Reverse engineering the BMS - HV ECU communication protocol

Nice work! Maybe @Elektroingenieur can help?

 

Just from the thumbnail that looks a lot more like CAN (or anything differential like modbus) than UART serial. No time to peruse that datasheet right now though...

 

I'm lazy, has anyone done this for a gen1 or gen2?

P. 226

"Asynchronous serial interface (UART) mode This mode supports the LIN (Local Interconnect Network)-bus."

Hey it looks like it will probably be the LIN rather than a UART since LIN is standardized for automotive use and you can access LIN data through Toyota scanning systems.

If you can get the LIN data through whatever module is hooked up to CAN you could be reading the data on the LIN and CAN at the same time and make it really easy on yourself.

This is an explanation for how to look into LIN data for a resistive cabin heater.

I can't post links but if you search for

"Fiat 500e cabin heater"

the first hit on DIYelectriccar will show you an example of LIN hacking.

P. 226 goes on.

"LIN stands for Local Interconnect Network and is a low-speed (1 to 20 kbps) serial communication protocol intended to aid the cost reduction of an automotive network. LIN communication is single-master communication, and up to 15 slaves can be connected to one master. The LIN slaves are used to control the switches, actuators, and sensors, and these are connected to the LIN master via the LIN network. Normally, the LIN master is connected to a network such as CAN (Controller Area Network). In addition, the LIN bus uses a single-wire method and is connected to the nodes via a transceiver that complies with ISO9141. In the LIN protocol, the master transmits a frame with baud rate information and the slave receives it and corrects the baud rate error. Therefore, communication is possible when the baud rate error in the slave is ±15% or less."

it also shows you how the protocol works, but I would just use a LIN scanner over an O-Scope, even if you have to build one with a transceiver.