A log file sits open, thousands of frames deep. Nothing looks wrong.
Then one byte flips.
Not randomly. Not cleanly. It flickers between two values like it’s tied to something you haven’t identified yet. You scroll. It lines up with nothing obvious. Speed? No. RPM? No. Something else.
This is the part where most tools stop helping.
They’ll show you the data. They won’t help you see it.
So I built something that does.
#showdev: CAN Playground — a local-first CAN bus analysis tool
I just finished CAN Playground
https://github.com/numbpill3d/can-playground
It’s a desktop CAN bus analysis tool built with Tauri. You can parse logs, visualize behavior, reverse engineer signals, or capture live traffic from a SocketCAN interface.
Everything runs locally. No telemetry. No network requests. Nothing leaves your machine.
That wasn’t a feature I added at the end. It was the constraint the whole project grew around.
The Problem I Kept Running Into
Most CAN tools are built for environments where the signals are already known.
You have a DBC. You have documentation. You’re validating, not exploring.
But a lot of the time, especially in reverse engineering or security work, you don’t have that luxury.
You’re staring at raw frames like:
123#AABBCCDDEEFF0011
…and trying to answer questions like:
- Which bytes actually matter?
- What changes under what conditions?
- Which IDs are correlated?
- Where are the signals hiding?
Traditional tooling gives you structure, but not leverage. You end up stitching together multiple tools, exporting data, writing scripts, reloading, repeating.
It breaks your flow.
CAN Playground is built to keep you inside that loop without constantly switching context.
Analysis Views That Actually Complement Each Other
Instead of one overloaded interface, the tool splits analysis into a few focused views. Each one answers a different kind of question.
Hex Dump
This is the foundation, but it’s not just a static table.
You get:
- Frame-by-frame byte tables with delta highlighting
- Baseline comparison against frame 0 or previous frames
- Signal overlays directly on top of bytes
- Per-cell tooltips showing hex, decimal, binary, and delta values
- Virtual scrolling that handles 100k+ frames without choking
- Keyboard navigation so you can step through frames quickly
It turns raw logs into something you can actually scan without losing context.
Delta Graph
Once you stop looking at individual frames, you start looking for movement.
The graph view lets you:
- Plot raw byte values or decoded signals
- Visualize message rate through inter-frame intervals
- Zoom with scroll and pan by dragging
- Toggle delta mode to focus only on changes
- Hide static bytes that add noise
- Overlay multiple CAN IDs to compare behavior
This is where patterns start to show up. Not because they’re labeled, but because you can isolate them.
Bit Map
Sometimes even bytes are too coarse.
The bitmap view renders a timeline at the bit level across all frames:
- Static bits are muted
- Toggling bits stay visible and color-coded per byte
- Hovering shows frame, byte, bit, value, and toggle status
- Large logs are automatically subsampled to stay responsive
If something flips once every few hundred frames, this is where you’ll catch it.
Stats
When you need a quick breakdown without manually scanning:
- Per-byte min, max, mean, and standard deviation
- Unique value counts and change rates
- Inline range bars for quick visual comparison
- Timing metrics like average rate, interval spread, and total span
It’s not trying to be a full analytics engine. It’s there to give you fast context.
Annotations (Signal Definition)
Reverse engineering without annotations gets messy fast.
You can define signals with:
- Start bit and length
- Byte order (Intel LE or Motorola BE)
- Type, scale, offset, and unit
Once defined, the tool decodes values live from incoming frames. You can also import a full DBC to auto-annotate matching IDs, or load/export signals as JSON.
This makes it easy to move between sessions without losing your work.
Input Is Flexible on Purpose
Logs come in messy. The tool doesn’t fight that.
Supported formats include:
candump- Simple
123#AABB...style logs - Vector
.asc - PCAN
.trc(v1.1 and v2.x)
You can drag and drop files directly, or load them through the UI. If timestamps are missing, they’re synthesized so you can still analyze timing behavior.
Live Capture Without Leaving the Tool
If you’re working on a live system:
- Connect to any SocketCAN interface (
can0,vcan0, etc.) - Frames stream in real time
- All views update live as data arrives
- Interfaces are auto-detected
It uses candump under the hood, so it fits naturally into existing Linux setups.
Small Details That Add Up
There are a few things that don’t sound important until you need them:
- Frame filtering with expressions like
B0>0x80 && B2==0xFF - Right-click copy as candump format, Python bytes, C arrays, or CSV
- ID labeling so you don’t have to remember raw values
- Full session save and restore, including annotations and labels
- CSV export of decoded signals across all frames
None of these are flashy. But together, they remove a lot of friction.
Why Tauri
Electron would’ve worked. It always works.
But I wanted something lighter, closer to the system, and easier to keep lean over time. Tauri gave me that without sacrificing a modern UI stack.
It also fits the local-first idea better. Less overhead, fewer moving parts, less hidden behavior.
What This Tool Is For
This isn’t meant to replace high-end automotive tooling.
It’s for:
- Reverse engineering unknown CAN networks
- Exploring behavior without a complete spec
- Security research on embedded systems
- Anyone who needs to understand traffic, not just decode it
If you already have a perfect DBC and just need clean outputs, there are other tools for that.
If you don’t, this is where things start to get interesting.
Try It
Repo is here:
https://github.com/numbpill3d/can-playground
It’s still evolving. There are rough edges. That’s expected.
If you end up using it and something feels off, or you find a better way to approach part of the workflow, I want to hear about it.
Most CAN analysis tools assume you already know what you’re looking at.
This one assumes you don’t.
That changes how you work more than you’d expect.
Top comments (0)