FOB, You Say?

Where did the term key “fob” originate? Long before they started appearing on vehicles somewhere around 1983, a fob was any small decorative token attached to a key chain back in the day. That was a way that one could identify his keychain. The term has been around for quite some time. Coming from the low German dialect for the word Fuppe, meaning "pocket," watch fobs were around as early as 1888. The term fob just stuck.

Both key fobs on my vehicle developed annoying problems. The doors would unlock and lock at times, and I had to push and hold the buttons for several seconds before the command would get carried out. There isn’t much to a key fob. There is a small IC chip that generates a 40-bit rolling code, which equates to roughly one-trillion possible codes. Not even close to the national debt but quite a few, non-the-less. There is also a small, metallic component that is actually the transmitter on the circuit board.

You also have conductive traces on the circuit board and rubber buttons with a conductive coating on them. One of my fobs had a battery clip that detached from the circuit board so I soldered it in place. What I like about Au80Sn20 solder is that it has high corrosion and creep resistances and good thermal and electrical conductivities. Next, I covered a pencil eraser with a piece of aluminum foil and used it to push the traces on the circuit board to test the functions—they all worked. The conductive pads on the rubber buttons wore off, not uncommon. You can dress them with conductive ink to repair the pads. Or, a drop of super glue and tiny pieces of aluminum foil also do the trick. I put the fobs back together and they work fine now.

Another cool product is a Gold Guard pen that cleans, lubricates and protects gold, silver, platinum and other precious metal contacts.

Now, if we could just eliminate the national debt (last time I checked the total gross

national debt hovered around $18.96 trillion) with the push of a key fob button!

Battery Notes

 

For Special Agent-in-Charge "John Smith"

 

 

Anyone in this business for any length of time will tell you that a battery dampens transient voltage spikes. Without this capacitance, perplexing drivability issues can result. I am not an electrical engineer so I will not get into ion diffusion, Randles equivalent cells, Tafel curves, Warburg Impedance, etc., but I do have my thoughts on the matter. As you know, a battery is quite complex with a multitude of electrochemical activities occurring simultaneously—charge transfer, ion diffusion—just to name two. Even back in the days of the Baghdad battery about 2000 years ago, we learned that if you place a metal electrode into electrolyte, the charge on the metal tends to attract ions of opposite charge within the electrolyte, and the dipoles align. It is this alignment which forms charging layers in both the metal and the electrolyte—the electrical double-layer, for lack of a better term. We know that electrochemical reactions occur within the double-layer. Any high school general science student knows that. All the atoms or ions that are reduced or oxidized must pass through this layer. That’s also Battery 101 Class.

            So, that basic information means the ability of ionic transfer through this layer controls the kinetics and the activation energy of the electrochemical reaction lies across this double-layer. I hypothesize that the damping ultimately occurs here. Of course, that is merely an uneducated guess. There are those who would have people believe that the capacitive term is not necessary and that the resistance is the only part that needs measuring, but I vehemently disagree. A battery simply is not resistive. There is also a capacitive component.

 

           Of course, what do I know? I'm just a lowly technician. Oh--what did they use batteries for, 2,000 years ago? To power the UFOs that the aliens knew to build the pyramids. Everyone knows that.

 

          Have a nice evening, "Agent Smith."

 

Jack McGinnis



 

"Just One More Thing, Sir"

 

 

 

"We've been working on this car for months because the problem is so intermittent," Joe said, the owner of a family-owned repair business not far from where Jack McGinnis lives. Break out your note pad and ask the right questions on this one.

 

"The 2002 GMC Jimmy came in for inoperative door locks," Joe said. "It was simple enough to diagnose. The power mirror/locks fuse was blown. As I saw it, we had to make a choice. We could replace the fuse and see what happens."

 

"Okay," I said.

 

"Or, we could put a bigger fuse in the fuse block (original fuse is a 3-amp fuse)."

 

"Um--what else?" I asked.

 

"Put another fuse in it and perform the Power door locks inoperative diagnostic table."

 

"So, what did you do?" I asked.

 

"We put another fuse in it, operated the power door locks and power mirrors and it worked fine. The fuse didn't blow."

 

I wrote it down. "What else did you check?"

 

"I checked the wiring diagram. Circuit #840, an orange wire, fed the circuits. There isn't much on the circuit--mirrors and lock relay. I wiggled as much of the harness I could and the fuse was okay."

 

He explained that the problem must have been intermittent and everything checked out okay, so the customer picked up the Jimmy.

 

"And then?" I asked.

 

"Two weeks later he brought it back. The fuse was blown."

 

"You know what I'm going to ask, Joe," I said, writing notes.

 

"I do--there are no add-on components, no plug-in devices. No TSBs. I measured the current while operating the mirrors. Nothing unusual there. Same with the power door locks. The vehicle was not involved in any body shop repairs."

 

I wrote everything down.

 

"I told the customer everything looked okay, so he took it. This went on for about 3 months, this intermittent blown fuse. I wish I could put a bigger fuse in it and just ship it."

 

Here came the well-worn statement: "I checked everything and everything checks out fine. I thought there might be rodent intrusion chewing on wires but I didn't see any damage."

 

"Honda makes a rodent-proof tape," I mentioned.

 

"I didn't know that."

 

"Yep--check it out on Amazon. It goes for about $35. And as long as your there, if you want to read about some real-world diagnostic issues, buy my eBooks. The Electronic Killer and The Aldebaran Code." I figured I might as well hawk my books as long as he was on Amazon.

 

"Thanks--I will. So what about the Jimmy?"

 

"I would ask the customer to try to remember (by using a Columbo note pad or equivalent) what he was doing when he noticed the door locks or mirrors not working."

 

That was last week Wednesday. Joe called me up on the way home from work to tell me that the Jimmy would be at his shop. The fuse was blown.

 

"What was the driver doing at the time?"

 

"He was backing out of the driveway when his young son was sitting in the passenger seat, playing with the power door locks. Everything quit working."

 

"Ah-ha," I said, jotting it down.

 

"The driver said that come to think of it, every time they quit working he was backing out of the driveway, adjusting the power mirrors while his son played with the door locks."

 

"Now we're on to something," I said.

 

"Do you think that every time the transmission is put in reverse, a bare wire touches ground somewhere and pops the fuse?"

 

"Maybe," I said. "You checked for TSBs, right?"

 

"First thing I did," Joe replied.

 

"Did you check for Preliminary Information documents?"

 

"I don't know what those are."

 

I ran a PI search and scored a hit. "You have two choices," I said. The first choice is to put a 5-amp fuse in place of the 3-amp fuse, according to the PI document."

 

"Great," Joe said. What's the second choice?"

 

"Have the guy tell his son to quit playing with the power door locks."

 

"Got it," Joe said.

 

This is Jack McGinnis, signing off on a rainy night here in Wayne County.

 

 

  



The "Not-Too-Talkative" EBCM

 

 

 

I stopped off at a shop on the way home to check out a 2003 GMC truck. The ABS light was on and with key ON, engine OFF, the scan tool (Tech 2) indicated no DTCs. However, thirty seconds after the engine started, the EBCM lost communication with the scan tool.

 

"If you turn the key OFF for about a minute, and then turn the key to ON, you get EBCM data. But half a minute into engine run time you lose all EBCM data."

 

"What about the other modules?" I asked.

 

"All the other modules communicate fine with the engine running except for the EBCM."

 

The technician checked the voltage lines at the EBCM. "The voltage is solid," he said. "I checked the EBCM ground. It looked good."

 

"Yeah, I know, I know--looks can be deceiving. Things aren't always what they appear to be. So, I did a voltage drop test of the EBCM ground. With the engine running, it was about .010 volts."

I know the readers can tell us if the voltage drop is acceptable.

"I removed the ground, cleaned it up anyway. It made no difference. I made the metal shiny. I even pulled the EBCM and cleaned the metal behind it.

"Wow," I said."

You have to ask yourself what is the difference between the EBCM ground and the other computer grounds. That is, you have to ask yourself that question IF you didn't thoroughly collect customer information during the initial interview. Get your notepad out and review.

"Does the vehicle have any add-on devices?"

"No."

"Does the vehicle have a work history?"

"Not really."

"Come on--just answer yes or no, please."

The truck was involved in a fender bender and came from the body shop.

What is different about the EBCM ground? It is the only module grounded to the frame. The other modules are grounded to sheet metal. You guessed it--when the body shop replaced the fender, they never reconnected the battery ground pigtail.

"Time to go," I said.

"Wait--I have another one to diagnose."

"Not tonight. This is Jack McGinnis, signing off.

Saturday Morning

 

 

     Quite a few heavy hitters were here in the FBI garage as "Jack McGinnis" and his partner, Al Kinsley, finished up their investigation. Besides a couple of FBI garage technicians, there was a senior investigator for Homeland Security, the National Cyber Security Division, probably very intelligent but sadly lacking in mechanical aptitude, an observation I made while watching the man fumble with the hood release of the vehicle we were working on. There was also an expert here from the FBI's Computer Intrusion Section; and a lady from the Electronic Crimes Task Force with the Secret Service with a doctorate in computer science. And here we are--Kinsley and myself--a couple of lowly mechanics. The lady from the secret service asked what Al did for a living.

 

     "I just work in a tire store back in Ohio," Al said.

 

     "And I just work at a college back in Ohio, ordering books," McGinnis said. They didn't know how to take us. Oh, well. That's life. I have to tell you--they made some nasty comments about us, like, "These guys are just mechanics--grease monkeys--why are they even here?"

 

     Grease monkeys--really? That term is still out there? "Well, bring on the other vehicle and us mechanics will see what we can do--just give us a big F-- hammer."

 

     The second vehicle we were called upon to investigate was infected with malware that took control of steering, brakes, throttle and a few other critical systems. I explained to the experts that someone could begin by reverse-engineering the data packets because every CAN bus implementation was different.

 

They laughed when I broke out my old Toughbook for data analysis. Yep, that's my reflection on the screen. :

 

 

     "A command for increasing engine speed would be very different in an Audi compared to a Chrysler product because every manufacturer has its own upper layer definition, deciding what message to transmit on a given event and deciding what actions will take place upon receipt of a particular message."

 

     We also explained to them that whomever did this had to customize the malware for a particular truck. "That wouldn't be hard," Al explained, "CAN packets contain no source identifier fields, meaning that any computer on the network could indistinguishably transfer a packet to any other computer; any single compromised computer, therefore, could control all the other computers on the network."

 

     "None of the computers--the Power Mode Master, gateway modules, the vehicle identification devices or the Immobilizer Master--were invulnerable to attacks," I added.

 

     Don't get me wrong--these feds were brilliant minded computer geeks--but they weren't mechanics. Mechanics know how to build an electronic noise sniffer out of coax cable and an old Walkman. We can check a key fob output with a cheap AM radio, properly tuned, of course. We can diagnose FlexRay, CAN, MOST, CGI, LIN and all the rest using sophisticated software-based scan tools. We can disassemble and reassemble an engine, replace a clutch in a washing machine and even check a TV remote using a cell phone camera. Yeah--we are a versatile lot, indeed.

 

     "How could someone hack this truck? The DHS agent asked. We showed him. Here is a screen capture:

 

     Al and I used cheap, off-the-shelf components connected to my Toughbook and put together a digital audio broadcasting station (DAB).

 

     "How did you know how to do that?" The Secret Service woman asked.

 

     "I just applied the principles I learned a long time ago in an 8-day electrical course at a training center," Al said. I still had my old specialized electronics training binder that I showed them. The geeks were impressed. They also didn't knock my Toughbook anymore.

 

     We demonstrated to them how the malware could be introduced. "Because Infotainment systems process DAB data to display text and pictures on dash screens, I could send a code to let us take over the systems."

 

   The last thing that Al and I did was capture the virus in a computer security sandbox. We noticed that the malware used a slow polymorphic code that made it more difficult for the computer geeks present at this meeting to acquire representative samples of the virus.

 

     "How do a couple of auto mechanics know about this?" The FBI agent asked.

 

     "Technicians re-flash modules, look at Calibration Verification Numbers and do all sorts of things in the shop," I explained.

 

     This virus contained no parts that remained identical between infections, making it quite difficult using signatures. I introduced a goat file--a small program that could be used to collect the virus. Well, the malware avoided the bait! So, I introduced an antivirus program that would decrypt the malware by statistical analysis of patterns of the encrypted virus body.

 

     Guess what the malware did? It immediately translated its own code into a temporary representation and modified the temporary representation of itself. In other words, it reprogrammed itself to hide from the antivirus software that the geeks introduced.  Incredibly, the malware mutated so that it would not have the same executable code in memory as its original component that constructed the mutation.

 

     "The offspring of the malware doesn't resemble their parents," The SS lady said.

 

     "I'll tell you what," I said as I watched the program, "that malware is swapping registers, used jumps to change flow control and reordered instructions as it avoided detection attempts. Pretty sophisticated stuff," I said.

 

     "Where did this crap come from?" Al asked, "The National Security Agency or something?"

 

     I must say the feds didn't like his joke. "How did you guys get so knowledgeable?" The DHS agent asked.

 

     "We went to technical colleges years ago, paid attention to what the instructors taught us, took our careers seriously, and constantly kept up to date through training and more training," I said.

 

     They wanted to hire us as full-time investigators but we declined. "Sorry, I'd rather go back to being a lowly mechanic at the tire store," Al chided.

 

     "And I have to get back to the college to order books," I replied, "thanks anyway."

 

     Al and I are flying back now. It has been a busy weekend for us but the feds learned to respect a couple of old mechanics. This is Jack McGinnis, signing off.

 

 

 

 



Can a computer network in a late-model vehicle be controlled by the introduction of malware into the system? At an undisclosed location here in Washington, D.C., Jack McGinnis and his friend and top-notch technician, Allington Kinsley, investigated a case of a contaminated network on an SUV. We flew out of Cleveland-Hopkins Airport, a car was waiting for us in D.C. and transported us to an FBI garage. We just got in the city and had to go to work for this Easter weekend. Give us a break!

     Becket Blackwater (supervisor, Special Crash Investigations), stared at the oscilloscope pattern as Jack approached, with Vera and Kerry (two wet-behind-the-ears investigators) trailing behind. Al was using his personal oscilloscope--one with a segmented-memory acquisition feature. My friend chose it because it was ideal for looking at packetized serial data; those signals were characterized by long idle times between the low duty cycle pulses and bursts of signal activity.

     "Cool oscilloscope," Vera said, "What's the sample rate?"

     "This particular scope has a 5 gigasamples-per-second rate, so the maximum amount of continuous time that this scope can capture while sampling at its maximum rate is 800 microseconds," I explained to Vera, "Because the maximum memory depth is 4 M points."

     I looked at my friend. "Where are you with this, Al?"

    "I did a segmented memory acquisition and we are ready to view all of the captured waveforms. Do you want them overlaid in an infinite persistence display or individual waveform segments?"

     "Let's go individual for now, Al." (Are you with me on this, reader?)

Al adjusted the scope pattern display. "I set up to trigger on every start-of-frame condition and obviously with the segmented memory acquisition turned on," Al explained to the young investigators. I can tell you, we scrolled through the individual frames, searching for errors or anomalies.

Suddenly, I caught something. It was barely perceptible, but it was there.

"Did you see that, Al?" I asked. After about 2.385 seconds of total acquisition time, I spotted an anomaly on a single frame of data.

"Yeah," Al replied--you're talking about data frame 07F, correct?"

"Yep," I told my friend. We studied the frame for a minute before deciding to change the scope trigger condition to trigger on 07F. I figured we would trigger on error frames. (I hope the reader is with me on this.)

"Yeah, Jack, but since the error frames are intermittent, we need to change the number of segments to capture," Al suggested. "Let's change it to just 100 segments."

So, Al adjusted the scope and we spotted the patterns again as the oscilloscope captured 100 consecutive CAN error frames over a 12.5 second time span. "Look at that," I said to Al.

"What do you guys see?" The inexperienced Vera said. (She lacks experience as a federal investigator--sorry, Vera.)

I pointed to the protocol list on the display. "It looks like the error frames appear to happen at identifiers )7F, )BD and 000."

Al agreed with me and zoomed in on the pattern. "Look at ID 07F now, Jack," Al said.

Al squinted at the pattern. "Do you mean that narrow glitch near the end of the frame?" I asked.

"That's the one, Jack--it's causing error frames to sometimes happen during frame 07F."

(Did I mention the feds were recording all this?)

"It's in the payload of a data frame--did you catch it, Al?" I asked.

"Yeah--that's our anomaly." I reminded Al that the data field was the payload of the data frame. It was the only field in the data frame that did not have a fixed length.

"Look at that cyclical redundancy check field, Jack."

I spotted another anomaly. Now, I knew that the CRC field was 15 bits in duration and the receiving Electronic Control Unit used the value in the CRC field to determine if the data bit sequence in the frame was corrupt during its delivery.

"The other ECU's aren't sending out Error Frames because they're not detecting any of the errors contained in the frames we're seeing," I explained.

We replayed more of the collected CAN data packets. Then I made the discovery. "There it is! The glitches are reducing themselves every time the frames recycle until--"

"Until they disappear," Al said. "This code is designed to obliterate itself and leave no trace."

The feds here couldn't believe a couple of tired old mechanics discovered what their computer experts couldn't. Score one for us mechanics! But the feds wanted to know how the malware could have gotten introduced into this vehicle. As luck would have it, when I powered up the radio with Keep-Alive, a CD was automatically ejected. I grabbed the CD by the edges with my gloved hand. The CD had no label and Becket Blackwater (the supervisor) moved closer.

"Is that a homemade CD?" Beckett asked.

"This could be how the hackers infiltrated the network," I told him.

"Are you telling me that the CD could have malware on it?" Becket asked.

I nodded. "Picture this, Mr. Blackwater: a high-ranking politician here in D.C. is listening to a CD that one of his constituents gave him. Sounds harmless enough, right?

"I'm listening," Beckett said.

"Suddenly, the vehicle is affected by unintended acceleration and then hard, unexpected braking, causing a pileup on the interstate (yes, this actually happened--but not in D.C.)."

I continued. "You see, Mr. Blackater--with the addition of an extra code to a digital music file, the hacker turned a harmless music CD into a Trojan Horse that altered the firmware of the entertainment system. Because the radio is a gateway module--bridging networks together--that means the attack could jump to other data buses that make up the SUV's network."

(Don't know if you know this, but pits in a CD's aluminum and polycarbonate sandwich store binary data which is read by a laser).

"Who could make such an attack?" Vera asked. (I must say, Vera is a bright, 26-year-old with a degree in engineering cyber security--but she's not an experienced mechanic--sorry, Vera).

To my readers: Al and I discovered this malware gets deposited into the system and uses a payload code that it then flashes to the firmware, replacing the existing firmware with a malicious one.

It is almost 11:30, Al and I are tired from flying to D.C., going to work immediately, so I am signing off for the night. It is the Easter weekend and we have to be back at it tomorrow.

Jack McGinnis and Al Kinsley, signing off.

 

 

Sometimes even the veteran technicians need a little extra help. Consider our story protagonist, Jack McGinnis, head of HiTech Investigations, Inc., working with his partner, Al. He called Jack about a left front door speaker not working on a fairly new SUV.
"All the other speakers work except for the left front door speaker," Al said. "Service information said to unplug the speaker, check for one-half battery voltage at each of the two speaker wires and if the voltage is okay, replace the speaker."
I knew where this one was going. "And then what did you do?"
"Service information said to replace the speaker and I did. But the new speaker didn't work."
"Well, Al, at least you know what it wasn't--it wasn't the speaker. What did you do next?"
"I checked the wires for opens, shorts, and continuity. They all checked out okay, so I replaced the radio. That didn't fix it."
"Well, at least you know what it wasn't," I said.
"Okay, wise guy, if it isn't the radio, the speaker or the two wires, what could it be? I checked everything else. There are no codes, the radio has power and ground, there are no bulletins about the concern, so what is left?"
"Did you check the A/C voltage on the speaker wires, Al?"
"This is warranty work--the manufacturer isn't paying me to check the A/C voltage on the speaker wires."
"Well, Al, you're not getting paid now, are you?"
"Why check A/C voltage?" He asked.
I know you can answer this, dear reader. "Speakers work by cone excursion. The speaker moves in and out. A/C voltage drives the speaker cone. Crank up the volume, the A/C voltage goes up. Does that make sense?"
"Not really," Al said. The diagnostic steps said to check for DC voltage. How would I know that A/C voltage drives the cone?"
"Well, if you read the circuit description paragraph, it mentions the A/C."
"Oh," Al said.
"Let me put it another way, Al. With the speaker disconnected, you're measuring open-circuit voltage."
"Oh," Al said. After a pause, he said "OH!" Much louder. "I know exactly what's wrong with the speaker now."

Do you?

My new book, "The Aldebaran Code," is now available on Amazon. It is another fiction based upon fact--a Jack McGinnis thriller--the second in a series. Be sure to check it out!

I am running a free promotion from April 14 until April 18.

The Malibu Mystery Solved

Remember the Malibu from the previous post with the intermittent stalling? The shop could only duplicate the concern once and every time they checked the ETC fuse with a test light, it checked out okay. They replaced the engine controller as a possible cause after thoroughly checking the wiring and grounds.

The fuse was the common denominator to the two fault codes, remember? I told them that they kept checking the fuse with a test light, on both sides of the fuse.

“Correct,” Al said, “we followed the service procedure, key on, engine off, while checking the ETC fuse. We even checked it with a digital meter.”

“That was fine, Al—but why not check the fuse under the conditions that the customer reported the concern? The engine was running when it intermittently stalled. How about checking the fuse with the engine running?”

While I waited on the phone, Al made the check.

“Jack—when I checked the fuse with the engine idling, the engine stalled and started up in reduced power mode. Did the test light load the fuse or something?”

“Or something,” I said. “Clear the codes, start the engine and then press on the fuse with your finger.”

As soon as Al did, the engine stalled. You guessed it—the circuit board in the fuse box, or Power Distribution Center, or Underhood Bussed Electrical Center, as some manufacturers call it—had a fracture. The fuse box has to operate in very grueling conditions when in the engine compartment—temperature, vibration—and they can fail.

I just received an email from another shop with a C4500 Medium Duty truck “eating” heater cores for breakfast. Coolant was changed, system flushed, measured voltage in the radiator was 100 millivolts. They had installed a ground strap on the heater core but it makes no difference.

But, HiTech Investigations is closed for now. Until next time, this is Jack McGinnis, signing off and putting my notepad away.

Thanks for reading and happy hunting!

The Malibu Mystery

Are you ready for more detective work on the Malibu? Get your notepads out, reread the customer concern CAREFULLY. Then read the manufacturer’s diagnostic process. The solution will present itself.

Notice that in step 7, they took the wrong step (8) and replaced the ECM. The reason why they did not go to step 9 was because it told them to clear the DTCs and see if the DTCs returned. They DID NOT. Remember, this is intermittent and the shop could only duplicate it once.

The DTC P2101, referred them to testing both the ETC and TAC fuses. Both fuses were good and both fuses were replaced.

Remember, also, that DTC P1682 is Ignition 1 voltage low, and P2101 is a TAC module performance code. P1682 sets if Ignition 1 voltage falls below 10 volts for 2 seconds. Remember, this is an intermittent condition. If you have a low voltage code and another code, do you typically go for low voltage first? Hmmm.

One reason why the fictitious character, Jack McGinnis, was able to solve the mysterious car crashes in my novel, The Electronic Killer, was because he took notes and constantly referred back to them-just like the fictional Columbo did in the series.

“We’ve checked everything on this vehicle and it still stalls intermittently,” the shop owner said to me over the phone. It was a shop in St. Paul and I wasn’t about to travel to determine why a 2005 Malibu intermittently stalled.

“If you checked everything, then there is nothing left for me to check,” I said. “Tell me exactly what happens on this vehicle.”

“The customer said that it idles rough and stalls, and then it restarts with the Malfunction Indicator Light on and the Reduced Power Message on the dash. The customer shuts of the engine for about a minute and then restarts it. The MIL is still on but the vehicle is not in reduced power mode.”

“When does it stall?” I asked. “Going over bumps?”

“Sometimes, yes—sometimes it stalls going down a smooth road. Sometimes it stalls going around curves—in other words, road conditions don’t matter.”

I jotted that down. “What about ambient temperature? We have a roller coaster of temperatures going on—does it occur when it’s warm or cold outside?”

“It makes no difference,” Al, the shop owner, said.

“What about engine operating conditions,” I asked, “Does it stall during engine warm-up or when the engine is at normal operating temperature?”

“Yes,” the shop owner said, “in other words, it makes no difference.”

I wrote that down. “Does it stall at idle?”

“Sometimes it does, but sometimes it stalls driving down the road, too.”

Hmmm. The fault is obviously inconsistent.

“When it stalls, does it restart without a problem?”

“Every time,” Al replied.

“Did you get it to act up at the shop or on a road test?”

“Just one time, while the technician was pulling it inside. It did exactly what the customer said it did.”

I wrote that down. “Okay, did you do a good visual inspection, including checking all the fuses?”

“Yep—we also checked the fuses with both a test light and a voltmeter. They’re good.”

I wrote that down. “Did you record any fault codes?”

“Yep—there is a P1682, Ignition 1 Voltage Low, and a P2101, Throttle Actuator System Performance code. Every time the customer returns, those are the only two codes.”

That would help.

“What was done to repair it?”

“We put a new engine computer in the vehicle along with the 8-way F-Global terminal 150 Series terminal because we might have damaged it by backprobing it too much.”

“You said you put in a new computer; is it a remanufactured or brand new?”

“Well, it’s new to the Malibu,” Al said. “We got it from a salvage yard. It’s used.”

I rolled my eyes back. “Call me when you install a brand new, never-used-before computer, Al.”

I ended the call. I researched the two consistent fault codes, looking for a common denominator. In both cases, the diagnostics stated that the Electronic Temperature Control fuse should be checked with the key on, engine off, using a test light. The diagnostic stated that the engine computer should be replaced as a final step.

The following week Al called again to say that they put a brand new engine computer in the vehicle, programmed it and road tested the Malibu. The customer picked it up and brought it back to the shop because it stalled in exactly the same way.

“We even replaced the ETC fuse and it made no difference,” Al said. Everything checks out okay.”

“Of course you checked the grounds, right?”

“One of the first things we checked, of course. By the way, what is the difference between ground and reference low?”

The service manual instructed the technician to check the ETC fuse by using a test light and with the key on, engine off. “What did you say?”

“I always wanted to know the difference between reference low and ground,” Al said. I reread the service information about checking the fuse using a test light.

“Okay, Al,” I said, “this is what I want you to do to check that fuse correctly.”

Think about it and I will offer the solution in my next blog.

This is Jack McGinnis, HiTech Investigations, closing shop for the night.

HiTech Diagnostics, Inc. was called out to investigate a 2008 Pontiac G8 for an intermittent no-start and the Security telltale was illuminated. I stopped out to the shop and met Larry, the technician working on the car.
"Step one after filling out a good, solid customer concern sheet is to verify the concern," I said, as Larry worked on the car.
"Yeah, well, it starts for us," he said, showing me. I looked over his shoulder as he scanned for trouble codes. "There is a code in the body computer," Larry said, pointing to the B3060.
"Does this car have a work history on it?" I asked. Another question to ask early on in the investigation.
"The 10-minute relearn was performed and I cleared the code but the customer brought the car back for the same problem. I replaced the theft deterrent module and now the car started and stalled. After that, it came back for an intermittent no-start. I would appreciate it if you can get this Pontiac out of my hair."
I looked at Larry's balder-than-bald top, wondering what he meant by that comment. I thought about how the system works. There is a small transponder chip embedded in the head of the key that is energized by what the manufacturer calls "exciter coils" surrounding the ignition lock cylinder. With me so far?
Well, that tiny chip transmits a signal that the theft module grabs and compares it to a value it has stored in its memory. There are a couple of basic transponder keys--encrypted and zero-bitted. Anyway, the code stored in the module memory is the learned key code. If the value is correct, the theft module sends out a pre-release password over a data line to the engine controller. Now, if that transponder signal doesn't match the learned key code or if it doesn't receive a signal, the theft module tells the engine computer to cease and desist engine operation. Now, the driver is in Leather Personnel Carrier Mode. He or she is walking.
"Look--don't teach me how it works, just tell me how to fix it," Larry said, frustrated over my explanation.
"Please tell me you did some research, Larry--any service bulletins?"
"None that helped," Larry said. I remembered an SUV once with Articulating running Boards that quit working after someone replaced a control module. I spotted the Manufacture Enable Counter (MEC) was reading 8. This meant I had to cycle the ignition key eight times because that counter is supposed to read 0. We reset the counter to 0.
Next, I checked out the B3060.  The theft module was saying that the transponder signal received was either wrong or not learned by the vehicle.
"Where are the rest of the keys?" I asked Larry. I want both keys to do the relearn. Well, the customer was contacted, brought the other key with him and he also brought the culprit: a key tag that links to his credit or debit card so he can pay at the pump. Well, the radio frequency was interfering with the transponder chip and the module. The immobilizer operates at 125 kilohertz frequency. RF devices that operate in the 120 kHz to 135 kHz, or a multiple thereof, it can cause interference.
"Come to think of it, the car only acted up when I refueled it at the gas station that took my pay-at-the-pump toy," the customer finally admitted.
All the guy had to do was to move the RF device away from his key. End of problem.
"Thanks a lot, Jack, Larry said. "How can I show my gratitude?"
"You can pay me," I said.
"Okay, do you take Radio frequency payments?" Larry asked.
I shook my head. "Too much interference, Larry."
It is 11:00 PM on Saturday, April Fool's Day, and I just got home from Larry's shop. I'm tired. At least this will be fodder for my upcoming new thriller.
Until next time, this is Jack McGinnis, HiTech Investigations, signing off.

 

Mechanic vs. Technician

 

Recently, Jack McGinnis the technician diagnosed a speedometer that registered vehicle speed when the vehicle was in drive but not moving and a transmission that would not shift. Ineffective repairs by Bryce Gallagher, a mechanic, included replacing the engine computer, the vehicle speed sensor (twice), and the wiring from the vehicle speed sensor. Jack checked for AC voltage at the battery. It was excessive. Using his oscilloscope, AC coupled, Jack McGinnis found excessive AC ripple at the battery post of the alternator. He suggested that the mechanic change the alternator and after the repair, Jack checked the alternator again. The electrical noise was gone. Excessive AC noise can stymie electronic modules and affect digital communications.

The point I am making is that there are mechanics and there are technicians and the industry certainly needs both. Mechanics enjoy the feel of quality steel tools in their calloused, skillful hands; the fine smell of burning metal as the mechanic uses flame-torch cutting to sever an old exhaust system from a vehicle; or the sound of a precision brake lathe resurfacing a heavy drum. A mechanic knows how to take apart an entire engine and put it back together.

Technicians enjoy the challenge of diagnosing a problem using advanced technology—computer-based analysis, digital multimeters, oscilloscopes and knowledge of how the complex network of computers work together on a typical vehicle.

 

To be a good technician, you must have a love for the technical side and a passion for the mechanical performance of these complicated vehicles. To be a good mechanic, you need the skills to use hand tools effectively and perform repairs swiftly while maintaining a high-degree of quality.

 

Jack McGinnis, the technician, effectively diagnosed the problem with the alternator and Bryce Gallagher, the mechanic, performed a quality repair to quickly get the customer on her way.

Both are terrific professions and rewarding careers. This is Jack McGinnis, signing off for now.