Message detection

Good morning here!!

While talking about car hacking, one of the most important parts of your research would probably be identifying which CAN message is generating a specific action. During my research I found several ways of doing this, some more and some others less effective. I use Socketcan and linux for this.

Do you have any cool method you use for finding CAN messages on the mess the car is generating? Share it and I will include it on this same post to have all of them together :slight_smile:

Some of this methods are:

  • Recording traffic while executing an action (e.g open a door) and replaying and splitting it recursively checking if the action is repeated, until you have only one message left.
  • Recording traffic on several captures, some of them performing the action and some of them not. The message we want will be on all of the “action captures” and on none of the “captures without the action”. This can be automated easily with a python script.

Cheers!!

Hi @fiti :wave:,

Your methods are spot on! I’ve found that keeping an eye on message ID changes and data byte shifts can be a real game-changer. Plus, comparing traffic when the system is in different states (like when doors are open or closed) can really help pinpoint the relevant messages. Tools like SavvyCAN make this process a breeze.