kentindell / canhack

The Yes We CAN project of Canis Labs
MIT License
348 stars 65 forks source link

Welcome to the Yes We CAN repository

This repository contains tools and resources for the Yes We CAN project of Canis Labs. There are several related projects here:

Canis Labs CTO Dr. Ken Tindell writes about CAN on his blog at: https://kentindell.github.io

Canis Labs CANPico hardware support

MicroPython firmware and documentation is in the CANPico folder. In addition, there is support for C included in the Canis Labs CAN SDK for C, which has drivers for the MCP25xxFD (the MicroPython firmware uses this CAN SDK to provide a MicroPython CAN API).

The Canis Labs CAN SDK repository is:

https://github.com/kentindell/canis-can-sdk

and contains a "hello world" application using the CAN API, with pre-built firmware for the Pico and Pico W with the CANPico board.

CANHack toolkit

The CANHack toolkit is a proof-of-concept toolkit of different CAN protocol attacks, showing the viability of low-level bit-banging attacks on the CAN protocol itself.

It is provided as generic C source code in two files:

src/
    canhack.c
    canhack.h

It has been built into the Canis Labs MicroPython firmware for the Raspberry Pi Pico and Pico W for the following hardware:

The MicroPython firmware for the CHV DEF CON 30 badge is located in:

pico/
    micropython/
        firmware-20220805-CHV-DEFCON30.uf2

Documentation for the MicroPython CANHack API is in:

CANPico/
    docs/
        CANHack MicroPython SDK reference manual.pdf

The Canis Labs CTO blog has more information on the CANHack toolkit, including details on how to make a CANHack board using breadboard. There is also a CANHack toolkit demo video that goes into detail on how to use the toolkit from Python, the CAN protocol hacks it includes, and demonstrates it attacking CAN frames in real hardware (NB: the video uses the STM32-based PyBoard, but the API is the same).

Sigrok CAN protocol decoder

A Sigrok protocol decoder for CAN 2.0:

src/
    can2/
        __init__.py
        pd.py

There is a PulseView and can2 demo video showing how to use PulseView as a logic analyzer and seeing CAN frames at a low-level.

The CIA CAN newsletter has published an article describing the protocol decoder and showing how it can spot some CAN protocol attacks.

Python CAN tool

Python tool for creating and parsing a CAN bitstreams (including creating Janus attack frames):

src/
    canframe.py