{"id":13739993,"url":"https://github.com/CaringCaribou/caringcaribou","last_synced_at":"2025-05-08T19:35:12.378Z","repository":{"id":29640355,"uuid":"33181725","full_name":"CaringCaribou/caringcaribou","owner":"CaringCaribou","description":"A friendly car security exploration tool for the CAN bus","archived":false,"fork":false,"pushed_at":"2024-05-02T08:10:43.000Z","size":508,"stargazers_count":677,"open_issues_count":10,"forks_count":180,"subscribers_count":56,"default_branch":"master","last_synced_at":"2024-05-22T07:53:01.006Z","etag":null,"topics":["can-bus","ecu","fuzzing","python","security-scanner","security-testing","xcp"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CaringCaribou.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-03-31T11:29:15.000Z","updated_at":"2024-07-09T02:49:10.190Z","dependencies_parsed_at":"2022-07-27T22:19:47.936Z","dependency_job_id":"1258bde7-d09d-4ed8-b05c-1dd76527a691","html_url":"https://github.com/CaringCaribou/caringcaribou","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaringCaribou%2Fcaringcaribou","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaringCaribou%2Fcaringcaribou/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaringCaribou%2Fcaringcaribou/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaringCaribou%2Fcaringcaribou/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CaringCaribou","download_url":"https://codeload.github.com/CaringCaribou/caringcaribou/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253135605,"owners_count":21859670,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["can-bus","ecu","fuzzing","python","security-scanner","security-testing","xcp"],"created_at":"2024-08-03T04:00:41.007Z","updated_at":"2025-05-08T19:35:12.058Z","avatar_url":"https://github.com/CaringCaribou.png","language":"Python","funding_links":[],"categories":["Hacking and Reverse Engineering tools"],"sub_categories":[],"readme":"# Caring Caribou\nA friendly automotive security exploration tool.\n\n## Rationale\nThis work was initiated as part of the research project HEAVENS (HEAling Vulnerabilities to ENhance Software Security and Safety), but lives on as a stand-alone project.\nWe were lacking a security testing tool for automotive; a zero-knowledge tool that can be dropped onto any CAN network and collect information regarding what services and vulnerabilities exist. This project is a start.\n\n## Documentation\n- [How to install](documentation/howtoinstall.md)\n- [How to use](documentation/howtouse.md)\n- [Troubleshooting](documentation/troubleshooting.md), common errors and solutions\n\n## Get started\nInstall the tool:\n\n    python setup.py install\n\nThe best way to understand how to use Caring Caribou is to look at the help screen:\n\n    caringcaribou --help\n\nThis will list all available modules at the bottom of the output. Help for specific modules works the same way. For example, the help screen for the `send` module is shown by running\n\n    caringcaribou send --help\n\nThe module help always includes some usage examples. If the module has multiple sub functions, these have similar help screens as well:\n\n    caringcaribou send message -h\n    caringcaribou send file -h\n\nMore detailed usage information is available [in the documentation on usage](documentation/howtouse.md).\n\n## Features and Architecture\nCaring Caribou is based on a main entry point in `caringcaribou.py` which runs the show. This enables an easy drop-in architecture for new modules, which are located in the `caringcaribou/modules` folder.\n\nThe `caringcaribou/utils` folder contains various higher level CAN protocol implementations and shared functions, meant to be used by modules.\n\nThe `caringcaribou/tests` folder contains automated test suites and `/documentation` stores documentation files (modules are also documented here).\n\n## List of Modules\nA clean installation of Caring Caribou includes the following modules:\n\n### dump - Dump CAN traffic\nDumps incoming traffic to stdout (terminal output) or file\n\nDetails here: [dump module](documentation/dump.md)\n\n### send - Send CAN packets\nRaw message transmission module, used to send messages manually from command line or replay dump files\n\nDetails here:  [send module](documentation/send.md)\n\n### listener - Listener\nLists all distinct arbitration IDs being used on the CAN bus\n\nDetails here: [listener module](documentation/listener.md)\n\n### fuzzer - CAN fuzzer\n- random - sends random CAN messages\n- brute - brute forces all possible messages matching a given bit mask\n- mutate - mutate selected nibbles of a given message\n- replay - replay a log file from a previous fuzzing session\n- identify - replay a log file and identify message causing a specific event\n\nDetails here: [fuzzer module](documentation/fuzzer.md)\n\n### uds - Universal Diagnostic Services\nDiscovers and utilizes various ISO 14229-1 services.\n- discovery - Scans for ECUs supporting diagnostics services\n- services - Scans for diagnostics services supported by an ECU\n- subservices - Subservice enumeration of supported diagnostics services by an ECU\n- ecu_reset - Reset an ECU\n- testerpresent - Force an elevated session against an ECU to stay active\n- security_seed - An automated way to collect seeds for a specific security access level in a specific diagnostic session\n- dump_dids - Dumps values of Dynamic Data Identifiers (DIDs)\n- read_mem - Read memory from an ECU\n- auto - Fully automated diagnostics scan, by using the already existing UDS submodules\n\nDetails here: [uds module](documentation/uds.md)\n\n### uds_fuzz - Universal Diagnostic Services Fuzzer\nFuzzing module for UDS security seed randomness evaluation and testing.\n- seed_randomness_fuzzer - ECUReset method fuzzing for seed randomness evaluation\n- delay_fuzzer - delay fuzzing for targets with weak randomness implemented, to match acquired seed/key pair to the delay in which the seed can be requested\n\nDetails here: [uds_fuzz module](documentation/uds_fuzz.md)\n\n### doip - Diagnostic communication over Internet Protocol\nDiscovers and utilizes various ISO 13400-2 services.\n- discovery - Scans for ECUs supporting diagnostics services\n- services - Scans for diagnostics services supported by an ECU\n- ecu_reset - Reset an ECU\n- security_seed - Request security seeds from an ECU\n- testerpresent - Force an elevated session against an ECU to stay active\n- dump_dids - Dumps values of Dynamic Data Identifiers (DIDs)\n- seed_randomness_fuzzer - ECUReset method fuzzing for seed randomness evaluation\n\nDetails here: [doip module](documentation/doip.md)\n\n### xcp - Universal Measurement and Calibration Protocol (XCP)\n- discovery - Scans for ECUs supporting XCP\n- info - XCP Get Basic Information. Retrieves information about XCP abilities of an ECU\n- dump - XCP Upload. Used to dump ECU memory (such as SRAM, flash and bootloader) to file \n\nDetails here: [xcp module](documentation/xcp.md)\n\n### dcm - [deprecated] Diagnostics Control Module\n**Note**: This module has been replaced by the [UDS](documentation/uds.md) module. It is still supported by CC due to legacy reasons.\n\nDetails here: [dcm module](documentation/dcm.md)\n\n### test - Run test suite\nRuns automated Caring Caribou test suites\n\n## List of libraries/utilities\nThe `caringcaribou/utils` folder contains the following:\n\n### can_actions.py\nProvides abstraction for access to the CAN bus, bruteforce engines etc.\n\n### common.py\nContains various common functions, type converters etc.\n\n### constants.py\nConstant definitions\n\n### iso14229_1.py\nImplementation of the ISO-14229-1 standard for Unified Diagnostic Services (UDS).\n\n### iso15765_2.py\nImplementation of the ISO-15765-2 standard (ISO-TP). This is a transport protocol which enables sending of messages longer than 8 bytes over CAN by splitting them into multiple data frames.\n\n## Hardware requirements\nSome sort of CAN bus interface (http://elinux.org/CAN_Bus#CAN_Support_in_Linux)\n\n## Software requirements\n- Python 3.7 or higher\n- python-can\n- a pretty modern linux kernel\n\n## Extending the project with new modules\n- A template for new modules is available in `caringcaribou/modules/module_template.py`\n- Create a python file with a function `module_main(args)` (or copy the template) in the `caringcaribou/modules` directory.\n- In `setup.py`, add an entry under `caringcaribou.modules`, referencing your new module like: `my_module = caringcaribou.modules.my_module`\n- Run `python setup.py install`\n- Verify that the module is available, it should be listed in the output of `caringcaribou -h`\n\nIf your new module is located in `caringcaribou/modules/foo.py` you will run it with the command `caringcaribou foo`.\nAdditional arguments (if any) are passed as arguments to the `module_main` function.\n\n\n## The target\nThe target ECU used for the development setup is an STM32F107 based dev-board from ArcCore called Arctic EVK-M3, but the tool can be used against any ECU communicating over a CAN bus.\n\n## Contributors\n* The [HEAVENS](https://www.vinnova.se/en/p/heavens-healing-vulnerabilities-to-enhance-software-security-and-safety/) project, funded by VINNOVA\n* Christian Sandberg\n* Kasper Karlsson\n* Tobias Lans\n* Mattias Jidhage\n* Johannes Weschke\n* Filip Hesslund\n* Craig Smith (OpenGarages.org)\n* internot\n* Roos Hubrechtsen\n* Lear Corporation\n* sigttou\n* FearfulSpoon\n* Alex DeTrano\n* Thomas Sermpinis\n* Alexander Alasjö\n* Vincent de Chefdebien\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCaringCaribou%2Fcaringcaribou","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FCaringCaribou%2Fcaringcaribou","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FCaringCaribou%2Fcaringcaribou/lists"}