Hacking my Roommates Car - Linux CAN Bus sniffing
Вставка
- Опубліковано 10 бер 2023
- In this video, I take advantage of the OBD2 port on my roommate's Honda Accord to sniff some CAN packets. The CAN bus is used by all electronic control units (ECUs) in a car to send and receive data from other ECUs.
In previous videos, I explain how CAN works, and I show how to set up a virtual machine on your laptop to set up a CAN interface in Linux. I also showed where you can get a CAN to USB converter module.
[OBD2 port cable]
www.amazon.com/dp/B081N7G2BR?...
[CAN to USB Converter]
www.amazon.com/dp/B07P9JGXXB?... - Наука та технологія
This is great! Exactly what I need to be able to start a car hacking project.
you r one of best engineer I have seen on youtube, please keep your video, right now I am learning can knlowdege from you to communicate all motors in my robot arm.
I've been very interested in reverse engineering canbus, its totally unencrypted and wide open. I have coming soon a wifi canbus server that i can hook up to a vehicle. I'd like to do something like sort and log data in a database somewhere as it comes in from the vehicle.
I wondered What would happen if i just changed values around and sent that to the vehicle.
Do Teslas have the equivalent of an ODB-II port? I know there are videos that show how to extract the data, but it required a dongle and some effort to install it. I'm trying to see how they're able to leave it off if it's a US Federal requirement.
As a side issue, the Software Wireshark is also interesting.
To reprogram a keyfob, do you need the can bus to be communicating?
When I do cansniffer can0 -c, I just keep getting can messages scrolling. It doesn't stick to the 27 rows (slots?) like you have. All the IDs just keep scrolling so fast, I can't even tell which IDs I want to focus on for changes to the messages/payload. I also don't see the column headers like "ID" or "DATA". I feel like it's my terminal settings? Any help fixing this would be much appreciated!
I think this is because of your terminal. When you open terminal go up top and select terminal and either reset or select one of the choices in the drop down. You can also open a new terminal then push and hold the windows key then an arrow key. I usually use windows right then open another terminal and hit windows left. They should take up half of your whole screen. If you try to resize it'll get wonky again. Just select q to quit cansniffer then exit to close the terminal. Then reopen. Hope this helps.
I tried doing the exact same process that u did. For some reason, I could not find can0 when I give the ‘ip link ls’ command. I did this after connecting to the obd port of my car. Can you tell me what is that I m doing wrong or is there any pre-requisite that I need I m missing out? It would be a HUGE favor. Thanks
Is it possible to decode can data if we just have the can frame id? If yes can you please guide.
Cool video btw
Did you try to send CAN to trigger the wipers / lights? I'd be curious if the system allowed sending messages to those zones/domains.
I did not, I am also curious...
Yeah that's what I was hoping to see too, whether you can send or edit those live values? Say to turn the lights on or whatever, now that you know what ones are changing and to what values.
Here's a new challenge... most vehicles 2020+ have what they call fake engine sounds, even non-bose or "premium" audio systems in cars have fake engine enhancing sounds piped into the audio amplifier. mazda cx5 says they are sent from the head unit tp the bose amplifier via CAN, there's 2 can hi/low wires going into the amp. there is also a pulse width modulation control wire and an audiopilot mic +/- wire. i'm thinking it's not as simple as unplugging the can wires int othe amp, because maybe the amp won't turn on and or function properly. there is a catch, if any of the doors are not closed, the fake audio sound won't get pumped thru the speakers. maybe there's a workaround? currently there is no way to disable to fake engine sound sent to the speakers via mazda software, or a press-and-hold button sequence in the cabin. * I believe PCM stands for powertrain control module. this amp takes signals from the ignition, engine tachometer, and transmission so it knows what gear it's in to send the proper audio track to the speakers. what i'm hearing is a slight delay, almost like the fake sound is a few Hz behind the actual engine frequency at any given RPM and it gives it an unpleasant sound as if something is vibrating or off.
This is intriguing!
Does this mean I can just use Linux to read obd2 codes instead of buying the code readers? If so, do you know how, cause that'd be really helpful 😁
I was wondering the same thing. If it’s possible, it would make a cool video!
Yes and no. You would need to send OBD PID's over CAN to have them respond with the diagnostic codes.
There are some legislated codes (ones that are generic that all OEM's use), but there will be some custom ones that only a certain OEM will use. If they are custom, you will get a number, but not necessarily what the code means.
for some reason, when i use cansniffer -c can0 command, i don't see the can messages being dumped. is there something that i'm doing wrong? perhaps wrong bitrate or could you give me any other suggestions to troubleshoot my issue? Thanks a lot in advance
Reading data from unprotected diagnostic interface is not hacking ;) I think it would be hacking if you were able to open the doors or start the engine without key.
😭
hacker: n.
[originally, someone who makes furniture with an axe]
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.
3. A person capable of appreciating hack value.
4. A person who is good at programming quickly.
5. An expert at a particular program, or one who frequently does work using it or on it; as in ‘a Unix hacker’. (Definitions 1 through 5 are correlated, and people who fit them congregate.)
6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example.
7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.
8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker. The correct term for this sense is cracker.
The term ‘hacker’ also tends to connote membership in the global community defined by the net. It also implies that the person described is seen to subscribe to some version of the hacker ethic.
It is better to be described as a hacker by others than to describe oneself that way. Hackers consider themselves something of an elite (a meritocracy based on ability), though one to which new members are gladly welcome. There is thus a certain ego satisfaction to be had in identifying yourself as a hacker (but if you claim to be one and are not, you'll quickly be labeled bogus). See also geek, wannabee.
This term seems to have been first adopted as a badge in the 1960s by the hacker culture surrounding TMRC and the MIT AI Lab. We have a report that it was used in a sense close to this entry's by teenage radio hams and electronics tinkerers in the mid-1950s.
From catb.org
You are wrong sniffing is a real thing
HI
I did all the steps but I don't get any information from obd2 port.
The car is Hyundai Azera 2019. please guide me.
Thank you.
Hello
newer hyundai models have "CAN bus gateway" and it blocks the data from OBD port
you need to directly splice wires to the required module that you want to read
also can i know what are you tring to do ? im curious because i have 2016 azera
So i have exactly the same set up, innomaker usb2can with termination resistor. When i candump into terminal i get nothing. The leds on the immo are all lit up red. I am getting data on the bus though as if i plug in my can interface that came with my standalone ecu the recieve led goes mad. I've checked continuity and all good to the pins.
Is the CAN socket UP?
Hacking ?!? you simply show the CAN Frames on the BUS - hacking is different...
Are you interested in writing code for PIC or Atmel micro, that will sniff the CAN and give an output only when the car is in Ignition? Its a paid gig, of course.
Hi, I’m not looking for more work right now. Thanks for the offer!
Oh. Dude who put ev motor in Rx8 has done this already. If you mean you want ghost can from missing sensors or something similar.
thats so sick
I will try this metode for kobelco excavator.. I hope succes
How is a hacked vehicle repaired? Who would fix it or where would i start. Ty for any feedback
just unplug the OBD cable i guess
In this particular case, the vehicle is fine. If you suspect some ECUs in a car are infected, the manufacturer would probably need to reflash the firmware and wipe the flash memory.
can we able to retransmit the can messages to the car itself using cansend command..
That’s a good question 🧐, my roommate was pretty explicit though when he gave me read-only permission to his car
@@EV_engineer Can we transmit the can messages using the hardware you used in the video that's can2usb.
@@yuvanthik3254 Yes
Great video is it possible to drive the car ?
I assume you mean drive the car and log the CAN signals? Yea that’s doable
Can you share the links to purchase these devices
Sure! Updated the description
@@EV_engineerhopefully you put in affiliate links! I just purchased via your links! Thanks for the video!
Hi,
Great job, will you be interested to complete a small project for USD6,000?
Dude.
Just because you can post something online, it's doesn't mean you should.