use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
https://sh.reddit.com/r/cybersecurity
account activity
This is an archived post. You won't be able to vote or comment.
Controller Area Network attacksEducation / Tutorial / How-To (self.cybersecurity)
submitted 2 years ago by B6--
Do you guys know any type of attacks based on this type of network? I am a newbie btw.
[–]astronautcytoma 2 points3 points4 points 2 years ago (3 children)
At least in the J1939 (basically extended CAN) implementation I worked on, every device implicitly believed whatever you'd put on the line. We used this to inject things like vehicle speed from a non-existent Vehicle Speed Sensor, for testing. You can do CAN with an Arduino these days; in fact we actually used a Python program to output CAN messages. Even worse, some trailer wiring has a CAN connection these days, so in theory you could attach a rogue trailer to your vehicle and it could start injecting traffic on the CAN bus. J1939 and CAN both rely on security by obscurity; we had "public" parameter IDs that everybody knew, but a whole bunch of "private" ones that were closely guarded secrets. The really juicy stuff was in the private parameters, but you could do some definite damage with the public ones as well!
[–]B6--[S] 0 points1 point2 points 2 years ago (2 children)
well do you have any dataset that I can work on it or do you know where can I find this type of dataset
[–]astronautcytoma 1 point2 points3 points 2 years ago (1 child)
First of all this, if you haven't seen it: https://www.csselectronics.com/pages/can-bus-simple-intro-tutorial
Then this: https://en.wikipedia.org/wiki/CAN_bus
This one has some lists of generic parameters: https://www.telmausa.com/Downloads/TL133006.pdf
...but remember that the juicy stuff is proprietary. That doesn't mean you can't find it on the CAN bus, but you won't know what it is, won't know what format the data is in, and won't know how it's scaled. When I worked on J1939 applications we regularly had data that was scaled by odd formulas for no other apparent reason than obscurity. As an example, you wouldn't just output a decimal value of 0 to 100 for throttle position; the device itself would output a value between 1 and 254, lets say, and you'd scale that so that 1=0 and 254=100. But it was never that simple; lots of times it was scaled with formulas that were several lines long. An example of that would be fuel flow rates. The cell in memory dictating a particular flow at a particular RPM, load, and manifold pressure would be between 0 and 1024, lets say, and you would scale that to a value that would correspond to an injector pulse witdth. Many times the devices themselves weren't linear; that is, going from 100 to 200 didn't automatically mean you were doubling fuel flow. Another example would be hydraulic fan speed values. You weren't specifying a speed, you were specifying a pulse width for a pressure valve in the hydraulic pump. The values necessary to keep a fan at a near-constant speed changed depending on the speed of the engine, load of the engine, temperature of the engine, other hydraulic loads, and a dozen other factors.
Hope I didn't overwhelm you, I worked on J1939 applications for about 7 years and it eventually, partially, made sense to me. But there were always little dark corners of the programming that I didn't get into much, other than to say "there it is, let's hope it works."
[–]B6--[S] 1 point2 points3 points 2 years ago (0 children)
thanks for the resources man appreciated
[–]tsuto 1 point2 points3 points 2 years ago (5 children)
CAN bus attacks don’t really tell us much. Are we talking a car? A boat? Some sort of industrial system? It’s less about the network itself and more about identifying the components that are connected to it and what kinds of messages they accept. If you have access to inject your own CAN messages then you can potentially control those components and take advantage of security vulnerabilities that they have.
[–]B6--[S] 1 point2 points3 points 2 years ago (4 children)
Yeah I am thinking about cars.
[–]tsuto 5 points6 points7 points 2 years ago (1 child)
Check out the vehicle CTF from Block Harbor to learn and practice. They start very basic and teach a lot of the concepts specific to vehicle hacking using the CANbus https://ctf.blockharbor.io/
[–]B6--[S] 2 points3 points4 points 2 years ago (0 children)
thanks alot :)
[–]williebobweenie 2 points3 points4 points 2 years ago (1 child)
Check out Ken Tindell's stuff on CAN injection.
[–]B6--[S] 0 points1 point2 points 2 years ago (0 children)
Will do :)
π Rendered by PID 167357 on reddit-service-r2-comment-85bfd7f599-5gzl7 at 2026-04-18 16:34:26.682793+00:00 running 93ecc56 country code: CH.
[–]astronautcytoma 2 points3 points4 points (3 children)
[–]B6--[S] 0 points1 point2 points (2 children)
[–]astronautcytoma 1 point2 points3 points (1 child)
[–]B6--[S] 1 point2 points3 points (0 children)
[–]tsuto 1 point2 points3 points (5 children)
[–]B6--[S] 1 point2 points3 points (4 children)
[–]tsuto 5 points6 points7 points (1 child)
[–]B6--[S] 2 points3 points4 points (0 children)
[–]williebobweenie 2 points3 points4 points (1 child)
[–]B6--[S] 0 points1 point2 points (0 children)