The Simple Complexity of Reverse Engineering a Vehicle CAN Bus

Automotive Original Equipment Manufacturers (OEMs) closely guard information about their products due to the significant investment in vehicle research and development. However, advancing automotive innovation often requires insights from existing systems to improve safety, efficiency, and performance. The Controller Area Network (CAN) bus remains the industry standard for communication between electronic control units (ECUs), yet CAN message specifications are typically proprietary and undocumented. This paper presents a case study involving the reverse engineering of CAN messages from a 2025 Toyota Grand Highlander powertrain. By capturing and analyzing communication between a diagnostics tester and the vehicle’s ECUs and replicating the communication, substituting A CAN case and software in place of a diagnostics tester, we were able to reverse engineer the vehicle's CAN bus, demonstrating a practical methodology for decoding and interpreting CAN traffic without prior access to proprietary data. The approach highlights both general principles and OEM-specific variations in message structure and encoding. The goal of this work is to support researchers and engineers in developing their own reverse engineering workflows. It illustrates that while the foundational techniques are consistent, adapting to vehicle-specific implementations is essential. The paper aims to provide a replicable process and to encourage further exploration in the field of automotive CAN analysis.