Gallia is an extendable pentesting framework with the focus on the automotive domain. The scope of the toolchain is conducting penetration tests from a single ECU up to whole cars. Currently, the main focus lies on the UDS interface. Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks. The rendered documentation is available via Github Pages.
Keep in mind that this project is intended for research and development usage only! Inappropriate usage might cause irreversible damage to the device under test. We do not take any responsibility for damage caused by the usage of this tool.
Levent Çelik et al. in Comparing Open-Source UDS Implementations Through Fuzz Testing:
Among the implementations we've identified, Gallia stands out as the most robust and dependable by a significant margin.
See the setup instructions.
First create a config template with --template
, store it to a file called gallia.toml
, and adjust it to your needs.
gallia
reads this file to set the defaults of the command line flags.
All options correspond to a command line flag; the only required option for scans is gallia.scanner.target
, for instance isotp://can0?src_addr=0x123&dst_addr=0x312&tx_padding=0xaa&rx_padding=0xaa
.
$ gallia --template > gallia.toml
You are all set to start your first scan, for instance read the diagnostic trouble codes:
$ gallia primitive uds dtc read
The target can also be specified by the --target
option on the command line.
For the format of the --target
argument see the transports documentation.
This work was partly funded by the German Federal Ministry of Education and Research (BMBF) as part of the SecForCARs project (grant no. 16KIS0790). A short presentation and demo video is available at this page.