4CAN – Open Source Tool to Find Security Vulnerabilities in Modern Cars

4CAN – Open Source Hardware to Hack and Find Security Vulnerabilities in Modern Cars

Modern cars is currenly using technology on all aspect. Especially electric car like tesla, hyundai, NIO and more. Almost everything on modern cars are use automobile systems such as cars integrated with hundreds of sensors and control systems that connected with computers and communicate with software systems in order to provide various features to the driver. Because of that, this car also have some vulnerabilities that can be exploit.

Right now a lof of pentesters is focus on car hacking to find vulnerabilities on modern car and try hacking it with some hardware hacking kit. This is the real threat because attacker can be remote the car.

What is 4CAN?

The 4CAN is a Raspberry Pi HAT which provides 4 CAN interfaces. The 4CAN is 100% compattible with socketcan and can-utils, and is very easy to get up and running. A microUSB-UART serial adaptor is included to make troubleshooting the pi easier, and there are 4 LEDs on board, 2 of which are bidirectional green/red. And the best news of all is the 4CAN is open source, so you can build your own!

And also this open source tool can be implemented on any hacking scenario like hacking modern car.

Why?

There aren’t many cheap devices which offer 4 CAN interfaces, compatible with socketcan, and is small, compact, and fits nicely with a Raspberry Pi. Having 4 CAN busses allows testing 4 CAN buses simultaneously, as well as doing CAN-in-the-middle with 2 buses simultaneously.

Compatible Hardware

Tested on the following raspbian images using a pi3b+

4can also works with the Raspberry pi 4

4can should also work with a pi0w, but it’s recommended to use at least a pi3b. Also recommend using a heatsink on the pi, because the pi can get a little toasty running 4 can interfaces.

Installation

Run the install.sh script (requires sudo) to automatically install everything, and then reboot.

The install script will do the following:

1. Copy the 4 mcp2515-canx.dtbo files to /boot/overlays

sudo mkdir /boot/overlays/bak sudo cp /boot/overlays/mcp2515* /boot/overlays/bak sudo cp ./dtbo/*.dtbo /boot/overlays

2. Append 4can setup to /boot/config.txt (makes a backup of original /boot/config.txt just in case)

sudo cp /boot/config.txt /boot/config.txt.bak cat << EOF >> /boot/config.txt # 4CAN setup # the order of the interfaces matter # ie can3,can2,can1,can0 must be preserved # otherwise can0 will not REALLY be can0 dtparam=spi=on dtoverlay=spi1-2csdtoverlay=mcp2515-can3,oscillator=16000000,interrupt=24 dtoverlay=mcp2515-can2,oscillator=16000000,interrupt=23 dtoverlay=mcp2515-can1,oscillator=16000000,interrupt=25 dtoverlay=mcp2515-can0,oscillator=16000000,interrupt=22# enable uart enable_uart=1 EOF

Usage

Before using 4can, make sure that the socketcan kernel module is loaded with sudo modprobe can_dev. This shouldn’t be necessary since the pi will load the correct kernel module based on the device tree, but it doesn’t hurt to check.

Once installed, run the 4can.sh to bring up CAN interfaces ./4can.sh

wire up the can interfaces and do candump -acc any to check they are working. note: requires can-utils to install sudo apt install can-utils

Note: Sometimes interfaces come up out of order, reboot the pi and that should fix it. If not, you might have to modify /boot/config.txt.

Recommended Wiring

Remember to connect the external CAN ground to the 4can ground (the “C” connection on the screw terminal). This will ensure good ground integrity and minimize tx/rx errors.

When using the 4can with the HyenaPlate, the CAN wires can be routed underneath the pi and connected to the breadboard. This is mainly for aesthetics, but other benefits include not having to constantly screw/unscrew the screw terminals to make new connections, easier troubleshooting, and more stable connections.

For even more aesthetics, the resistor color code can be used to assign colors to signals. For example, in the image above:

InterfaceCAN-LCAN-H
CAN0brownred
CAN1orangeyellow
CAN2blueviolet
CAN3greenwhite

black can be used for ground.

Car Hacking With 4CAN

4CAN – Remote and Hacking Cars System, Computer, network and Sensors
Example of Car CAN Bus

Before jumping into the 4CAN hardware module itself, let’s start with some automobile basics. For a modern vehicle to operate effectively, its network of hundreds of sensors and computers must communicate with each other. While vehicles and components employ Wi-Fi, Bluetooth, and cellular communication protocols, the backbone of a vehicle’s network is a Controller Area Network (CAN), also referred to as the “CAN bus.”

4CAN – Open Source Tool to Hack and Find Security Vulnerabilities in Modern Cars

See all the explanations on hacking modern car on cisco blog here.


4CAN – Open Source Hardware to Hack and Find Security Vulnerabilities in Modern Cars
Next Post

No more post

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

14 + five =