CN116668175A - New energy automobile operating system - Google Patents
New energy automobile operating system Download PDFInfo
- Publication number
- CN116668175A CN116668175A CN202310795829.4A CN202310795829A CN116668175A CN 116668175 A CN116668175 A CN 116668175A CN 202310795829 A CN202310795829 A CN 202310795829A CN 116668175 A CN116668175 A CN 116668175A
- Authority
- CN
- China
- Prior art keywords
- diagnosis
- message
- attack
- bus
- signal receiving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003745 diagnosis Methods 0.000 claims abstract description 111
- 238000012360 testing method Methods 0.000 claims abstract description 61
- 238000004458 analytical method Methods 0.000 claims abstract description 22
- 238000004519 manufacturing process Methods 0.000 claims abstract description 4
- 230000004044 response Effects 0.000 claims description 31
- 238000000034 method Methods 0.000 claims description 17
- 230000002159 abnormal effect Effects 0.000 claims description 10
- 230000009191 jumping Effects 0.000 claims description 3
- 230000007246 mechanism Effects 0.000 claims description 3
- 238000012938 design process Methods 0.000 abstract description 3
- 239000003990 capacitor Substances 0.000 description 93
- 230000005540 biological transmission Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 10
- 230000001052 transient effect Effects 0.000 description 8
- 238000013461 design Methods 0.000 description 7
- 239000013078 crystal Substances 0.000 description 5
- 230000009467 reduction Effects 0.000 description 3
- 101100102627 Oscarella pearsei VIN1 gene Proteins 0.000 description 2
- 101500000959 Bacillus anthracis Protective antigen PA-20 Proteins 0.000 description 1
- 101000734572 Homo sapiens Phosphoenolpyruvate carboxykinase, cytosolic [GTP] Proteins 0.000 description 1
- 102100034796 Phosphoenolpyruvate carboxykinase, cytosolic [GTP] Human genes 0.000 description 1
- 101000701286 Pseudomonas aeruginosa (strain ATCC 15692 / DSM 22644 / CIP 104116 / JCM 14847 / LMG 12228 / 1C / PRS 101 / PAO1) Alkanesulfonate monooxygenase Proteins 0.000 description 1
- 101100420795 Schizosaccharomyces pombe (strain 972 / ATCC 24843) sck1 gene Proteins 0.000 description 1
- 101000983349 Solanum commersonii Osmotin-like protein OSML13 Proteins 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000004064 dysfunction Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000000087 stabilizing effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/40169—Flexible bus arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40208—Bus networks characterized by the use of a particular bus standard
- H04L2012/40215—Controller Area Network CAN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L2012/40267—Bus for use in transportation systems
- H04L2012/40273—Bus for use in transportation systems the transportation system being a vehicle
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Testing Of Engines (AREA)
Abstract
The invention provides a new energy automobile working system, which comprises a vehicle to be tested and test equipment connected with the vehicle to be tested, wherein the test equipment comprises a CAN bus signal receiving and transmitting unit, a CAN bus UDS diagnosis analysis unit and a CAN bus UDS diagnosis attack unit; the CAN bus signal receiving and transmitting unit is used for transmitting the generated UDS diagnosis attack message; the CAN bus UDS diagnosis analysis unit is used for analyzing and obtaining holes existing in a vehicle UDS diagnosis system and positioning the position of attack; the CAN bus UDS diagnosis attack unit is used for manufacturing a UDS diagnosis attack message according to the obtained diagnosis attack content. According to the invention, through analysis of the UDS diagnosis service used by the whole vehicle, the flaws which are not concerned in the design process are positioned, and diagnosis attack is carried out from different angles.
Description
Technical Field
The invention relates to the technical field of vehicle-mounted network attack testing, in particular to a new energy automobile working system.
Background
With the development of the internet of vehicles technology, the safety of the vehicle-mounted network is paid more attention to, the safety of the vehicle-mounted network system is related to the life and property safety of users, and if the vehicle-mounted network system is attacked maliciously, the whole system network cannot work normally, so that enterprise clients suffer significant losses. In order to improve the safety and stability of the CAN network, problems are found by network attack means in various aspects, and measures are taken in time to avoid risks.
The UDS (Unified Diagnostic Services, unified diagnostic service) diagnostic protocol is a generic automotive diagnostic protocol defined by ISO 15765 and ISO 14229, at the application layer in the OSI model, which CAN be implemented on different automotive buses (e.g. CAN, LIN, flexray, internet and K-line). The application layer definition of the UDS protocol is ISO 14229-1, and most automobile manufacturers currently adopt the diagnosis protocol of UDS on CAN.
Disclosure of Invention
The invention aims at least solving the technical problems existing in the prior art, and particularly creatively provides a new energy automobile working system.
In order to achieve the above purpose of the invention, the invention provides a new energy automobile working system, which comprises a vehicle to be tested, and also comprises test equipment connected with the vehicle to be tested, wherein the test equipment comprises a CAN bus signal receiving and transmitting unit, a CAN bus UDS diagnosis and analysis unit and a CAN bus UDS diagnosis and attack unit;
the CAN bus signal receiving and transmitting unit is used for transmitting the generated UDS diagnosis attack message;
the CAN bus UDS diagnosis analysis unit is used for analyzing and obtaining holes existing in a vehicle UDS diagnosis system and positioning the position of attack;
the CAN bus UDS diagnosis attack unit is used for manufacturing a UDS diagnosis attack message according to the obtained diagnosis attack content.
The invention also discloses a working method of the new energy automobile, which comprises the following steps:
step A: the method comprises the steps of accessing test equipment, using a CAN signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, using the CAN bus signal receiving and transmitting unit to traverse and transmit IDs within the possible range of diagnostic IDs, using a data segment of 10 services and a diagnosis request message with abnormal sub-functions, observing the whole vehicle message, and jumping to the step B;
and (B) step (B): the CAN bus UDS diagnosis analysis unit verifies whether the contents of the second byte and the third byte of the received data segment meet the diagnosis response rule, if so, the message ID of the current request is recorded as the diagnosis ID, otherwise, the message ID of the current request is not the diagnosis ID.
In a preferred embodiment of the invention, the method further comprises the steps of:
step C: b, accessing test equipment according to the diagnosis ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to transmit one or any combination service attack request message of 11, 19 and 14 in the diagnosis basic service;
step D: the CAN bus UDS diagnosis analysis unit verifies whether the received response message accords with the expected attack result, and if so, the attack is successful.
In a preferred embodiment of the invention, the method further comprises the steps of:
step E: b, accessing test equipment according to the diagnostic ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to send diagnostic 22 service to collect DID;
step F: the CAN bus UDS diagnosis analysis unit verifies whether the received response message is a positive response, if yes, the DID is valid, and if not, the DID is invalid.
In a preferred embodiment of the invention, the method further comprises the steps of:
step G: b, accessing test equipment according to the diagnosis ID in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to send diagnosis 2E service to tamper the content in the DID;
step H: the CAN bus UDS diagnosis analysis unit verifies whether the received response message is a positive response, if yes, the writing of tampered content is effective, the attack is successful, and if not, the attack is unsuccessful.
In a preferred embodiment of the invention, the method further comprises the steps of:
step J: b, accessing test equipment according to the diagnosis ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to transmit a normal diagnosis request message, wherein the request message is transmitted in a circulating way according to a short period;
step K: observing whether the ECU response is abnormal or not, and if so, successfully attacking;
step L: b, accessing test equipment according to the diagnosis ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, using the CAN bus signal receiving and transmitting unit to transmit a message that the ID is normal, one or any combination data segment of service or subfunction does not accord with a UDS diagnosis mechanism, wherein the request message is transmitted circularly according to a period;
step M: observing whether the ECU response is abnormal or not, and if so, successfully attacking;
in a preferred embodiment of the present invention, the following operations are performed in conjunction with the testing methods of step J and step K:
and observing the response message of the ECU, judging whether the obtained response state accords with the expected state, if so, not making any further judgment, otherwise, judging that the tested diagnosis state is changed due to the aggressiveness test.
In summary, by adopting the technical scheme, diagnosis attack is performed from different angles by analyzing the UDS diagnosis service used by the whole vehicle and locating the flaws which are not concerned in the design process.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the invention will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
fig. 1 is a schematic block diagram of a flow of the present invention.
Fig. 2 is a schematic block diagram of the connection of the present invention.
Fig. 3 is a schematic circuit connection diagram of a USB data transmission module according to the present invention.
Fig. 4 is a schematic circuit connection diagram of the CAN data transmission module of the present invention.
Fig. 5 is a schematic diagram of circuit connection of the RS232 data transmission module according to the present invention.
Fig. 6 is a schematic circuit connection diagram of a data switching module according to the present invention.
FIG. 7 is a schematic diagram of a key set module circuit connection according to the present invention.
Fig. 8 is a schematic diagram of circuit connection of the indicator light assembly module according to the present invention.
FIG. 9 is a schematic diagram of the circuit connection of the test module of the present invention.
Fig. 10 is a schematic diagram of the circuit connections of the microcontroller of the present invention.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the invention.
The invention provides a new energy automobile working system, in the whole automobile, external diagnostic equipment can access the state of the automobile through specific diagnostic service, inquire the basic information of the automobile, locate the fault condition of the automobile, and the main purpose of diagnosis is to facilitate the user to know the condition of the automobile in time. However, in the actual design process, the UDS diagnostic access logic design still has a part of problems, and the attention of security protection is low, so that an attacker can implement a corresponding attack strategy to attack the vehicle. The design focuses on attacking possible loopholes in the diagnosis access process, so that problems can be expected to be found in advance, and then the vehicle can be rectified in time, so that the stability and safety of the vehicle are guaranteed. The test device comprises a vehicle to be tested, and test equipment connected with the vehicle to be tested, wherein the test equipment comprises a CAN bus signal receiving and transmitting unit, a CAN bus UDS diagnosis and analysis unit and a CAN bus UDS diagnosis attack unit;
the CAN bus signal receiving and transmitting unit is used for transmitting the generated UDS diagnosis attack message;
the CAN bus UDS diagnosis analysis unit is used for analyzing and obtaining holes existing in a vehicle UDS diagnosis system and positioning the position of attack;
the CAN bus UDS diagnosis attack unit is used for manufacturing a UDS diagnosis attack message according to the obtained diagnosis attack content. The UDS diagnostic protocol request access rules used in the whole vehicle are approximately the same, and the service types used are also approximately the same.
The invention also discloses a new energy automobile working method, before diagnosis attack, the diagnosis ID is collected, so that the correct diagnosis attack can be conveniently carried out through the diagnosis ID in the later stage, as shown in figure 1, the diagnosis ID collecting method comprises the following steps:
step A: the method comprises the steps of accessing test equipment, using a CAN signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, using the CAN bus signal receiving and transmitting unit to traverse and transmit IDs within the possible range of diagnostic IDs, using a data segment of 10 services and a diagnosis request message with abnormal sub-functions, observing the whole vehicle message, and jumping to the step B;
and (B) step (B): the CAN bus UDS diagnosis analysis unit verifies whether the contents of the second byte and the third byte of the received data segment meet the diagnosis response rule, if so, the message ID of the current request is recorded as the diagnosis ID, otherwise, the message ID of the current request is not the diagnosis ID.
In a preferred embodiment of the present invention, the diagnostic basic service is a basic design performed by the controller executing the diagnostic instruction, and the diagnostic basic service safety protection design of the general design is lower, and the attack success rate is higher. The diagnostic basic service attack comprises the following steps:
step C: b, accessing test equipment according to the diagnosis ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to transmit one or any combination service attack request message of 11, 19 and 14 in the diagnosis basic service;
step D: the CAN bus UDS diagnosis analysis unit verifies whether the received response message accords with the expected attack result, and if so, the attack is successful.
In a preferred embodiment of the present invention, the DID is an identification code for storing vehicle information, and an attacker can read or tamper with the content stored in the DID through a read-write service, which is very important for vehicle security. The diagnostic DID collection includes the steps of:
step E: b, accessing test equipment according to the diagnostic ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to send diagnostic 22 service to collect DID;
step F: the CAN bus UDS diagnosis analysis unit verifies whether the received response message is a positive response, if yes, the DID is valid, and if not, the DID is invalid.
In a preferred embodiment of the present invention, the DID is an identification code for storing vehicle information, an attacker can misguide a user by writing an erroneous DID, and in a design phase, if a security protection design of the service is low, an attack success rate is high, and the diagnostic DID collection includes the steps of:
step G: b, accessing test equipment according to the diagnosis ID in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to send diagnosis 2E service to tamper the content in the DID;
step H: the CAN bus UDS diagnosis analysis unit verifies whether the received response message is a positive response, if yes, the writing of tampered content is effective, the attack is successful, and if not, the attack is unsuccessful.
In a preferred embodiment of the present invention, since the diagnostic service is service access in the form of a request response, the abnormal request attack test attacks from both service dysfunction and request frequency abnormality, the diagnostic DID collection includes the steps of:
step J: b, accessing test equipment according to the diagnosis ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to transmit a normal diagnosis request message, wherein the request message is transmitted in a circulating way according to a short period;
step K: observing whether the ECU response is abnormal or not, and if so, successfully attacking;
step L: b, accessing test equipment according to the diagnosis ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, using the CAN bus signal receiving and transmitting unit to transmit a message that the ID is normal, one or any combination data segment of service or subfunction does not accord with a UDS diagnosis mechanism, wherein the request message is transmitted circularly according to a period;
step M: observing whether the ECU response is abnormal or not, and if so, successfully attacking;
in a preferred embodiment of the present invention, the following operations are performed in conjunction with the testing methods of step J and step K:
and observing the response message of the ECU, judging whether the obtained response state accords with the expected state, if so, not making any further judgment, otherwise, judging that the tested diagnosis state is changed due to the aggressiveness test.
The invention also discloses a new energy automobile working test device, which comprises a diagnosis box body, wherein a PCB diagnosis circuit board fixed mounting seat for fixedly mounting a PCB diagnosis circuit board is arranged in the diagnosis box body, the PCB diagnosis circuit board is fixedly mounted on the PCB diagnosis circuit board fixed mounting seat, and as shown in figures 2-10, a microcontroller U1 (the microcontroller U1 comprises a CAN bus UDS diagnosis analysis unit and a CAN bus UDS diagnosis attack unit), a USB data transmission module, a CAN data transmission module (CAN bus signal receiving and transmitting unit), an RS232 data transmission module, a key set module and an indicator lamp set module are arranged on the PCB diagnosis circuit board;
the front of the diagnosis box body is provided with a touch display screen fixed mounting seat for fixedly mounting a touch display screen, a key set mounting seat for fixedly mounting a key set, and an indicator lamp set mounting seat for fixedly mounting an indicator lamp set, wherein the touch display screen is fixedly mounted on the touch display screen fixed mounting seat, the key set is fixedly mounted on the key set mounting seat, and the indicator lamp set is fixedly mounted on the indicator lamp set mounting seat; the diagnosis box comprises a diagnosis box body, wherein a USB interface mounting seat for fixedly mounting a USB interface JP4 is arranged on the left side surface of the diagnosis box body, the USB interface JP4 is fixedly mounted on the USB interface mounting seat, CAN interface mounting seats for fixedly mounting a CAN interface JP1 and a CAN interface JP2 are arranged on the right side surface of the diagnosis box body, the CAN interface JP1 and the CAN interface JP2 are fixedly mounted on the CAN interface mounting seat, an RS232 interface mounting seat for fixedly mounting an RS232 interface JP6 is arranged on the front side surface of the diagnosis box body, an RS232 interface JP6 is fixedly mounted on the RS232 interface mounting seat, a test interface mounting seat for fixedly mounting a test interface JP1 is arranged on the rear side surface of the diagnosis box body, and the test interface JP1 is fixedly mounted on the test interface mounting seat;
the USB data transmission end of the microcontroller U1 is connected with the data transmission end of the USB data transmission module, the CAN data transmission end of the microcontroller U1 is connected with the data transmission end of the CAN data transmission module, the RS232 data transmission end of the microcontroller U1 is connected with the data transmission end of the RS232 data transmission module, the key group end of the microcontroller U1 is connected with the key end of the key group module, and the indication lamp group end of the microcontroller U1 is connected with the indication end of the indication lamp group module; the touch display end of the microcontroller U1 is connected with the touch display end of the touch display screen.
In a preferred embodiment of the present invention, the USB data transmission module includes: the power output end of the USB interface JP4 is respectively connected with the first end of the FUSE1 and the first end of the capacitor C23, the power output end of the USB interface JP4 outputs a power USB_VCC, the second end of the FUSE FUSE1 is respectively connected with the first end of the capacitor C27 and the power input end IN of the voltage reduction chip U2, the second end of the FUSE FUSE1 outputs a power +5V, the second end of the capacitor C27 is connected with the power ground, the power ground end GND of the voltage reduction chip U2 is connected with the power ground, the power output end of the voltage reduction chip U2 is respectively connected with the first end of the capacitor C26, the first end of the capacitor C28 and the first end of the FUSE FUSE2, the second end of the FUSE FUSE2 outputs a power 3V3, and the first end of the capacitor C26 and the first end of the capacitor C28 are respectively connected with the power ground;
the power output grounding end of the USB interface JP4 and the second end of the capacitor C23 are respectively connected with the power ground, the data USB negative end of the USB interface JP4 is connected with the first end of the resistor R6, the second end of the resistor R6 is respectively connected with the first end of the capacitor C24 and the USB data negative end DDM of the microcontroller U1, the data USB positive end of the USB interface JP4 is respectively connected with the first end of the resistor R5 and the first end of the resistor R7, the second end of the resistor R7 is respectively connected with the first end of the capacitor C25 and the USB data positive end DDP of the microcontroller U1, the second end of the capacitor C24 and the second end of the capacitor C25 are respectively connected with the power ground, the second end of the resistor R5 is connected with the collector of the triode Q1, the emitter of the triode Q1 is respectively connected with the power 3V3 and the first end of the resistor R16, and the second end of the resistor R17 is respectively connected with the USB control enabling end PA 8/RTSP 0/NPCS 3 of the microcontroller U1. The resistance of the resistor R16 is 47K, the resistance of the resistor R17 is 1.2K, the model of the triode Q1 is 8550S, the resistance of the resistor R5 is 1.5K, the resistances of the resistor R6 and the resistor R7 are 25 omega, the capacitance of the capacitor C24 and the capacitor C25 is 15pF, the capacitance of the capacitor C23 is 100nF, the capacitance of the capacitor C27 and the capacitor C28 is 47uF, the capacitance of the capacitor C26 is 0.1F, and the model of the buck chip U2 is REG1117-3.3.
In a preferred embodiment of the invention, the CAN data transmission module comprises: the data receiving end RXD of the CAN transceiver U7 is respectively connected with the first end of the resistor R3 and the CAN data transmitting end PA19/CANRX of the microcontroller U1, and the data transmitting end TXD of the CAN transceiver U7 is connected with the CAN data receiving end PA20/CANTX of the microcontroller U1;
the power end VCC of the CAN transceiver U7 is respectively connected with a power supply +5V, the first end of a capacitor C21 and the first end of a capacitor C22, the second end of the capacitor C21 and the second end of the capacitor C22 are respectively connected with power supply ground, the grounding end GND of the CAN transceiver U7 is connected with the power supply ground, and the mode end RS of the CAN transceiver U7 is connected with the additional CAN mode end PA18/SPI0_SPCK of the microcontroller U1;
the CAN data high end CANH of the CAN transceiver U7 is respectively connected with the data high end of the CAN interface JP1 and the data high end of the CAN interface JP2, the CAN data low end CANL of the CAN transceiver U7 is respectively connected with the data low end of the CAN interface JP2 and the first end of the adjustable terminal resistor R4, and the second end of the adjustable terminal resistor R4 is connected with the data low end of the CAN interface JP 1. The resistance value of the resistor R3 is 1.5K, the model of the CAN transceiver U7 is TJA1050, the capacitor C21 is 104, the capacitance value of the capacitor C22 is 10uF, and the resistance value of the adjustable termination resistor R4 is 120Ω.
In a preferred embodiment of the present invention, the RS232 data transmission module includes: the charge pump end V+ of the RS232 chip U3 is connected with the first end of the capacitor C30, the second end of the capacitor C30 is connected with the power ground, the positive end C1+ of the voltage doubling capacitor of the RS232 chip U3 is connected with the first end of the capacitor C32, the voltage doubling capacitor Rong Fuduan C1-of the RS232 chip U3 is connected with the second end of the capacitor C32, the transmitter input end T1in of the RS232 chip U3 is connected with the data end PA1/TXD0 of the microcontroller U1, the receiver output end R1out of the RS232 chip U3 is connected with the data end PA0/RXD0 of the microcontroller U1, the transmitter input end T2in of the RS232 chip U3 is connected with the data end PA28/DTXD 3 of the microcontroller U1, the receiver output end R2 of the RS232 chip U3 is connected with the data end PA27/DRXD/PCK3 of the microcontroller U1, the charge pump end V-of the RS232 chip U3 is connected with the first end of the capacitor C33, and the second end of the capacitor C33 is connected with the power ground;
the power end VCC of the RS232 chip U3 is connected with a power supply 3V3 and a first end of a capacitor C29 respectively, a second end of the capacitor C29 is connected with power supply ground, a voltage doubling capacitor Rong Fuduan C2-of the RS232 chip U3 is connected with a first end of the capacitor C31, a voltage doubling capacitor positive end C2+ of the RS232 chip U3 is connected with a second end of the capacitor C31, a transmitter output end T1out of the RS232 chip U3 is connected with a data receiving end of an RS232 interface JP6, a receiver input end R1out of the RS232 chip U3 is connected with a data transmitting end of the RS232 interface JP6, a grounding end of the RS232 interface JP6 is connected with power supply ground, a transmitter output end T2out of the RS232 chip U3 is connected with a data receiving end of an RS232 interface JP7, and a grounding end of the RS232 interface JP7 is connected with power supply ground; the ground GND of the RS232 chip U3 is connected to the power ground. The capacitance values of the capacitor C29, the capacitor C30, the capacitor C31, the capacitor C32 and the capacitor C33 are 120nf, and the model number of the rs232 chip U3 is MAX3232.
In a preferred embodiment of the present invention, further comprising a data switching module, the data switching module comprising: the data output end of the data switching chip U6 is connected with the data receiving end PA5/RXD1 of the microcontroller U1, the data input end of the data switching chip U6 is connected with the data transmitting end PA6/TXD1 of the microcontroller U1, and the grounding end GND of the data switching chip U6 is connected with the power supply ground;
the power end of the data switching chip U6 is connected with a power supply +5V and the first end of the capacitor C34 respectively, and the second end of the capacitor C34 is connected with the power supply ground; the receiver data positive end of the data switching chip U6 is respectively connected with the first end of a resistor R9, the input end VIN2 of a transient suppressor U4 and the data first positive end of an interface JP5, the second end of the resistor R9 is connected with the power ground, the receiver data negative end of the data switching chip U6 is respectively connected with the first end of a resistor R8, the input end VIN1 of the transient suppressor U4 and the data first negative end of the interface JP5, the second end of the resistor R8 is connected with the power ground, and the ground end of the transient suppressor U4 is connected with the power ground;
the transmitter data negative terminal of the data switching chip U6 is respectively connected with the input end VIN1 of the transient suppressor U5 and the data second negative terminal of the interface JP5, the transmitter data positive terminal of the data switching chip U6 is respectively connected with the input end VIN2 of the transient suppressor U5 and the data second positive terminal of the interface JP5, and the grounding terminal of the transient suppressor U5 is connected with the power supply ground. The data switching chip U6 has a model number MAX488, the capacitor C34 has a capacitance value of 100nF, the resistors R8 and R9 have a resistance value of 3.3K, and the transient suppressor U4 and the transient suppressor U5 have a model number SM712.
In a preferred embodiment of the present invention, the key set module includes: the first end of the key S4 is connected with the first end of the power supply 3V3, the second end of the key S4 is connected with the ERASE end ERASE of the microcontroller U1, the first end of the key S2 is connected with the power supply ground, the second end of the key S2 is connected with the key end PA11/TWCK of the microcontroller U1, the first end of the key S3 is connected with the power supply ground, the second end of the key S3 is connected with the key end PA10/TWD of the microcontroller U1, the first end of the key S5 is connected with the power supply ground, and the second end of the key S5 is connected with the reset end NRST of the microcontroller U1. Wherein the model of the data switching chip U6 is MAX488, the capacitance value of the capacitor C34 is 100nF, the resistance values of the resistor R8 and the resistor R9 are 3.3K,
in a preferred embodiment of the present invention, the indicator light bank module includes: the cathode of the power indicator light LED3 is connected with power ground, the anode of the power indicator light LED3 is connected with the first end of the resistor R10, and the second end of the resistor R10 is connected with the power supply 3V 3; the negative electrode of the indicator light LED11 is connected with the power ground, the positive electrode of the indicator light LED11 is connected with the first end of the resistor R13, and the second end of the resistor R13 is connected with the indicator end PA13/SPI0_NPCS1/PCK1 of the microcontroller U1; the negative electrode of the indicator light LED22 is connected with the power ground, the positive electrode of the indicator light LED22 is connected with the first end of the resistor R14, and the second end of the resistor R14 is connected with the indicator end PA12/SPI0_NPCS0 of the microcontroller U1; the negative pole of pilot lamp LED44 links to each other with power ground, and the positive pole of pilot lamp LED44 links to each other with the first end of resistance R11, and the second end of resistance R11 links to each other with microcontroller U1's pilot terminal PA7/SCK1/SPI0_NPCS 1. The resistances of the resistors R10, R11, R13, and R14 are 2.2K.
In a preferred embodiment of the present invention, further comprising a test module, the test module comprising: the test data input end TDI of the microcontroller U1 is respectively connected with the first end of a resistor R55 and the test data output end of a test interface JP1, and the second end of the resistor R55 is connected with a power supply 3V 3; the test mode selection end TMS of the microcontroller U1 is respectively connected with the first end of the resistor R53 and the test mode selection end of the test interface JP1, and the second end of the resistor R53 is connected with the power supply 3V 3; the test clock end TCK of the microcontroller U1 is respectively connected with the first end of the resistor R51 and the test clock end of the test interface JP1, and the second end of the resistor R51 is connected with the power supply 3V 3; the test data output end of the microcontroller U1 is connected with the test data input end of the test interface JP 1; the wiper end NRST of the microcontroller U1 is respectively connected with the first end of the resistor R15 and the wiper end of the test interface JP1, and the second end of the resistor R15 is connected with the power supply 3V 3; the power supply 3V3 is connected to the first end of the resistor R57, the second end of the resistor R51 is connected to the first test end of the test interface JP1, the power supply 3V3 is connected to the second test end of the test interface JP1, and the ground end of the test interface JP1 is connected to the power supply ground. The resistance of the resistor R15 is 10K, and the resistances of the resistors R51, R53, R55, and R57 are 4.7K.
In a preferred embodiment of the present invention, the voltage stabilizing output terminal VDDOUT of the microcontroller U1 is connected to the power supply terminal VDDCORE of the microcontroller U1, the first terminal of the capacitor C3, the first terminal of the capacitor C4, the first terminal of the capacitor C5, the first terminal of the capacitor C6 and the first terminal of the capacitor C18, and the second terminal of the capacitor C3, the second terminal of the capacitor C4, the second terminal of the capacitor C5, the second terminal of the capacitor C6 and the second terminal of the capacitor C18 are connected to the power supply ground, respectively; the power supply end VDDIO of the microcontroller U1 is respectively connected with the first end of a capacitor C7, the first end of a capacitor C8, the first end of a capacitor C9, the first end of a capacitor C10, the first end of a capacitor C11 and a power supply 3V3, and the second end of the capacitor C7, the second end of the capacitor C8, the second end of the capacitor C9, the second end of the capacitor C10 and the second end of the capacitor C11 are respectively connected with power supply ground; the grounding end of the microcontroller U1 is connected with the power supply ground; the crystal oscillator end XIN of the microcontroller U1 is respectively connected with the first end of the capacitor C12 and the first end of the crystal oscillator Y1, the crystal oscillator end XOUT of the microcontroller U1 is respectively connected with the first end of the capacitor C13 and the second end of the crystal oscillator Y1, and the second end of the capacitor C12 and the second end of the capacitor C13 are respectively connected with power supply ground; the power supply end VDDCLL of the microcontroller U1 is respectively connected with the first end of the capacitor C14 and the voltage-stabilizing output end VDDOUT of the microcontroller U1, and the second end of the capacitor C14 is connected with power supply ground; the filter end of the microcontroller U1 is respectively connected with the first end of the capacitor C15 and the first end of the resistor R2, the second end of the resistor R2 is connected with the first end of the capacitor C16, and the second end of the capacitor C15 and the second end of the capacitor C16 are respectively connected with power ground; the power supply end VDDIN of the microcontroller U1 is respectively connected with a power supply 3V3, a first end of a capacitor C1 and a first end of a capacitor C17, and a second end of the capacitor C1 and a second end of the capacitor C17 are respectively connected with power supply ground; the power supply end VDDBSH of the microcontroller U1 is respectively connected with the power supply 3V3 and the first end of the capacitor C2, and the second end of the capacitor C2 is respectively connected with the power supply ground; the analog-digital voltage reference end of the microcontroller U1 is respectively connected with the first end of the capacitor C19 and the first end of the inductor L1, the second end of the inductor L1 is respectively connected with the first end of the capacitor C20 and the power supply 3V3, and the second end of the capacitor C19 and the second end of the capacitor C20 are respectively connected with the power supply ground. The capacitance value of the capacitor C18 is 10uF, the capacitance values of the capacitors C3-C11 are 100nF, the capacitance values of the capacitors C12 and C13 are 10pF, the frequency of the crystal oscillator Y1 is 18.4MHz, the capacitance value of the capacitor C15 is 1nF, the capacitance values of the capacitors C1, C2, C14, C17, C19 and C20 are 100nF, the capacitance value of the capacitor C16 is 10nF, and the model of the microcontroller U1 is ATM89C52.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: many changes, modifications, substitutions and variations may be made to the embodiments without departing from the spirit and principles of the invention, the scope of which is defined by the claims and their equivalents.
Claims (7)
1. The new energy automobile working system comprises a vehicle to be tested and is characterized by further comprising test equipment connected with the vehicle to be tested, wherein the test equipment comprises a CAN bus signal receiving and transmitting unit, a CAN bus UDS diagnosis analysis unit and a CAN bus UDS diagnosis attack unit;
the CAN bus signal receiving and transmitting unit is used for transmitting the generated UDS diagnosis attack message;
the CAN bus UDS diagnosis analysis unit is used for analyzing and obtaining holes existing in a vehicle UDS diagnosis system and positioning the position of attack;
the CAN bus UDS diagnosis attack unit is used for manufacturing a UDS diagnosis attack message according to the obtained diagnosis attack content.
2. The working method of the new energy automobile is characterized by comprising the following steps of:
step A: the method comprises the steps of accessing test equipment, using a CAN signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, using the CAN bus signal receiving and transmitting unit to traverse and transmit IDs within the possible range of diagnostic IDs, using a data segment of 10 services and a diagnosis request message with abnormal sub-functions, observing the whole vehicle message, and jumping to the step B;
and (B) step (B): the CAN bus UDS diagnosis analysis unit verifies whether the contents of the second byte and the third byte of the received data segment meet the diagnosis response rule, if so, the message ID of the current request is recorded as the diagnosis ID, otherwise, the message ID of the current request is not the diagnosis ID.
3. The method for operating a new energy automobile according to claim 2, further comprising the steps of:
step C: b, accessing test equipment according to the diagnosis ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to transmit one or any combination service attack request message of 11, 19 and 14 in the diagnosis basic service;
step D: the CAN bus UDS diagnosis analysis unit verifies whether the received response message accords with the expected attack result, and if so, the attack is successful.
4. The method for operating a new energy automobile according to claim 2, further comprising the steps of:
step E: b, accessing test equipment according to the diagnostic ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to send diagnostic 22 service to collect DID;
step F: the CAN bus UDS diagnosis analysis unit verifies whether the received response message is a positive response, if yes, the DID is valid, and if not, the DID is invalid.
5. The method for operating a new energy automobile according to claim 2, further comprising the steps of:
step G: b, accessing test equipment according to the diagnosis ID in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to send diagnosis 2E service to tamper the content in the DID;
step H: the CAN bus UDS diagnosis analysis unit verifies whether the received response message is a positive response, if yes, the writing of tampered content is effective, the attack is successful, and if not, the attack is unsuccessful.
6. The method for operating a new energy automobile according to claim 2, further comprising the steps of:
step J: b, accessing test equipment according to the diagnosis ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, and using the CAN bus signal receiving and transmitting unit to transmit a normal diagnosis request message, wherein the request message is transmitted in a circulating way according to a short period;
step K: observing whether the ECU response is abnormal or not, and if so, successfully attacking;
step L: b, accessing test equipment according to the diagnosis ID collected in the step B, using a CAN bus signal receiving and transmitting unit to receive a whole vehicle message, keeping the power-on state of the vehicle, using the CAN bus signal receiving and transmitting unit to transmit a message that the ID is normal, one or any combination data segment of service or subfunction does not accord with a UDS diagnosis mechanism, wherein the request message is transmitted circularly according to a period;
step M: and observing whether the ECU response is abnormal or not, and if so, successfully attacking.
7. The method of claim 6, wherein the testing method of step J and step K is performed simultaneously with the following operations:
and observing the response message of the ECU, judging whether the obtained response state accords with the expected state, if so, not making any further judgment, otherwise, judging that the tested diagnosis state is changed due to the aggressiveness test.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310795829.4A CN116668175A (en) | 2023-06-30 | 2023-06-30 | New energy automobile operating system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310795829.4A CN116668175A (en) | 2023-06-30 | 2023-06-30 | New energy automobile operating system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116668175A true CN116668175A (en) | 2023-08-29 |
Family
ID=87722533
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310795829.4A Pending CN116668175A (en) | 2023-06-30 | 2023-06-30 | New energy automobile operating system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116668175A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111865743A (en) * | 2020-07-03 | 2020-10-30 | 深圳开源互联网安全技术有限公司 | Vehicle CAN bus fuzzy test method, system, electronic equipment and storage medium |
CN112532716A (en) * | 2020-11-25 | 2021-03-19 | 中国人民解放军陆军军事交通学院军事交通运输研究所 | Vehicle ECU safety test method and device |
CN115102707A (en) * | 2022-04-27 | 2022-09-23 | 麦格纳斯太尔汽车技术(上海)有限公司 | Vehicle CAN network IDS safety detection system and method |
-
2023
- 2023-06-30 CN CN202310795829.4A patent/CN116668175A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111865743A (en) * | 2020-07-03 | 2020-10-30 | 深圳开源互联网安全技术有限公司 | Vehicle CAN bus fuzzy test method, system, electronic equipment and storage medium |
CN112532716A (en) * | 2020-11-25 | 2021-03-19 | 中国人民解放军陆军军事交通学院军事交通运输研究所 | Vehicle ECU safety test method and device |
CN115102707A (en) * | 2022-04-27 | 2022-09-23 | 麦格纳斯太尔汽车技术(上海)有限公司 | Vehicle CAN network IDS safety detection system and method |
Non-Patent Citations (1)
Title |
---|
杨钱钱: "基于渗透测试与模糊测试的车内网络漏洞挖掘技术研究与实现", 中国优秀硕士学位论文全文数据库 工程科技Ⅱ辑, no. 10, 15 October 2022 (2022-10-15), pages 8 - 86 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3559625B1 (en) | Device and method for managing an electric vehicle | |
CN103312818A (en) | Vehicle diagnostic method and server | |
CN103604612A (en) | Vehicle remote diagnostic system and diagnostic method | |
CN204462839U (en) | Electric automobile remote failure diagnosis system | |
CN102540998A (en) | Real-time maintenance method and system for vehicle | |
CN102830680A (en) | Remote monitoring controller for hybrid power vehicle | |
CN205879554U (en) | Monitor terminal device that motor train unit axletree temperature is wireless | |
CN116668175A (en) | New energy automobile operating system | |
CN108540992A (en) | A kind of system for mobile unit on-line real time monitoring | |
WO2012013087A1 (en) | Method and system for automatically prompting status of machine to machine terminal | |
CN103095818A (en) | Automobile remote diagnosis management system based on wireless data transfer radios and automobile remote diagnosis management method | |
KR101728785B1 (en) | Method of managing vehicle in message server and the method in vehicle terminal | |
CN116886350B (en) | New energy automobile control working method | |
CN204965407U (en) | Car ECU programming and diagnostic equipment based on cell -phone terminal operations platform | |
CN116700110B (en) | Distributed driving new energy automobile control method based on multi-module division | |
CN111447589B (en) | Mobile communication-based monitoring and authorization using method for vehicle-mounted Ethernet diagnosis system | |
CN104104666B (en) | Method of detecting abnormal cloud service and device | |
CN116684185A (en) | Automatic road condition data synthesizing method | |
CN204332107U (en) | Parking lot dynamic data acquisition device and parking lot dynamic data monitor system | |
CN116841233A (en) | Whole vehicle working system based on CAN bus layered control | |
CN116827713A (en) | Simulation working system for new energy automobile | |
CN206135970U (en) | Carwash control system | |
CN204856643U (en) | GPS vehicle event data recorder based on fingerprint identification | |
CN114356634A (en) | Log processing method and device | |
CN114218316A (en) | Vehicle safety management method and system based on Internet of vehicles |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |