![[Dcm] Vehicle Diagnostic Communication Part 76 [Simulation 15]](https://www.simulationroom999.com/blog/wp-content/uploads/2023/01/01_eyecatch.png)
Click here for back issues.
https://www.simulationroom999.com/blog/diagnostic-communication-en-back-issue/
Introduction.
Explanation of the AUTOSAR-Dcm simulation.
In this article, we will explain the Python code for the SecurityAccess simulation.
Python code to simulate SecurityAccess
Here we do SecurityAccess.
The Python code has been slightly extended for this purpose.
import isotp
import logging
import time
import threading
from can.interfaces.vector import VectorBus
class ThreadedApp:
def __init__(self):
isotp_params = {
'stmin' : 0,
'blocksize' : 4,
'wftmax' : 0,
'll_data_length' : 8,
'tx_padding' : 0xCC,
'rx_flowcontrol_timeout' : 1000,
'rx_consecutive_frame_timeout' : 1000,
'squash_stmin_requirement' : False,
'can_fd' : False,
'tx_data_min_length' : 8
}
self.exit_requested = False
#self.bus = VectorBus(channel='0', bitrate=500000)
self.bus = VectorBus(channel='0', bitrate=500000, fd=True)
addr = isotp.Address(isotp.AddressingMode.NormalFixed_29bits, source_address=0xF1, target_address=0x10)
self.stack = isotp.CanStack(self.bus, address=addr, params=isotp_params, error_handler=self.my_error_handler)
def start(self):
self.exit_requested = False
self.thread = threading.Thread(target = self.thread_task)
self.thread.start()
def stop(self):
self.exit_requested = True
if self.thread.isAlive():
self.thread.join()
def send(self, msg):
self.stack.send(msg)
def my_error_handler(self, error):
logging.warning('IsoTp error happened : %s - %s' % (error.__class__.__name__, str(error)))
def thread_task(self):
while self.exit_requested == False:
self.stack.process() # Non-blocking
#time.sleep(self.stack.sleep_time()) # Variable sleep time based on state machine state
time.sleep(0.001) # Variable sleep time based on state machine state
def shutdown(self):
self.stop()
self.bus.shutdown()
def sendrecv( app, msg ):
if msg[0] == 0x00:
tsleep = msg[1]*0x100+msg[2]
tsleep = tsleep / 1000
print("sleep : %f [ms]" % tsleep)
time.sleep(tsleep)
else:
print("Send msg : %s" % (msg.hex()))
app.send(msg)
t1 = time.time()
while time.time() - t1 < 5:
if app.stack.available():
payload = app.stack.recv()
print("Recv msg : %s" % (payload.hex()))
break
time.sleep(0.001)
if __name__ == '__main__':
app = ThreadedApp()
app.start()
datas=[
bytes([0x27, 0x13]),
bytes([0x10, 0x03]),
bytes([0x27, 0x13, 0xDE, 0xAD, 0xBE, 0xEF]),
bytes([0x27, 0x14, 0xDE, 0xAD, 0xBE, 0xEF]),
bytes([0x27, 0x11]),
bytes([0x27, 0x14, 0xDE, 0xAD, 0xBE, 0xEE]),
bytes([0x27, 0x13]),
bytes([0x27, 0x14, 0xDE, 0xAD, 0xBE, 0xEF]),
bytes([0x27, 0x13]),
bytes([0x27, 0x14, 0xDE, 0xAD, 0xBE, 0xEF]),
bytes([0x10, 0x03]),
bytes([0x27, 0x13]),
bytes([0x27, 0x14, 0xDE, 0xAD, 0xBE, 0xEF]),
bytes([0x27, 0x13]),
bytes([0x00, 0x08, 0x00]),
bytes([0x27, 0x13]),
bytes([0x00, 0x13, 0x24]),
bytes([0x27, 0x13]),
bytes([0x00, 0x13, 0xEC]),
bytes([0x27, 0x13]),
bytes([0x10, 0x03]),
bytes([0x27, 0x13]),
bytes([0x27, 0x14, 0xDE, 0xAD, 0xBE, 0xEF]),
]
#while True:
for i in range(len(datas)):
sendrecv(app, datas[i])
print("Exiting")
app.shutdown()
Python code explanation for SecurityAccess simulation
The message specification was slightly modified to create a wait time for outgoing messages.
When the first byte is 0x00, the second and third bytes are regarded as 16-bit long-time variables, and the message waits for that time [ms].
You can see that the first byte is 0x00 in several places.
This time, the processing follows the flow as follows.
(1) Request SecurityAccess service in defaultSession (SecurityAccess service not supported session)
(2)Transition to extendDiagnosticSession
(3)Wrong message length for Seed request
(4)Key sent even though the Seed request was not successful
(5)Seed request with a SecurityLevel that does not exist
(6)Key sent again even though the Seed request was not successful
(7)Seed request
(8)Key sent (Key=deadbeef)
(9)Seed request again
(10)Key sent with security unlocked
(11)Transition to extendDiagnosticSession again (security lock is now applied)
(12)Seed request
(13)Key send (Key=deadbeef)
(14)Seed request
(15)Wait for 2 seconds
(16)Seed request
(17)Wait for 4.9 seconds
(18)Seed request
(19)Wait for 5.1 seconds
(20)Seed request
(21)Transition to extendDiagnosticSession
(22)Seed request
(23)Send Key (Key=deadbeef)
There are a lot more things doing, but this is what I’m trying to do to check security-related behavior.
The following is a summary of what we want to check.
- SecurityAccess service is supported by extendDiagnosticSession
- In other words, defaultSession should return NRC
- Wrong message length can be detected.
- Detects non-existent SecurityLevels.
- If a Key is sent without a Seed request, a sequence error will occur.
- If a Seed request is made in the security unlocked state, a Seed of 0x00000000 will be returned.
- If a Key is sent while the security is unlocked, a sequence error will occur.
- When transitioning to extendDiagnosticSession again, the security lock should be applied.
- If S3 timeout occurs in security unlocked state, it returns to defaultSession & security lock & unsupported.
Well, we can think again after seeing the results of the next simulation.
Conclusion
- I wrote Python code for the SecurityAccess simulation.
- There is a large amount of work to be done to make sure SecurityAccess works.
- Support sessions.
- Sequence.
- Seed in security unlocked state.
- Transition to locked state on session transition.
- Session transitions due to S3 timeouts.
Click here for back issues.
コメント