воскресенье, 17 апреля 2016 г.

CANToolz: mod_stat - diff mode


Small updates in CANToolz in version 1.5-0:

Have added DIFF mode to mod_stats module. This can be useful if you want to find what frames are new in the traffic. For example you have traffic dump, then you enable diff mode and do some action, like door unlock. Just after that you can press "print diff" and see all CAN frames that were found in the CAN BUS after enabling  DIFF mode but not before. Of course there will be a lot of unneeded traffic as well, but  anyway it should help to reduce amount of traffic for manual analysis. If you press "print DIFF (ID only)" then you will see only those CAN frames that have not known (in original dump, before diff mode enabled) arbitration ID.

When you disable DIFF mode, all CAN frames will me merged to original mod_stat buffer, so you can repeat this action again and again... Finally you can DUMP diff frames and replay. This hould work faster then "binary search".

UPD: 
------------------------
Let me show this on a real example (it will be part of Hardware Village Car Hacking Workshop). So my friends from Moscow have sent me few dumps of the traffic. Each dump contains one action performed in Honda Civic (9th generation). One of the actions was 'locking doors'. In that BUS we do not have 'control' frames, but we have 'status' frames, let's try to find them! Now I can remotely work with those dumps to understand difference in sets and find 'doors status' messages. First of all I will load and replay all other dumps as 'white noise'. In this traffic we should have status "door unlocked":

Loading and replay traffic with "white noise".

Then I will switch to mod_stat and enable DIFF mode. After that I can  go back  to gen_replay, clean its memory and load/replay dump with status "doors are locked". That's it, now we print DIFF in mod_stat:




Print difference sets of CAN frames

Here we can see bunch of CAN frames. (Also let's dump them into file for more detailed analysis later). So we can see  new values (0) for known  Arbitration IDs (318259472/318255632) . This looks like door lock statuses (0x0 means locked, because before it was different value - 0x80. For that you cant use button "Print current table" and see what was there before). So this value have been changed only in this dump, so on 99% we can say this is doors lock statuses. Easy and I am happy to see that this DIFF idea works fine on practice and CANToolz can help my friends in Moscow! Stay tuned -)

-----------------------------------------------------------------------------
Also some changes for USBTin module: now we can change speed to any value (in kbaud). Not only preset values now!

Another important thing: 'delay' parameter has been added to gen_replay, gen_fuzz, gen_ping. This is important if you do not want DoS for CAN BUS during 'write' operation.

Also very nasty bug was fixed for USBtin... now everything is fine 8))

P.S. Still it is very young software (1 month!), so there can be bugs, we are working on fixing bugs and  improvements. Hope for community's help 8)

P.P.S. New design of WEB GUI! Thx to my wife Svetlana Sintsova!