Welcome back, my aspiring automobile hackers!
Now that we laid out the basics of the most common protocol used in automobiles, the Controller Area Network or CAN, we can now proceed to installing the can-utils. can-utils is a Linux specific set of utilities that enables Linux to communicate with the CAN network on the vehicle. In this way, we can sniff, spoof and create our own CAN packets to pwn the vehicle!
What are the can-utils?
CAN is a message-based network protocol designed for vehicles. Originally created by Robert Bosch GmbH, the same folks who developed the CAN protocol. In addition, SocketCAN is a set of open-source CAN drivers and a networking stack contributed by Volkswagen Research to the Linux kernel.
Step #1: Installing the can-utils
If you are using the Kali or other Debian-based repositories, you can download and install can-utils with apt-get.
kali > apt-get install can-utils
If you are not using the Kali repository or any repository without can-utils, you can always download the can-utils from github.com using the git clone command.
kali > git clone https://github.com/linux-can/can-utils
The Basics of the can-utils
The CAN utilities are tools to work with CAN communications within the vehicle from the Linux operating system. These tools can be divided into several functional groups;
1. Basic tools to display, record, generate and play can traffic
2. CAN access via IP sockets
3. CAN in-kernel gateway configuration
4. Can Bus measurement
5. ISO-TP tools
6. Log file converters
7. Serial line discipline (slc) configuration
Initially, we will concern ourselves with just the basic tools and the log file converters.
For a complete list of the tools in can-utils and their functionality, see the table below.
1. Basic tools to display, record, generate and replay CAN traffic
candump : display, filter and log CAN data to files
canplayer : replay CAN logfiles
cansend : send a single frame
cangen : generate (random) CAN traffic
cansniffer : display CAN data content differences (just 11bit CAN IDs)
2. CAN access via IP sockets
canlogserver : log CAN frames from a remote/local host
bcmserver : interactive BCM configuration (remote/local)
socketcand : use RAW/BCM/ISO-TP sockets via TCP/IP sockets
3. CAN in-kernel gateway configuration
cangw : CAN gateway userpace tool for netlink configuration
4. CAN bus measurement and testing
canbusload : calculate and display the CAN busload
can-calc-bit-timing : userspace version of in-kernel bitrate calculation
canfdtest : Full-duplex test program (DUT and host part)
5. ISO-TP tools ISO15765-2:2016 for Linux
isotpsend : send a single ISO-TP PDU
isotprecv : receive ISO-TP PDU(s)
isotpsniffer : ‘wiretap’ ISO-TP PDU(s)
isotpdump : ‘wiretap’ and interpret CAN messages (CAN_RAW)
isotpserver : IP server for simple TCP/IP <-> ISO 15765-2 bridging (ASCII HEX)
isotpperf : ISO15765-2 protocol performance visualisation
isotptun : create a bi-directional IP tunnel on CAN via ISO-TP
6. Log file converters
asc2log : convert ASC logfile to compact CAN frame logfile
log2asc : convert compact CAN frame logfile to ASC logfile
log2long : convert compact CAN frame representation into user readable
7. Serial Line Discipline configuration (for slcan driver)
slcan_attach : userspace tool for serial line CAN interface configuration
slcand : daemon for serial line CAN interface configuration
slcanpty : creates a pty for applications using the slcan ASCII protocol
Setting Up a Virtual CAN network
In my next article in this series, we will be connecting to the CAN network in your vehicle with various hardware devices. These are relatively inexpensive ($10-20) and I highly recommend you purchase one, if you want to master automobile hacking. If you can’t or won’t purchase one of these hardware devices, you can always set up a virtual CAN network.
To set up a virtual CAN network;
first, load the vcan (virtual CAN) module;
kali > modprobe vcan
Then, set up your virtual interface;
kali > ip link add dev can0 type vcan
kali > ip link set up vcan0
Once we have set up our virtual CAN connection (vcan0), we can test to see whether it is up by using the ifconfig command, like we would with any other interface in Linux.
kali > ifconfig vcan0
Now, we are ready to begin work with CAN communications. We only need now to connect our Linux operating system to the vehicle. There are numerous devices, means and connection types to do so. We will look at a few of these in my next article in this series, so keep coming back.
Look for my upcoming course soon on Automobile Hacking!