Closed bhass1 closed 4 years ago
Addresses Issue #12
Thank you very much for this contribution!
There are some issues which need to be resolved before this can be merged.
General:
ISO-14229-1: It would be preferable if changes here were kept to a minimum.
is_valid_session
function, which just checks a function argument in the UDS module. Maybe it could be skipped altogether? after CAN-TP layer has been removed
is redundant, as ISO-14229-1 works on another layer than the transport protocol.diagnostic_session_control
function looks great - keep as is! :+1:None
introduced for security_access_request_seed
argument data_record
is a correction, seeing as this is an optional parameter according to the specification. Great find! :+1: UDS
__security_seed_wrapper
feels quite arbitrary. Since this is in a loop, just remove it and make sure to verify that a response was received before handling it (otherwise it will be retried in the next iteration anyway). A single retry followed by forced handling may end up failing anyway.HARD_RESET
: timing may vary depending on target ECU and reset type. I would suggest taking the sleep duration as an optional command line argument to cc.py uds security_seed
instead and apply it regardless of reset type, with some sensible default value (e.g. 0.1
seconds).print_negative_response
help function showing the meaning of an NFC is great :+1:I am looking forward to accepting this PR! If you would like assistance to take care of the issues mentioned above, just let me know :smiley:
Sorry for the force push, I messed up my rebase earlier! :weary:
I haven't been able to test with a real CAN dongle yet, but I did some sanity checks and ran it through flake8... I will try to test with my two vehicles in the next week. :car: :car:
Thanks for the detailed feedback before!! It should all be addressed with the latest commits. Please let me know if you see any issues or want more changes.
Great! I will review these new commits shortly :smiley:
Tested on my vehicles. It works as intended, but I have to admit the user interface for the "sad" path is not the greatest. I'd like to make it more apparent for users when seeds aren't being collected. It'd also be nice to build in a flag for fuzzing various security access levels until valid seeds start popping out...
Nonetheless I was still able to use it to find some weak implementations in my car tonight, so it works.
Thank you very much for your contribution, @bhass1! :smiley_cat:
Added new security_seed functionality to UDS module. This function asks the UDS server for a Security Access seed repeatedly and records every seed received. It can be used to analyze the randomness of the UDS server's Security Access seed. Supported options include different "Security Access levels", different "Diagnostic Sessions", and performing different types of "ECU Resets" between seed requests. Results are printed to stdout.