyb0nd said:
Done
Click to expand...
Looking at your logs here if my theory on how the data works is correct I see a response to the fuel level as "93 02 62 00 F3".. did you have 98% fuel level?



albeit it appears that all capture is done here after initial connection
 
Last edited:
R

R1ckyb0nd

Member
47
11
8
Location
Ct
Icesythe7 said:
Looking at your logs here if my theory on how the data works is correct I see a response to the fuel level as "93 02 62 00 F3".. did you have 98% fuel level?



albeit it appears that all capture is done here after initial connection
Click to expand...
No more like 2% of fuel.
 
K

kloppk

Well-known member
Steel Soldiers Supporter
1,975
3,093
113
Location
Pepperell, Massachusetts
It's possible that the request below isn't fuel level. It's what it seemed to me while I watched the data exchange and the monitor screen change slightly.
93​
2​
28​
28​
91​
 
I

Icesythe7

Active member
Steel Soldiers Supporter
145
219
43
Location
Indiana, USA
kloppk said:
It's possible that the request below isn't fuel level. It's what it seemed to me while I watched the data exchange and the monitor screen change slightly.
93​
2​
28​
28​
91​
Click to expand...
it is defiantly fuel level I finally found all the data request commands

battery level for example u can see is a request of 0xBD1 so across serial would be "93 2 D1 B 4B"
 
K

kloppk

Well-known member
Steel Soldiers Supporter
1,975
3,093
113
Location
Pepperell, Massachusetts
I just hooked up my sniffer setup again. At 70.5% fuel I'm getting back 93 2 C1 2 52

Yes, I agree 93 2 D1 B 4B is battery voltage.
At 25.35 volts I get back 93 2 E7 9 7F
 
I

Icesythe7

Active member
Steel Soldiers Supporter
145
219
43
Location
Indiana, USA
kloppk said:
I just hooked up my sniffer setup again. At 70.5% fuel I'm getting back 93 2 C1 2 52

Yes, I agree 93 2 D1 B 4B is battery voltage.
At 25.35 volts I get back 93 2 E7 9 7F
Click to expand...
yep thats correct "93 2 [C1 2] 52 = 0x2C1 which is 705 in decimal aka 70.5% fuel level
and "93 2 [E7 9] 7F" = 0x9E7 which is 2535 in decimal or 25.35 VDC
oil pressure should be "93 2 8 2 9B"
coolant temp should be "93 2 A9 D 35"
 
Last edited:
K

kloppk

Well-known member
Steel Soldiers Supporter
1,975
3,093
113
Location
Pepperell, Massachusetts
Icesythe7 said:
yep thats correct "93 2 [C1 2] 52 = 0x2C1 which is 705 in decimal aka 70.5% fuel level
and "93 2 [E7 9] 7F" = 0x9E7 which is 2535 in decimal or 25.35 VDC
oil pressure should be "93 2 8 2 9B"
coolant temp should be "93 2 A9 D 35"
Click to expand...
Coolant Temp "93 2 A9 D 35" is correct. I get 93 2 34 0 A5 which is 52 F which agrees with Remote Monitors 12C
 
I

Icesythe7

Active member
Steel Soldiers Supporter
145
219
43
Location
Indiana, USA
Code: 
GenSet Voltage L1-L2 = 12 2
GenSet Voltage L2-L3 = 13 2
GenSet Voltage L3-L1 = 14 2
Bus Voltage L1-L2 = 14 37
Bus Voltage L2-L3 = 3C 37
Bus Voltage L3-L1 = 64 37
GenSet Voltage L1N = unknown
GenSet Voltage L2N = unknown
GenSet Voltage L3N = unknown
Bus Voltage L1N = 16 37
Bus Voltage L2N = unknown
Bus Voltage L3N = unknown

GenSet L1 Current = 92 3A
GenSet L2 Current = 93 3A
GenSet L3 Current = 94 3A
GenSet Frequency = A8 37
Bus Frequency = F8 36
Power = 49 38
Fuel Level = 28 28
Battery Voltage = D1 B
Battery Current = 7F C
Oil Pressure = 8 2
Coolant Temperature = A9 D
GenSet Hours = 56 2
 
Last edited:
You must log in or register to reply here.
108,561members
163,823threads
2,304,834posts
1,165online users
Top