mawei/dragonpilot
1
0
Fork 0
mirror of https://github.com/dragonpilot/dragonpilot.git synced 2026-02-20 12:33:57 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
38faf7f8a45dd933437ebdfd44534935c34dacaa
dragonpilot/examples/can_unique.md
Vehicle Researcher 1ff59baea7 Squashed 'panda/' changes from ae816c104..45d0d286f 
45d0d286f remove whitespace (#255)
e49d0dbbd Pedal: use avg between tracks (#253)
c597dcc89 VERSION update after health packet changes and minor misra test change
01072bec0 Misra 11.x: pointer usage. (#250)
fd68c26ab Propagate can_push errors (#249)
ce1daf206 Misra check only done for EON config
70d4fd7f6 cleanup docker container on failure
04756a037 Turning back Misra check: unvoluntarily change
fcb1208e1 fix weird code in USB_ReadPacket
b983cc8fe Re-wrote test_misra.sh
0b1920636 Misra 17.7: The value returned by a function having non-void return type shall be used. We should hang on initial failed safety_set_mode
06ee8bd2d Ignore Misra 5.4 until cppcheck bug (?) is fixed
4be858224 Update cppcheck commit and pass predefined params to avoid impossible combinations of configs
f45dd04c6 cppcheck: ignore redundantAssignment and selfAssignment for registers in llcan.h
9ce631155 Misra 12.1 (operator order) and 10.4 (incompatible essential types) fixes, arised after properly checking UID_BASE config
1cd34e564 Explicitly set the define and undefine for unknown configs in misra checks
5a024999d remove esp flash from run_automated_tests.sh
23e3684d7 Cppcheck unused functions (#247)
c97d60be6 Removed bad language
b031480a7 Missed adding Dockerfile
91ff6bb21 Run language checker in CI
205ec342a Improved language checker
f7bbab072 Language checker test
d9d0a62f2 Misra 5.5: missed this change from previous PR
85fa3c02a Misra 5.5: Identifiers shall be distinct from macro names (#246)
190d604a0 Pedal: 2 minor fixes to Misra 15.7 (else needed) and 17.7 (non-void output must be used)
8ea01ff12 Pedal: no built-in functions to avoid puts and putc re-definitions
1f40d1e6a Misra pedal (#245)
a4554e3e6 Ignore advisory Misra 19.2: the union keyword should not be used
e6dc4172b Minor indent error
247e128b4 Fix strict compiler on bootstub build
ba6856921 Removed build strict test and enabled -Werror flag
da11f0fa0 safety replay: update openpilot-tools after logreader fix
fc8b9e49b Cppcheck: also check pedal
f7bd2c2f3 Misra 10.4: fix last 2 violations (#242)
9be5fdead finished misra 17.8 (#241)
3c3aba3db Misra 10.4: Both operands of an operator in which the usual arithmetic conversions are performed shall have the same essential type category (#240)
f2a3a177b Misra 15_7: fix what seems to be a false positive of cppcheck
812ace538 Misra 15_7: if … else if constructs should be terminated with an else clause (#230)
79e9735ae rename 5_wifi_udp.py
3c3ff0c03 Update Jenkinsfile (#239)
1bd928437 Misra 17.7: the value returned by a function having non-void return shall be used (#237)
18c9e88bc Merge pull request #238 from commaai/misra_17_8
7ac321de4 Merge pull request #235 from commaai/memxxx
004e543cc Jenkins: run EON test first
4bff28620 Merge branch 'memxxx' of github.com:commaai/panda into memxxx
7cd80de23 typo
385e33b32 12.1 regression
955842bae WIP
ea908cbb7 10_1 violations: Operands shall not be of an inappropriate essential type (#233)
fa3303805 Fix Misra 5.3: An identifier declared in an inner scope shall not hide an identifier declared in an outer scope (#236)
ebfe1c512 Merge branch 'master' of github.com:commaai/panda into memxxx
8c11470ef Fix EON test case
64e18e841 fix inverted logic to differentiate between dev and EON panda builds
36755a0fd Merge branch 'master' of github.com:commaai/panda into memxxx
e2981d612 skip wifi tests for EON panda build
db2eec98c Merge branch 'master' of github.com:commaai/panda into memxxx
11257e79a Ignore test 5_wifi_udp.py_ignore: too unreliable for now
6973c2a81 fix wifi tests
cf6985ad1 memxxx function changes to be Misra compliant
3a6cd2930 wifi threshold perc back to 20%. Problem wasn't this.
d92a03528 faster docker build for safety replay
3e9469b3e Fixing tests after min->MIN  change
ecb9b6c01 Revert "Misra 10 1: Operands shall not be of an inappropriate essential type (#232)"
8732e4faf Misra 10 1: Operands shall not be of an inappropriate essential type (#232)

git-subtree-dir: panda
git-subtree-split: 45d0d286f4b5c893590a98ec1438b8a143b9605d
2019-07-22 19:15:27 +00:00

3.6 KiB
Raw Blame History

How to use can_unique.py to reverse engineer a single bit field

Let's say our goal is to find the CAN message indicating that the driver's door is either open or closed. The following process is great for simple single-bit messages. However for frequently changing values, such as RPM or speed, Cabana's graphical plots are probably better to use.

First record a few minutes of background CAN messages with all the doors closed and save it in background.csv:

./can_logger.py
mv output.csv background.csv

Then run can_logger.py for a few seconds while performing the action you're interested, such as opening and then closing the front-left door and save it as door-fl-1.csv Repeat the process and save it as door-f1-2.csv to have an easy way to confirm any suspicions.

Now we'll use can_unique.py to look for unique bits:

$ ./can_unique.py door-fl-1.csv background*
id 820 new one  at byte 2 bitmask 2
id 520 new one  at byte 3 bitmask 7
id 520 new zero at byte 3 bitmask 8
id 520 new one  at byte 5 bitmask 6
id 520 new zero at byte 5 bitmask 9
id 559 new zero at byte 6 bitmask 4
id 804 new one  at byte 5 bitmask 2
id 804 new zero at byte 5 bitmask 1

$ ./can_unique.py door-fl-2.csv background*
id 672 new one  at byte 3 bitmask 3
id 820 new one  at byte 2 bitmask 2
id 520 new one  at byte 3 bitmask 7
id 520 new zero at byte 3 bitmask 8
id 520 new one  at byte 5 bitmask 6
id 520 new zero at byte 5 bitmask 9
id 559 new zero at byte 6 bitmask 4

One of these bits hopefully indicates that the driver's door is open. Let's go through each message ID to figure out which one is correct. We expect any correct bits to have changed in both runs. We can rule out 804 because it only occurred in the first run. We can rule out 672 because it only occurred in the second run. That leaves us with these message IDs: 820, 520, 559. Let's take a closer look at each one.

$ fgrep ,559, door-fl-1.csv |head
0,559,00ff0000000024f0
0,559,00ff000000004464
0,559,00ff0000000054a9
0,559,00ff0000000064e3
0,559,00ff00000000742e
0,559,00ff000000008451
0,559,00ff00000000949c
0,559,00ff00000000a4d6
0,559,00ff00000000b41b
0,559,00ff00000000c442

Message ID 559 looks like an incrementing value, so it's not what we're looking for.

$ fgrep ,520, door-fl-2.csv
0,520,26ff00f8a1890000
0,520,26ff00f8a2890000
0,520,26ff00f8a2890000
0,520,26ff00f8a1890000
0,520,26ff00f8a2890000
0,520,26ff00f8a1890000
0,520,26ff00f8a2890000
0,520,26ff00f8a1890000
0,520,26ff00f8a2890000
0,520,26ff00f8a1890000
0,520,26ff00f8a2890000
0,520,26ff00f8a1890000

Message ID 520 oscillates between two values. However I only opened and closed the door once, so this is probably not it.

$ fgrep ,820, door-fl-1.csv
0,820,44000100a500c802
0,820,44000100a500c803
0,820,44000300a500c803
0,820,44000300a500c802
0,820,44000300a500c802
0,820,44000300a500c802
0,820,44000100a500c802
0,820,44000100a500c802
0,820,44000100a500c802

Message ID 820 looks promising! It starts off at 44000100a500c802 when the door is closed. When the door is open it goes to 44000300a500c802. Then when the door is closed again, it goes back to 44000100a500c802. Let's confirm by looking at the data from our other run:

$ fgrep ,820, door-fl-2.csv
0,820,44000100a500c802
0,820,44000300a500c802
0,820,44000100a500c802

Perfect! We now know that message id 820 at byte 2 bitmask 2 is set if the driver's door is open. If we repeat the process with the front passenger's door, then we'll find that message id 820 at byte 2 bitmask 4 is set if the front-right door is open. This confirms our finding because it's common for similar signals to be near each other.

Reference in New Issue View Git Blame Copy Permalink