Car Hacking | faster reverse engineering using CanoPy

If you’ve spent any amount of time researching how to reverse engineer CAN messages then you’ve likely already come across candump and cansniffer . In this article I’m going to introduce you to a complementary tool to the can-utils package — CanoPy.

For demo purposes I’ll be using the popular ICSim (Instrument Cluster Simulator) to replicate traffic that we would normally encounter while connected to a vehicle. Let’s assume we’re trying to find an id that corresponds to the speedometer movement for some widget we’re developing.

Viewing the traffic with candump.

The data is output in a continuous stream and identifying any action is near impossible. The most common way to filter the large amount of data is to record 2 separate logs: one with the speedometer movement and one without. The logs would then be compared against each other to find the differences.

Next let’s utilize cansniffer instead.

This time the data is a lot more manageable. Rather than one long continuous stream, each line is tied to a specific id while it’s message is updated in real time. If we stare long enough we’ll likely find the id linked to the speedometer, but it’s not exactly easy since potentially only a single byte may change.

This led me to sit down and create CanoPy.

I wanted an extremely quick way to visualize the messages for each id over time.

Finally, using the same speedometer example let’s see if CanoPy makes it any easier.

As you can see, through the same process we can quickly determine that 0x244 has a relationship to the speedometer output. If needed, we can then analyze further with canutils as we now know which id’s we’re interested in.

If you’d like to try for yourself, CanoPy can be downloaded from — https://github.com/Tbruno25/canopy

Feedback? Improvements? Questions?

Leave a comment below and I’ll be sure to answer!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store