Skip to content

CAN-Bus Investigation⚓︎

Elf: Wunorse Openslae
Direct link: canbus terminal
Objective: Solve the Sleigh's CAN-D-BUS Problem

Request⚓︎

Wunorse Openslae

Hiya hiya - I'm Wunorse Openslae!
I've been playing a bit with CAN bus. Are you a car hacker?
I'd love it if you could take a look at this terminal for me.
I'm trying to figure out what the unlock code is in this CAN bus log.
When it was grabbing this traffic, I locked, unlocked, and locked the doors one more time.
It ought to be a simple matter of just filtering out the noise until we get down to those three actions.
Need more of a nudge? Check out Chris Elgee's talk on CAN traffic!

Hints⚓︎

CAN Bus Talk

Chris Elgee is talking about how CAN traffic works right now!

Filtering Text

You can hide lines you don't want to see with commands like cat file.txt | grep -v badstuff

Solution⚓︎

Welcome message
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMWX00OkxxddcddxxkOO0XWMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMMMMWXOxoc:c.;cccccc.ccccc:.:c:ldxOXMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMXkoc',ccccc:.:ccccc.ccccc.;cccc,'::cdOXMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMM0xc:cccc,':cccc::ccccccccccccccc:.;cccccc:lxXMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMNkl,',:ccccc;;ccccccccccccccccccccc::cccccc:,',:lOWMMMMMMMMMMMMM
MMMMMMMMMMMMNxccccc;';cccccccccccccccccccccccccccccccccc;':cccccckWMMMMMMMMMMM
MMMMMMMMMMNdcccccc:..;cccccccccccccccccccccccccccccccccccccccccccc:kWMMMMMMMMM
MMMMMMMMM0c,,,,:cccc;..;cccccccccccccccccccccccccccccccccccccc:,,,;:lKMMMMMMMM
MMMMMMMWd:cccc;:cccccc;..,cccccccccccccccccccccccccccccccccccc;:cccccckMMMMMMM
MMMMMMNlcccccccccccccccc:..,:ccccccccccccccccccccccccccccccccccccccccc:oWMMMMM
MMMMMNc,,,,,:ccccccccccccc:..':cccccccccccccccccccccccccccccccccc:,,,,,;oWMMMM
MMMMWoccccc::ccccccccccccccc:'.':cccccccccccccccccccccccccccccccc::ccccccxMMMM
MMMMkccccccccccccccccccccccccc:'..:cccccccccccccccccccccccccccccccccccccc:0MMM
MMMN::cccccccccccccccccccccccccc:'..:cccccccccccccccccccccccccccccccccccc:cWMM
MMMk,,,,,:cccccccccccccccccccccccc:,..;ccccccccccccccccccccccccccccc:,,,,,;0MM
MMMlccccccccccccccccccccccccccccccccc,.;cccccccccccccccccccccccccccccccccccdMM
MMW:ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccclMM
MMWOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO0MM
MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM

Welcome to the CAN bus terminal challenge!
In your home folder, there's a CAN bus capture from Santa's sleigh. Some of
the data has been cleaned up, so don't worry - it isn't too noisy. What you
will see is a record of the engine idling up and down. Also in the data are
a LOCK signal, an UNLOCK signal, and one more LOCK. Can you find the UNLOCK?
We'd like to encode another key mechanism.

Find the decimal portion of the timestamp of the UNLOCK code in candump.log
and submit it to ./runtoanswer!  (e.g., if the timestamp is 123456.112233,
please submit 112233)

Start by reviewing the contents of the candump.log log in your home folder to understand the log format (line 1). Next, follow a process of elimination by filtering out the noisy signals using grep -v until only the LOCK/UNLOCK log entries are left.

The solution below uses an alternative approach by extracting, sorting, and counting all CAN IDs using cut, sort, and uniq to find the ID that only occurs 3 times (line 2). Then using grep to extract the full log entries to retrieve the timestamps (line 3).

1
2
3
head -2 candump.log
cut -c 27-30 candump.log | sort | uniq -c
grep 19B# candump.log

Completed

Answer

122520

Response⚓︎

Wunorse Openslae

Great work! You found the code!
I wonder if I can use this knowledge to work out some kind of universal unlocker...
... to be used only with permission, of course!
Say, do you have any thoughts on what might fix Santa's sleigh?
Turns out: Santa's sleigh uses a variation of CAN bus that we call CAN-D bus.
And there's something naughty going on in that CAN-D bus.
The brakes seem to shudder when I put some pressure on them, and the doors are acting oddly.
I'm pretty sure we need to filter out naughty CAN-D-ID codes.
There might even be some valid IDs with invalid data bytes.
For security reasons, only Santa is allowed access to the sled and its CAN-D bus.
I'll hit him up next time he's nearby.