can-bus

53 Articles

This Week In Security: QueueJumper, JS VM2 Escape, And CAN Hacking

April 14, 2023 by 9 Comments

You may not be familiar with the Microsoft Message Queuing (MSMQ) service, a store and forward sort of inter-process and inter-system communication service. MSMQ has become something of a legacy product, but is still available as an optional component in Windows. And in addition to other enterprise software solutions, Microsoft Exchange turns the service on by default. That’s why it’s a bit spooky that there’s a one packet Remote Code Execution (RCE) vulnerability that was just patched in the service.

CVE-2023-21554, also known as QueueJumper, is this unauthenticated RCE with a CVSS score of 9.8. It requires sending a packet to the service on TCP port 1801. The Check Point Research team scanned for listening MSMQ endpoints on the public Internet, and found approximately 360,000 of them. And no doubt far more are listening on internal networks. A one packet exploit is a prime example of a wormable problem, and now that the story has broken, and the patch is available, expect a rapid reverse engineering. Beware, the queue jumpers are coming.

JavaScript VM Escape

The VM2 library is a rather important JavaScript package that sandboxes code, letting a project run untrusted code securely. Or, that’s the idea. CVE-2023-29017 is an example of how hard sandboxing is to get right. It’s another CVSS 9.8 vulnerability, and this one allows a sandbox escape and code execution.

This one now has public Proof of Concept code, and this package has over 16 million monthly installs, so the attack surface is potentially pretty wide. The flaw is fixed in version 3.9.15. Continue reading “This Week In Security: QueueJumper, JS VM2 Escape, And CAN Hacking”

Probing CAN Bus For EV Battery Info

July 27, 2022 by 8 Comments

The widespread adoption of the CAN bus (and OBD-II) in automobiles was largely a way of standardizing the maintenance of increasingly complicated engines and their needs to meet modern emissions standards. While that might sound a little dry on the surface, the existence and standardization of this communications bus in essentially all passenger vehicles for three decades has led to some interesting side effects, like it’s usage in this project to display some extra information about an electric car’s battery.

There’s not a ton of information about it, but it’s a great proof-of-concept of some of the things CAN opens up in vehicles. The build is based on a Citroën C-Zero (which is essentially just a re-badged Mitsubishi i-MiEV) and uses the information on the CAN bus to display specific information about the state of charge of the battery that isn’t otherwise shown on the car’s displays. It also includes a build of a new secondary display specifically for this purpose, and the build is sleek enough that it looks like a standard part of the car.

While there are certainly other (perhaps simpler) ways of interfacing with a CAN bus, this one uses off-the-shelf electronics like Arduino-compatible microcontrollers, is permanently installed, and has a custom case that we really like. If you’re just starting to sniff around your own vehicle’s CAN bus, there are some excellent tools available to check out.

Thanks to [James] for the tip!

Continue reading “Probing CAN Bus For EV Battery Info”

Part of a picture showing all kinds of different CAN devices in a car

CAN Peripheral For RP2040, Courtesy Of PIO

July 9, 2022 by 31 Comments

[Kevin O’Connor] writes to us about his project, can2040adding CAN support to the RP2040. The RP2040 doesn’t have a CAN peripheral, but [Kevin] wrote code for the RP2040’s PIO engine that can receive and send CAN packets. Now we can all benefit from his work by using this openly available CAN driver. This library is written in C, so it’s a good fit for the lower-level hackers among us, and in all likelihood, it wouldn’t be hard to make a MicroPython wrapper around it.

The CAN bus needs a peripheral for the messages to be handled properly, and people have been using external chips for this purpose until now. These chips, [Kevin] tells us, have lately been unavailable due to the chip shortage, making this project more valuable. The documentation is extensive and accessible, and [Kevin] details how to best use this driver. With such a tool in hand, you can now turn your Pico into a CAN tinkering toolkit, or wire up some CAN devices for use in your own projects!

[Kevin] says this code is already being used in Klipper, a framework powering 3D printers and other machines like them. As for your own purposes, you can absolutely use such a CAN tool to hack on your car – here’s a treasure trove of car hacking documentation, by the way! Thanks to the PIO engine, there seems to be no end to the RP2040’s versatility – you can even drive HDMI monitor with this PIO-based DVI code.

Continue reading “CAN Peripheral For RP2040, Courtesy Of PIO”

Volvo C30 Custom Gauge And CAN Bus Reverse Engineering

June 15, 2022 by 8 Comments

With cars being essentially CAN buses on wheels, it’s no wonder that there’s a lot of juicy information about the car’s status zipping about on these buses. The main question is usually how to get access to this information, both in terms of wiring into the relevant CAN bus, and decoding the used (proprietary) protocol. Fortunately for [Alex], decoding the Volvo VIDA protocol used with his Volvo C30 was relatively straightforward, enabling the creation of a custom gauge that displays information like boost pressure and coolant temperature.

The physical interfacing is accomplished via the car’s OBD port, which conveniently provides access to the car’s two (high-speed and low-speed) CAN buses. Hardware of choice is an M2 UTH (Under the Hood) board, sporting a SAM3X Cortex-M3-based MCU, designed for permanent automotive installations. On [Alex]’s GitHub project page it is explained how the protocol works, and which bytes to look for when replicating the project.

Rounding off the project is a round LCD display from 4D Systems that cycles through the status update screens. As a bonus, the dashboard illumination level is also read out in real-time, so the brightness of the display is adjusted to fit this level. All in all a well-rounded project, with interesting prospects for a more permanent integration of the gauge into the dashboard proper.

Continue reading “Volvo C30 Custom Gauge And CAN Bus Reverse Engineering”

Simplify 3D Printer Wiring With CAN Bus

November 3, 2021 by 56 Comments

[mark] had an interesting idea when looking at all the wiring of a typical 3D printer; Use CAN Bus. There are a lot of wires going to the extruder assembly, and with most designs this thing is flying around at quite some speed. You’ve got connections for powering the heater, fan power, four wires for the extruder motor, thermistor sensor wires. You get the idea. Lots of wires. Worse, they’re all moving around with the axis, and if failures occur at either end due to poor strain relief, or the conductors themselves break, then all manner of interesting failures can occur. If the hot end thermistor connection goes open circuit, usually no damage occurs but the temperature control goes out the window and your print will fail.

Now if you push the electronics needed to drive and control the extruder, directly onto the moving body itself, and hook-up to the main printer electronics with CAN Bus, you can do the whole moving interconnect thing with a measly four wires. Yes, you need another PCB assembly, so it adds cost, but it does also simply the electronics at the control end, so some savings can be made. [mark] has used CAN Bus due its availability with modern microcontrollers and also its designed-in robustness, thanks to its automotive and industrial heritage. When you think about it, this is a rather obvious thing to do, and we’re not sure why we’ve not see it much before.

If you want to dig into the detail, the project GitHub has the schematics and code ready to go.

 

Continue reading “Simplify 3D Printer Wiring With CAN Bus”

Flamethrower weedkiller mounted on a robot arm riding a tank tracked base

Don’t Sleep On The Lawn, There’s An AI-Powered, Flamethrower-Wielding Robot About

September 11, 2021 by 25 Comments

You know how it goes, you’re just hanging out in the yard, there aren’t enough hours in the day, and weeding the lawn is just such a drag. Then an idea just pops into your head. How about we attach a gas powered flamethrower to a robot arm, drive it around on a tank-tracked robotic base, and have it operate autonomously with an AI brain? Yes, that sounds like a good idea. Let’s do that. And so, [Dave Niewinski] did exactly that with his Ultimate Weed Killing Robot.

And you thought the robot overlords might take a more subtle approach and take over the world one coffee machine at a time? No, straight for the fully-autonomous flamethrower it is then.

This build uses a Kinova Robots Gen 3 six-axis arm, mounted to an Agile-X Robotics Bunker base. Control is via a Connect Tech Rudi-NX box which contains an Nvidia Jetson Xavier NX Edge AI computing engine. Wow that was a mouthful!

Connectivity from the controller to the base is via CAN bus, but, sadly no mention of how the robot arm controller is hooked up. At least this particular model sports an effector mount camera system, which can feed straight into the Jetson, simplifying the build somewhat.

To start the software side of things, [Dave] took a video using his mobile phone while walking his lawn. Next he used RoboFlow to highlight image stills containing weeds, which were in turn used to help train a vision AI system. The actual AI training was written in Python using Google Collaboratory, which is itself based on the awesome Jupyter Notebook (see also Jupyter Lab on the main site. If you haven’t tried that yet, and if you do any data science at all, you’ll kick yourself for not doing so!) Collaboratory would not be all that useful for this by itself, except that it gives you direct, free GPU access, via the cloud, so you can use it for AI workloads without needing fancy (and currently hard to get) GPU hardware on your desk.

Details of the hardware may be a little sparse, but at least the software required can be found on the WeedBot GitHub. It’s not like most of us will have this exact hardware lying around anyway. For a more complete description of this terrifying contraption, checkout the video after the break.

Continue reading “Don’t Sleep On The Lawn, There’s An AI-Powered, Flamethrower-Wielding Robot About”

Custom Instrument Cluster For Aging Car

August 1, 2021 by 32 Comments

All of the technological improvements to vehicles over the past few decades have led to cars and trucks that would seem borderline magical to anyone driving something like a Ford Pinto in the 1970s. Not only are cars much safer due to things like crumple zones, anti-lock brakes, air bags, and compulsory seat belt use, but there’s a wide array of sensors, user interfaces, and computers that also improve the driving experience. At least, until it starts wearing out. The electronic technology in our modern cars can be tricky to replace, but [Aravind] at least was able to replace part of the instrument cluster on his aging (yet still modern) Skoda and improve upon it in the process.

These cars have a recurring problem with the central part of the cluster that includes an LCD display. If replacement parts can even be found, they tend to cost a significant fraction of the value of the car, making them uneconomical for most. [Aravind] found that a 3.5″ color LCD that was already available fit perfectly in the space once the old screen was removed, so from there the next steps were to interface it to the car. These have a CAN bus separated from the main control CAN bus, and the port was easily accessible, so an Arduino with a RTC was obtained to handle the heavy lifting of interfacing with it.

Now, [Aravind] has a new LCD screen in the console that’s fully programmable and potentially longer-lasting than the factory LCD was. There’s also full documentation of the process on the project page as well, for anyone else with a Volkswagen-adjacent car from this era. Either way, it’s a much more economical approach to replacing the module than shelling out the enormous cost of OEM replacement parts. Of course, CAN bus hacks like these are often gateway projects to doing more involved CAN bus projects like turning an entire vehicle into a video game controller.

Continue reading “Custom Instrument Cluster For Aging Car”