Car Hacking | faster reverse engineering through bus visualization
If you’ve spent any amount of time researching how to reverse engineer CAN messages then you’ve likely already come across candump and cansniffer . In this article I’m going to introduce and show you how visualizing
For demo purposes I’ll be using the popular ICSim (Instrument Cluster Simulator) to replicate traffic that we would normally encounter while connected to a vehicle. Let’s assume we’re trying to find an id that corresponds to the speedometer movement for some widget we’re developing.
Viewing the traffic with candump.
The data is output in a continuous stream and identifying any action is near impossible. The most common way to filter the large amount of data is to record 2 separate logs: one with the speedometer movement and one without. The logs would then be compared against each other to find the differences.
Next let’s utilize cansniffer instead.
This time the data is a lot more manageable. Rather than one long continuous stream, each line is tied to a specific id while it’s message is updated in real time. If we stare long enough we’ll likely find the id linked to the speedometer, but it’s not exactly easy since potentially only a single byte may change.
⠀
This led me to sit down and create CanoPy.
I wanted an extremely quick way to visualize the messages for each id over time.
⠀
⠀
⠀
Finally, using the same speedometer example let’s see if CanoPy makes it any easier.
As you can see, through the same process we can quickly determine that 0x244 has a relationship to the speedometer output. If needed, we can then analyze further with canutils as we now know which id’s we’re interested in.
⠀
Edit 04/25/2023:
canopy is now can-explorer and can be found here — https://github.com/Tbruno25/can-explorer
Feedback? Improvements? Questions?
Leave a comment below and I’ll be sure to answer!
