Renault Captur II PHEV - SGW Gateway bypass - Enabling wireless Android Auto / CarPlay

[arn-2469]

Warnings

This post is only meant to educate and entertain.

• Do not consider it a guide.
• I do not recommend to follow these steps.
• This is merely a documentation of my experience.
• Whenever I say "other guides", I am referring to forum posts found online elsewhere, not implying this post itself is a guide.

What is described here is a risky procedure, which may lead to loss of warranty or severe damage done to the car, aesthetic or functional. I am not, in any way, responsible for any damage incurred if you choose to repeat what you see here.

The patient/victim

My car is a 2022 Renault Captur 2 PHEV Intense.

• It has the "PRNDB" shifter, not the fancier E-Tech shifter with the floating console. The only difference between them will be underlined when it will matter.

Introduction

The CAN bus

In a vehicle, most of its independent modules (engine control unit, transmission control unit, multimedia unit, instrument cluster, parking sensors, etc) must be able to communicate with each other.

• For example, the engine control unit may need to communicate with the instrument cluster to operate the speedometer, or the parking sensors may need to communicate with the multimedia unit for visual parking assistance, or pretty much any combination of modules.

This is done by connecting each module to a CAN bus, which a vehicle may/should have multiple of.

Typically, each module is given an "importance level" and is put on the corresponding CAN bus.

• For example, the engine control unit and the transmission control unit are of high importance, as their communication is mandatory for the vehicle to drive.
• As such, they would be put on their own CAN bus, along with other very important modules like the ABS control module.
• Other low-priority devices such as the multimedia unit and parking sensors would be grouped together on their own CAN bus as well.
• This is done so that data of low importance does not slow down or block the transmission of important data.

But there are also many cases where modules which reside on different buses need to communicate with each other.

• This is facilitated by what's known as the "CAN gateway", a module which is connected to all of the CAN buses of the vehicle.
• Its main job is to take data from a bus and copy it to another bus, depending on how it's configured.
• For example, it might take the "speed" data from the bus of the engine control unit and copy it to the bus of the instrument cluster, so that it can display the vehicle speed.

The CAN gateway is also the module which handles the OBD2 diagnostic port.

• It determines which module a diagnostic request is meant for, and it copies that request to the CAN bus where that module is located.
• Then, whatever the module responds with, the gateway copies back to the diagnostic port.

So, in the case of diagnostics, the only job of the gateway is to act as a middleman between the exposed OBD2 port and the CAN bus where the targeted module is connected. The data itself is typically not altered.

• This means it would be possible to skip the gateway entirely and send diagnostic requests directly on the required CAN bus, though without the benefit of being able to access any module inside the vehicle.
• While connected to one of the buses "after" the gateway, I have discovered that I can still access some modules from other buses on my car, so it seems it also copies diagnostic requests that aren't necessarily coming from the OBD2 port.

The secure gateway (SGW)

In newer Renault cars (starting from the Clio V or the Captur II), the CAN gateway has been locked down, so that it's no longer possible to change a module's configuration using the OBD2 port.

• The intended way of getting over this limitation is "unlocking the gateway" using a special Renault token (available to dealerships), which requires an internet connection in order to be validated, so that it can be tracked.

But, knowing it is possible to skip the gateway, this whole protection can be bypassed by connecting a diagnostic interface directly to the required CAN bus instead of plugging it into the OBD2 port.

The plan

The module with the most configurable options in my car is the Navigation module (Easylink). It can be accessed from the "Multimedia" CAN bus.

• I initially had the misconception that I would be able to also access the Cluster module by being connected to this bus.
• I am indeed able to access it, but it's clearly going through the gateway, as no "write" requests are accepted.

The Multimedia bus is most easily accessed on the data connector of the Easylink module, which is located above the glovebox.

The plan is to "tap into" the 2 wires of the bus (CAN LOW, CAN HIGH), which will then be connected directly to the ELM327 diagnostic interface.

It is obviously necessary to have a connection with these 2 wires while the data connector is plugged into the Easylink, so I need to "backprobe" the pins of the connector.

My idea, different to other guides, was to pull those 2 wires to my own connector, which I could hide at the back of the glovebox, to make it possible to access the CAN bus at any time.

The tools

All screws that needed to be taken out were of size Torx T20 (and of the same shape and dimensions, so it's not possible to mix them up).

1. I got myself a regular T20 screwdriver, instead of using a set with interchangeable bits, because I felt it would be more useful, being thinner and longer.

2. I also used some plastic prying tools, as not to damage the soft plastic parts by using metal tools.

3. A multimeter (for voltage measurement) was used for identifying the 2 wires after they had been tapped out of the connector.

4. An ELM327 was the diagnostic tester of choice. I followed the DDT4ALL guide on which model to choose.

• I made a mistake some time ago by getting the cheapest ELM327 available, it was complete junk.
• Instead, I looked for one with many (believable) good reviews, and it has not failed me yet.

5. A female OBD2 port (like the one on the car), with wires included, was used for feeding the CAN (and power) wires into the ELM327.

6. A male OBD2 port (like the one on the ELM327) was used for taking the power wires from the OBD2 port and feeding them into the female port and into the ELM327.

• I could have replaced this with a standard 12V cigarette lighter plug, but those ports typically lose power when the ignition is turned off, unlike the OBD2 port, so I didn't go that route.
• I could have probably skipped this step by getting a wired USB ELM327 instead of the usual wireless Bluetooth model, because they shouldn't need 12V power for the CAN bus functions.

7. A laptop running DDT4ALL was used for coding the module, and pyren3 was used for making a backup of configurations.

• For DDT4ALL, I was able to find the required "ecu.zip" database file somewhere in a discussion or closed issue on the GitHub page, and also in the "downloads" channel of the Discord server, also found similarly.
• The same "ecu.zip" will not work for pyren3; I had to find the original DDT2000 data on some other forum. The file name is "DDT2000 Database Update 10.02.2021". I created the folder "DDT2000data" in the same folder as pyren3, and copied the DDT2000 files and folders in there.

8. Dupont male-to-female wires, as commonly found in Arduino kits, could have been used for backprobing the Easylink connector.

• Instead, I went with a bit of a different approach compared to other guides, so I had to solder some wires and connectors, I will describe this later.
• So, the soldering could have been avoided.

9. A bit of tape was used for securing the 2 wires from coming loose under vibration.

Preparations at home

For backprobing the connector, I got the idea to cut 2 sewing needles and solder wires to them.

As I previously explained, I wanted to pull the 2 wires to my own connector.

• For this, I found some random 4 pin female header connector with a hole blocked off, so that I wouldn't be able to accidentally plug the connector in backwards.
• I could have just taken a regular female pin header and blocked off one pin by melting it with the soldering iron.

I color-coded the wires: black for CAN LOW and red for CAN HIGH, with the intention to keep those colors consistent, in order not to mix them up or keep checking pinouts every step of the way.

To this connector, I soldered 2 wires which lead into a WAGO terminal block, for easy connection.

I felt the need to extend the wires, but in the end it wasn't really necessary, they don't have to be this long.

I did have a "plan B" in case these needles were too thin to sit snugly in the plastic molding of the connector next to the pins, so I also took some of those dupont wires.

• The female part of the wire was cut off and the wire was stripped.
• In the end, this was needed, as I broke one of my needle wires during the job.

So, these 2 backprobing wires, the WAGO terminals, the connector wires and the 4 pin connector will be sitting "permanently" in the glovebox.

Now, for the part which will be attached when necessary, with the female OBD2 port:

I didn't exactly have a male OBD2 plug on hand, so I sacrificed my junk ELM327 to serve as a power source.

• I opened it up, removed the PCB, and soldered 2 wires to the GND pins and the 12V pin (by following a pinout online).
• Then, I pulled these wires out of its casing and put them into WAGO blocks, to help with extending them.
• I chose the most random long cable I could find, a braided mains power wire. It doesn't matter, as long as its resistance from one end to another isn't excessive, which would have caused voltage drop.
• I agree it looks ridiculous, but it's functional.

On the other side of the extended power wires, they went into WAGO blocks, then to the wires going to the female OBD2 plug, to the GND connections and the 12V connection.

For the CAN wires, I made a matching 4 pin male connector, with one pin missing, to go over the plugged hole in the connector (again, to protect against plugging it in backwards).

• These wires go into the female OBD2 plug, to the CAN LOW and CAN HIGH connections, again keeping the same wire colors to avoid confusing myself later.

So, this was the resulting "harness", with power coming from the car's original OBD2 port, and CAN coming from the backprobed wires at the Easylink module.

• I put both pairs of wires (needles and dupont) in the WAGO blocks, in case I would need them at the car (and I'm glad I did).

At the car

My only goal was to take the glovebox out.

• Unfortunately, I severely underestimated the complexity of this job, based on the guides available for other cars.
• This is not the place to complain about French engineering, as much as I would like to.
• I "only" had to take half the dashboard off to accomplish this, and I suspect this was done intentionally, to deter people like me from doing exactly this.

Taking the "Passenger airbag off" knob off

The first 2 screws are hidden by a piece of trim that can only be removed after taking off the airbag knob panel, located at the end of the dashboard, on the passenger side.

I used my plastic prying tool to pull the panel off at the corner which was facing me.

Everything is held by those yellow plastic clips, which I got very acquainted with during this job.

I proceeded to simply pull the rest of the panel off. It was not necessary to remove any rubber seals, as others guides suggest.

The connector for the knob was removed by pressing the tab and pulling it out.

Then, the piece of trim on the right side of the glovebox was taken off by pulling it perpendicularly.

Taking the gear lever console off

Yep, the next 2 screws are hidden by another piece of trim, which the shifter console blocks.

The first step is to take the gaiter off.

• This procedure is mentioned in the car's manual, but explained improperly (or not at all).

I took the gaiter off by getting both my hands in the "leather" boot of the shifter, curling my fingers under the edges and pulling straight up.

Under it, there are 3 screws.

After taking them off, I was able to grab the console by the sides and pull it towards me, to unclip it.

• The 12V lighter socket and AUX+USB ports come with it.

Then, the piece of trim on the left side of the glovebox was taken off by pulling it perpendicularly, and twisting it around the shifter console.

I did try to work with the console like this (only slightly pulled out), but eventually I had to get it out of the way.

• To do this, I unplugged the 3 connectors at the back of the panel and rotated the console 180 degrees (I didn't want to remove the gear lever knob to remove the console entirely).
• This was facilitated by putting the shifter in position B, by pressing the yellow button underneath the gaiter and shifting it normally.

Taking the soft dashboard trim off

After removing the first 4 screws and pulling on the glovebox like an idiot for a few minutes, I realized something else must be holding it.

• Searching around with a flashlight, I found there were also 2 screws at the top.

I started by unclipping the trim at the right side, where I had taken the airbag knob panel off.

• I didn't get a picture of this, but there was just a plastic tab hooked on, which I pulled apart.

The whole part is held by those yellow clips, so I just had to pull it towards me, for the most part.

At its left end, it's held by a piece of plastic on the navigation screen / climate control panel.

• I found no way of removing that part, so I just pulled on the soft trim and wiggled it in place until it came out.
• This was very tedious.

Overview of the 6 glovebox screws

Starting from the bottom right side, in order:

Taking the glovebox off

In theory, the glovebox should just come out when pulling perpendicularly, but I didn't have such luck.

• That non-removable trim at the end of the soft trim was now in the way of the glovebox on the left side.

At the time, I didn't know that trim was not removable, so I started taking more stuff apart to maybe help remove it.

Under the climate controls, there are 2 screws holding the panel.

• Excuse the picture, I hadn't removed the shifter console yet at this point.

With the screws off, the climate control panel unclips from the top side by pivoting it upwards.

Here, I discovered that the annoying trim piece is actually plastic-welded to another piece of plastic, they are melted together.

• As an effort to make the trim easier to pull and bend, I decided to take this screw out.

I did attempt to remove the whole Easylink screen, but it was also held at the top, and I honestly didn't have the desire to even finish this job anymore.

I got another person to help pull on the trim towards themselves from the driver seat, while I wiggled the glovebox towards myself and to the right.

• The first hurdle is to take the glovebox off those 2 square pegs, after which it becomes a bit more mobile.
• I also disconnected the glovebox light so it wouldn't interfere, it was another simple connector with a tab.
• I accidentally left my phone with the flashlight activated on the ground under the glovebox, which actually helped me see where the glovebox was catching on that trim, so I could move it out of the way.
• The glovebox finaly popped out and I set it aside.

Backprobing the Easylink data connector

I had to get myself on the floor under where the glovebox was, and look up to see the Easylink module (huge shiny rectange).

I needed to get to the connector that is as close to the "ceiling", on the right side in the previous picture.

It has a little tab at the top (in the middle), so I just pressed it and pulled the connector and it came out.

• I did the same with the connector under it, so that I had more space.

I knew I had to tap into pins 20 and 40 on the connector, which are those in the top right corner and in the bottom right corner in the previous picture.

• I didn't (and I still don't) know which one is CAN LOW and which one is CAN HIGH, but that was going to be determined using the multimeter anyways.

Pushing a bit too hard, I managed to break one of my needle wires, so I switched to the duponts.

• Then, one of them felt too loose, so I ended up mixing a needle wire with a dupont wire.
• Not pretty, but both were snug.
• I secured them to the harness with some tape.

I plugged both connectors back into the Easylink and got up.

Taking a step back, this is how the setup looked:

I turned on the car's ignition and measured voltage with my multimeter: between a ground (metal part of chassis) and any of the 2 wires there were between 2V and 3V.

• This meant the backprobes were making good contact.
• 0V would have meant they had become disconnected.

Reassembly

As they say, it's the reverse of disassembly.

I first grabbed the glovebox and found a hole at the back, covered by some felt material, through which I inserted my female 4 pin connector.

I traced my steps backwards, making sure not to miss any screws.

The worst part was fitting the soft dashboard trim back, there was a lot of pulling and prying and bashing, but it worked out in the end, with no aesthetic damage.

Identifying the CAN wires

I now had CAN LOW and CAN HIGH, but which was which?

Following other guides, I once again measured the voltage between ground (metal chassis) and each wire.

• A voltage below 2.5V indicates CAN LOW. I had 2.3V on one wire, so that was LOW.
• A voltage above 2.5V indicates CAN HIGH. I had 2.7V on the other wire, so that was HIGH.

Now, the fact I had color-coded my CAN wires came in handy.

• I checked at the female OBD2 port, and (miraculously) LOW was on black and HIGH was on red, as I had planned.
• Had they been the other way around, I would have opened up the female OBD2 port, de-pinned it, and swapped the 2 wires around, as I couldn't access the WAGO connectors anymore.

DDT4ALL modifications

I connected my male OBD2 plug to the car's OBD2 port, the male 4 pin plug to the female 4 pin plug I pulled in the glovebox, and the ELM327 to the female OBD2 plug.

The lights on the ELM327 came on, so power was good.

Now, to check the diagnostic connection.

I opened my laptop's Bluetooth settings, selected to add a new device, found the one named "OBDII" and used the PIN 1234.

Before DDT4ALL, I opened pyren3, to get a dump of the Navigation unit's current settings, if I ever needed to restore them.

• On the main page, I selected the Port of the ELM327.
• I pressed Start DDT.

In the window that opened, I selected my car: xJB New Captur (C1A).

Below, I scrolled to the Navigation-UCC-ITM module, and pressed Scan selected ECU.

It was recognized, proving the connection was working. I scrolled up to it, clicked it again and pressed Connect selected ECU (ON-line).

A little pop-up window showed a progress bar while creating a dump.

• This was all I needed pyren3 for.
• In its folder, in pyren3\dumps there was now a new file; this was the dump, which I also copied somewhere else for safekeeping.

I opened DDT4ALL, selected the COM port of the ELM327, ticked the box that says I understand the risks of using the program, and went into Connected mode from the main screen.

In the top left corner, I selected the car Renault New Captur (C1A) and clicked on the magnifying glass icon next to it.

• It found my navigation module and a few others.

As a side note, I had previously updated the Easylink to the latest software, following a well-known guide from drive2.ru.

• I had only done this update, as other people pointed out that wireless Android Auto would not work on an older version, even after enabling it in DDT4ALL.
• This meant that the software version was too new for DDT4ALL to recognize and pick out a suitable file automatically.
• Fortunately, close to nothing is changed between versions (regarding diagnostics), so a slightly older file worked perfectly.

Below, I scrolled to the Navigation-UCC-ITM module, expanded it and double clicked the latest version, which was A-IVI v2.8.

It then went to the box below that, and I clicked it to load it.

Expanding the Configuration menu, I scrolled to System Information $DAB1, and clicked it to load it.

In the menu that appeared, at the top, on the right, I clicked READ ALL, to ensure all fields were filled with actual data from the car.

I then scrolled down to the BT/Wifi/Carplay/Android Auto section.

• There, Android_Auto and CarPlay were already set to Enabled, so I only had to set Wireless_Android_Auto_function and Wireless_CarPlay_function to ON.
• A bit further down, I set Wifi_function, WiFi_IVC_tethering and WiFi_5GHz_support to Enabled.

To prepare for sending this modified data to the car, I pressed the Expert mode button in the top left corner, for DDT4ALL to unlock itself for writing.

I pressed WRITE ALL to send the data, then Key Off/On Reset to reboot the Easylink.

After the reboot, I was able to find a new Wi-Fi menu in Settings > System > Devices manager.

• I changed it from OFF to ON(in the photo, the SPCX option is enabled; this wasn't here initially, it is because I took the photo after already configuring Android Auto; the first time, I just set it to ON).

I went to the regular Devices menu (in the other tab) and clicked the 3 dots in the bottom left of the screen to remove devices and removed my phone.

I then connected my phone again through Bluetooth, and the Easylink asked me if I wanted to use it for Bluetooth or for Android Auto.

• I chose Android Auto, and it started perfectly and is currently working.

Other modifications

I was also able to enable the "4x4 Info" menu, which shows inclination and a compass, and also some extra settings in the menu.

While messing around in there, I made the mistake of enabling multiple things at a time, so I don't know which one actually caused this, but my cluster would no longer change appearance when going to Sport mode, and the Cluster option was missing from MultiSense.

• Fortunately, I had my dump file created with pyren3.
• I first investigated a bit in the DDT4ALL Edition mode to find which UDS request was sent for the HMI configuration and MEX configuration menus.
• Then, I found the Navigation unit's responses to these requests, containing the previous configuration values.
• I modified the responses, so instead of starting with byte 62 (response for reading), I made them start with byte 2E (request for writing).
• I used the Manual command button in the toolbar at the top, selected the Extended session, copied the entire command into Input and pressed Enter on the keyboard.
• After using one of the Key Off/On Reset buttons in one of the screens, the configuration was restored, everything was working like before, and I was able to start enabling other options again, albeit more carefully.

[arn-2469]

Part 2 - BCM bypass for accessing other modules

Many thanks to user @KarelSvo for helping me with this.

---

Introduction

The BCM (body control module) is a sort of gateway, as it ties multiple CAN buses together, among other functions.

• It is located above the fuse panel, under the steering wheel.

Using the Easylink bypass documented in my previous post, it is only possible to change the configuration of the Navigation module, and a few others like Telematics.

Bypassing the SGW (secure gateway) at the BCM should allow access to the rest of the modules.

Preparations at home

I just made another of my 4-pin connectors with WAGOs at the other end, going to 2 male dupont wires.

• I didn't fuss around with needles this time, the duponts are perfectly adequate.

I didn't mention this previously, but it is not necessary to cut one end of the duponts in order to secure them in a WAGO lever connector.

• Whether the other end is male or female doesn't matter, it's possible to lift a tab on the plastic part of the connector and remove it, leaving the metal crimp.
• This metal pin/socket can be clamped in the WAGO normally.

At the car

The first step was to remove the gear shifter console, as explained in the previous post.

Then, at the end of the dashboard, at the driver side door, I pulled the end panel off, like with the airbag knob in the previous post.

I unclipped and remove the entire panel which spans from the fuse panel to the shifter console, going under the steering wheel.

• The bottom right corner of the panel was a bit stubborn, catching on the trim below the shifter console. I first had to twist this corner out.

This gave me plenty of access to the fuse panel and BCM.

• There is a dashcam kit installed here, don't mind it.

This is the BCM.

The connector of interest is "DS1 - GREY", which I removed by pressing the tab and pulling it out.

• I tried inserting the dupont pins without removing the connector, but there is not enough space around the pins while they are centered by the male connector.
• I did this with the ignition off, knowing things would stop working once I disconnected it.
• Indeed, the cluster and Easylink shut off, probably due to missing CAN messages.

The 2 important pins are annotated in the picture.

I inserted my pins and taped them up to the harness.

I then plugged the connector back into the BCM.

• A few relays clicked, and the cluster and Easylink started up.
• There were electrical faults on the screen, as expected.
• They went away after starting the ignition, once the car completed its self-tests.
• I still erased the fault codes with the ELM327 in the regular port.

Even though I knew which wire was CAN LOW and which one was CAN HIGH, I still checked with a multimeter.

• Between GND and LOW, I had ~1.9V.
• Between GND and HIGH, I had ~2.5V.
• The logic is similar to the Easylink bypass, but the voltages are different. It all depends on the amount of traffic on the CAN bus anyways.

I plugged the other ends of the duponts into the WAGOs, to connect them to my 4-pin harness.

• I was careful to remove the plastic casing of the duponts one by one, so they didn't short to each other or to ground.

I then proceeded to reassemble everything, by once again tracing my steps back.

Pyren

I opened pyren and Scanned for modules, this is what was found:

I closed and reopened it, clicking Start DDT.

• I selected my car like in the previous post, this time selecting the Meter Cluster module and scanning for it.
• Once found, I connected to it.

I waited for the dump to be completed, closed pyren, found the file and copied it somewhere else.

I was asked why I don't just do the whole configuration in pyren, it's because it is laggier than DDT4ALL, to the point where it's frustrating, at least for me. I am planning to test a fix, but I haven't yet.

DDT4ALL

I opened Connected mode, selected my car, selected Meter Cluster and pressed the magnifying glass icon.

• It found a suitable file for my cluster (Cluster_C1A_RUN2_V2.18), and I clicked it to load it.

Here is a list of what could be changed and seems safe to (everything staring from the Configuration menu):

1. Configuration 1

• Language_CF - default language, used before the Easylink changes it
• ExternalTemperature_CF - presumably shows the outside temperature on the cluster, I've herd it only works on the smaller screens, didn't try it
• OilLevelPresent_CF - was already enabled for me, I would have thought it adds a new menu, but it's probably just for warnings
• SCRMMI_CF - AdBlue management stuff
• LDWMMI_CF - presumably enables the lines for the lane departure warning; for some reason, it was set to "without", even though I have LDW, so I didn't dare touch it
• ATBeepInR_CF - it makes the cluster do the "engine start" chime (once) when shifting into Reverse, or maybe it would have actually beeped while moving, but I didn't test it since I don't want this feature

2. Configuration 2

• ESCMMI_CF - presumably enables the messages "ESC deactivated" and "ESC activated"; it was already enabled for me
• AWDMMI_CF - presumably adds a torque/inclinometer page to the MultiSense menu in the cluster; it didn't work for me, the added page was empty; probably the firmware of my cluster, which is PHEV-specific, just doesn't have this page, because there probably weren't any AWD PHEV cars made
• Chassis1MMI_CF - adds a tire pressure (?) graphic page to the MultiSense menu; it worked, but I'm not sure it's actually for tires
  • update: the wheels on the icon turn when turning the steering wheel; is it maybe just a visualizer for 4 wheel steering? but then again, was it possible to get the 4WS option on a PHEV?
• UPAMMI_CF - shows the parking sensors in the middle of the screen when they are activated; it worked
• FrontSBRInhibition_CF - presumably disables the seatbelt warning for the front seats
• ChronoTachographPresense_CF - forgot to test
• OverspeedWarningPresent_CF - was showing "without" even though I have it, so I didn't touch it
• Clock_CF - I think it's the same story as the outside temperature display, only for smaller screens
• TPSMMI_CF - I tried setting it to "TPMS" even though I only have TPW, but all I got was a "Check TPW" fault upon ignition, which disappeared after reconfiguring to "TPW", clearing the fault in the ABS module and initializing TPW normally

3. Configuration design

• MexType_CF - presumably configures which driving modes are available
• ADACWorldPresence_CF - refers to the tabs at the top of the cluster
  • ADAS - presumably adds the graphics for Adaptive Cruise Control if you have it, it didn't do anything for me
  • Icon - presumably something to do with the MultiSense tab
  • Audio - presumably the music tab
  • Nav - enables the navigation tab; it was already enabled for me, but some people don't have this tab where they can see some basic navigation guidance from the built-in nav or from Waze
  • MEX - presumably the driving mode display on the right side, or the scrollable menus
• EgocarType_CF - model of car in the middle of the screen
• EgocarColor_CF - color of that car
• WelcomeSequenceType_CF - presumably the little animation that plays on startup
• GGDiagramMMI_CF - should enable a G-force graphic in the MultiSense menu, but the page was unfortunately blank for me
• WaterTempPageMMI_CF - adds a coolant temperature gauge in the trip computer tab, it was already enabled for me

4. Configuration HEV/PHEV/EV

• EnergyFlowMMI_CF - configures the energy flow graphic in the MultiSense menu; I tried setting it to show the HVAC too, but the flow page became blank, so I reverted it to the "simplified" mode
• RegulEVInfosMMI_CF - adds a current, voltage, rpm page in the trip computer tab, it worked for me