Can Bus reverse engineering tools

It really has been a while since my last post. Life takes so much time that we found it difficult to continue in our adventure and I am sorry for all the emails that we received and we weren't able to answer.

Recently I have been able to dedicate some time again to this project.
I decided to look for reverse engineering tools that could allow us to listen to the packet received from the Canbus and store and show them.
This is the first step for reverse engineering the messages from the car. We need to associate each message to each actions performed on the car and possibly recognize other useful information passing on the Can Bus.

I had a second look at the tools I talked about in a previous post. I downloaded the socketcan project files again and noticed that it had a lot of changes. Apparently they have been quite active. I set the test can bus up again a began some tests. Cansend and Candump programs are still working and everything seems like before.

I then went on with my search for tools to sniff the bus and reverse engineer the information. I looked at Wireshark tool (formerly known as Ethereal) and I tried it on the local test canbus but it gave me an error. I searched around and found some patches for libpcap (that is used by wireshark to sniff packets) that enabled it to sniff CAN packets.

I downloaded the latest libpcap and tried to apply the patch only to discover that it has already been applied. So if libpcap is CAN ready, why wireshark can't sniff CAN packets?
I went to the wireshark website and discovered a much newer version and decided to try it.
As I am a Debian GNU/Linux user, my first place to look has been the debian repository. Luckily, debian 6 (squeeze) has just been released, and this allowed the newest packages to enter the new debian testing, which is the one I'm using.

So I did apt-get install -t testing wireshark to get it updated to version 1.4.3 and tried again with the can bus. Luckily I did not get the error this time and immediately tried with some packets from cansend. It worked like a charm as you can see in this picture:

Nice and very readable. With a tool as handy and mature as wireshark, reverse engineering will be much easier. Next thing we will have to do is figure a way to collect can packets from our PICs connected to the serial port to the can bus. Stay tuned!

Good news

The chip is here! The brand new scanner has been assembled, and seems to work in our test-can-network. It is able to detect the communications between the other two chips in "listen only" mode, that is snooping the network without interfering in any way. So we can start developing the find-the-right-speed algorithm in a deterministic way.

Soon we will post photos and the first results.

See ya soon!

Time goes by... fast

It's been about a year since we last updated this blog. It's incredible how much time we need to do things, and how it's difficult to get some. Or maybe it's me aging.
Anyway. After building the "demo" can bus, we were hoping that the process of validation of our scanner should be easier. We were wrong. Not only the scanner doesn't work yet, but we faced some unexpected problems that "the pure theory" has not foreseen. The theory says "if you get a packet, you have found the right speed". Yes... but we get many packets at many different speeds, overflows, wrong packets, bursts incompatible with speed settings.... AAAARGH!!!!
We gave up for some time, but now it's revenge time.
The third PIC (PIC18F4685) is coming, and this will let us have a working bus that we know, with known speed and known packets, and we will build a CANscanner that we can test and tune on it.

The battle has begun!