gallia 2.1.1

Extendable Pentesting Framework

Gallia

Gallia is an extendable pentesting framework with the focus on the automotive domain. The scope of the toolchain is conducting penetration tests from a single ECU up to whole cars. Currently, the main focus lies on the UDS interface. Acting as a generic interface, the logging functionality implements reproducible tests and enables post-processing tasks. The documentation is available in the docs/ folder.

Keep in mind that this project is intended for research and development usage only! Inappropriate usage might cause irreversible damage to the device under test. We do not take any responsibility for damage caused by the usage of this tool.

Testimonials

Levent Çelik et al. in Comparing Open-Source UDS Implementations Through Fuzz Testing:

Among the implementations we've identified, Gallia stands out as the most robust and dependable by a significant margin.

Quickstart

See the setup instructions.

First create a config template with --template, store it to a file called gallia.toml, and adjust it to your needs. gallia reads this file to set the defaults of the command line flags. All options correspond to a command line flag; the only required option for scans is gallia.scanner.target, for instance isotp://can0?src_addr=0x123&dst_addr=0x312&tx_padding=0xaa&rx_padding=0xaa.

$ gallia --template > gallia.toml

You are all set to start your first scan, for instance read the diagnostic trouble codes:

$ gallia primitive uds dtc read

The target can also be specified by the --target option on the command line. For the format of the --target argument see the transports documentation.

Acknowledgments

This work was partly funded by the German Federal Ministry of Education and Research (BMBF) as part of the SecForCARs project (grant no. 16KIS0790). This work was partly funded by the German Federal Ministry of Economic Affairs and Energy (BMWE) as part of the ATLAS-L4 project (grant no. 19A21048D). A short presentation and demo video is available at this page.