Modern cars is currenly using technology on all aspect. Especially electric car like tesla, hyundai, NIO and more. Almost everything on modern cars are use automobile systems such as cars integrated with hundreds of sensors and control systems that connected with computers and communicate with software systems in order to provide various features to the driver. Because of that, this car also have some vulnerabilities that can be exploit.
Right now a lof of pentesters is focus on car hacking to find vulnerabilities on modern car and try hacking it with some hardware hacking kit. This is the real threat because attacker can be remote the car.
What is 4CAN?
The 4CAN is a Raspberry Pi HAT which provides 4 CAN interfaces. The 4CAN is 100% compattible with socketcan and can-utils, and is very easy to get up and running. A microUSB-UART serial adaptor is included to make troubleshooting the pi easier, and there are 4 LEDs on board, 2 of which are bidirectional green/red. And the best news of all is the 4CAN is open source, so you can build your own!
And also this open source tool can be implemented on any hacking scenario like hacking modern car.
Why?
There aren’t many cheap devices which offer 4 CAN interfaces, compatible with socketcan, and is small, compact, and fits nicely with a Raspberry Pi. Having 4 CAN busses allows testing 4 CAN buses simultaneously, as well as doing CAN-in-the-middle with 2 buses simultaneously.
Compatible Hardware
Tested on the following raspbian images using a pi3b+
4can also works with the Raspberry pi 4
4can should also work with a pi0w, but it’s recommended to use at least a pi3b. Also recommend using a heatsink on the pi, because the pi can get a little toasty running 4 can interfaces.
Installation
Run the install.sh script (requires sudo) to automatically install everything, and then reboot.
The install script will do the following:
1. Copy the 4 mcp2515-canx.dtbo files to /boot/overlays
2. Append 4can setup to /boot/config.txt (makes a backup of original /boot/config.txt just in case)
Usage
Before using 4can, make sure that the socketcan kernel module is loaded with sudo modprobe can_dev. This shouldn’t be necessary since the pi will load the correct kernel module based on the device tree, but it doesn’t hurt to check.
Once installed, run the 4can.sh to bring up CAN interfaces ./4can.sh
wire up the can interfaces and do candump -acc any to check they are working. note: requires can-utils to install sudo apt install can-utils
Note: Sometimes interfaces come up out of order, reboot the pi and that should fix it. If not, you might have to modify /boot/config.txt.
Recommended Wiring
Remember to connect the external CAN ground to the 4can ground (the “C” connection on the screw terminal). This will ensure good ground integrity and minimize tx/rx errors.
When using the 4can with the HyenaPlate, the CAN wires can be routed underneath the pi and connected to the breadboard. This is mainly for aesthetics, but other benefits include not having to constantly screw/unscrew the screw terminals to make new connections, easier troubleshooting, and more stable connections.
For even more aesthetics, the resistor color code can be used to assign colors to signals. For example, in the image above:
| Interface | CAN-L | CAN-H |
|---|---|---|
| CAN0 | brown | red |
| CAN1 | orange | yellow |
| CAN2 | blue | violet |
| CAN3 | green | white |
black can be used for ground.
Car Hacking With 4CAN
Before jumping into the 4CAN hardware module itself, let’s start with some automobile basics. For a modern vehicle to operate effectively, its network of hundreds of sensors and computers must communicate with each other. While vehicles and components employ Wi-Fi, Bluetooth, and cellular communication protocols, the backbone of a vehicle’s network is a Controller Area Network (CAN), also referred to as the “CAN bus.”
See all the explanations on hacking modern car on cisco blog here.
