evilDoggie Get Started
Switching to Evil Mode (Faraday's Doggie)
evilDoggie operates in "EVIL" mode, which is selected via a physical switch on the hardware. To boot in EVIL mode for evilDoggie (as opposed to "GOOD" mode for standard Doggie):
- Set the switch to "EVIL".
- Reset the board or reconnect it to power.
- Note: If the board is already powered, reboot it after switching modes to apply the change.
This mode enables the offensive features, using the serial interface to display an interactive menu for configuring and launching attacks.
Accessing the Serial Console
evilDoggie uses the serial interface to provide an interactive console menu for attack configuration. Unlike standard Doggie, which bridges CAN Bus via slcan for tools like SocketCAN, evilDoggie focuses on direct manipulation through this menu.
To connect to the serial console, use a terminal emulator like picocom. Assuming you're on Ubuntu, install it with:
sudo apt install -y picocom
Run picocom with the corresponding USB device (replace /dev/ttyUSBx
with your actual device, e.g., /dev/ttyUSB0
or /dev/ttyACM0
):
picocom -q -b 921600 /dev/ttyUSBx --omap lfcrlf --imap lfcrlf
-q
: Quiet mode (suppresses non-essential output).-b 921600
: Sets the baud rate to 921600, which is required for evilDoggie's serial communication.--omap lfcrlf
and--imap lfcrlf
: Map line feed (LF) to carriage return line feed (CRLF) for output and input, matching evilDoggie's control characters to ensure proper display and input handling.
To exit picocom, press [Ctrl + A]
followed by [Ctrl + X]
.
Once connected, press any key to display the banner and the prompt >
. This enters the evilDoggie console.
- Type
help
to see information about the current menu and available commands. - Type
help [command]
(e.g.,help spoofing_attack
) for details on a specific command.
The Logic Behind evilDoggie Attacks
evilDoggie allows you to build an "attack plan," which is a sequence of attacks executed in order. The main menu provides predefined attacks (e.g., spoofing, bus off) that you can add to the plan. For more advanced control, use the custom_attack
submenu to chain low-level attack primitives (e.g., bit-level manipulations) into custom attacks.
Building an Attack Plan
- Use commands like
spoofing_attack
to add predefined attacks to the plan. - Enter
custom_attack
to build custom ones:- Chain primitives (e.g., wait for a frame, inject error, force dominant bit).
- Use
save
to add the custom attack to the main plan. - Use
exit
to return to the main menu.
- Edit the plan with
list
(view plan),delete
(remove item), andmove
(reorder). - Launch the plan with
attack [count]
(e.g.,attack 20
to run 20 times).
As an attacker, connect evilDoggie to the CAN Bus to execute these attacks, targeting physical bus characteristics for real-time manipulation, just like in a vehicle.
How It Is Physically Connected
The attacks in evilDoggie exploit physical CAN Bus properties, requiring a connection to a real CAN Bus. In workshops or simulations, you can emulate multiple ECUs on a single bus without needing a Doggie per ECU. Then, connect your evilDoggie as the attack device for online exploitation, mimicking real-car scenarios.
For hardware connections, refer to the specific microcontroller guides in the Hardware/DIY section (e.g., ESP32, RP2040, Bluepill). Ensure the device is in EVIL mode and connected via USB or UART for serial access.