def test_service_discovery(self):
# Service discovery arguments
range_start = 0x09
range_end = 0x13
print_results = False
# Perform service discovery
result = uds.service_discovery(arb_id_request=self.ARB_ID_REQUEST,
arb_id_response=self.ARB_ID_RESPONSE,
timeout=self.BRUTEFORCE_TIMEOUT,
min_id=range_start,
max_id=range_end,
print_results=print_results)
# Supported services within specified range
expected_result = [ServiceID.DIAGNOSTIC_SESSION_CONTROL, ServiceID.ECU_RESET]
self.assertListEqual(result, expected_result, "UDS service discovery gave '{0}', expected '{1}'".format(
result, expected_result))
def test_service_discovery_empty_range(self):
# Service discovery arguments
range_start = 0x00
range_end = 0x05
print_results = False
# Perform service discovery
result = uds.service_discovery(arb_id_request=self.ARB_ID_REQUEST,
arb_id_response=self.ARB_ID_RESPONSE,
timeout=self.BRUTEFORCE_TIMEOUT,
min_id=range_start,
max_id=range_end,
print_results=print_results)
# No services should be found within range
expected_result = []
self.assertListEqual(result, expected_result, "UDS service discovery gave '{0}', expected no hits".format(
result))
def read_ecm(args):
"""
Read ECM ROM.
:param args: A namespace containing output filename, start address and size
"""
filename = args.filename
addr = args.addr
size = args.size
# Use hardcodded 0x7e0 ECM Arb ID
send_arb_id = 0x7e0
#
# 1. Ping ECM by discovering response Arb ID
#
print("Probe ECM by ID 0x{0:03x}:".format(send_arb_id))
arb_id_pairs = uds.uds_discovery(send_arb_id, send_arb_id,
print_results=False)
if len(arb_id_pairs) != 1:
print(" ECM is not found")
return
(a, rcv_arb_id) = arb_id_pairs[0]
print(" ECM is detected... response ID 0x{0:03x}".format(rcv_arb_id))
#
# 2. Scan for needed services availability
#
print("Probe ECM services:")
needed_services = [
0x1a, # GMLAN_READ_DIAGNOSTIC_ID
ServiceID.READ_MEMORY_BY_ADDRESS,
ServiceID.SECURITY_ACCESS,
ServiceID.TESTER_PRESENT
]
found_services = uds.service_discovery(send_arb_id, rcv_arb_id,
min_id=min(needed_services),
max_id=max(needed_services),
print_results=False)
found_services = found_services and needed_services
missing_services = set(needed_services) - set(found_services)
if len(missing_services) != 0:
print(" Missing services: ", end="")
print(", ".join('{}'.format(uds.UDS_SERVICE_NAMES[s]) for s in missing_services))
return
print(" All needed services are present")
#
# 3. Read ECM info
#
print("Read ECM info:")
vin_did = uds.service_1a(send_arb_id, rcv_arb_id, 0x90, 0x90)
if len(vin_did) == 1:
vin = int_list_to_ascii(vin_did[0x90])
else:
vin = "<not found>"
print(" VIN: {}".format(vin))
os_did = uds.service_1a(send_arb_id, rcv_arb_id, 0xc1, 0xc1)
if len(os_did) != 1:
print(" OS ID: <not found>")
return
else:
osid = int_from_byte_list(os_did[0xc1])
print(" OS ID: {}".format(osid))
ecm_type = OSID_TO_ECM.get(osid)
if not ecm_type:
print("Not supported OS ID!")
return
print(" ECM type: {}".format(ecm_type))
ecm_spec = ECM_SPECS[ecm_type]
#
# 4. Input addr/size sanity check
#
ecm_mem_addr = ecm_spec['mem_addr']
ecm_mem_size = ecm_spec['mem_size']
if not addr:
addr = ecm_mem_addr
if not size:
size = ecm_mem_size - addr
if addr < ecm_mem_addr or addr >= ecm_mem_addr + ecm_mem_size:
print("Incorrect 'addr' for the ECM, valid range: [0x{0:x};0x{1:x})".format(ecm_mem_addr, ecm_mem_addr + ecm_mem_size))
return
if size <= 0 or size + addr > ecm_mem_addr + ecm_mem_size:
print("Incorrect 'addr+size' address out of ECM memory, valid range: [0x{0:x};0x{1:x})".format(ecm_mem_addr, ecm_mem_addr + ecm_mem_size))
return
#
# 5. Unlock the ECM
#
print("Unlock ECM:")
(seed, err) = uds.service_27(send_arb_id, rcv_arb_id, None)
if err:
print(" Unable to get seed: {}".format(err))
return
print(" Got seed: 0x{0:04x}".format(seed))
key = ecm_spec['key_algo'](seed)
print(" Use key: 0x{0:04x}".format(key))
(_, err) = uds.service_27(send_arb_id, rcv_arb_id, key)
if err:
print(" Error: {}".format(err))
return
print(" Unlocked!")
#
# 6. Read memory
#
print("Read ECU memory:")
ret = uds.read_memory(send_arb_id, rcv_arb_id, filename, addr, size,
ecm_spec['mem_addr_bytes'], tester_present=True)
if ret:
print(" "*40 + "\r Completed!")