Objective #7 - Solve the Sleigh's CAN-D-BUS Problem
Objective
Jack Frost is somehow inserting malicious messages onto the sleigh's CAN-D bus. We need you to exclude the malicious messages and no others to fix the sleigh. Visit the NetWars room on the roof and talk to Wunorse Openslae for hints.
Analysis
Santa’s sleigh is not running smoothly. You have access to a diagnostics terminal that allows you to monitor messages on the CAN-D bus, and some controls that allow you to start and stop the engine and inject some inputs into the system like steering and braking.
Tip
Not sure what a CAN bus is? Watch Chris Elgee's CAN Bus Can-Can talk to learn everything you need to know.
Solution
Step 1: There are initially many zero value events appearing in the terminal display. Add some filters so you can focus on more important output.
| ID | Operator | Criterion |
|---|---|---|
| 244 | Equals | 000000000000 |
| 080 | Equals | 000000000000 |
| 019 | Equals | 000000000000 |
| 188 | Equals | 000000000000 |
Step 2: With all the zero value events are filtered, start applying some inputs to determine what sort of messages they generate.
| Function | ID | Values |
|---|---|---|
| Lock | 19B | 000000000000 |
| Unlock | 19B | 000000F00000 |
| Steer | 019 | FFFF## for left and 0000## for right |
| Brake | 080 | 000000 to 000064 |
| Engine RPM | 244 | Hex value matches decimal tachometer reading |
Step 3: Knowing what is normal for the sleigh, you can pick out the abnormal events like the “0000000F2057” message that randomly appears under the lock/unlock ID, and the intermittent brake messages that begin with FFFF. Add filters for these.
| ID | Operator | Criterion |
|---|---|---|
| 119B | Equals | 0000000F2057 |
| 080 | Contains | FFFF |
Step 4: Remove the zero value filters and start the engine.
