🏎️ NullSec CarFuzz
Automotive Protocol Fuzzer
Intelligent fuzzing for CAN, UDS, OBD-II, and DoIP automotive protocols
🎯 Overview
NullSec CarFuzz is a coverage-guided fuzzer specifically designed for automotive protocols. It understands protocol grammars for CAN, UDS (ISO 14229), OBD-II (ISO 15031), and DoIP (ISO 13400), generating intelligent test cases that explore deep protocol states rather than random data.
⚡ Features
| Feature | Description |
|---|---|
| Grammar-Aware Fuzzing | Protocol-aware mutation for CAN, UDS, OBD-II, DoIP |
| Coverage Tracking | Monitor ECU responses to guide mutation strategy |
| State Machine | Track protocol state to reach deep execution paths |
| Crash Detection | Detect ECU resets, hangs, and error responses |
| Session Manager | Handle diagnostic session changes and security access |
| Report Generator | Detailed crash reports with reproduction steps |
📋 Supported Protocols
| Protocol | Standard | Fuzzing Depth |
|---|---|---|
| CAN 2.0A/B | ISO 11898 | Frame-level |
| UDS | ISO 14229 | Service + sub-function |
| OBD-II | ISO 15031 | PID + mode |
| DoIP | ISO 13400 | Full TCP/UDP stack |
| XCP | ASAM | Partial |
| KWP2000 | ISO 14230 | Service-level |
🚀 Quick Start
# Fuzz UDS services on an ECU
# Fuzz OBD-II PIDs
# Grammar-guided CAN fuzzing
# Generate crash report
🔗 Related Projects
| Project | Description |
|---|---|
| nullsec-canbus | CAN bus sniffing & injection |
| nullsec-keyfob | Key fob & immobilizer analysis |
| nullsec-sdr | Software-defined radio toolkit |
| nullsec-linux | Security Linux distro (140+ tools) |
⚠️ Legal
For authorized automotive security testing only. Never fuzz ECUs in vehicles in traffic.
📜 License
MIT License — @bad-antics
Part of the NullSec Automotive Security Suite