CAN frame decoder
The Controller Area Network is the nervous system of every modern car — the bus that carries messages between engine, brakes and dashboard. Paste a raw frame and this breaks out its structure. It’s the exact protocol my research defends, so I built the reader for it.
How it works
A classic CAN frame is mostly its arbitration ID and up to eight data bytes. The decoder accepts the two formats you actually meet — the candump form ID#DATA (e.g. 0C9#8A6014000000FFFF) and space-separated hex — and works out whether the ID is an 11-bit standard or 29-bit extended identifier, whether it’s a remote-transmission request, and the data length (DLC). Each data byte is shown as hex, decimal, binary and ASCII. The arbitration ID also sets priority: on CAN, the lower the ID, the sooner it wins the bus, so it’s flagged accordingly.
What the decoder deliberately does not do is invent meaning for the payload — turning bytes into “engine RPM” or “steering angle” needs a manufacturer-specific DBC database, which is proprietary and per-model. Showing the honest wire structure is the point.
And this is where the security angle lives: CAN was designed for a closed, trusted network, so it has no authentication and no encryption. Any node that reaches the bus can broadcast a frame with any ID, and every other node will believe it. That is precisely the attack surface my MSc research targets — training deep-learning intrusion detectors to spot malicious CAN traffic, and hardening them against adversarial evasion.