Reverse Engineering CAN - Some people are really good at it, and some are not. What makes it so hard and what does it actually involve?

As most of you know, modern cars use many many electronic controllers, some up to 30-50 per car. Rather than use a spider web of wires to connect each signal to various controllers, CAN was invented as a way to increase data efficiency and reduce wiring costs. Eventually it became popular enough that it became the standard communication method. That all being said, each manufacturer chooses how to implement the data on the CAN and do not publish this information as it could be unsafe. For us tinkerers in the aftermarket, some companies reverse engineer the CAN and make products to bypass some of the proprietary limitations. So how is this done?

Well the first step is to get onto the correct CAN network. As cars increase in complexity and implement more ECUs, the CAN networks start to get crowded so the manufacturers begin to split them up. While less advanced cars may only have 1 network, other manufacturers may have up to 6 or 7. They split them up based on the functions of the controllers on each network. For example, one may be a powertrain CAN which has the Engine ECU, Transmission TCU, and ABS unit, among others. An interior CAN may have things like the door locks and power windows on them. An Entertainment CAN may have the radio and dashboard on it. Truly, the only way to know how many CAN networks are in each car, and what is on EACH CAN network is to obtain a wiring diagram for the car.

Once you know which CAN network you want to reverse engineer, or 'sniff'.. we can use tools like our CANbus Development Kit to get onto the network. We suggest a primer on CAN before reading this, but basically a CAN message consists of an ID and Data. Now modern CAN networks will have over 100 IDs and the fun begins with finding the ID your particular piece of data is on.. Let's use a Cruise Control Switch as an example. It is usually an on or an off type of thing. So you can sit in your car and repeatedly press the Cruise Control Button and look for data that is changing with the press of the button. Now once you find it, you have to figure out if that data is the button or the little indicator on the dash as they both will come on at the same time.

Pressures - Oil Pressure, Fuel Pressure, Intake Pressure, are all relatively hard to find as they are usually constant when the engine is off and operate within a small range when the engine is on.
Temperatures - Coolant, Intake, Fuel, etc. are a little bit easier to find as they go up and down in set increments: 88 degrees, 89 degrees, 90 degrees, etc.
Physical Buttons & Throttle Pedal are the easiest to find as they can either be on or off..

Lastly, if you do find the temperature or pressure you are looking for, then the next step is to figure out the units the manufacturer is using and what the scaling is for that data point. Some math is generally involved.

It all just takes practice, but the more detailed your request, the more time consuming and thus, expensive it may be. 
Keep that in mind next you want someone to "ehh just reverse engineer it."