Home

Awesome

Automated CAN Payload Reverse Engineering

NOTICE

The views expressed in this document and code are those of the author and do not reflect the official policy or position of the United States Air Force, the United States Army, the United States Department of Defense or the United States Government. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. Approval for public disclosure of this code was approved by the 88th Air Base Wing Public Affairs on 08 March 2019 under case number 88ABW-2019-0910. Unclassified disclosure of the dissertation was approved on 03 January 2019 under case number 88ABW-2019-0024.


This project houses Python and R scripts intended to facilitate the automated reverse engineering of Controller Area Network (CAN) payloads observed from passenger vehicles. This code was originally developed by Dr. Brent Stone at the Air Force Institute of Technology in pursuit of a Doctor of Philosophy in Computer Science. Please see the included dissertation titled "Enabling Auditing and Intrusion Detection for Proprietary Controller Area Networks" for details about the methods used. Please open an issue letting me know if you find any typos, bad grammar, your copyrighted images you want removed, or other issues!

Special thank you to Dave Blundell, co-author of the Car Hacker's Handbook, and the Open Garages community for technical advice and serving as a sounding board.

Tips and Advice

These scripts won't run immediately when cloning this repo. Hopefully these tips will save you time and frustration saying "WHY WONT THESE THINGS WORK!?!?!" Please ask questions by posting in the Open Garages Google group. These scripts were developed and tested using Python 3.6. Please make sure you have the Numpy, Pandas, & scikit-learn packages available to your Python Interpreter.

The files are organized with an example CAN data sample and three folders. Each folder is a self-contained set of interdependent Python classes or R scripts for examining CAN data in the format shown in the example loggerProgram0.log. Different file formats can be used by adjusting PreProcessor.py accordingly.

[APRIL 2020 UPDATE] Will Freeman added support for command line arguments and can-utils log format pre-processing. Usage is:

Example use with can-utils log format python Main.py -c inputFile.log

python Main.py --can-utils inputFile.log

Example use with original format python Main.py originalFormat.log

Example use with ./loggerProgram0.log python Main.py

Script specific information by folder

Pipeline

Input: CAN data in the format demonstrated in loggerProgram0.log

Output: This series of scripts produces an array of output depending on the global variables defined in Main.py. This output may include the following:

Pipeline_multi-file

Input: CAN data in the format demonstrated in loggerProgram0.log.

R

Input: Plain-text .csv files containing time series data such as those included in this folder.

Output: