Skip to content
/ Crazy-Tachymeter Public

Crazy-Tachymeter is an exploit that allows you to flood the CAN-Bus with frames of the ECU mapping file.

License

GPL-3.0 license
8 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pietrobiondi/Crazy-Tachymeter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
exploit
exploit
 
 
img
img
 
 
server
server
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Crazy-Tachymeter

Crazy-Tachymeter is an exploit that allows you to flood the CAN-Bus with frames of the ECU mapping file.

This project uses a CAN simulator (ICSim by OpenGarages). [Link]

markdown-previewmarkdown-preview

What do you need

  1. Virtual Machine with a CAN simulator installed. On this VM you also need a vulnerable server for remote command execution.
  2. Kali Linux with this exploit included.
  3. Make sure the machines are connected each other.

How to setup the Vulnerable VM

Download the vulnerable VM with CAN simulator installed from Release [Link]. (Bodhi-Linux, user=pass=tachymeter)

Open a terminal and run the following commands to setup a virtual CAN interface.

  sudo modprobe can
  sudo modprobe vcan
  sudo ip link add dev vcan0 type vcan
  sudo ip link set up vcan0

After that, open two terminal and enter on ICSim directory, then use the following commands for startup simulator and controller.

  ./icsim vcan0
  ./controls vcan0

At this point you need to start the vulnerable server for remote command execution.

  cd Documents
  python vulnerable_server.py

Now your VM is ready and vulnerable for the exploit.

How to setup the exploit on Kali Linux

You can follow 2 ways:

On Kali Linux, copy the:

/exploit/remote/crazytachymeter_remote.rb --> to --> /usr/share/metasploit-framework/modules/auxiliary/spoof/replay/

OR (if you have already a metasploit session and you don't need a vulnerable server)

/exploit/crazytachymeter.rb --> to --> /usr/share/metasploit-framework/modules/post/hardware/automotive/

Then copy the

/exploit/controlUnitMapCanBus.txt --> to --> /usr/share/metasploit-framework/data/wordlists/controlUnitMapCanBus.txt

After that, based on the choice of the exploit in the previous step, you can run:

  use auxiliary/spoof/replay/crazytachymeter_remote 
  set interface vcan0
  set rhost IPVictim
  set rport python_server_port_number
  exploit

OR (if you have already a metasploit session and you don't need a vulnerable server) you can run:

  use post/hardware/automotive/crazytachymeter 
  set INTERFACE canbusinterface (e.g. vcan0)
  set session id
  run

Now you can see the exploit running.. Look at the tachymeter. You can also change the path of the file with a new ECU mapping!

Enjoy!

About

Crazy-Tachymeter is an exploit that allows you to flood the CAN-Bus with frames of the ECU mapping file.

Topics

can-bus

Resources

Readme

License

GPL-3.0 license
Activity

Stars

8 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

Virtual Machine with CAN simulator installed. Latest
Feb 23, 2019

Packages

No packages published

Languages