Can Bus reverse engineering tools

It really has been a while since my last post. Life takes so much time that we found it difficult to continue in our adventure and I am sorry for all the emails that we received and we weren't able to answer.

Recently I have been able to dedicate some time again to this project.
I decided to look for reverse engineering tools that could allow us to listen to the packet received from the Canbus and store and show them.
This is the first step for reverse engineering the messages from the car. We need to associate each message to each actions performed on the car and possibly recognize other useful information passing on the Can Bus.

I had a second look at the tools I talked about in a previous post. I downloaded the socketcan project files again and noticed that it had a lot of changes. Apparently they have been quite active. I set the test can bus up again a began some tests. Cansend and Candump programs are still working and everything seems like before.

I then went on with my search for tools to sniff the bus and reverse engineer the information. I looked at Wireshark tool (formerly known as Ethereal) and I tried it on the local test canbus but it gave me an error. I searched around and found some patches for libpcap (that is used by wireshark to sniff packets) that enabled it to sniff CAN packets.

I downloaded the latest libpcap and tried to apply the patch only to discover that it has already been applied. So if libpcap is CAN ready, why wireshark can't sniff CAN packets?
I went to the wireshark website and discovered a much newer version and decided to try it.
As I am a Debian GNU/Linux user, my first place to look has been the debian repository. Luckily, debian 6 (squeeze) has just been released, and this allowed the newest packages to enter the new debian testing, which is the one I'm using.

So I did apt-get install -t testing wireshark to get it updated to version 1.4.3 and tried again with the can bus. Luckily I did not get the error this time and immediately tried with some packets from cansend. It worked like a charm as you can see in this picture:

Nice and very readable. With a tool as handy and mature as wireshark, reverse engineering will be much easier. Next thing we will have to do is figure a way to collect can packets from our PICs connected to the serial port to the can bus. Stay tuned!

Can Bus specifications

The official (I think) CANBUS specification can be found at CIA, that stands for Can In Automation. There are both base and extended protocol. They seems to be very clear and intuitive and I think they will be very helpful as soon as we start coding some CAN sniffer or similar. I have to start thinking about how big the sniffed data will be and where to store that so that we can study it easily. Maybe the only choice for this is a database (for which I guess mysql would do pretty well).
We'll see soon. Coding time is approaching!

Great Can Bus hacked page on a Saab

I have found this really interesting page here. It is from a guy who reverse engineered the instrument bus on a Saab. This bus is called I-bus and is based on CAN bus. He gives a lot of information on how he did it, starting from locating the connector, attaching to the bus and interfacing with the PC, along with the tools he used.
It is very similar to what we would like to do and thus we can get lots of advices from it. There are important differences though. He bought ready-to-use CANBUS connectors while we are trying to do it by ourselves. Well actually he says that he tried to do it himself but could not make it work so he switched to commercial products, but he does not give much information on how he tried and what did not work.
The other big difference is that as he is using commercial products, he also has access to programs on Windows platform that can decode bus messages and help during reverse engineering. We won't have these programs because of our do-it-yourself choice and also because we plan to use Linux to get access to the bus by using a serial interface. This is clearly much harder to do but I hope it is not so hard that we will eventually be forced to switch to commercial products.
We will also have to develop our own programs on the Linux platform, but this should not be a big problem. We have to look around for already existing projects to see if we can reuse some code.

This page also gives us a real example of what the message on CANBUS looks like and how they are used by the car. He also explains how the information is spread on multiple messages as for the case of the radio display. Definitely an helpful page!