Yesterday was New Software Day. I occasionally release a program or 2 that I’ve used to automate my life. In this case, I have release Can-Hax, which is a tool that I wrote to fuzz Controller Area Network (CAN) frames using a Linux OS with can-utils involved.
CAN is a way for sensors, controllers, and other things connected on a CAN bus to communicate with each other. They send a CAN ID which is typically 3 hexadecimal characters, then a payload with a variable length and a ton of “0” as fillers. The payloads can be anywhere from 4 to 24 characters and are unique to each vehicle. You end up spending a lot of time and effort to reverse-engineer the CAN ID and payload schema.
I’m teaching a part-time Internet of Things class through ThriveDX. As part of the course, we use the Instrument Cluster Simulator (ICSim) which is a project that gives you a simulated vehicle dashboard and a controller to change the speedometer, flash the turn signals, and lock and unlock the doors. I thought the project and labs were pretty cool, so I extended them to hack up the different CAN functions in the software and get to the point where I could make the 4-way flashers work, exceed the vehicle speed limit, and control the doors manually. All while looking at network packets.
Why Can-Hax?
I wrote Can-Hax to solve 2 problems and to extend the labs even more.
- Fingerprinting devices based on a sample of data taken off of the CAN bus. The fingerprinting process identifies which CAN IDs are used, which characters in the payload are used, and if the characters seem to be decimal or hexadecimal. This really gives us a reduced set of possibilities for fuzzing.
- Fuzzing using the fingerprint as seed data to test all of the possible values that we have observed in the fingerprint. To save time for a larger set of possibilities, you can also use “just the highlights” or an adaptive approach that computes the complexity of the pattern and fuzzes based on that.
The software is here, go take it for a spin (pun intended).
Published on February 15, 2022.
Last Updated on 1 month ago.