View
220
Download
2
Category
Preview:
Citation preview
Introduction to the Tools and Techniques of Car HackingMotor City ADAS Meetup GroupPresenter // John Kost
https://www.meetup.com/Motor-City-ADAS/
Modern Automotive Systems
● 1995 and newer vehicles have at least one CAN Bus.
● Dozens of embedded processors distributed throughout a modern vehicle.
➔ CAN Bus is made up two wires, CAN-H (CAN High) and CAN-L (CAN Low)
➔ The two CAN lines have the same sequence of data, but their amplitudes are opposite
➔ Pulse on the CAN-H line goes from 2.5V to 3.75V then the corresponding pulse on the CAN-L line goes from 2.5V to 1.25V
➔ Allows for greater noise immunity and therefore less chance of the data being corrupted
Status of bit with the value 0 = 2.5V differential voltage = dominant state
Status of bit with the value 1 = 0V differential voltage = recessive state
CAN Bus Messaging
Standards..the beautiful thing about standards is there are so many to choose from..
anonymous
➔ Two different ISO standards for CAN systems that relate to the physical layer: ISO 11898-3 low speed CAN up to 125 kb/s (distance up to 500 m) and ISO 11898-2 high speed CAN up to 1 Mb/s (distance up to 40 m).
➔ CAN protocol is further divided into two formats for the message frames 2.0A and 2.0B, the two standards differ in the size of the identifiers (ID):◆ Standard CAN (version 2.0A) uses 11 bit identifiers in
the arbitration field.◆ Extended CAN (version 2.0B) supports a length of 29
bits for the identifier, made up of the 11 bit identifier (base identifier) and an 18 bit extension.
Message Identifier: defines the level of priority of the data protocol. If, for instance, two CAN Nodes want to send their data protocol simultaneously, the CAN Node with the higher priority takes precedence. The lower the value the higher the priority of the message.
Diagnostic Systems - OBD-II
ELM327Onboard Diagnostics for the
Common Person
Android / iOSHandheld Utilities for Car Tuning
& Maintenance
➢ DashCommand➢ OBD Car Doctor➢ Torque Lite/Pro➢ ..many, many others in both App Stores..just
search on the keyword OBD2..
DIY CodeOpen-source Python Library
(with examples)
http://www.obdtester.com/pyobd-download
AT CommandsSerial Port Codingin your preferred
language
https://github.com/deshi-basara/libreXC/wiki/ELM327-AT-Command-Set
Deeper Into The Rabbit Hole ;)
Tools of theTrade
;)Open-source hardware is
always best..
http://www.8devices.com/products/usb2can/
Open-Source Tooling Volkswagen Group maintains a
repository of open-source software tools for CAN Bus on Linux
https://github.com/linux-can/can-utils
Open-Source Tooling
Kayak is an application for CAN bus diagnosis and monitoring. Its main goals are a simple interface and platform independence.
http://kayak.2codeornot2code.org/
Even Deeper Into The Rabbit Hole ;)
ReverseEngineering World-class reversing tool used by
three-letter agencies around the world.
https://www.hex-rays.com/products/ida/
Threat Vectors
The Short List★ ELM327 devices and ‘clones’★ Splitter cables (yes indeed)★ Mileage/power tuning ‘chips’★ HUD displays, performance
instrumentation etc.★ Infotainment systems (aftermarket)★ Smartphone Apps (including things like
CarPlay, Android Auto)★ Remote starters, unlocks★ Vehicle WiFi Access Point★ V2x communications (starting to appear)
Always be mindful of anything that plugs into or works with you car. Consider the source of the ‘products’ you may be using within your vehicle and the capabilities of your vehicle. For example, Cruise control. If somebody had access to your CAN Bus while you were in cruise mode, what potential harm could they perpetrate..
Join us:
Motor-City-ADASOshawa
https://www.meetup.com/
DON’T PANICNo Known Remote Attack Has Ever Been Carried Out Successfully..yet!!!
Manufacturers are required by law to ensure the safety of their vehicles. You can rest assured that your vehicle is safe.
The openness of the CAN Bus Standard allows the DIY’er or researcher to tinker. Knowledge is power in this context especially if you happen to be a modern car enthusiast. Freedom to explore, investigate and learn are the hallmarks of a technologically savvy community.
Hack Responsibly ;)
Recommended