Internal Network Vehicle
Hey Guys and Gals, I hope you all are doing great I have came with another post which will help in understanding the internal network of any vehicle.
You might be thinking how does a car works like How does it gives command when key is inserted and car is started?
So, the answer is simple car is interconnected with the important part of vehicle, it’s like a small network.
Internal Vehicle Network
1. LIN — Local Interconnect Network
2. CAN — Controller Area Network
3. Flex Ray
4. MOST Protocol (Media Oriented System Transport)
· Local Interconnect Network
The Local Interconnect Network (LIN) is the cheapest of the vehicle protocols. It was designed to complement CAN. It has no arbitration or priority code; instead, a single master node does all the transmission.
It is used for Connection Switches, Temperature, Rain Sensors, Small Motors, Sun Roof or Heating Control. It has smallest bandwidth of 20 Kbps which operates at 12V which is single wire. It can support up to 16 slave nodes which primarily listen to the master node. The frame includes header, which is always sent by the master, and a response section, which may be sent by master or slave
The SYNC field is used for clock synchronization. The ID represents the message contents — that is, the type of data being transmitted. The ID can contain up to 64 possibilities. ID 60 and 61 are used to carry diagnostic information.
When reading diagnostic information, the master sends with ID 60 and the slave responds with ID 61. All 8 bytes are used in diagnostics. The first byte is called the node address for diagnostics (NAD). The first half of the byte range (that is, 1–127) is defined for ISO-compliant diagnostics, while 128–255 can be specific to that device.
· MOST Protocol (Media Oriented System Transport)
This protocol was designed for multimedia devices which uses ring topology or virtual star topology which supports up to 64 MOST devices. MOST runs at approximately 23 Mbaud and supports up to 15 uncompressed CD quality audio or MPEG1 audio/video channels.
Each MOST frame has three channels:
· Synchronous Streamed data (audio/video)
· Asynchronous Packet distributed data (TCP/IP)
· Control Control and low-speed data (HMI)”
This shows how MOST is divided up amongst the seven layers of the Open Systems Interconnection (OSI) model that standardizes communication over networks.
The Linux-based project most4linux provides a kernel driver for MOST PCI devices. The most4linux driver allows for user-space communication over the MOST network and links to the Advanced Linux Sound Architecture (ALSA) framework to read and write audio data
· FlexRay
FlexRay is high-speed bus that can communicate at speeds of up to 10Mbps. It’s geared for time-sensitive communication, such as drive-by-wire, steer-by-wire, brake-by-wire, and so on. FlexRay is more expensive to implement than CAN, so most implementations use FlexRay for high-end systems, CAN for midrange, and LIN for low-cost devices.
Flex Ray uses twisted pair wiring but, can also support dual channel setup, which will increase fault tolerance and bandwidth. FlexRay supports a standard bus topology, like CAN bus, where many ECUs run off a twisted-pair bus. It also supports star topology, like Ethernet, that can run longer segments. When implemented in the star topology, a FlexRay hub is a central, active FlexRay device that talks to the other nodes. In a bus layout, FlexRay requires proper resistor termination, as in a standard CAN bus. The bus and star topologies can be combined to create a hybrid layout if desired.
FIBEX is an XML format used to describe FlexRay, as well as CAN, LIN, and MOST network setups. FIBEX topology maps record the ECUs and how they are connected via channels, and they can implement gateways to determine the routing behavior between buses. FIBEX data is used during firmware compile time and allows developers to reference the known network signals in their code; the compiler handles all the placement and configuration.
FlexRay consist of 4 parts
The static segment contains reserved slots for data that always represent the same meaning. The dynamic segment slots contain data that can have different representations. The symbol window is used by the network for signaling, and the idle segment (quiet time) is used for synchronization.
Linux doesn’t have official support for FlexRay, but there are some patches from various manufacturers that add support to certain kernels and architectures. (Linux has FlexCAN support, but FlexCAN is a CAN bus network inspired by FlexRay.) If you want to monitor a FlexRay network without a FIBEX file, you’ll at least need to know the baud rate of the bus. Ideally, you’ll also know the cycle length (in milliseconds) and, if possible, the size of the cluster partitioning (static-to-dynamic ratio). Technically, a FlexRay cluster can have up to 1048 configurations with 74 parameters. When spoofing packets on a FlexRay network with two channels, you need to simultaneously spoof both. Also, you’ll encounter FlexRay implementations called Bus Guardian that are designed to prevent flooding or monopolization of the bus by any one device. Bus Guardian works at the hardware level via a pin on the FlexRay chip typically called Bus Guardian Enable (BGE). This pin is often marked as optional, but the Bus Guardian can drive this pin too high to disable a misbehaving device.
· CAN Bus (Controller Area Network)
CAN Bus is most used and widely accepted protocol which is used in manufacturing in the automobile industry. Modern vehicles are full of little embedded systems and electronic control units (ECUs) that can communicate using the CAN protocol. CAN runs on two wires: CAN high (CANH) and CAN low (CANL). CAN uses differential signaling which means that when a signal comes in, CAN raises the voltage on one line and drops the other line an equal amount. Differential signaling is used in environments that must be fault tolerant to noise, such as in automotive systems and manufacturing.
CAN is easy to find when hunting through cables because its resting voltage is 2.5V. When a signal comes in, it’ll add or subtract 1V (3.5V or 1.5V). CAN wires run through the vehicle and connect between the ECUs and other sensors, and they’re always in dual-wire pairs. If you hook up a multimeter and check the voltage of wires in your vehicle, you’ll find that they’ll be at rest at 2.5V or fluctuating by 1V. If you find a wire transmitting at 2.5V, it’s almost certainly CAN.
There are two types of CAN packets: standard and extended. Extended packets are like standard ones but with a larger space to hold IDs.
· Standard Packets
Each CAN bus packet contains four key elements:
Arbitration ID The arbitration ID is a broadcast message that identifies the ID of the device trying to communicate, though any one device can send multiple arbitration IDs. If two CAN packets are sent along the bus at the same time, the one with the lower arbitration ID wins.
Identifier extension (IDE) This bit is always 0 for standard CAN.
Data length code (DLC) This is the size of the data, which ranges from 0 to 8 bytes.
Data This is the data itself. The maximum size of the data carried by a standard CAN bus packet can be up to 8 bytes, but some systems force 8 bytes by padding out the packet.
Thank you a lot for all of your support if have learned something new today, share it with your friends who are interested in Hardware Security and if you end up liking this post just give me a clap because it motivates me to make more content like these.
Have a nice day to all of you 😘
Reference:- The Car Hackers Handbook
