Hacking Volvo XC60

Purpose With the aid of Pi-WIRE, drive car at 120km/hr in the basement parking lot, prove my superb driving skill To let HUD show something interesting, I shall figure out how it interacts with car. I guess HUD polling the car periodically. So I changed the configuration of MITM in article#4 : replace ELM327 with HUD, observing how does HUD act with Pi-CAR. With Pi-WIRE, I can observe the command sent by HUD. In Pi-CAR, I can response arbitrary speed, and check whether HUD showed the desired speed reported by Pi-CAR Before ELM327  ---- Pi-WIRE ---- Pi-CAR After-1 HUD  ---- Pi-WIRE ---- Pi-CAR (report speed=120) The experiment above proved that I understood the protocol between OBD2/ CAR. As I connect HUD to real car, the car probably running at speed=20. Now I can put a man-in-the-middle, "Pi-WIRE", and let Pi-WIRE increase speed by 1000. Then HUD can show something interesting After-2 HUD( speed=120 ) ---- Pi-WIRE ( report speed=20+100 ) ----  XC60 (speed=20) HUD Reverse Eng

In previous article , I've described how to use Pi-WIRE to do MITM attack. In this article, let's talk about the pitfall I encountered during making these tools -> analyzing what happened if bad electronics attach to CAN bus. With the story, you can judge whether attaching OBD2 dongles (ELM327, HUD) to the car is OK or NOT; or what to notice To build the tool, I bought several CANBUS modules from China. To save money, I bought cheap electronics to torture myself: WaveShare  RS485 CAN HAT  * 2 Niren MCP2515 CAN Module * 2 CHEAP_SUCK_MODULE Using verified modules (ELM327) to validate unverified tool (Pi-CAR) is important techniques. As the raspberry Pi connecting to  CHEAP_SUCK_MODULE , I encountered trouble immediately ELM327 sends 0902 by 8 bytes, 09 02 00 00 00 00 00 00 With  CHEAP_SUCK_MODULE , I can't receive long packet definitely I can use "ATCAF0" to avoid ELM327 sending 8bytes, which becomes short packet 09 02 However, short packet reception with  CHEAP_