In order to replace the complex wiring harness with a two-wire bus, BOSCH created the Controller Area Network, or CAN. All automobiles include a CAN bus that connects to the internal network of the car through the OBD-II connector, also known as the diagnostic link connector (DLC).
The OBD-II connector is typically located under the steering wheel or in another easily accessible location on the dashboard. Engine control units, airbags, transmissions, gear units, ABS (anti-lock brake system), infotainment systems, climate control, windows, doors, and other parts are examples of automotive components. It implies that if someone gets into CAN, he can operate every mechanism in the car.
Electronic control units (ECUs) and embedded devices that can communicate utilizing the CAN protocol are widely used in modern vehicles. On high-speed bus routes, all of the crucial communications, including temperature, RPM management, and braking, take place.
The OSI model has seven layers, but CAN only adhere to two of them, the Data Link Layer and the Physical Layer. As a result, the CAN bus can be optimized as a low-level, high-speed network solution on the Physical Layer.
Two wires make up CAN: CAN high (CANH) and CAN low (CANL). It uses differential signaling which means that when a signal comes in, CAN raises the voltage on one line and drops the other line equally.
The CAN bus only utilizes one pair of two wires, and the reason they are twisted is so that electromagnetic interference, which would otherwise appear as noise over the signal we are trying to broadcast, may balance themselves out. Differential signaling is employed in settings where noise and fault tolerance are required.
Finding CAN Connections:
Look on the dashboard for a twisted pair of cables (ignore the wires for the four-wheel speed). CAN’s resting value of 2.5V makes it simple to locate when searching through cables. A signal will add or take away 1V as it enters.
The voltage of the cables in a car may be checked using a millimeter, and if the line is transmitting at 2.5V, it’s certainly CAN. CANH and CANL are located at pins 6 and 14, respectively, on the OBD-II connector.
CAN BUS Packet Layout
CAN packets are of two types: Standard and Extended.
Talking about Standard packets, each CAN BUS packet has four key elements.
- Arbitration ID: It is 11-bit in size. It determines the priority of the message when two or more nodes are contending for the bus. If two CAN packets are sent along the bus at the same time, the one with the lower arbitration ID wins.
- Identifier extension (IDE): This bit is always 0 for standard CAN.
- Data Length Code (DLC): It contains zero to eight bytes of data.
- Data– This is the actual data. Standard CANs can carry data of up to 8 bytes in size, however, some systems impose 8 bytes by padding out the packet.
The CAN Frame also contains other fields, such as the CRC Field, which comprises a 15-bit checksum generated from the majority of the message. This checksum is utilized for error detection.
Then there is an Acknowledgment slot, any CAN controller that has been able to correctly receive the message provides an acknowledgment bit at the conclusion of each message. If no acknowledge bit is found, the transmitter retransmits the message after checking for its presence.
External Packets:
Although extended packets are similar to standard packets, they can be chained together to produce longer IDs. IDs can be stored in a bigger area.
The remote transmission request (RTR) is replaced with a substitute remote request (SRR), with SSR set to 1, for extended packets. Their packets will also have an 18-bit identifier, which is the second half of the typical 11-bit identifier, and they will have the IDE set to 1.
Similar to extended CAN, there are additional CAN-like protocols that are unique to some manufacturers and are backward compatible with regular CAN.
References:
- The Car Hacker’s Handbook, by Craig Smith
- https://medium.com/@hackersera/the-need-for-cyber-security-in-connected-cars-trucks-and-infrastructure-515eb0a55934
- Image Credits: The Car Hacker’s Handbook, Craig Smith
Never forget to check out our YouTube channel, ETHICAL EMPIRE, and keep reading our exciting blogs. Until next time, stay curious, stay secure, and keep exploring the fascinating world of cyber security. See you soon, bye!