Often in past reverse-engineering projects I needed to be able to determine which CAN frames were coming from/to certain devices on a CAN bus. The way I did this was to make my own Microcontroller-based CAN bridge device. Then I broke the bus at several key points and inserted my bridge/log device. The micro would freely pass any CAN frames to/from the now split network and output a log file indicating direction. This is the best tool for reverse-engineering any CAN bus equipped system with more than 2 nodes.

In addition, the same device with different programming could act as a "mangler" by translating certain frames to change system behaviors. Say for instance you had a speed limiter in a car ECU the cuts power to the engine once it sees a certain road speed. You could instruct the mangler to look for the speed byte coming from the ABS ECU and once it hit a certain value, hold it from going any higher than that. Install this between the ABS ECU and the Engine ECU and viola, no more speed limiter! (As long as the instrument cluster is on the ABS side of the split CAN bus, it will continue to read correctly.)

I'd love to see these functionalities implemented in the CBT! We could even implement a 3-way splitter since the CBT has 3 transceivers. This way you could spoof/mangle messages to/from 3 different ECU's in one system at the same time. This would make the CBT a extremely powerful CAN hacking tool!


That's actually exactly what the CBT is. :)

Yes, with some more firmware fleshing out and some decent client software. Right now it's effectively an unfinished product, and without custom firmware it doesn't do anything useful and I'm not aware that there is any useful client software. I'm definitely up for helping with this development.

This wasn't meant as a critique, but more a clear laying down of a certain use case.

Thanks Derek!

I'm using the new hardware with my software to monitor J1939. I wouldn't have bothered to post this but I have no idea how to delete a draft without posting it.

  • 4
  • 4027

Looks like your connection to CANBus Triple was lost, please wait while we try to reconnect.