This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

firstly hi! i'm a noob

I can directly connect to my car's ECU(computer) via ethernet cable so i decided to sniff that data.

I don't know the name of this connection protocol but my laptop gets an ip starts with 169.254.x.x

opened wireshark connected ethernet cable to ECU. Turn on to ignition and the first package received. Than I run the software of the ECU from my laptop which allows me to change the calibration of the ecu. Downloaded a map and saved it. All the packages are captured by wireshark!

2749 216.169396 LifeECU_80:00:a7 Inventec_18:a6:dc 0x88af 1048 Ethernet II

but encrypted i believe.. Is there anyway I can learn the protocol and how the software communicates with ecu..?

asked 14 Dec '16, 20:35

secured-nor1's gravatar image

secured-nor1
6113
accept rate: 0%


I see ethertype 0x88af in your packet. Googling for it gives:

88af

Life Racing Limited
Unit 6 Repton Close
Basildon  Essex  SS13 1LE

Proprietary automotive control unit protocol used by UK OEM Life
Racing Ltd.

(From: http://standards-oui.ieee.org/ethertype/eth.txt)

As it is a proprietary protocol, you would need to reverse engineer the data. It might or might not be encrypted so you might have luck or not in being able to decipher the messages. In my experience a lot of protocols have some sort of PDU structure with a length and/or sequence number in them, I would start by lookig for those items first.

It would be nice to look at the protocol data, are you able to share the capture on cloudshark, dropbox, onedrive or another filesharing service (please first make sure there is no sensitive data in it)?

permanent link

answered 15 Dec '16, 02:17

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thanks! I googled it and came up with nothing.

There is no sensitive data for me but it may hurt Life Racing may be? I've no commercial attitude and dont want to publicate their commercial secrets.

The software monitors the all the datas of the car. I just sniffed it if i can make my own software on Android platform. The sniffed data consist of my car's calibration(tuning) map which is not sensitive for me as I'm a tuner.

I can send the data by email if anyone interested artattech > gmail com

Btw, the data is encrypted I believe. There are tons of dots =) I can only read the cars map comment section which i manually written. Can wireshark decode it? Its the first time i'm using it.

(15 Dec '16, 15:30) secured-nor1

(I converted your "answer" to a "comment" as that is how this site works best, please see the FAQ if you want to know why)

The data does not necessarily be encrypted if you see a lot of dots. It could be just binary data in which all the non-ascii values are displayed as dots. As you are able to read a comment, I guess the data is not encrypted, just binary...

(I'll email you for the trace file, thanks!)

(15 Dec '16, 15:35) SYN-bit ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×87
×1
×1

question asked: 14 Dec '16, 20:35

question was seen: 1,083 times

last updated: 15 Dec '16, 15:35

p​o​w​e​r​e​d by O​S​Q​A