Arduino UNO MCP2515 MITM Attack

Other Hardware Hardware Development
1

Is it possible to use the Arduino Uno with two MCP2515's for a man-in-the-middle attack? I am trying to modify codes sent from a can module to the ecu to trick the ecu into thinking the module has no errors. I am able to read the messages coming off of either module, but I can't seem to get it to find when the line isn't busy to send the can message out. Any ideas?
I have the 120 ohm resistor connected on both modules by the way.

#include <SPI.h>
#include <mcp_can.h>

// Pins configuration
const int CAN0_CS = 10; // Chip Select pin for CAN0
const int CAN1_CS = 9;  // Chip Select pin for CAN1
const int CAN0_INT = 2; // Interrupt pin for CAN0
const int CAN1_INT = 3; // Interrupt pin for CAN1

MCP_CAN CAN0(CAN0_CS);  // Initialize MCP2515 on CAN0
MCP_CAN CAN1(CAN1_CS);  // Initialize MCP2515 on CAN1

void setup() {
    Serial.begin(115200);
    while (!Serial); // Wait for Serial to be ready

    // Initialize MCP2515 modules
    if (CAN0.begin(MCP_ANY, CAN_500KBPS, MCP_16MHZ) != CAN_OK) {
        Serial.println("CAN0 Init Failed");
        while (1);
    }
    Serial.println("CAN0 Init OK!");

    if (CAN1.begin(MCP_ANY, CAN_500KBPS, MCP_16MHZ) != CAN_OK) {
        Serial.println("CAN1 Init Failed");
        while (1);
    }
    Serial.println("CAN1 Init OK!");

    pinMode(CAN0_INT, INPUT); // Set interrupt pins
    pinMode(CAN1_INT, INPUT);
    attachInterrupt(digitalPinToInterrupt(CAN0_INT), handleCAN0Interrupt, FALLING);
    attachInterrupt(digitalPinToInterrupt(CAN1_INT), handleCAN1Interrupt, FALLING);

    CAN0.setMode(MCP_NORMAL); // Set mode to normal
    CAN1.setMode(MCP_NORMAL);
}

void loop() {
    // Empty loop; everything is handled by interrupts
}

void handleCAN0Interrupt() {
    unsigned long id = 0;
    byte len = 0;
    byte buf[8];

    if (CAN0.readMsgBuf(&id, &len, buf) == CAN_OK) {
        if (id == 0x500 && buf[0] == 94) {
            buf[0] = 50; // Change data as specified
        }
        CAN1.sendMsgBuf(id, 0, len, buf); // Send modified message
        // clearBuffer(rxBuf, len);
    }
}

void handleCAN1Interrupt() {
    unsigned long id = 0;
    byte len = 0;
    byte buf[8];

    if (CAN1.readMsgBuf(&id, &len, buf) == CAN_OK) {
        CAN0.sendMsgBuf(id, 0, len, buf); // Forward message to CAN0
    }
}
2

That is something you need not worry about, the CAN system will automatically allow the message with the highest priority to go and hold back others until there is an opening to send. This feature is one of the benefits of the NDA(Non Destructive Arbitration) of the CAN bus.

3

Should I make my messages going each way a higher priority and use the filters and mask to only see messages I want to receive? Also, is the UNO fast enough for CANBUS messages for an engine in a constant-speed application?

4

You can do whatever you like. It is not the speed of the UNO unless you manage to flood it or bloat it with software. . There are many 2 - 8 MHz 8-bitters running CAN. The work is done by the CAN controller, not the processor. Check it out, you have filters etc that do the heavy lifting for you. The filters etc were put there for this exact reason to offload the processor overhead. I cannot tell you how much data can be transfered at any given baud rate as the number of bits changes (bit stuffing and payload size). Check this link: communication - What's the maximum CAN bus frame (message) rate at 125 kbit/s? - Electrical Engineering Stack Exchange

5

I am able to sniff the canbus when the lines are hooked to each other, but when they're hooked to the MCP2515s, I can't get them to start communicating with my Arduino. I have the resistors hooked up too. How do I get the communication jump started between the two modules?

6

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.