W2L? Car Forensics - now

If you like pls propose a car model to focus on. By default will learn from Audi A8 AI.

Tesla S 85 D - EV example

Tesla's electrical diagram not open to public

Lets concentrate on CAN bus as MOST is for all infotainment and LIN, FlexRay we care later. See here that from OBDll to Diagnose CAN at the data bus diagnostic interface is the first way to go.

https://www.a4-freunde.com/attachment.php?attachmentid=290267&d=1418555547&stc=1

http//www.audi-portal.com/en/diagnostic/ecu_12666.html#1

CAN wires are always drilled together (CAN Low and CAN High). Their signals are opposite but timely synchronous.

Which signal levels (Volt) can you expect to watch on your oscilloscope (DSO)/protocol analyzer?
What means recessive and dominant related to the signal levels?
Which value of a resistor terminates each CAN L and CAN H?
Which bandwidth runs on CAN (kbps)?
Is the CAN protocol fault-tolerant?
Is it possible to MITM between gateways running over CAN?
Which ISO standard defines CAN?

Afterwork R&C! Relax & Click! Here you see Audi A8 AI (2018), by clicking to the right you get tech, by clicking to the left you get design (BTW this car is by far not the most advanced globally, just a locally available example!)

https://www.netcarshow.com/audi/2018-a8/1280x960/wallpaper_1b.htm

Try to understand everything about CAN. Next tomorrow.

CAN is twofold Standard and Extended. Standard CAN is definded by ISO 11898-1, Extended by ISO 11898-2. Try to think and speak about a CAN frame as Layer 2. Carrier Sense CS means that the node first has to sense the wire before sending a frame to avoid collissions - quite similar to Ethernet CSMA/CD Carrier Sense Multiple Access/Collision Detection.

A TI whitepaper (2016 revised) lets you keep track.

http//www.ti.com/lit/an/sloa101b/sloa101b.pdf

Some slides to fly over - keep learning -)

https://www.slideshare.net/Acromag/introduction-to-can-bus-technology

Here you get most answers to previous post

https://www.slideshare.net/abhinawambitious/can-controller-area-network-bus-protocol

Ready to continue?

Now we move to hands-on. I recommend that you get an neoVI Fire 2 and Vehicle Spy 3. See here

https://cdn.intrepidcs.net/videos/training/Fire2Video.mp4

Here the manual

http//cdn.intrepidcs.net/guides/neovifire2/neovi_fire2_ug.pdf

Here a reference chart of CAN

https://vector.com/portal/medien/solutions_for/can/schematic_graphics/chart_can_canfd.png

To learn how CAN is implemented in car electronics lets study a CAN transceiver in automotive. See this NXP IC here

https://www.nxp.com/docs/en/brochure/75017405.pdf

BTW you have a new friend -) CAN FD Controller Access Network Flexible Datarate

Ask yourself

How can I differentiate CAN from CAN FD frames? See here
http//www.ni.com/cms/images/devzone/tut/eiyadyze6012016393650390970.png
What is the difference between CAN FD base and extended frame format? Little hint
https://www.can-cia.org/fileadmin/resources/images/can-fd/canfd04.png
Where in test car Audi A8 AI do we have CAN FD in use? Hint search for SSP Self Study Program
Overview Which gateways in general run CAN, CAN FD?
What forensic issues are related to CAN/CAN FD?
Future of CAN? What comes next?

End of CAN/CAN FD part 1. Next FlexRay

Good job! learner -))

One more thing -) See here BH'16 car hacking slides

http//slideplayer.com/slide/1462704/

Here the training description

https://www.blackhat.com/us-17/training/car-hacking-hands-on.html