CAN-Bus Traffic Reverse Engineering

Motivation

In this project, our client wanted to adapt a GM Electric Power Steering rack to use in their autonomous vehicle.

The protocol information to operate the steering rack is not available publicly, so the client commissioned us to reverse engineer it to be controlled via two CANBus connections.

Activity

We experimented on an isolated steering rack and analysed the bus traffic when the rack was known to be active. We then reverse engineered the CANBus messages on the two busses used by the rack, isolating the relevant messages from a population of more than 50 entries.

There were various challenges in this project; The rack had a list of heartbeat messages that it would expect from other modules, and would enter a shutdown mode without them. Control would fail to a safe mode if the correct redundant sensors were not sending information. These control messages had sequence and checksum fields for which we had to reverse engineer the checksum algorithms for the rack to function.