In August 2020,
AIS engineers Chris Poore and Dan Salloum were selected to present their research on power line truck hacking and protocol decoding at the DEF CON Car Hacking Village, one of the world’s largest and most notable hacker conventions.
Chris Poore and Ben Gardiner from the National Motor Freight Traffic Association (NMFTA) gave their presentation titled PowerLine Truck Hacking: 2TOOLS4PLC4TRUCKS.
Trailer ABS functionality has been a regulated requirement in the US & Canada for decades now. The ‘PLC4TRUCKS’ technology that realizes this requirement is ubiquitous on the road today and can also be found in buses, trains and some other unexpected places. We are releasing tools to read and write PLC4TRUCKS traffic. The first, gr-j2497, is a GNU Radio flowgraph with custom block and the second is an extension to the Truck Duck tool released at DEF CON 24. With these tools in hand, attendees can read PLC traffic without touching the bus – or control their own trailer air brake controllers connected at home and we will show them how.
Dan Salloum gave his presentation titled Before J1939: A J1708/J1587 Protocol Decoder.
Medium and heavy-duty equipment communicate over vehicle networks using a number of protocols and busses. While researching the interaction between tractors and semi-trailers, we identified the presence of two legacy protocols, J1708 (physical layer) and J1587 (transport layer). The current mechanisms to capture and decode this data do not promote cost efficient data discovery, but as a team, we have developed techniques that will allow us to use existing diagnostic hardware to capture and decode J1587 and J1708 messages from the vehicle bus.
pretty_1587, our software application, has been designed to process input streams and convert SAE J1708 and J1587 messages to a convenient format that a user can read or pass to another software application. Our open source python code has been designed to be versatile and to work with the output of existing diagnostic tools and can consume data over network sockets from files or from stdin, allowing most hardware solutions that interface directly with the serial bus to pass data to pretty_1587 to decode the data contained in the J1587 messages.