New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
automotive/uds: special case to allow sending malformed 7f request #4347
Conversation
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## master #4347 +/- ##
==========================================
- Coverage 82.03% 81.48% -0.55%
==========================================
Files 350 350
Lines 82888 83136 +248
==========================================
- Hits 67994 67744 -250
- Misses 14894 15392 +498
|
Hi, thanks for the PR. I think an additional check in hashret is a good idea in general. I suggest to change the check to ‘’’ … and len(self) >= 2… ‘’’ I’m not a fan of string comparisons inside hashret. |
Could you please provide a test case as well? |
Will do
I can, yes. I don't really know where to start; could you please tell me which file to add to @polybassa ? |
Great. I think you can copy this test case and change the scan_range
|
Actually the UTS is harder to grok than I anticipated 😅
I can keep trying but it's not clear to me what write just yet.
…On Wed, Apr 10, 2024, 15:16 Nils Weiss ***@***.***> wrote:
Great.
I think you can copy this test case and change the scan_range
https://github.com/secdev/scapy/blob/731c4c050ac14e5ed8fc8ad80489b368dfeeb5f5/test/contrib/automotive/scanner/uds_scanner.uts#L259
—
Reply to this email directly, view it on GitHub
<#4347 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAB3M6KJ35NYWH6SBXVWSITY4WFXLAVCNFSM6AAAAABF6673VCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANBYGI3TAMRSHE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
I think you can just copy the testcase from line 259 to 305 and change the kwargs in line 284. finally you need to change the asserts |
OK I did eventually understand it enough to create testcases. using |
Similar to the motivation in secdev#3947 (comment) : I would like to scan all the possible services including a nonsense/malformed/invalid request to a 7f service. v2: adding unit test for range(256) of UDS Scanner and trying to avoid expensive checks in .hashret() (@polybassa) v3: flake8 formatting fixes
Looks good so far |
Similar to the motivation in #3947 (comment) : I would like to scan all the possible services including a nonsense/malformed/invalid request to a 7f service.
Checklist:
cd test && ./run_tests
ortox
)enables uds scanning of 0x00 - 0xff without crash
Similar to the motivation in #3947 (comment) : I would like to scan all the possible services including a nonsense/malformed/invalid request to a 7f service.
It is definitely invalid UDS to make requests to services with 0x40 bit set; however, the motivation is precisely to test targets with invalid UDS.
At present
UDS_Scanner(isock, test_cases=[UDS_ServiceEnumerator], UDS_ServiceEnumerator_kwargs={...,'scan_range': range(256)})
will fail withAttributeError: requestServiceId
when the scanner gets to sending017f
. This small patch makes scapy.contrib.automotive.uds.UDS.hashret() check if the payload.fields has requestedServiceId before trying to grab that field value for struct.pack().I'm proposing the patch here even though this is invalid UDS because a crash seems like the wrong outcome. Happy to adapt the patch or testing -- or withdraw at you discretion.