Car Hacking | faster reverse engineering through bus visualization

TJ Bruno
2 min readApr 14, 2021

--

If you’ve spent any amount of time researching how to reverse engineer CAN messages then you’ve likely already come across candump and cansniffer . In this article I’m going to introduce and show you how visualizing

For demo purposes I’ll be using the popular ICSim (Instrument Cluster Simulator) to replicate traffic that we would normally encounter while connected to a vehicle. Let’s assume we’re trying to find an id that corresponds to the speedometer movement for some widget we’re developing.

Viewing the traffic with candump.

candump

The data is output in a continuous stream and identifying any action is near impossible. The most common way to filter the large amount of data is to record 2 separate logs: one with the speedometer movement and one without. The logs would then be compared against each other to find the differences.

Next let’s utilize cansniffer instead.

cansniffer

This time the data is a lot more manageable. Rather than one long continuous stream, each line is tied to a specific id while it’s message is updated in real time. If we stare long enough we’ll likely find the id linked to the speedometer, but it’s not exactly easy since potentially only a single byte may change.

launch CanoPy

This led me to sit down and create CanoPy.

I wanted an extremely quick way to visualize the messages for each id over time.

Finally, using the same speedometer example let’s see if CanoPy makes it any easier.

CanoPy demo

As you can see, through the same process we can quickly determine that 0x244 has a relationship to the speedometer output. If needed, we can then analyze further with canutils as we now know which id’s we’re interested in.

Edit 04/25/2023:

canopy is now can-explorer and can be found here — https://github.com/Tbruno25/can-explorer

Feedback? Improvements? Questions?

Leave a comment below and I’ll be sure to answer!

--

--