Issues Using CAN Functionality in CoreModel #1
Description
I'm currently testing the ability to send CAN messages from my local PC to a Corellium VM. The software I'm developing heavily relies on CAN communication, so if I can integrate it with Corellium VMs, it would be a great testing setup.
Following the official guide, I created two virtual devices — one with i.MX 93 and another with i.MX 8M Plus (https://app.avh.corellium.com/).
For the CoreModel code, I'm using the latest version including this commit:
47a0d99
After the VM finishes booting, I enabled the CAN interface inside the VM like this:
# ip link set can0 type can bitrate 500000
# ip link set can0 up
Since this is virtual hardware, I assume the bitrate setting doesn’t actually affect much.
Then, I slightly modified the CAN example from CoreModel so I can send data from my PC to the VM. Here's the code I'm using:
uint64_t ctrl[2];
ctrl[0] = ((0x8ul << CAN_CTRL_DLC_SHIFT) & CAN_CTRL_DLC_MASK) |
((0x123ul << CAN_CTRL_ID_SHIFT) & CAN_CTRL_ID_MASK);
ctrl[1] = 0;
printf("%016lx %016lx %016lx\n", ctrl[0], ctrl[1], CAN_CTRL_ID_MASK);
uint8_t data[8] = {0x10, 0x20, 0x30, 0x40, 0x50, 0x60, 0x70, 0x80}; // payload
int ret = coremodel_can_rx(handle, ctrl, data);
if (ret == 0) {
printf("success\n");
} else {
printf("failed\n");
}
Here’s what I found:
i.MX 93 VM
When sending CAN data from the PC, I receive a NACK response.
Inside the VM, I tried sending data via cansend tool, but nothing is received on the PC side via the coremodel-can binary.
i.MX 8M Plus VM
The CAN message from PC to VM does go through — I get an ACK and I can see the exact payload on the VM via candump.
imx8mpevk login: root
root@imx8mpevk:~#
root@imx8mpevk:~#
root@imx8mpevk:~# [ 31.709191] can1-stby: disabling
[ 31.709238] can2-stby: disabling
root@imx8mpevk:~# ip link set can0 type can bitrate 500000
root@imx8mpevk:~# ip link set can0 up
[ 38.421552] IPv6: ADDRCONF(NETDEV_CHANGE): can0: link becomes ready
root@imx8mpevk:~# candump can0
[ 42.520703] can: controller area network core
[ 42.520779] NET: Registered protocol family 29
[ 42.521711] can: raw protocol
can0 010 [08] 10 20 30 40 50 60 70 80
can0 010 [08] 10 20 30 40 50 60 70 80
can0 010 [08] 11 22 33 44 55 66 77 88
However, the CAN ID is not being set properly. No matter what value I use, the VM always sees the same CAN ID.
Sometimes the ID changes after a VM reboot, but not in response to what I send.
Also, if I try to run cansend from the VM, it freezes completely. The only option is to restart, which takes quite a while.
Could you please help review these issues with CAN usage in Corellium?
If I'm doing something wrong in my test setup, I’d really appreciate any guidance or corrections.
Thanks!