Hacking into a Vehicle CAN bus (Toyothack and SocketCAN)

CAN bus is an automation fieldbus commonly used in the automotive industry as the main network bus to allow communications between the many on-board ECUs on modern vehicles.

The Linux kernel has native CAN bus support at network layer since some years, with a lot of drivers for both embedded and USB CAN bus controllers, so it’s now fairly easy to add a CAN bus interface to any Linux laptop and have a playaround with it.

In this post I’ll show how to tap into a modern car local bus, dump a bunch of data and analyze the trace offline to write a decoder from scratch using the SocketCAN APIs and utilities.

This is based on my experiences hacking into my Toyota… Toyothack!


Read more of this post


Linux Kernel Device Drivers for AVR V-USB Devices

V-USB is a really convenient library to implement USB communication between an AVR microcontroller and any USB host enabled system.

The host side software for a V-USB device is usually handled either from a class driver, such as for HID-compliant devices, or from an userspace libusb-based application.

This post shows how to implement a Linux kernel device driver for a simple ep0-based V-USB device.

Read more of this post

Network Statistics with iptables and rrdtool

Netfilter is a powerful tool when it comes to select traffic on a Linux router.

When you set up a chain of rules with iptables, you are also get set of traffic counters with each rule you set, which can be used to see how many times the rule have matched.

If you place a chain of rules without any jump, the packet get counted and goes forward the chain, so that you can write a set of rules just to get some statistic of selected pattern of traffic in your network.

In this post I’ll show how to write some simple rule, get the data on a rrdtool database and plot a traffic graphic out of it.

Read more of this post

Network Activity LED with Linux LED Subsystem

This is a nice userspace application I use on my router to control the Internet connection status LED in “smart” way.

The idea is simple, instead of just randomly blink the LED when there is some activity on the network, this application checks for the total bytes transferred on the network interface, and blinks the LED every 100KB of data.

That behavior is borrowed from modern electric counter, which have a LED that blinks every predefined number of Watt/hour.

That’s useful because you can quickly have an idea of the bandwidth utilization of your connection by just checking how often the LED blinks, so you can instantly identify a low-bandwidth constant traffic by a high-bandwidth traffic.

Read more of this post

IPv6 Stateful Firewall with netfilter/ip6tables

IPv6 is coming!

Ok, that was just a provocation. If you have some interest in networking technologies you’ll know for sure that stable IPv6 implementation are around for many years now but very few providers give the user IPv6 connectivity. You can follow the IPv6 deployment status around the world on this Wikipedia page.

Anyway, for those of you who are lucky enough to have a real IPv6 connection, it’s time to add the “6” to some network utility, and that includes ip6tables!

This script is a stateful firewall for an IPv6 standalone and router installation, which provides the same level of security given by an IPv4 NAT router.

Read more of this post

IPv6 Tunnel Broker on GNU/Linux Routers

IPv6 connectivity is slowly spreading around the net day after day. Sooner or later you may want to get IPv6 connectivity to your home, as some providers already does with brave users.

If your ISP does not give you native IPv6 connectivity you can still get your own IPv6 access in a number of ways.

Read more of this post

Daemonizing Processes and System Log

If you write software for embedded applications, sooner or later you will end up writing a daemon.

In my work I see many embedded applications, but very often the programmer write and debug all the program in foreground, and then forgets to implement a simple daemonize function.

The consequence is that when the application is started from the init scripts instead that from a command shell, it locks up the entire boot sequence of the system.

Also, when writing a background application, all the messages should be redirected to the system log… don’t reinvent the wheel rewriting a new logging system!

Here I’ll show a sample daemonize() function, and how to use the syslog() library function.

Read more of this post