Pentest Tools

Published on April 8th, 2016 📆 | 7217 Views ⚑

0

CANToolz — Black-Box CAN Network Analysis Framework


Convert Text to Speech

Yet Another Car Hacking Tool

 

CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MITM testing, fuzzing, bruteforcing, scanning and etc

This platform is a try to unify all needed tricks/tools and other things that you can do with CAN bus in one place. There are currently many tools available online for CAN bus hacking, from Charlie Miller and Chris Valasek tools to UDS/CAN tools by Craig Smith. They are all cool and useful, but still difficult to use in every-day work and you always need to modify/code a lot of things to get something useful out of them, to them to do what you want them to do (MITM, scanners with some logic). That’s why Black-Box CAN Network Analysis Framework: CANToolz was created . If more people contribute modules to this project, we can make it much more useful and create a truly unique framework for auto and other CANbus hackers. Black-Box CAN Network Analysis Framework has a very easy way of adding (your) modules to it and you can use “extended” version for your needs (like custom bruteforcers for chosen ECU and etc).

Black-Box CAN Network Analysis Framework: CANToolz

 

Black-Box CAN Network Analysis Framework: CANToolz presentation

 

Using a Hardware

CANToolz can work with CAN network by using next hardware:

  1. USBtin
  2. CANBus Triple

 

Fast start

sudo python cantoolz.py -g w -c examples/can_sniff.py

 

Black-Box CAN Network Analysis Framework: CANToolz defcon russia Black-Box CAN Network Analysis Framework: CANToolz

 

Modules

  • hw_CANBusTriple – IO module for CANBus Triple HW
  • hw_USBtin – IO module forUSBtin
  • mod_firewall – module for blocking CAN message by ID
  • mod_fuzz1 – Simple ‘Proxy’ fuzzer (1 byte) Can be combined with gen_ping/gen_replay
  • mod_printMessage – printing CAN messages
  • mod_stat – CAN messages statistic (with .csv file output) Analysis option (c mod_stat a) will try to find UDS/ISO TP messages
  • gen_ping – generating CAN messages with chosen IDs (ECU/Service discovery)
  • gen_replay – save and replay packets

P.S. The work is being done at the moment to add support for other types of I/O hardware and modules. Your help would be greatly appreciated. Contribute to this project.

 

Dependencies

pip install pyserial

 

Usage Examples

See more use-cases inside examples folder:

  • CAN Switch filter scanner Checking which packets can be passed from diagnostic can to HU and back and etc
  • MITM with firewall (ECU ID detection) Checking what packets are responsible for chosen “action”
  • Replay discovery Checking what packets are responsible for chosen “action”
  • Ping discovery ( with ISO TP and UDS support) UDS detection and etc

And many other options possible. Just use modules in order.

[adsense size='1']

Black-Box CAN Network Analysis Framework

 

Source && Download

https://github.com/eik00d/CANToolz



Leave a Reply

Your email address will not be published.