2017-01-07 03:51:41 +00:00
|
|
|
##
|
|
|
|
|
# This module requires Metasploit: http://metasploit.com/download
|
|
|
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
|
|
|
|
##
|
|
|
|
|
|
|
|
|
|
require 'msf/core'
|
|
|
|
|
require 'rex'
|
|
|
|
|
require 'msf/core/post/hardware/automotive/uds'
|
|
|
|
|
|
|
|
|
|
class MetasploitModule < Msf::Post
|
|
|
|
|
|
|
|
|
|
include Msf::Post::Hardware::Automotive::UDS
|
2017-02-16 00:26:23 +00:00
|
|
|
include Msf::Post::Hardware::Automotive::DTC
|
2017-01-07 03:51:41 +00:00
|
|
|
|
|
|
|
|
def initialize(info={})
|
|
|
|
|
super( update_info( info,
|
|
|
|
|
'Name' => 'Get the Vehicle Information Such as the VIN from the Target Module',
|
|
|
|
|
'Description' => %q{ Post Module to query DTCs, Some common engine info and Vehicle Info.
|
|
|
|
|
It returns such things as engine speed, coolant temp, Diagnostic
|
|
|
|
|
Trouble Codes as well as All info stored by Mode $09 Vehicle Info, VIN, etc},
|
|
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
|
'Author' => ['Craig Smith'],
|
|
|
|
|
'Platform' => ['hardware'],
|
|
|
|
|
'SessionTypes' => ['hwbridge']
|
|
|
|
|
))
|
|
|
|
|
register_options([
|
|
|
|
|
OptInt.new('SRCID', [true, "Module ID to query", 0x7e0]),
|
|
|
|
|
OptInt.new('DSTID', [false, "Expected reponse ID, defaults to SRCID + 8", 0x7e8]),
|
|
|
|
|
OptBool.new('CLEAR_DTCS', [false, "Clear any DTCs and reset MIL if errors are present", false]),
|
|
|
|
|
OptString.new('CANBUS', [false, "CAN Bus to perform scan on, defaults to connected bus", nil])
|
|
|
|
|
], self.class)
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def run
|
2017-02-28 05:09:57 +00:00
|
|
|
pids = get_current_data_pids(datastore["CANBUS"], datastore["SRCID"], datastore["DSTID"])
|
|
|
|
|
if pids.size == 0
|
|
|
|
|
print_status("No reported PIDs. You may not be properly connected")
|
|
|
|
|
else
|
|
|
|
|
print_status("Available PIDS for pulling realtime data: #{pids.size} pids")
|
|
|
|
|
print_status(" #{pids.inspect}")
|
|
|
|
|
end
|
2017-01-07 03:51:41 +00:00
|
|
|
if pids.include? 1
|
2017-03-08 17:21:33 +00:00
|
|
|
data = get_monitor_status(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
|
|
|
|
print_status(" MIL (Engine Light) : #{data['MIL'] ? 'ON' : 'OFF'}") if data.key? "MIL"
|
|
|
|
|
print_status(" Number of DTCs: #{data['DTC_COUNT']}") if data.key? "DTC_COUNT"
|
2017-01-07 03:51:41 +00:00
|
|
|
end
|
|
|
|
|
if pids.include? 5
|
2017-03-08 17:21:33 +00:00
|
|
|
data = get_engine_coolant_temp(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
|
|
|
|
print_status(" Engine Temp: #{data['TEMP_C']} \u00b0C / #{data['TEMP_F']} \u00b0F") if data.key? "TEMP_C"
|
2017-01-07 03:51:41 +00:00
|
|
|
end
|
|
|
|
|
if pids.include? 0x0C
|
2017-03-08 17:21:33 +00:00
|
|
|
data = get_rpms(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
|
|
|
|
print_status(" RPMS: #{data['RPM']}") if data.key? "RPM"
|
2017-01-07 03:51:41 +00:00
|
|
|
end
|
|
|
|
|
if pids.include? 0x0D
|
2017-03-08 17:21:33 +00:00
|
|
|
data = get_vehicle_speed(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
|
|
|
|
print_status(" Speed: #{data['SPEED_K']} km/h / #{data['SPEED_M']} mph") if data.key? "SPEED_K"
|
2017-01-07 03:51:41 +00:00
|
|
|
end
|
|
|
|
|
if pids.include? 0x1C
|
2017-03-08 17:21:33 +00:00
|
|
|
print_status("Supported OBD Standards: #{get_obd_standards(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])}")
|
2017-01-07 03:51:41 +00:00
|
|
|
end
|
2017-03-08 17:21:33 +00:00
|
|
|
dtcs = get_dtcs(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
|
|
|
|
unless dtcs.empty?
|
2017-02-16 00:26:23 +00:00
|
|
|
print_status("DTCS:")
|
|
|
|
|
dtcs.each do |dtc|
|
|
|
|
|
msg = dtc
|
2017-03-08 17:21:33 +00:00
|
|
|
msg += ": #{DTC_CODES[dtc]}" if DTC_CODES.key? dtc
|
2017-02-16 00:26:23 +00:00
|
|
|
print_status(" #{msg}")
|
|
|
|
|
end
|
|
|
|
|
end
|
2017-03-08 17:21:33 +00:00
|
|
|
frozen_dtcs = get_frozen_dtcs(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
|
|
|
|
unless frozen_dtcs.empty?
|
2017-02-16 00:26:23 +00:00
|
|
|
print_status("Frozen DTCS:")
|
|
|
|
|
frozen_dtcs.each do |dtc|
|
|
|
|
|
msg = dtc
|
2017-03-08 17:21:33 +00:00
|
|
|
msg += ": #{DTC_CODES[dtc]}" if DTC_CODES.key? dtc
|
2017-02-16 00:26:23 +00:00
|
|
|
print_status(" #{msg}")
|
|
|
|
|
end
|
|
|
|
|
end
|
2017-03-08 17:21:33 +00:00
|
|
|
pids = get_vinfo_supported_pids(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
2017-02-28 05:09:57 +00:00
|
|
|
print_status("Mode $09 Vehicle Info Supported PIDS: #{pids.inspect}") if pids.size > 0
|
2017-01-07 03:51:41 +00:00
|
|
|
pids.each do |pid|
|
|
|
|
|
# Handle known pids
|
|
|
|
|
if pid == 2
|
2017-03-08 17:21:33 +00:00
|
|
|
vin = get_vin(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
2017-01-07 03:51:41 +00:00
|
|
|
print_status("VIN: #{vin}")
|
|
|
|
|
elsif pid == 4
|
2017-03-08 17:21:33 +00:00
|
|
|
calid = get_calibration_id(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
2017-01-07 03:51:41 +00:00
|
|
|
print_status("Calibration ID: #{calid}")
|
|
|
|
|
elsif pid == 0x0A
|
2017-03-08 17:21:33 +00:00
|
|
|
ecuname = get_ecu_name(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
2017-01-07 03:51:41 +00:00
|
|
|
print_status("ECU Name: #{ecuname}")
|
|
|
|
|
else
|
2017-03-08 17:21:33 +00:00
|
|
|
data = get_vehicle_info(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], pid)
|
|
|
|
|
data = response_hash_to_data_array(datastore['DSTID'].to_s(16), data)
|
2017-01-07 03:51:41 +00:00
|
|
|
print_status("PID #{pid} Response: #{data.inspect}")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
if datastore['CLEAR_DTCS'] == true
|
2017-03-08 17:21:33 +00:00
|
|
|
clear_dtcs(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'])
|
2017-01-07 03:51:41 +00:00
|
|
|
print_status("Cleared DTCs and reseting MIL")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
