Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/hardware/automotive/getvinfo.rb
19758 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::Hardware::Automotive::UDS

8
  include Msf::Post::Hardware::Automotive::DTC

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Get the Vehicle Information Such as the VIN from the Target Module',

15
        'Description' => %q{

16
          This module queries DTCs, some common engine info, and vehicle information.

17


18
          It returns such things as engine speed, coolant temp, Diagnostic Trouble

19
          Codes, as well as all info stored by Mode $09 Vehicle Info, VIN, etc.

20
        },

21
        'License' => MSF_LICENSE,

22
        'Author' => ['Craig Smith'],

23
        'Platform' => ['hardware'],

24
        'SessionTypes' => ['hwbridge'],

25
        'Notes' => {

26
          'Stability' => [CRASH_SAFE],

27
          'SideEffects' => [],

28
          'Reliability' => []

29
        }

30
      )

31
    )

32
    register_options([

33
      OptInt.new('SRCID', [true, 'Module ID to query', 0x7e0]),

34
      OptInt.new('DSTID', [false, 'Expected reponse ID, defaults to SRCID + 8', 0x7e8]),

35
      OptInt.new('PADDING', [false, 'Optinal end of packet padding', nil]),

36
      OptBool.new('FC', [false, 'Optinal forces flow control', nil]),

37
      OptBool.new('CLEAR_DTCS', [false, 'Clear any DTCs and reset MIL if errors are present', false]),

38
      OptString.new('CANBUS', [false, 'CAN Bus to perform scan on, defaults to connected bus', nil])

39
    ])

40
  end

41


42
  def run

43
    opt = {}

44
    opt['PADDING'] = datastore['PADDING'] if datastore['PADDING']

45
    opt['FC'] = datastore['FC'] if datastore['FC']

46
    pids = get_current_data_pids(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

47
    if pids.empty?

48
      print_status('No reported PIDs. You may not be properly connected')

49
    else

50
      print_status("Available PIDS for pulling realtime data: #{pids.size} pids")

51
      print_status("  #{pids.inspect}")

52
    end

53
    if pids.include? 1

54
      data = get_monitor_status(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

55
      print_status("  MIL (Engine Light) : #{data['MIL'] ? 'ON' : 'OFF'}") if data.key? 'MIL'

56
      print_status("  Number of DTCs: #{data['DTC_COUNT']}") if data.key? 'DTC_COUNT'

57
    end

58
    if pids.include? 5

59
      data = get_engine_coolant_temp(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

60
      print_status("  Engine Temp: #{data['TEMP_C']} \u00b0C / #{data['TEMP_F']} \u00b0F") if data.key? 'TEMP_C'

61
    end

62
    if pids.include? 0x0C

63
      data = get_rpms(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

64
      print_status("  RPMS: #{data['RPM']}") if data.key? 'RPM'

65
    end

66
    if pids.include? 0x0D

67
      data = get_vehicle_speed(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

68
      print_status("  Speed: #{data['SPEED_K']} km/h  /  #{data['SPEED_M']} mph") if data.key? 'SPEED_K'

69
    end

70
    if pids.include? 0x1C

71
      print_status("Supported OBD Standards: #{get_obd_standards(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)}")

72
    end

73
    dtcs = get_dtcs(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

74
    unless dtcs.empty?

75
      print_status('DTCS:')

76
      dtcs.each do |dtc|

77
        msg = dtc

78
        msg += ": #{DTC_CODES[dtc]}" if DTC_CODES.key? dtc

79
        print_status("  #{msg}")

80
      end

81
    end

82
    frozen_dtcs = get_frozen_dtcs(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

83
    unless frozen_dtcs.empty?

84
      print_status('Frozen DTCS:')

85
      frozen_dtcs.each do |dtc|

86
        msg = dtc

87
        msg += ": #{DTC_CODES[dtc]}" if DTC_CODES.key? dtc

88
        print_status("  #{msg}")

89
      end

90
    end

91
    pids = get_vinfo_supported_pids(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

92
    print_status("Mode $09 Vehicle Info Supported PIDS: #{pids.inspect}") if !pids.empty?

93
    pids.each do |pid|

94
      # Handle known pids

95
      if pid == 2

96
        vin = get_vin(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

97
        print_status("VIN: #{vin}")

98
      elsif pid == 4

99
        calid = get_calibration_id(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

100
        print_status("Calibration ID: #{calid}")

101
      elsif pid == 0x0A

102
        ecuname = get_ecu_name(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

103
        print_status("ECU Name: #{ecuname}")

104
      else

105
        data = get_vehicle_info(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], pid, opt)

106
        data = response_hash_to_data_array(datastore['DSTID'].to_s(16), data)

107
        print_status("PID #{pid} Response: #{data.inspect}")

108
      end

109
    end

110
    if datastore['CLEAR_DTCS'] == true

111
      clear_dtcs(datastore['CANBUS'], datastore['SRCID'], datastore['DSTID'], opt)

112
      print_status('Cleared DTCs and reseting MIL')

113
    end

114
  end

115
end

116


117