Tool Explanation

A prerequisite to using this tool is that the Hardware implant is already installed in the car and capable of communicating with the CAN bus protocol inside the vehicle.

Let’s assume we have a car in which we have connected with USBtin(or attacker choice), and USBtin(or attacker choice) is connected to Raspberry Pi and the Pi can communicate on the internet.

Canalyse uses the Python-can library to sniff car information and analyze the gathered information and uses the analyzed information to command & control certain functions of the car. Once the above setup is ready, the USBtin(or attacker choice) can log the data packets in the vehicle’s network bus.

CANalyse is a software tool built to analyze the log files to find out unique data sets automatically and is able to connect to simple attacker interfaces such as Telegram. Basically, while using this tool you can provide your bot ID and be able to use the tool over the internet through telegram. It is made to be installed inside a raspberry-PI and able to exploit the vehicle through a telegram bot by recording and analyzing the data logs, it is like a hardware implant planted inside a car that acts as a bridge between the Telegram bot and the Vehicle’s network.

Functionalities:

1. Smart Scan:

   1. once the smart scan is started press 'space' and give the signals which you want to find
   2. once you have given the signals, press 'b' in the smart scan and observe the list
   3. give space again and give your signals and press 'b' once you stopped giving it
   4. you can do step 3 iteratively till you find minimum static packets
   5. press 'p' to play the packets and check if the smart scan found the correct signal
   6. press 's' to save the signal to a log file

2. IDE: Data Types: String:(same as python string datatype) example: a = "hello world"

     integer:(same as python integer datatype)
         example: b = 1
   
     float:(same as python float datatype)
         example: c = 2.5
   
     DataFrame:(same as python pandas dataframe datatype)
         example: d = read('filename.csv')
   
     Seq_DataFrame:(same as above datatype but contains only [timestamp,channel,id,data] columns)
         example: e = scan('can0',3)
   

   Functions: scan(channel,time) description: Listens to the CAN for a given time and stores the data in a variable. args: channel:String(should be valid channel name , check ifconfig) time: integer or float return: Seq_DataFrame usage:v = scan('can0')

     read(filename)
         description: reads canlogs and CSV files and stores the data in a variable.
         args:
             filename:String(supported extension log and csv)
         return:
             if log file:
                 Seq_DataFrame
             else:
                 Seq_DataFrame or DataFrame
         
         usage:c = read('source.log')
   
     save(dataframe,filename)
         description: saves the data in the variable to log or csv file.
         args:
             dataframe:Seq_DataFrame or DataFrame
             filename:String(save to this filename ,supported extensions log and csv)
         usage:save(v,'test.log')
   
     play(channel,dataframe)
         description: sends the data in variable to CAN
         args:
             channel:String(should be valid channel name , check ifconfig)
             dataframe:Seq_DataFrame
         usage:play('can1',d)
   
     sql(query)
         description: runs SQL query on data and stores it in a variable.
         args:
             query:String(should be a valid SQL query)
         return:DataFrame
         usage:e = sql("select id,data from s where id = '123' group by id")
   
     playmsg(channel,message)
         description: sends a single signal to CAN
         args:
             channel:String(should be valid channel name , check ifconfig)
             message:String(use this format "<id>#<data>" where id and data are in hexadecimal format)
         usage:playmsg('vcan0',"2A:54FFFF")
   
     export(projectpath)
         description: saves all the variables,data, and code as a project
         args:
             projectpath:String(path of the project from current tool's path)
         usage:export('path/xyz')
   
     import(projectpath)
         description: imports the project's variable and values to the current session(runs the <projectname>.data.cylse file)
         args:
             projectpath:String('should be a valid path from current tools path where project exists)
         usage:export("path/xyz")
   
     run(projectpath)
         description: run all the code which was in the project(runs the <projectname>.action.cylse file)
         args:
             projectpath:String('should be a valid path from current tools path where project exists)
         usage:run("path/xyz")