The Nissan Leaf is a relatively popular electric car.
The LeafSpy Android app allows a wealth of data about the car to be extracted from its various onboard computers, displayed on-screen, and logged.
This post details a possible way to set up a permanent data logger on board a Leaf, using the LeafSpy app, and provides some example hardware configurations and scripts for dealing with the logs generated.
You need to be at least somewhat confident with the Linux commandline in order for these notes to be of any use to you.
This post deals with the “gen1” and “gen1.5” Leafs produced from launch until the time of writing, 2017. Later in 2017, Nissan will launch a heavily-revised version of the Leaf, in which LeafSpy will not work (at least initially), and the dimensions of the interior will change.
An Android device
Almost any Android device available is powerful enough to run Leafspy. It needs Bluetooth in order to communicate with the Bluetooth OBD2 device. Internet connectivity is desirable – but this can be Wifi provided by the driver’s phone, or an access point where the car is usually parked, if preferred.
If you plan to conceal the device within the car and simply log data only, then you can choose almost anything. A low-end tablet might be a good choice, in order to gain extra battery life. It could be concealed under one of the front seats.
If you want to leave the device visible in the car, in order to see the on-screen display of data as you drive, then your intended mounting position will determine the dimensions of the device.
The tray underneath the heater controls provides a location in which the screen can be seen, but the device is not obvious from outside the vehicle when parked.
5V power adaptor
Bluetooth OBD2 adaptor
Optional: power bank
Optional: OBD2 extension cable
An OBD2 extension cable allows the OBD2 adaptor (above) to be concealed in the vehicle. There are a number of simple reasons why this might be desired:
- The larger OBD2 adaptors may protrude into the driver’s legroom.
- The LEDs on the adaptor may be a distraction, or draw unwanted attention to the vehicle.
- If a protruding OBD2 adaptor is knocked when entering or exiting the vehicle, the OBD2 port may be damaged.
- A Y-shaped (splitter) cable can be used to provide more than one OBD2 port in the event that an additional OBD2 device, such as a telematics unit, is used alongside the Leafspy bluetooth adaptor.
- The cable allows the OBD2 adaptor to be moved to a convenient location – in this instance, it is simply pushed into the soft sound insulation beside the pedals, where it is easily held fast against a trim panel.
The reason which drove the use of an extension cable in this system, is the ability to alter the wiring of the OBD2 interface by modifying the cable.
In the normal installation, the Bluetooth OBD2 adaptor (above) will be continuously powered by the permanent 12V feed present on the car’s OBD2 port. A running Leafspy instance connected to the adaptor will continuously query the devices on the car’s CAN buses, causing them to consume additional power and potentially flattening the Leaf’s problematic 12V auxiliary battery.
The Leaf provides the standard permanent 12V live on pin 16, but also provides a non-standard switched live on pin 8. A modified cable is used (with pin 8 on the car wired on pin 16 on the extension cable) to ensure the adaptor is powered off when the car is switched off. This does prevent monitoring of the car during charging, at which time the car is “on” and charging the 12V battery but the switched live is not provided.
Android devices require a Google account to function usefully. This device will be left permanently in the vehicle, where it is at risk of theft, and is also vulnerable to hacking. Therefore a “throwaway” Google account is used, which does not contain any of the owner’s personal data.
A payment card, or gift voucher, is necessary in order to purchase the paid “Tasker” and “Leafspy Pro” apps (see below) – but if a payment card is used, it should be removed after these purchases have been made.
For Leafspy (below) to upload its logs to Dropbox, a set of Dropbox login credentials will be required. The free (2GB) tier of Dropbox provides ample space for this purpose.
As with the Google account (above), it’s important to note that the device is vulnerable to theft and hacking, and therefore a “throwaway” Dropbox account should be used, which does not contain any of the owner’s personal data.
More recent versions of Leafspy contain support for uploading data to a server by making regular HTTP requests containing the log data as parameters to a URL. The author has not investigated this option, but it may prove easier than Dropbox.
Screen always on
Open the “settings” app, scroll down to the bottom of the list and pick “About”.
Scroll down to the bottom of the list and tap “Build number” repeatedly until you see a message displayed about enabling developer mode.
Re-open the “settings” app, scroll down to the bottom of the list and pick the new “Developer options” item. Enable the “stay awake” option it offers.
Legal warning: The process of rooting an Android device is illegal in some countries. Obey your local law. If you don’t obey your local law, don’t brag about breaking it.
Practical warning: Automatic updates are likely to be disabled after rooting. A rooted device may never update, and will therefore become vulnerable to an ever-increasing number of exploits as time passes, rendering it dangerously insecure even by Android standards.
Second practical warning: The method shown for gaining root here requires the execution of software written by unknown hackers to exploit security vulnerabilities in the device. It is highly likely that it leaves backdoors, keyloggers, trojans, and advertising malware installed on the device. Be aware that hostile third parties may access any information you store in your device after rooting.
The step below, modifying the device to boot automatically, requires root. If you do not feel the disadvantages of rooting are worth the ability to have the device boot automatically, it can be simply booted manually using the power button before driving.
If you wish to gain root and are using the same ZTE A110 as the author, this xda-developers thread outlines the process. An enhancement to the process, which may or may not remove some of the Kingroot malware, is to replace their “kingroot” app with the standard “supersu” using this process.
Automatic boot when charger is connected
This step is not essential, but will allow the Android device to boot automatically when the charger is connected. It requires root (see above), which is a complex and risky process. If you do not carry out this step, you will simply need to power-up the device manually before driving.
This set of steps is not unique to the ZTE A110, and is common to a number of low-end Android devices, but will not work on all. It requires root, and is risky and may brick the device – especially if you are unsure what you are doing.
In essence, what these steps do is replace the program which normally displays a nice animation showing a battery filling up when the charger is connected, with a call to the “reboot” program which will boot the device up.
Either in a terminal app, or (preferably) at the adb shell:
mount -o remount,rw /system cd /system/bin mv kpoc_charger kpoc_charger.bak cp reboot kpoc_charger chown root.shell kpoc_charger chmod 755 kpoc_charger
The Tasker app is a powerful tool for automating tasks on Android devices, with an unfortunately challenging user interface.
In this case, Tasker is used for two tasks:
- To start the Leafspy pro app when the device boots.
- To shut down the device automatically when its battery state drops to 25% and the charger is not connected. This is not essential, but preserves the lifespan of the device battery by preventing it from being fully discharged when the vehicle is not used for longer periods.
Neither of these tasks is vital – it is possible to carry out both of these tasks manually or by other means.
A github repository, unfortunately poorly-ordered, at https://github.com/strowger/hm contains a number of bash and perl scripts for dealing with leafspy logs and creating graphs.
It may be useful to someone who wished to work on their own log processing or graphing setup.
The most serious security problem this setup poses is that of leaving an Android device in the vehicle where it is vulnerable to theft.
As discussed above, the practice of rooting Android devices has a number of security issues which expose the device to attacks. It’s unwise to root a device which will be used as a normal smartphone, but the risks may be acceptable if the device is dedicated to Leafspy and care is taken not to store important personal information on it.
The Bluetooth OBD2 adaptors allow the car to be remotely-controlled to a considerable degree, as they give full access to CAN bus devices. It’s likely that a determined attacker could cause physical damage to the car by changing the settings of devices on the CAN busses.
The Bluetooth connection between the Android device and the OBD2 adaptor has no useful security; mostly a default PIN (either 1234 or 0000) will be used, and in any case the encryption built-in to Bluetooth is trivially hackable.
This means that an attacker within Bluetooth range of the vehicle can potentially take control of it or damage it, while it’s being driven. If the suggested modification (above) is made, so that the OBD2 adaptor is only live when the car is powered-up, then the risk of attack while the vehicle is parked is removed.
The practice of collecting detailed logs from the vehicle may expose the driver to legal problems in future – for instance if they were to collect data which showed a legal speed limit being exceeded.