W2L? Car Forensics ...
 
Notifications
Clear all

W2L? Car Forensics - now

52 Posts
7 Users
0 Likes
13.6 K Views
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

W2L? Want 2 Learn? Lets start with the main protocols in-use. Later will fuse with 5G. The top protocols to learn are.

CAN Controller Area Network
LIN Local Interconnect Network
MOST Media Oriented Systems Transport
FlexRay (proprietary term)
TTP Time Triggered Protocol

To connect to a car you look for OBDII On-Board Diagnostics II connector, often in the driver seat area

http//www.obdii.com/connector.html

Which protocols wait here for you to connect? Next tomorrow.

 
Posted : 22/09/2017 7:52 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

If you like pls propose a car model to focus on. By default will learn from Audi A8 AI.

 
Posted : 22/09/2017 9:08 am
(@datredil)
Posts: 15
Active Member
 

Tesla S 85 D - EV example

 
Posted : 22/09/2017 2:03 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Tesla's electrical diagram not open to public

 
Posted : 22/09/2017 5:28 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Lets concentrate on CAN bus as MOST is for all infotainment and LIN, FlexRay we care later. See here that from OBDll to Diagnose CAN at the data bus diagnostic interface is the first way to go.

https://www.a4-freunde.com/attachment.php?attachmentid=290267&d=1418555547&stc=1

http//www.audi-portal.com/en/diagnostic/ecu_12666.html#1

CAN wires are always drilled together (CAN Low and CAN High). Their signals are opposite but timely synchronous.

Which signal levels (Volt) can you expect to watch on your oscilloscope (DSO)/protocol analyzer?
What means recessive and dominant related to the signal levels?
Which value of a resistor terminates each CAN L and CAN H?
Which bandwidth runs on CAN (kbps)?
Is the CAN protocol fault-tolerant?
Is it possible to MITM between gateways running over CAN?
Which ISO standard defines CAN?

Afterwork R&C! Relax & Click! Here you see Audi A8 AI (2018), by clicking to the right you get tech, by clicking to the left you get design (BTW this car is by far not the most advanced globally, just a locally available example!)

https://www.netcarshow.com/audi/2018-a8/1280x960/wallpaper_1b.htm

Try to understand everything about CAN. Next tomorrow.

 
Posted : 24/09/2017 5:58 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

CAN is twofold Standard and Extended. Standard CAN is definded by ISO 11898-1, Extended by ISO 11898-2. Try to think and speak about a CAN frame as Layer 2. Carrier Sense CS means that the node first has to sense the wire before sending a frame to avoid collissions - quite similar to Ethernet CSMA/CD Carrier Sense Multiple Access/Collision Detection.

A TI whitepaper (2016 revised) lets you keep track.

http//www.ti.com/lit/an/sloa101b/sloa101b.pdf

Some slides to fly over - keep learning -)

https://www.slideshare.net/Acromag/introduction-to-can-bus-technology

Here you get most answers to previous post

https://www.slideshare.net/abhinawambitious/can-controller-area-network-bus-protocol

Ready to continue?

 
Posted : 28/09/2017 5:36 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Now we move to hands-on. I recommend that you get an neoVI Fire 2 and Vehicle Spy 3. See here

https://cdn.intrepidcs.net/videos/training/Fire2Video.mp4

Here the manual

http//cdn.intrepidcs.net/guides/neovifire2/neovi_fire2_ug.pdf

 
Posted : 28/09/2017 3:07 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Here a reference chart of CAN

https://vector.com/portal/medien/solutions_for/can/schematic_graphics/chart_can_canfd.png

 
Posted : 28/09/2017 7:26 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

To learn how CAN is implemented in car electronics lets study a CAN transceiver in automotive. See this NXP IC here

https://www.nxp.com/docs/en/brochure/75017405.pdf

BTW you have a new friend -) CAN FD Controller Access Network Flexible Datarate

Ask yourself

How can I differentiate CAN from CAN FD frames? See here
http//www.ni.com/cms/images/devzone/tut/eiyadyze6012016393650390970.png
What is the difference between CAN FD base and extended frame format? Little hint
https://www.can-cia.org/fileadmin/resources/images/can-fd/canfd04.png
Where in test car Audi A8 AI do we have CAN FD in use? Hint search for SSP Self Study Program
Overview Which gateways in general run CAN, CAN FD?
What forensic issues are related to CAN/CAN FD?
Future of CAN? What comes next?

End of CAN/CAN FD part 1. Next FlexRay

Good job! learner -))

 
Posted : 30/09/2017 4:48 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

One more thing -) See here BH'16 car hacking slides

http//slideplayer.com/slide/1462704/

Here the training description

https://www.blackhat.com/us-17/training/car-hacking-hands-on.html

 
Posted : 30/09/2017 11:18 am
Page 1 / 6
Share: