Prompt

Ohm Motors has requested assistance with conducting a security audit on their CAN Bus protocol. They have provided a small code snippet. Use this to help you complete this report.

int speed_id = 589;
int speed_pos = 3;
struct canfd_frame frame;

while (PollEvent(&event) != 0) {
    read_data(&event, &frame);
    if (frame.can_id == speed_id) {
        double speed = frame->data[speed_pos] << 8;
        speed += frame->data[speed_pos + 1];
        speed = speed / 100;
        speed = speed * 0.6213751;
        update_speed(speed);
    }
}

Tutorial Video

Walk-Through

This challenge involves analyzing a capture of CAN bus data. CAN bus is a protocol used to send messages between vehicle microcontrollers and devices. The CAN bus protocol only provides a means of transporting the messages - another protocol is needed to provide the structure for any application data. This makes the code snippet necessary for the analysis of this data because it provides a means for interpreting the underlying application data. A good starting point for understanding this data capture would be a review of the provided code snippet.

int speed_id = 589;
int speed_pos = 3;
struct canfd_frame frame;

while (PollEvent(&event) != 0) {
    read_data(&event, &frame);
    if (frame.can_id == speed_id) {
        double speed = frame->data[speed_pos] << 8;
        speed += frame->data[speed_pos + 1];
        speed = speed / 100;
        speed = speed * 0.6213751;
        update_speed(speed);
    }
}

Using context clues such as the fact that CAN bus is used on vehicles and the variable name speed_id, it appears that a CAN bus ID of 589 is used to communicate data regarding the speed of the vehicle.

int speed_id = 589;
int speed_pos = 3;
struct canfd_frame frame;

while (PollEvent(&event) != 0) {
    read_data(&event, &frame);
    if (frame.can_id == speed_id) {
        double speed = frame->data[speed_pos] << 8;
        speed += frame->data[speed_pos + 1];
        speed = speed / 100;
        speed = speed * 0.6213751;
        update_speed(speed);
    }
}

Multiple steps are needed to convert the data in the CAN bus frame into a speed value.

double speed = frame->data[speed_pos] << 8;

speed += frame->data[speed_pos + 1];

speed = speed / 100;

speed = speed * 0.6213751;

Using some intuition and context clues, it appears that the 2 bytes at positions 3 and 4 in the CAN bus frame data represent an integer that is a speed in kph with up to 2 decimal points of precision. This understanding of the CAN bus data should make further analysis much easier.

To solve the first two questions, open the CAN bus data in Wireshark and then export the CAN bus ID and data from each frame to a CSV file. You can then open the CSV in a spreadsheet editor and use filters to obtain the answers.

1. Select any of the frames and expand the CAN bus and data dissections

2. Right-click on the ID and select Apply as Column

3. Right-click on Data from within the Data dissection and select Apply as Column

4. Select File → Export Packet Dissections → As CSV…

Questions

How many unique CAN Bus IDs are present in this capture?

Export the CAN bus IDs and data as a CSV file, then use a spreadsheet editor to calculate the number of unique CAN bus ID values.

How many speed update messages are present in this capture?

Export the CAN bus IDs and data as a CSV file, then use a spreadsheet editor to count the number of times calculate the number of lines that contain 589 in the ID column.

What is the maximum speed, in mph, that this vehicle reached in the capture?

Export the CAN bus IDs and data as a CSV file, then filter the data to only include lines that contain 589 in the ID column, then write a script that will ingest the data column of the CSV and perform the same calculations the code snippet to calculate the maximum speed.

©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.