Initial import

.gitignore

@@ -0,0 +1,5 @@
+**.db
+**.pyc
+**.idea
+**__pycache__
+**/data

.repoResources/demo/conv.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+# http://cassidy.codes/blog/2017/04/25/ffmpeg-frames-to-gif-optimization/
+
+palette="/tmp/palette.png"
+filters="fps=15,scale=700:-1:flags=lanczos"
+
+ffmpeg -v warning -i $1 -vf "$filters,palettegen=stats_mode=diff" -y $palette
+ffmpeg -i $1 -i $palette -lavfi "$filters,paletteuse=dither=bayer:bayer_scale=5:diff_mode=rectangle" -y $2

CANalyzat0r.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# The dir of the start script (this file)
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+cd $DIR/src
+python3 CANalyzat0r.py

README.md

@@ -0,0 +1,59 @@
+![Alt text](/.repoResources/mainTab.png?raw=true "CANalyzat0r main tab")
+
+*This software project is a result of a Bachelor's thesis created at [SCHUTZWERK](https://www.schutzwerk.com) in collaboration with [Aalen University](https://www.hs-aalen.de/) by Philipp Schmied.*
+
+*Please refer to the corresponding [blog post](https://www.schutzwerk.com/en/43/posts/canalyzat0r/) for more information.*
+
+# Why another CAN tool?
+* Built from scratch with new ideas for analysis mechanisms
+* Bundles features of many other tools in one place
+* Modular and extensible: Read the docs and implement your own analysis mechanisms
+* Comfortable analysis using a GUI
+* Manage work in separate projects using a database
+* Documentation: Read the docs if you need a manual or technical info.
+
+# Installing and running:
+* Run `install_requirements.sh` along with `CANalyzat0r.sh`
+* Or just use the docker version (Check the subdirectory)
+
+For more information, read the HTML or PDF version of the documentation in the `./doc/build` folder.
+
+# Features
+* Manage interface configuration (automatic loading of kernel modules, manage physical and virtual SocketCAN devices)
+* Multi interface support
+* Manage your work in projects. You can also import and export them in the human readable/editable JSON format
+* Logging of all actions
+* Graphical sniffing
+* Manage findings, dumps and known packets per project
+![Alt text](/.repoResources/demo/knownPackets.gif?raw=true "Recognizing known packets")
+* Easy copy and paste between tabs. Also, you can just paste your SocketCAN files into a table that allows pasting
+![Alt text](/.repoResources/demo/import.gif?raw=true "Import SocketCAN files")
+* Threaded Sending, Fuzzing and Sniffing
+![Alt text](/.repoResources/demo/fuzzer-sniffer.gif?raw=true "Fuzzing and Sniffing at the same time")
+* Add multiple analyzing threads on the GUI
+* Ignore packets when sniffing - Automatically filter unique packets by ID or data and ID
+* Compare dumps
+* Allows setting up complex setups using only one window
+* Clean organization in tabs for each analysis task
+* Binary packet filtering with randomization
+* Search for action specific packets using background noise filtering
+![Alt text](/.repoResources/demo/filter.gif?raw=true "Filter Tab")
+* SQLite support
+* Fuzz and change the values on the fly
+
+# Fixing the GUI style
+
+This application has to be run as superuser. Because of a missing configuration, the displayed style
+can be set to an unwanted value when the effective UID is 0. To fix this behaviour, follow these steps:
+
+* Quick way: Execute `echo "[QT]\nstyle=CleanLooks" >> ~/.config/Trolltech.conf`
+
+* Alternative way:
+  * Install qt4-qtconfig: `sudo apt-get install qt4-qtconfig`
+  * Run qtconfig-qt4 as superuser and change the GUI style to CleanLooks or GTK+
+
+* Or use the docker container
+
+# License
+
+This project is licensed under the [GPLv3](https://www.gnu.org/licenses/gpl.txt).

doc/Makefile

@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line.
+SPHINXOPTS    =
+SPHINXBUILD   = python -msphinx
+SPHINXPROJ    = CANalyzat0r
+SOURCEDIR     = source
+BUILDDIR      = build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

doc/build/html/.buildinfo

@@ -0,0 +1,4 @@
+# Sphinx build info version 1
+# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
+config: d98642f88a3972666c5dae46eace0f76
+tags: 645f666f9bcd5a90fca523b33c5a78b7

doc/build/html/_sources/contributing.rst.txt

@@ -0,0 +1,38 @@
+Contributing
+============
+
+Here's some useful info if you want to contribute.
+
+Guidelines
+----------
+
+- Each tab has its own Class. If possible, inherit from :class:`~src.AbstractTab.AbstractTab`.
+
+ - To provide comatibility:
+
+  - The displayed data should also be in a raw data list called ``rawData`` which is *always* up to date
+  - ``prepareUI`` initializes all GUI elements
+  - ``active`` manages the status of a tab
+  - Tab specific CANData instances are called ``CANData``
+
+- Please log useful information using an own logger instance
+- Use existing Toolbox methods if possible
+- Use batch database operations using raw lists (not objects) for better performance
+- Use docstrings
+- Keep the ``.ui`` files clean: Always name new GUI elements properly according to existing ones
+- Put new strings in the Strings file and reference it
+
+I want to add a new tab, what do I have to do?
+----------------------------------------------
+- Create a new tab on the GUI and stick to the already existing naming conventions
+- Add a QTableView to display your data and other GUI elements
+- Update `mainWindow.py` using `pyside-uic mainWindow.ui > mainWindow.py`.
+- Add a new File and a new class which inherits from :class:`~src.AbstractTab.AbstractTab`
+- Call the parents constructor in your ``__init__``
+- Add the GUI elements from the ``.ui`` file to your code. You can refer to the other tabs
+  to see how it's done. Also, add the click handlers here.
+- Call ``prepareUI`` as last action in ``__init___``
+- If your tab needs an interface or displays interface values: Add your tab
+  class or instance to :func:`~src.Toolbox.Toolbox.updateInterfaceLabels` and/or :func:`~src.Toolbox.Toolbox.updateCANDataInstances`.
+- If your tab uses an instance: Add an instance to `Globals.py` and create one at startup (see `CANalyzat0r.py`).
+- If your tab uses a static class: Call `prepareUI` at startup (see `CANalyzat0r.py`).

doc/build/html/_sources/index.rst.txt

@@ -0,0 +1,26 @@
+.. CANalyzat0r documentation master file, created by
+   sphinx-quickstart on Tue Jun 20 15:53:44 2017.
+   You can adapt this file completely to your liking, but it should at least
+   contain the root `toctree` directive.
+
+Welcome to CANalyzat0r's documentation!
+=======================================
+
+.. toctree::
+   :maxdepth: 4
+   :caption: Contents:
+
+   requirements
+   manual
+   contributing
+   src
+   usedlibs
+
+
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`

doc/build/html/_sources/manual.comparertab.rst.txt

@@ -0,0 +1,7 @@
+Comparer Tab
+==========
+
+What can I compare?
+-------------------
+You can compare two sets of packets. You will get all packets
+they have in common.

doc/build/html/_sources/manual.filtertab.rst.txt

@@ -0,0 +1,23 @@
+Filter Tab
+==========
+
+What can I filter?
+------------------
+Let's suppose you want to find (a) specific packet(s) that get
+generated when you (for example) press a button, accelerate or lock
+the cars doors. The captured CAN traffic contains so much data that
+you can't seem to find the packets easily. Let's use the filter tab:
+
+ - You can collect background noise containing CAN packets that
+   are sent on the bus without any user interaction
+ - After that, a variable amount of samples get captured. You have to
+   perform the desired action **in every sample** - e.g. lock the
+   doors in every sample.
+ - As soon as all data has been captured, the filter tab begins to
+   analyze it. It filters background noise out of each sample and tries
+   to find packets that occur in every sample. These are most likely
+   the packets your are looking for.
+
+How can I try this without a car or CAN device?
+-----------------------------------------------
+Use ICSim!

doc/build/html/_sources/manual.fuzzertab.rst.txt

@@ -0,0 +1,27 @@
+Fuzzer Tab
+==========
+
+What does this thing to?
+------------------------
+Using this tab you can send random packets into the CAN bus to discover
+things. You can tune settings that control random packet generation
+using the GUI elements.
+
+What are masks?
+---------------
+You can write static values into the masks or put an X if that character
+should be randomized. Using this, you can freely control the payload
+of generated packets.
+Hint: You can change masks and lengths **while fuzzing**.
+
+Other fuzzers are much faster!!1!
+---------------------------------
+This is a python based fuzzer which also displays the packets on the GUI.
+This convenience costs performance. If you want the best performance
+you can use ``cangen`` of the ``can-utils`` package and import the
+created packets later.
+
+What are the modes?
+-------------------
+ - User specified: You can freely specify ID and data masks
+ - 11 bit IDs / 29 bit IDs: Only short/extended IDs will be used

doc/build/html/_sources/manual.general.rst.txt

@@ -0,0 +1,31 @@
+General
+=======
+
+Why can I change interface settings in every tab and why is there a global interface?
+-------------------------------------------------------------------------------------
+You can set a global interface in order to set the selected interface
+for every inactive tab. On top of that, you can override this setting
+for every tab individually using the button. This allows you to e.g.
+fuzz on ``can0`` and sniff on ``vcan1`` at the same time.
+
+Well, how can I manage packets in between tabs?
+-----------------------------------------------
+You can:
+ - Select rows and copy them to another tab (if allowed)
+ - Delete rows by selecting rows and pressing ``Del`` on your keyboard
+
+Ok Ok, but how can I import my SocketCAN dumps?
+-----------------------------------------------
+Just copy and paste them into the GUI tables <:
+
+What are known packets?
+-----------------------
+Once you discovered that packet XY does Action ZZ on your car or
+setup, you can add this knowledge to the database using the manager tab.
+This adds the discovered information globally for a specific project.
+Using this, the "Description" column in the GUI tables in filled with
+data, so you can recognize a re-occuring packet.
+
+I've discovered a bug, pls fix!
+-------------------------------
+Pleae report bugs using GitHub issues, Thanks.

doc/build/html/_sources/manual.maintab.rst.txt

@@ -0,0 +1,39 @@
+Main Tab
+==========
+
+Welcome to CANalyzat0rs main tab!
+Here you can change interface settings and creat/remove virtual CAN
+interfaces. Don't worry, the kernel modules should aready be loaded for you.
+
+Where's my interface?!?!1!
+--------------------------
+If you can't find your attached CAN interface in the ComboBox, please
+check the output of ``ifconfig -a``. In order to use your interface
+with CANAlyzat0r, a SocketCAN device must be present. Maybe you have to
+load another kernel module/driver?
+
+Creating and selecting projects
+-------------------------------
+
+On a fresh startup, you should encounter a message saying that a new
+project should be created. You can still use this application without a
+selected project. However, one can't save dumps or known packets.
+To create a project, please refer to the manager tab. After you
+have created a project there, you can set it as active project in the
+main tab.
+
+Log levels
+----------
+You can set the minimum log level for which messages will be printed
+to the log box in this tab.
+
+Where's my data being saved to?!!?
+----------------------------------
+By default, CANalyzat0r creates a SQLite database called "database.db"
+in the data folder. Please take care of this file as everything you
+discover is saved here.
+
+But what if i want to export my data?
+-------------------------------------
+Please check the manager tab and learn on how to export projects and
+dumps.

doc/build/html/_sources/manual.managertab.rst.txt

@@ -0,0 +1,22 @@
+Manager Tab
+============
+
+What can I do using the dumps tab?
+----------------------------------
+You can save a set of packets that you want to keep (e.g. for further
+analysis) and save it to the database. This allows you to load the
+dump again at a later point.
+Hint: You can edit the values in the GUI table and update the values
+in the database using the update button.
+
+I know packet XY has effect ZZ, do I create a dump or a known packet?
+---------------------------------------------------------------------
+Just create a dump with one packet entry and the application will
+handle the rest for you.
+
+Importing/Exporting projects
+----------------------------
+If you want to import/export projects, use the manager tab. It exports
+all saved data of a project to a editable textfile in JSON format.
+Go ahead and edit values if you want, but be careful and don't mess
+with the data integrity <:

doc/build/html/_sources/manual.rst.txt

@@ -0,0 +1,29 @@
+CANAlyzat0r manual
+==================
+
+Introduction
+------------
+
+You can use **CANAlyzat0r** to quickly analyze the CAN bus in many ways.
+It's great.
+
+.. image:: ./_img/icon.png
+
+This documentation will guide you through the usage of the application.
+Also, you can find the code documentation in this document if you want
+to extend and/or contribute to this project.
+
+Usage: Tab by tab
+------------------
+
+.. toctree::
+
+    manual.maintab
+    manual.general
+    manual.sniffertab
+    manual.sendertab
+    manual.fuzzertab
+    manual.comparertab
+    manual.searchertab
+    manual.managertab
+    manual.filtertab

doc/build/html/_sources/manual.searchertab.rst.txt

@@ -0,0 +1,38 @@
+Searcher Tab
+============
+
+What can I search for?
+----------------------
+Using this tab you can perform a binary packet search for a
+specific packet or a whole packet set that cause an effect.
+Let's suppose you've fuzzed and got a large packet dump that, when
+replayed, causes an effect on your CAN device / car. You now want to
+extract the relevant packet(s) out of that dump. Searcher tab to the
+rescue -- Load the whole packet dump and let the analyzer routine
+guide you.
+Note: This first tries to search for **1** packet that causes an action.
+It this fails, the searcher tries to continously minimize the packet set.
+
+It doesn't work!!1!
+-------------------
+Don't give up too fast, try the following things:
+- Set the packet gap to a lower value, you can even try 0
+- Just try again and hope for better shuffling
+- Use another dump/fuzz again, ...
+- Wait a few seconds after each chunk
+
+It still doesn't work :(
+------------------------
+CAN devices can be extremely tricky, for example spedometers. Depending
+on your dump, you may have to try it multiple times with the same dump
+because of packet timings and/or bad luck. If you replay your whole
+dump and see the desired action, you will be able to find it using
+the searchter tab.
+
+
+I want to do it manually, how can this tool help me?
+----------------------------------------------------
+Create a new sender, add the dump to it and send them in a loop.
+Minimize the packet set from the bottom using your "CTRL+C" and "DEL" and try
+again. If it didn't perform the desired action, paste the packets again
+and delete other packets.