Tuesday, December 19, 2023

Automotive Hacking

Important Python Tools :

1.Can-utils: It is a framework, communicate with CAN protocol




Step:1----Open--->Virtual Car simulator :




Step:2----Start--->Virtual CAR simulator and Controller:


Virtual CAR simulator :

Controller:



Step:3----Start--->candump command:(To monitor the all CAN messages and signals)



2.Caringcaribou:
Caringcaribou: It is an security exploration tool on CAN network. Its used to find what services are running and vulnerabilities exits.

Step:1----pip install python-can



Step:2----git clone for caringcaribou module using below method:






Configure:

Python-Can uses a configuration file ~/.canrc to specify a CAN interface. The contents of this file might e.g. be:

[default]
interface = socketcan
channel = can0






Step3---->Run the caringcaribou:


OHO MY GOOD.WE GOT ERRORπŸ˜’πŸ˜’πŸ˜’


Before starting Caringcaribou,we must start VCAN0:



Step4---->start---->IC simulator and controller with seed level 2:



Step5---->Monitor the traffic


With time stamp:




3.Capture and Replay attack:

Step1:




Step2:Exploring the dump option(save the log in text file):


Step4:Exploring the Send option:


Replay attack:


Right indicator ON via replay attack:


Doors open via replay attack:


Capture and replay attack completed.


4.Getting Unique ID in CAN network(listener module):



Listener module used to find no of unique identifier(IDs) in CAN network.

example:




5.Fuzzer Brute Force attack:

Find which ID mapped to which Function:
    1.ID for Door Lock and Unlock
    2.ID for indicator.
    3.ID for Acc
Fuzzer:


Fuzzer random:



Fuzzer random is used to send random value in particular CAN-ID

ex:
$ ./cc.py fuzzer random -id 0x6c6(Door module)



DOOR lock/unlock:


Indicator right/left:

        $ ./cc.py fuzzer random -id 0x403(indicator)


Acceleration :

        $ ./cc.py fuzzer random -id 0x27c(Acceleration)


Conclusion:


5.2-Fuzzer-Brute:



This sub module used to send Arbitration id and Brute force the data(ex 123.AB..)



Can data is 8 byte. above command( $ ./cc.py fuzzer brute 0x6c6 ..).Here .. means it checks first byte of CAN data.




command for 2nd byte brute force attack:

command---->$ ./cc.py fuzzer brute 0x6c6 00 ..


command for 3rd byte brute force attack:

command for 5th byte brute force attack:





Note:5th Byte is responsible for Doors


Save the data in text file:


5.3-Fuzzer identify:

This module used to find exact data for particular function(ex: door module, Acc, indicator)






      


Command--->./cc.py fuzzer identify -d 2 test_door.txt

Here d---delay
2--->2 seconds
test_door.txt--->previously we store the log in that file

Send the door id with data in CAN:





Note: Finally we found exact data for Door lock and unlock πŸ˜†πŸ˜…πŸ‘


Indicator data(0x403):


Save this data into file:



Check the file:


Perform the identify module:




Left indicator:



Right indicator:


Both light:



5.4-Fuzzer UDS:



UDS discovery is used to find Client and Server ID:







ECU Reset:





-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Accessing Automation Desk With XIL API via Python:

Quick Overview : Replace the HIL API Python import directive with calls to clr.AddReference() (a command of the Python for .NET package), by...