Man In The Middle Strategy
  • 0
  • Alright I made some progress tonight and was able to map a lot of ID's from my vehicle(2005 Chrysler 300, 83.3Kbps bus). A lot of the items seem to have a "default state" that is constantly being transmitted. Like traction control. If I press traction control off on my dash I see 0003 0420800050530000 7. If I have traction control on(standard setting, no dash light) and send the prior command to turn it off I get the dash light for about a second then it goes off again and 0003 0020800050530000 7 is transmitting. Similar thing for windows, sun roof, etc. So it sounds like to get access to to some of the things that I want MITM is the only choice. This is the wiring of the "B" bus on my car. Can I tap in anywhere here? Or should I tap at say the FCM? Oh and I attached a picture of my newly controlled dash! https://www.dropbox.com/s/ngiq6ta092xp1sr/IMG_0934.jpeg?dl=0

    https://www.dropbox.com/s/s3m53n1xjgg0jbv/Screen Shot 2016-04-11 at 9.27.15 PM.png?dl=0

  • 0
  • Also currently I am only reading on bus 1. I soldered my high, low, ground, and 12v lines into my HVAC PCB. However I could obviously cut that cable for high and low and run 2 buses for the MITM if that would work. That is a pretty ideal spot in my car as there is loads of space behind that module.

  • 1
  • administrators

    Looking good!! Thanks for sharing pictures, I love seeing what people do with the CBT!

    The way I identify the best place to MITM is as close to the actual device I want to control as possible. Every car is different so a little trial and error will be involved. The nice thing is if it does not work you can just reconnect the cut bus and it will still work.

    Also you'll want to tap in somewhere where the CBT will have to send/receive as few packets as possible to achieve the desired effect.That assures it can read process and resend the CAN data fast.

  • 3
    Posts
  • 836
    Views
  • Log in to reply