AP: cleanup

Author: JonathanBeverley

auto_psy/bridge.py

@@ -1,3 +1,6 @@
+# This script bridges two CAN interfaces, so that anything received on one is
+# sent on the other, and vice-versa.
+
 from __future__ import print_function
 import sys
 import can

auto_psy/hideous.py

@@ -1,3 +1,7 @@
+# This ugly python script is designed to scan the OBD2 / UDS range looking for
+# things the board responds to. It includes a list of standard packets that the
+# board already randomly emits, so we can filter those out.
+
 from __future__ import print_function
 import sys
 import can

auto_psy/nonce.py

@@ -1,3 +1,7 @@
+# This is the seed->key function that the board uses to determine if we're
+# allowed security access. I transcribed this in case we needed to get it right
+# on the first try. Turns out to have been wasted effort.
+
 def nswap(c):
     return (c>>4) | (c<<4 & 0xf0)
 

auto_psy/notes.md

@@ -499,6 +499,14 @@ Examples:
 	- possibly it tracks number of attempts and you'd need to reset if exceeded
 
 What we have might be a custom variant
+### Online References
+https://hackaday.com/2013/10/29/can-hacking-protocols/
+	- service ids
+	- CAN frame format
+https://automotiveembeddedsite.wordpress.com/uds/
+	- more details
+https://en.wikipedia.org/wiki/ISO_15765-2
+	- correct framing rules
 
 ## Can Setup
 ip link show dev can0

auto_psy/rom-dump.py

@@ -1,3 +1,8 @@
+# This code is to dump a section of firmware, assuming we already have security
+# access. It's "good enough" code, I'm sure I could have refined it, but there
+# wasn't any need. Re-running it until I happened to get clean "uploads" was
+# good enough.
+
 from __future__ import print_function
 import sys
 import can

auto_psy/security-access.py

@@ -1,3 +1,7 @@
+# This script enabled "Security Access" to the chosen AID. The original version
+# brute-forced the key space, but post-dump, I changed it to compute the
+# correct response on the first try.
+
 from __future__ import print_function
 import sys
 import can