Determining Network Baud Rate

Posted On December 21, 2009

So you found a CAN BUS to reverse engineer, but you don’t know it’s buad rate.  There are a couple to find it out.

One. Go one-by-one through a possible list.  CAN BUS baud rates tend to be of only certain baud rates.  I am not positive, but this most likely has to do with the common crystal speeds used in microprocessors.  The slower the crystal, the slower the bus speed.  So baud rates tend to be one of the following: 33,333 bps, 50 Kbps, 83,333 bps, 100 Kbps, 125 Kbps, 250 Kbps, 500 Kbps (Most common), 800 Kpbs, and 1,000 Kbps.  The last two being the least common as they suffer from reduce network length issues.  You will not find a baud rate that exceeds 1,000 Kbps as this violates the CAN BUS specification.

If I do not know the baud rate of the network that I wish to connect to, I will typically go through this list and hope one works.  In some cases you may effectively decapitate the network by having the wrong baud rate set in your tool.  So make sure you are not switching baud rates while the vehicle is in motion!  This could cause undesired effects.

Two. Use an osciliscope or logic analyzer.  The foolproof way of measuring any serial data network such as CAN BUS is to use tool that can measure the one bit time.  Baud rate is simply the inverse of one bit time.  So if you can measure this, you simply take 1/(one bit time) in seconds and you have your baud rate.

The best location to find a single bit on CAN BUS is to look at the last transition.  This is typically the ACK bit (acknowledge).  This is where receiving nodes send back a single bit to say that they properly received the frame.  This is always a bit by itself as the bit to the left is recessive as well as the bit to the right whereas it is dominate.  So it will stand out and you should have little trouble finding it.  So look to that last transition and mesure from on transition to the next and you should get something like 0.000002 seconds.  In this case you will simply take 1/0.000002 and you will get 500,000.  Thus the baud rate will be 500,000 Kbps.  Done!

