Skip to content

Latest commit

 

History

History
119 lines (87 loc) · 5.32 KB

README.md

File metadata and controls

119 lines (87 loc) · 5.32 KB
Raw

List of Modules

A clean installation of Caring Caribou includes the following modules:

uds - Universal Diagnostic Services

Discovers and utilizes various ISO 14229-1 services.

  • discovery - Scans for ECUs supporting diagnostics services
  • services - Scans for diagnostics services supported by an ECU
  • subservices - Subservice enumeration of supported diagnostics services by an ECU
  • ecu_reset - Reset an ECU
  • testerpresent - Force an elevated session against an ECU to stay active
  • dump_dids - Dumps values of Dynamic Data Identifiers (DIDs)
  • write_dids - Tries to write values of Dynamic Data Identifiers (DIDs)
  • auto - Fully automated diagnostics scan, by using the already existing UDS submodules
  • dump_mem - Dumps memory of ECU
  • routine_control_dump - Dump available routines for Routine Control service

Details here: uds module

xcp - Universal Measurement and Calibration Protocol (XCP)

  • discovery - Scans for ECUs supporting XCP
  • info - XCP Get Basic Information. Retrieves information about XCP abilities of an ECU
  • dump - XCP Upload. Used to dump ECU memory (such as SRAM, flash and bootloader) to file

Details here: xcp module

fuzzer - CAN fuzzer

  • random - sends random CAN messages
  • brute - brute forces all possible messages matching a given bit mask
  • mutate - mutate selected nibbles of a given message
  • replay - replay a log file from a previous fuzzing session
  • identify - replay a log file and identify message causing a specific event

Details here: fuzzer module

dump - Dump CAN traffic

Dumps incoming traffic to stdout (terminal output) or file

Details here: dump module

send - Send CAN packets

Raw message transmission module, used to send messages manually from command line or replay dump files

Details here: send module

listener - Listener

Lists all distinct arbitration IDs being used on the CAN bus

Details here: listener module

test - Run test suite

Runs automated Caring Caribou test suites

dcm - [deprecated] Diagnostics Control Module

Note: This module has been replaced by the UDS module. It is still supported by CC due to legacy reasons.

Details here: dcm module

uds_fuzz - Universal Diagnostic Services Fuzzer

Fuzzing module for UDS security seed randomness evaluation and testing.

  • seed_randomness_fuzzer - ECUReset method fuzzing for seed randomness evaluation
  • delay_fuzzer - delay fuzzing for targets with weak randomness implemented, to match acquired seed/key pair to the delay in which the seed can be requested

Details here: uds_fuzz module

doip - Diagnostic communication over Internet Protocol

Discovers and utilizes various ISO 13400-2 services.

  • discovery - Scans for ECUs supporting diagnostics services
  • services - Scans for diagnostics services supported by an ECU
  • ecu_reset - Reset an ECU
  • security_seed - Request security seeds from an ECU
  • testerpresent - Force an elevated session against an ECU to stay active
  • dump_dids - Dumps values of Dynamic Data Identifiers (DIDs)
  • write_dids - Write values of Dynamic Data Identifiers (DIDs)
  • seed_randomness_fuzzer - ECUReset method fuzzing for seed randomness evaluation

Details here: doip module

List of libraries/utilities

The caringcaribou/utils folder contains the following:

can_actions.py

Provides abstraction for access to the CAN bus, bruteforce engines etc.

common.py

Contains various common functions, type converters etc.

constants.py

Constant definitions

iso14229_1.py

Implementation of the ISO-14229-1 standard for Unified Diagnostic Services (UDS).

iso15765_2.py

Implementation of the ISO-15765-2 standard (ISO-TP). This is a transport protocol which enables sending of messages longer than 8 bytes over CAN by splitting them into multiple data frames.

Hardware requirements

Some sort of CAN bus interface (http://elinux.org/CAN_Bus#CAN_Support_in_Linux)

Software requirements

  • Python 2.7 or 3.x
  • python-can
  • a pretty modern linux kernel

Extending the project with new modules

  • A template for new modules is available in caringcaribou/modules/module_template.py
  • Create a python file with a function module_main(args) (or copy the template) in the caringcaribou/modules directory.
  • In setup.py, add an entry under caringcaribou.modules, referencing your new module like: my_module = caringcaribou.modules.my_module
  • Run python setup.py install
  • Verify that the module is available, should be listed in the output of cc.py -h

If your new module is located in caringcaribou/modules/foo.py you will run it with the command cc.py foo. Additional arguments (if any) are passed as arguments to the module_main function.

The target

The target ECU used for the development setup of the original project was a STM32F107 based dev-board from ArcCore called Arctic EVK-M3.

During the development of Next version, ceveral industry ECUs were used, from JLR, BMW, RR, and others. Findings discovered during the development, were and will responsibly disclossed to the manufacturers, and be included in this repo.

Despite the development targets, the tool can be used against any ECU communicating over the supported interfaces.