# Read PGN/SPN csv file

Hello verybody, finally we will dive into the package analysis.
This is your first shot, so we decided to go with python due to simpliness.
Please find the PGN/SPN csv list in your repository. First we will just read it into a dataframe, which we will use later for decoding the stream. The module pandas does actually all the work for us, we just need to pass the proper parameters.

In [7]:
import pandas as pd
from pathlib import Path

In [8]:
# set file path and read into pandas dataframe
# sorry guys, but currently we are not sure if we are allowed to publish your pgn spn list
pgnSpnPath = Path('/home/akarner/Downloads/JohnFearData/pgnSpn/pgn_spn.csv') 
# make sure to pass the pipe as delimiter and remove all NaN fields
psDf = pd.read_csv(pgnSpnPath, sep='|', na_filter=False)

In [9]:
psDf

Unnamed: 0,PGN#,PGNLabel,Acronym,PGNDescription,Multipacket,PGNLength,Priority,PGNReference,SPNPos,SPN,SPNName,SPNDescription,SPNLength,Resolution,Offset,DataRange,OperationalRange,Units
0,0,Torque/Speed Control 1,TSC1,NOTE - Retarder may be disabled by commanding ...,No,8,3,,1.1,695,Engine Override Control Mode,The override control mode defines which sort o...,2 bits,4 states/2 bit,0,0 to 3,,bit
1,0,Torque/Speed Control 1,TSC1,NOTE - Retarder may be disabled by commanding ...,No,8,3,,1.3,696,Engine Requested Speed Control Conditions,This mode tells the engine control system the ...,2 bits,4 states/2 bit,0,0 to 3,,bit
2,0,Torque/Speed Control 1,TSC1,NOTE - Retarder may be disabled by commanding ...,No,8,3,,1.5,897,Override Control Mode Priority,This field is used as an input to the engine o...,2 bits,4 states/2 bit,0,0 to 3,,bit
3,0,Torque/Speed Control 1,TSC1,NOTE - Retarder may be disabled by commanding ...,No,8,3,,2-3,898,Engine Requested Speed/Speed Limit,Parameter provided to the engine from external...,2 bytes,0.125 rpm per bit,0,"0 to 8,031.875 rpm",,rpm
4,0,Torque/Speed Control 1,TSC1,NOTE - Retarder may be disabled by commanding ...,No,8,3,,4,518,Engine Requested Torque/Torque Limit,Parameter provided to the engine or retarder i...,1 byte,1 %/bit,-125 %,-125 to 125 %,"0 to 125% engine torque requests, -125% to 0% ...",%
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
5997,131067,Proprietary B - Page 1,PropB1_FB,,Yes,,,,1-8,2551,Manufacturer Defined Usage (PropB_PDU2),,"64 to 14,280 bits",,,,,
5998,131068,Proprietary B - Page 1,PropB1_FC,,Yes,,,,1-8,2551,Manufacturer Defined Usage (PropB_PDU2),,"64 to 14,280 bits",,,,,
5999,131069,Proprietary B - Page 1,PropB1_FD,,Yes,,,,1-8,2551,Manufacturer Defined Usage (PropB_PDU2),,"64 to 14,280 bits",,,,,
6000,131070,Proprietary B - Page 1,PropB1_FE,,Yes,,,,1-8,2551,Manufacturer Defined Usage (PropB_PDU2),,"64 to 14,280 bits",,,,,


# Read Wireshark (pcapng) file
We are going to use scapy module for package analysis in python

In [10]:
from scapy.all import *

In [11]:
# read your capture file
capturePath = '/home/akarner/tulocal/JohnFear/captures/13Feb2020.pcapng'
capture = rdpcap(capturePath)

In [12]:
# get some information from a random package 
#   -> this will be 2712 package in wireshark
pack = capture[2711]

# general about the package
print(pack)

# package fields
print(pack.fields)

# value from a field
print(pack.fields['src'])

# get raw payload
print(pack.payload)

b'\x00\x01\x01\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0c\x91\xfe\xff\x8c\x08\x00\x00\x00\x83\xfc\xf4\xf0\xf0\xff\xff\xff'
{'pkttype': 1, 'lladdrtype': 280, 'lladdrlen': 0, 'src': b'\x00\x00\x00\x00\x00\x00\x00\x00', 'proto': 12}
b'\x00\x00\x00\x00\x00\x00\x00\x00'
b'\x91\xfe\xff\x8c\x08\x00\x00\x00\x83\xfc\xf4\xf0\xf0\xff\xff\xff'


In [13]:
# custom poc j1939 class, which will dissect { canId, pgn and data }
class j1939():
    def __init__(self, bdata):
        self.bdata = bdata
        self.canId = None
        self.pgn = None
        self.data = None
        
        self._readCanId()
        self._readPgn()
        self._readData()
    
    def _readCanId(self):
        canId = bytearray(4)
        # pack canId bytes
        for idx in range(0, 4):
            struct.pack_into('!B', canId, 4 - (idx+1), self.bdata[idx])
        
        # remove first 3 bits from msb -> 0x1f and mask
        canId[0] &= 0x1f
        self.canId = bytes(canId)
    
    def _readPgn(self):
        # remove last byte
        pgn = bytearray(self.canId[:-1])
        # reserve just first two bits from first byte
        pgn[0] &= 0x03
        self.pgn = int.from_bytes(pgn, byteorder='big')        
    
    def _readData(self):
        self.data = self.bdata[8:]
    
    @staticmethod
    def getHexString(bytearr):
        return '0x' + ''.join('%02x' % b for b in bytearr)
        
    def __str__(self):
        return 'j1939[canId: %s, pgn: %i, data: %s]' % (j1939.getHexString(self.canId), self.pgn, j1939.getHexString(self.data))
        

Finally we have prepared your poc j1939 class which extracts all the information out of the raw payload.
Further all the pgn and spns are loaded to your pandas dataframe, so everything is prepared for linking them together.

Because pandas supports joining dataframes, we will transform the captured data into a dataframe and join by pgn the information to it.

In [15]:
# initiate new dataframe, seems like this takes very very long :)
capDf = pd.DataFrame(None, columns=['ccanid', 'cpgn', 'cdata'])
for cap in capture[:100]:
    m = j1939(cap.payload.load)
    capDf = capDf.append({'ccanid':m.canId, 'cpgn': m.pgn, 'cdata': m.data}, ignore_index=True)

In [16]:
capDf

Unnamed: 0,ccanid,cpgn,cdata
0,b'\x00\x00\x00\x0c',0,b'\x00\x00\x04\x00\x00\x00\x00\x00'
1,b'\x00\x00\x00\x0c',0,b'\x00\x00\x04\x00\x00\x00\x00\x00'
2,b'\x00\x00\x00\x04',0,b'\x00\x00\x00\x00\x00\x00\x00\x00'
3,b'\x18\xee\xff\x00',61183,b'\x81\x90&\x04\x00\x00\x02 '
4,b'\x18\xee\xff\x14',61183,b'\x93\x13 \x04\x00\x11\x00 '
...,...,...,...
95,b'\x18\xea\x8c\x14',60044,b'\t\xff\x00\x00\x00\x00\x00\x00'
96,b'\x18\xea2\x14',59954,b'\t\xff\x00\x00\x00\x00\x00\x00'
97,b'\x18\xea\x06\x14',59910,b'\t\xff\x00\x00\x00\x00\x00\x00'
98,b'\x18\xea1\x14',59953,b'\t\xff\x00\x00\x00\x00\x00\x00'


In [17]:
# let's start the join fun
result = pd.merge(capDf, psDf, left_on='cpgn', right_on='PGN#')

print(result)

# dump the result as csv
result.to_csv('result.csv', sep='|')