The $5 wrench solution to heavy trucks CAN hacking
A resource for tips, tutorials, and resources for hacking CAN and SAE J1939. It's not the most elegant or sophisticated set of tools. But it will get the job done.
sudo ip link set can0 down
sudo ip link set can0 up type can bitrate 500000 dbitrate 2000000 fd on
sudo ip link set can1 down
sudo ip link set can1 up type can bitrate 500000 dbitrate 2000000 fd on
sudo ip link set can0 down
sudo ip link set can0 up type can bitrate 500000
cangen can0 -I 18DA00F9 -D 023E00 -L 8 -e -g 3000can0: The CAN interface (replace with your actual interface name).-I 18DA00F9: Sets the arbitration ID to0x18DA00F9(ID for diagnostics).-D 18DAF900: Sets the data field to0x3E00(Tester Present with positive response).-L 8: Sets the data length to 8 bytes.-e: Allows extended ID frames.-g 3000: Sets the gap between messages to 3000 milliseconds (3 seconds).
If you want to suppress the positive response, you can use 0x3E80 instead:
cangen can0 -I 18DA00F9 -D 023E80 -L 8 -e -g 3000Link: https://github.com/CaringCaribou/caringcaribou
Using Caring Caribou to discover UDS devices on the CAN network.
caringcaribou -i <INTERFACE> uds discovery -min 0x18daf100 -max 0x18daf1ff
# INTERFACE could be something like vcan0 or can0, etc.
To do an automated UDS discovery you can try something like
caringcaribou -i <INTERFACE> uds auto -min 0x18daf100 -max 0x18daf1ff
Getting UDS seeds
caringcaribou uds security_seed 0x03 0x01 0x18da00f1 0x18daf100 -d 0.5 -r1
Full docs: https://github.com/CaringCaribou/caringcaribou/blob/master/documentation/uds.md
Automated Threat Evaluation of Autmotive Diagnostic Protocols contains a nice table mapping threats to UDS services.
- RE Tooling
- Godbolt - Compare compilers output online
- Dogbolt - Compare decompilers online