Wednesday, February 16, 2011

Can Bus reverse engineering tools

It really has been a while since my last post. Life takes so much time that we found it difficult to continue in our adventure and I am sorry for all the emails that we received and we weren't able to answer.

Recently I have been able to dedicate some time again to this project.
I decided to look for reverse engineering tools that could allow us to listen to the packet received from the Canbus and store and show them.
This is the first step for reverse engineering the messages from the car. We need to associate each message to each actions performed on the car and possibly recognize other useful information passing on the Can Bus.

I had a second look at the tools I talked about in a previous post. I downloaded the socketcan project files again and noticed that it had a lot of changes. Apparently they have been quite active. I set the test can bus up again a began some tests. Cansend and Candump programs are still working and everything seems like before.

I then went on with my search for tools to sniff the bus and reverse engineer the information. I looked at Wireshark tool (formerly known as Ethereal) and I tried it on the local test canbus but it gave me an error. I searched around and found some patches for libpcap (that is used by wireshark to sniff packets) that enabled it to sniff CAN packets.

I downloaded the latest libpcap and tried to apply the patch only to discover that it has already been applied. So if libpcap is CAN ready, why wireshark can't sniff CAN packets?
I went to the wireshark website and discovered a much newer version and decided to try it.
As I am a Debian GNU/Linux user, my first place to look has been the debian repository. Luckily, debian 6 (squeeze) has just been released, and this allowed the newest packages to enter the new debian testing, which is the one I'm using.

So I did apt-get install -t testing wireshark to get it updated to version 1.4.3 and tried again with the can bus. Luckily I did not get the error this time and immediately tried with some packets from cansend. It worked like a charm as you can see in this picture:

Nice and very readable. With a tool as handy and mature as wireshark, reverse engineering will be much easier. Next thing we will have to do is figure a way to collect can packets from our PICs connected to the serial port to the can bus. Stay tuned!

4 comments:

  1. Hi, Very interesting project.
    Which hardware do You use to catch Vectra Can Bus?
    I have USB/OPCom device with windows soft but i find no way how to use it with Linux yet.
    Best Regards
    Serge

    ReplyDelete
  2. Please keep posting! I recently got rid of my Vectra but plan to get a VXR at some point. Even when I had the old one, I had always intended to have a crack at the CAN!

    ReplyDelete
  3. High speed can is 500Kbps, Midspeed (IVELAN) is 125Kbps on my Astra H and the Lowspeed (singlewire) CANbus is always 33.3Kbps.

    The protocols on top of that is EOBD, GMLAN and the vehicle specific stuff. EOBD is well documented, for GMLAN look up the GMW3110 standard (and the OSEK COM standard it is built on top of) and the vehicle specific is of course not public in any form.

    Currently tinkering around with my Astra H, wanting to build a digital dashboard and learn more about the computer systems in the car.

    ReplyDelete
  4. I'm looking at doing a Car PC project and would love to interface with the CANbus for steering wheel audio controls, plus eventually display some of the info thrown around the BUS.

    I have a few PIC18 boards with a CAN port that I could use to interface with it. Did you ever get connected to the vectra via the PIC chip? Or did you only manage using the USB device?

    Have you discovered anything more since your last post?
    Thanks!

    ReplyDelete