I hope you have gone through the previous blogs, where we discussed about OBD-II. In this blog we will look into can-utils. Which contains user space utilities for Linux CAN subsystem. I suggest you to follow me throughthe blog while trying the commands in real time, for hands on grip.
Introduction
In a previous blog, we discussed CAN bus protocol. Let us consider a scenario where we have the required hardware to sniff the bus. Now, all we need is a software tool that helps in analyzing the bus. One such tool is called can-utils. Basically can-utils is more like a Swiss army knife.
Can-utils is a command line Linux utility that contains basic tools which can display, record, generate and replay CAN traffic. Along with these basic operations we can also calculate busload, convert log files and it also contain ISO 15765-2:2016 tools.
In this blog we will look into these tools which helps us analyze CAN bus.
- candump.
- cansniffer.
- canplayer.
- cangen.
- cansend.
Can-utils
To install can-utils in your learning space, use the following command.
sudo apt-get install can-utils -y
Before doing some hands on around can-utils, let’s create a virtual can network in our Linux machine. Use the following commands.
sudo modprobe can
sudo modprobe vcan
sudo ip link add dev vcan0 type vcan
sudo ip link set up vcan0
setting up viirtual can network demo.
Note: We will be using vcan0 from now, while conducting an assessment you can replace with the name of the network which you give while setting up.
Candump:
It is used to display, filter and log the can bus data to files, it basically dumps the packets flowing in the bus on the screen. Candump has several options to play with data floating in the bus. We can see the packets data in both binary mode and ASCII mode, it can also separate packets from different buses by color coding them. We can use the following command to color-code the bus while the data is shown in both binary and ASCII formats.
candump –c -i –a vcan0
We can also log the traffic in the bus using candump.
candump –l vcan0
cansniffer:
Unlike Candump, cansniffer display all the packets which are currently appearing in the bus. It has different options to color code the bits which are changing in a particular ID. Also, we can toggle between binary mode and ASCII mode using “b + ENTER” to color code the bits which are updating we can use “-c” while entering the command or “c + ENTER” live.
cansniffer vcan0
Use “ c + ENTER ” to color code.
Use “ b + ENTER ” to toglle between binary and ASCII outputs in live.
Cangen:
It is used to generate random traffic In a bus, it also has advanced features where we can set the gap in milli seconds, generate CAN FD frames, send can packets with RTR frames and etc.
cangen vcan0
In order to understand more about canplayer and cansend, I’ll be using ICsim. ICsim is a great tool to practice car hacking on a bus level and do a virtual demonstration of attacks..
Canplayer:
As discussed above we can log the packets flowing in the bus into a log file. Canplayer helps us in playing back the log files. The command for the same is,
canplayer –I <*filename>
In this we will recording the signal indication packets of ICsim and replay them using canplayer. Yup we did a repaly attack on indication node.
Cansend:
Using Cansend we can send both CAN 2.0 & CAN FD frames depeending on the bus we are analysing. The command is,
cansend vcan0 <ID>#<DATA>
Finally, lets dump, record and play the signal indication of ICsim using can-utils.
replay attack on ICsim demo video.
If you’ve gone through these tools help pages or manuals, you’ll find lot of options to craft the commands according to the bus you’re assessing.
Conclusion:
We hope this blog post made you a comfortable to use Can-utils with ease. If you are reading up to this point, you are very much interested in Automotive security. This blog post aimed to give you an idea about CAN Bus protocol which is widely used in Automotive architecture. Going forward, the next blog post will decode some of the famous car hacks happened in the history. I hope you enjoyed reading this as much as I enjoyed writing it : )
About Payatu
Payatu is a research-powered cybersecurity service and training organization specialized in IoT, embedded, mobile, cloud, infrastructure security, and advanced security training. We offer a full IoT/IIoTT ecosystem security assessment, including hardware, firmware, middleware, and application interfaces. In the last 8+ years, Payatu has performed, security assessment of 100+ IoT/IIoT product ecosystems and we understand the IoT ecosystem inside out. Get in touch with us. Click on the get started button below.