canTot: exploit framework focused on known CAN Bus vulnerabilities or fun CAN Bus hacks

canTot

canTot is a python-based cli framework based on sploitkit and is easy to use because it is similar to working with Metasploit. This similar to an exploit framework but focused on known CAN Bus vulnerabilities or fun CAN Bus hacks. It can also be used as a guide for pentesting vehicles and learning python for Car Hacking the easier way. This is not to reinvent the wheel of known CAN fuzzers, car exploration tools like caring caribou, or other great CAN analyzers out there. But to combine all the known vulnerabilities and fun CAN bus hacks in automotive security.

Installation

git clone https://github.com/shipcod3/canTot
cd canTot
pip3 install -r requirements.txt

Note: Works better with Kali and Ubuntu

Module

• candump This module dumps everything on the bus.
• canfuzz_sids This module will fuzz SIDs on the CAN Bus.
• cherokee_kill_brakes This module will bleed all the brakes on the 2014 Jeep Cherokee while the car is moving. This has the result that the brakes will not work during this time and has significant safety issues, even if it only works if you are driving slowly.
• cherokee_kill_engine This module will kill the engine on the 2014 Jeep Cherokee while the car is moving at low speed by killing a particular fuel injector.
• cherokee_turn_steering This module will put the Parking Assist Module(PAM) in diagnostic session and send a CAN message to tell the power steering ECU to turn the wheel for the Jeep Cherokee 2014.
• diagnostic_state This module will keep the vehicle in a diagnostic state on loop by sending tester present packet.
  disable_rapid_pw_dwn This module performs Disable Rapid Power Shutdown ($05) in the ECU Reset Service Identifier (0x11).
• ecu_hard_reset This module performs hard reset in the ECU Reset Service Identifier (0x11).
• ecu_off_on This module performs Key OFF – ON Reset ($02) in the ECU Reset Service Identifier (0x11).
• ecu_soft_reset This module performs soft reset($03) in the ECU Reset Service Identifier (0x11).
• enable_rapid_pw_dwn This module performs Enable Rapid Power Shutdown ($04) in the ECU Reset Service Identifier (0x11).
• ford_escape_diagnostic This module will clear the fault codes between a diagnostic tool and the _packets anti-lock brake (ABS) ECU for Ford Escape.
• ford_escape_door_ajar_ This module will indicate that the door is ajar (open) from the instrument spoof panel despite not opened.
• ford_escape_kill_engin This module will kill the engine for Ford Escape 2010 without establishing a e diagnostic session and works at any speed.
• honda_car_lock_and_unl This module will control Honda’s doors and trunk over CAN based on Greg ock Hogan’s openioc.
• ignis_zeta_fuel_seatbe This module will spoof the fuel and seatbelt status on the Suzuki Connected lt_spoof App for Ignis Zeta(2019).
• jeep_wrangler_evicsend This module allows you to display the word Hacked on a 2012 Jeep Wrangler EVIC.
• kill_bus This module will perform a known denial of service via the CAN bus called Firehose attack.
• malibu_overheat This module will flood temp gauge on a 2006 Malibu.
• mazda2_ic_fuzzer This module sends out CAN data to a Mazda 2 instrument cluster.
• mazda_ic_mover This module moves the needle of the accelorometer and speedometer of the Mazda 2 instrument cluster.
• pdo_input_output_contr This module will control PDO’s input and output over CAN and based of oller mintynet’s PDO Car in a box Disco mode.
• peugeot207_ic_mover This module moves the needle of the accelorometer and speedometer the
  instrument cluster of a Peugeot 207.
• peugeot207_ic_reboot This module will reboot the instrument cluster of a Peugeot 207.
• peugeot207_ic_warning This module triggers a warning on the instrument cluster of a Peugeot 207.
• prius_park_kill_engine This module will kill the fuel to individual or all cylinders in the internal combustion engine of a Toyota Prius 2010 but requires it to be parked.
• reset_mileage This module clears diagnostic trouble codes and resets the mileage.
• rx8_rpm_fuzzer This module sends out CAN data to a Mazda RX8 instrument cluster.
• spam_bus This module will spam the bus with messages using an extended ID 0xc0ffee.
• tesla_disable_esp_abs This module will inject UDS data frames though Gateway and disable ESP/ABS ECU at low speed on a Tesla Model S P85 and P75 in 2016(v7.1(2.28.60) and v7.1(2.32.23)).
• tesla_open_trunk This module will open a trunk on a Tesla Model S P85 and P75 in 2016(v7.1(2.28.60) and v7.1(2.32.23)).
• uds_fuzzer This module sends diagnostic session control to discover UDS ids.
• uds_sec_access This module will scan a vehicle for UDS services using Security Access.

Install

git clone https://github.com/shipcod3/canTot
cd canTot
pip3 install -r requirements.txt

Use

python3 main.py

Copyright (C) 2023 shipcod3

Source: https://github.com/shipcod3/