CAN is a simple protocol used in manufacturing and in the automobile industry. Modern vehicles are full of little embedded systems and electronic control units (ECUs) that can communicate using the CAN  protocol. CAN has been a standard on US cars and light trucks since 1996, but wasn’t made mandatory until 2008 (2001 for European vehicles). If your car is older than 1996, it still may have CAN, but you’ll need to check. CAN runs on two wires: CAN high (CANH) and CAN low (CANL).

How Can Bus Works ?

CAN uses differential signaling , which means that when a signal comes in, CAN raises the voltage on one line and drops the other line an equal amount  . Differential signaling is used in environments that must be fault tolerant to noise, such as in automotive systems and manufacturing

picosope ocsaly canbus

Upper screen shoot shows a signal captured using a PicoScope, which listens to both CANH and CANL. Notice that when a bit is transmitted on the CANbus, the signal will simultaneously broadcast both 1V higher and lower. The sensors and ECUs have a transceiver that checks to ensure both signals are triggered; if they are not, the transceiver rejects the packet as noise. The two twisted-pair wires make up the bus and require the bus to be terminated on each end. There’s a 120-ohm resistor across both wires on the termination ends. If the module isn’t on the end of the bus, it doesn’t have to worry about termination. As someone who may tap into the lines, the only time you’ll need to worry about termination is if you remove a terminating device in order to sniff  the wires.

How to Find CAN Bus Connectors ?

CAN is easy to find when hunting through cables because its resting voltage is 2.5Volt .

 When a signal comes in, it’ll add or subtract 1V (3.5Volt or 1.5Volt). CAN wires run through the vehicle and connect between the ECUs and other sensors, and they’re always in dual-wire pairs. If you hook up a multimeter and check the voltage of wires in your vehicle, you’ll find that they’ll be at rest at 2.5V or fluctuating by 1V. If you find a wire transmitting at 2.5V, it’s almost certainly CAN.

How to do Can Bus Fuzzing ? – YouTube Video
You should find the CANH and CANL connections on pins 6 and 14 of your OBD-II connector, as I showed you in this picture :

Connecting USB-powered Beaglebone to car's CAN bus through OBD connector  using common signal ground - Electrical Engineering Stack Exchange
can bus wiring
can bus high can and low can

In the picture , pin 6 and 14 are for standard high-speed CAN lines [HS-CAN]. Mid-speed and low-speed communications happen on other pins. Some cars use CAN for the mid-speed [MS-CAN] and low speed [LS-CAN], but many vehicles use different protocols for these communications.
You’ll find that not all buses are exposed via the OBD-II connector. You can use wiring diagrams to help locate additional “internal” bus lines.

For more information you can check our another blog that we are doing Can Bus Fuzzing in this blog.

OCSALY