I am struggling with CAN bus reverse-engineering. It might be a silly question, but it irritates me.
These are traffics that arise from pressing buttons A and B which is lifting up the 1. Axis of the robot at the end.
Pressing down button A changes the value "09" in 181h node and
button B changes the value "C8" in 281h.
If I am not wrong, I have to feed RPDOs to replicate the lifting up action instead of sending the messages "0A 00 09 00 00 00 00 FF" to 181h and "00 00 00 C8 6F BD 00 FF" to 281h. So basically I resent the messages from RPDOs back to RPDOs.
Is there anything wrong until now? (It must be…otherwise it would have worked.)
As you can see from the above screenshot I manullay sent the messages by pressing each line with the space bar. And it seems like that between my Tx messages lots of Rx messages show up. Is this maybe the reason why the robot shows no reaction?
UPDATE:
The TPDO message "0A 00 09 00 00 00 00 FF" that arises from the pressing down button A gets ignored because whenever I write a TPDO message 0A 00 09 00 00 00 00 FF, it gets overwritten with its default value 0A 00 0A 00 00 00 00 FF so fast that my message is like "not arrived" at all.
The transmission type of TPDO is currently asynchronous with event timer of 50 ms. This leads that my TPDO somehow overwritten with default value 0A 00 0A every 50 ms. How do I handle this problem? I thought this asynchronous transmission type with 50 ms means that the TPDO has to be checked every 50 ms and if there was a change -> transmission. But where does this 0A 00 0A 00 00 00 00 FF default value come from then?
Another question: I thought the whole time that I have to write the RPDOs value back to RPDO to replicate the action. But it seems like that only from pressing down the button A the RPDOs does not change at all. Then how can I replicate the pressing button A action at all?
UPDATE 2: The bit rate is 125 kbit/s. I am using CANopen so that I can control the robot with my computer, instead of using the remote controller. The robot that I am using is Brokk 170. Below you can find an Excel file where the recorded CAN messages are. Those CAN messages arose when I powered up the robot using the robot controller.
I transmitted the messages until the message with number 107, since the value 0A 00 0A 00 00 00 00 FF indicates that the robot is now powered up. But somehow the transmitted sequence does not power up the robot. Now I am trying to find a way to block the messages from the remote controller.
https://drive.google.com/open?id=1Du4J27KykzrTtCquFt29uMa_qhpZP4Ov
Best Answer
This looks like CANopen traffic (RPDO is also mentioned in the question). 0x80 is SYNC, and it seems it is send at regular intervals (about every 26 ms, 38-39 Hz). And some device responds to the SYNC messages by sending out messages with ID 0x181 and 0x281. But that is just a guess at this point.
It could also be that the content of ID 0x181 and 0x281 are set points to a servo (thus the same device sends out 0x80, 0x181, and 0x281) and that the feedback position is contained in the 0x301 messages.
It should be possible to correlate physical positions of the robot with the messages. A set point is (probably) set immediately and the actual positions are lacking behind.
Note: 181h is not a node, and you are not sending messages to it. 181h is a CAN message ID. As it is likely CANopen, 0x181 is the message "PDO1, transmit" for the device with ID 1. Note that it is not always clear if the device ID indicates what device sends it or if the device is the destination.