Skip to content

7. Solve the Sleigh's CAN-D-BUS Problem

Introduction

Wunorse Openslae to my character in the NetWars area

Say, do you have any thoughts on what might fix Santa's sleigh?

Turns out: Santa's sleigh uses a variation of CAN bus that we call CAN-D bus.

And there's something naughty going on in that CAN-D bus.

The brakes seem to shudder when I put some pressure on them, and the doors are acting oddly.

I'm pretty sure we need to filter out naughty CAN-D-ID codes.

There might even be some valid IDs with invalid data bytes.

For security reasons, only Santa is allowed access to the sled and its CAN-D bus.

I'll hit him up next time he's nearby.

Wunorse Openslae in the NetWars area

Hey Santa!

Those tweaks you made to the sled just don’t seem right to me.

I can’t figure out what’s wrong, but maybe you can check it out to fix it.

Objective

Hints

Solution

The Sleigh can also be accessed at https://candbus.kringlecastle.com/

The first step was to take a screenshot to the scrolling log as the messages were being logged quicker than could be read.

Then, as suggested in the hint, the next step was to identify what each message related to by excluding messages.

The result was the following:

Message Associated with
019 Steering
02A Engine start/stop
080 Brakes
188 Unknown - always has the message '00000000'
19B Lock/unlock doors
244 RPM value

From the conversation with Wunorse Openslae, the issues are with the brakes and the locks.

19B is also used in the CAN Bus Investigaion for the door locks.

The code for lock is 19B#000000000000

The code for unlock is 19B#00000F000000

However, there are also 19B#0000000F2057 codes seen when nothing else is going on, so these need to be excluded.

Bad unlock codes

Now looking at the brakes, there do not appear to be any issues until the brakes are applied.

Then with the brakes set to 15 (0xF), every other code does not have the message 00000F

Bad brake codes

By watching the output for a while it can be seen that the first 4 'F' (the 2 highest bytes) in the message are sufficient to indicate a bad code as the maximum valid value of the brakes is 100 (0x64). So brake messages with 'FFFF' need to be excluded.

Answer

Sleigh deFrosted"