CANToolz — Black-Box CAN Network Analysis Framework
Yet Another Car Hacking Tool
CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MITM testing, fuzzing, bruteforcing, scanning and etc
This platform is a try to unify all needed tricks/tools and other things that you can do with CAN bus in one place. There are currently many tools available online for CAN bus hacking, from Charlie Miller and Chris Valasek tools to UDS/CAN tools by Craig Smith. They are all cool and useful, but still difficult to use in every-day work and you always need to modify/code a lot of things to get something useful out of them, to them to do what you want them to do (MITM, scanners with some logic). That’s why Black-Box CAN Network Analysis Framework: CANToolz was created . If more people contribute modules to this project, we can make it much more useful and create a truly unique framework for auto and other CANbus hackers. Black-Box CAN Network Analysis Framework has a very easy way of adding (your) modules to it and you can use “extended” version for your needs (like custom bruteforcers for chosen ECU and etc).
Using a Hardware
CANToolz can work with CAN network by using next hardware:
Fast start
sudo python cantoolz.py -g w -c examples/can_sniff.py
Modules
- hw_CANBusTriple – IO module for CANBus Triple HW
- hw_USBtin – IO module forUSBtin
- mod_firewall – module for blocking CAN message by ID
- mod_fuzz1 – Simple ‘Proxy’ fuzzer (1 byte) Can be combined with gen_ping/gen_replay
- mod_printMessage – printing CAN messages
- mod_stat – CAN messages statistic (with .csv file output) Analysis option (c mod_stat a) will try to find UDS/ISO TP messages
- gen_ping – generating CAN messages with chosen IDs (ECU/Service discovery)
- gen_replay – save and replay packets
P.S. The work is being done at the moment to add support for other types of I/O hardware and modules. Your help would be greatly appreciated. Contribute to this project.
Dependencies
pip install pyserial
Usage Examples
See more use-cases inside examples folder:
- CAN Switch filter scanner Checking which packets can be passed from diagnostic can to HU and back and etc
- MITM with firewall (ECU ID detection) Checking what packets are responsible for chosen “action”
- Replay discovery Checking what packets are responsible for chosen “action”
- Ping discovery ( with ISO TP and UDS support) UDS detection and etc
And many other options possible. Just use modules in order.
[adsense size='1']
Black-Box CAN Network Analysis Framework
Gloss