Share on facebook
Share on twitter
Share on linkedin
Share on vk
Share on reddit
Share on whatsapp
Menu

CANToolz aka YACHT (Yet Another Car Hacking Tool)

Comments Off on CANToolz aka YACHT (Yet Another Car Hacking Tool)
CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MITM testing, fuzzing, bruteforcing, scanning or R&D testing and validation.
This platform is a try to unify all needed tricks/tools and other things that you can do with CAN bus in one place. I have found, that there are many tools available, from Charlie Miller and Chris Valasek tools to UDS/CAN tools by Craig Smith.
More details and use-case published in the blog See wiki (currently in dev.): WIKI
Using a Hardware
CANToolz can work with CAN network by using next hardware:
  1. USBtin
  2. CANBus Triple
Fast start
sudo python cantoolz.py -g w -c examples/can_sniff.py
Then use browser and connect to http://localhost:4444
Modules
  • hw_CANBusTriple – IO module for CANBus Triple HW
  • hw_USBtin – IO module forUSBtin
  • mod_firewall – module for blocking CAN message by ID
  • mod_fuzz1 – Simple ‘Proxy’ fuzzer (1 byte) Can be combined with gen_ping/gen_replay
  • mod_printMessage – printing CAN messages
  • mod_stat – CAN messages statistic (with .csv file output) Analysis option (c mod_stat a) will try to find UDS/ISO TP messages
  • gen_ping – generating CAN messages with chosen IDs (ECU/Service discovery)
  • gen_replay – save and replay packets
P.S. of course we are working on supporting other types of I/O hardware and modules. Please join us! Main idea that community can produce different modules that can be useful for all of us 8)

 

Dependencies
python 3.4
pip install pyserial
Usage Examples
See more use-cases inside examples folder:
  • CAN Switch filter scanner Checking which CAN frames can be passed from diagnostic interface to HU and back
  • MITM with firewall (ECU ID detection) Checking what packets are responsible for chosen “action”
  • Replay discovery Checking what packets are responsible for chosen “action”
  • Ping discovery ( with ISO TP and UDS support) UDS detection and etc
And many other options possible. Just use modules as “needed”. Example with DIFF mode, to find door unlock commands.

 

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Menu
Live Chat
RESOURCES
Menu
Get Started
TOOLBOX
Menu
Tools Directory

2014 – 2019 | Haxf4rall.com               Stay Connected:

Facebook Twitter Instagram Youtube