SlideShare une entreprise Scribd logo

Building your Car Hacking Labs & Car Hacking Community from Scratch

Télécharger en tant que PPTX, PDF
J
Jay Turla

This presentation was presented at Bsides Myanmar 2019 which focuses on giving the attendees an overview on how to procure cheap parts to start car hacking and some tools needed to get the work done. This is also a shout out to the community effort of the Car Hacking Village.

Technologie
1  sur  41
Building your Car Hacking Labs & Car Hacking Community from Scratch Jay Turla @shipcod3
> Disclaimer - Some humor images may (maybe lol) have explicit language or may be offensive (hope not) in them - Opinions/ideas/solutions expressed are mine and things I learned from the Car Hacking Village but not from my employer - CAN is not the only protocol we can use but this will be our focus for starting up (CAN Bus Basics)
> whoami - Jay Turla aka @shipcod3 - Security Ops Manager (Philippines) at Bugcrowd - ROOTCON Goon / CFP Review Board - Not the author of Turla Malware - One of the main organizers of the Car Hacking Village in ROOTCON and PH → #CarHackVillagePH - msf contributor (auxiliary & exploit modules)
> Previously on my topic related to this... - Car Infotainment Hacking Methodology and Attack Surface Scenarios > DEFCON PHV: https://www.youtube.com/watch?v=F0mYkI2FJ_4&t=1027s > ROOTCON: https://www.youtube.com/watch?v=DEcOLr9sqDU
Don’t Forget to Read This Book - Online version: http://opengarages.org/handbook/ebook/
> Why Car Hacking - It’s fun (great community) - We use it everyday - We want to ensure we are safe - More attack surfaces - My other computer is your car’s computer - Car Hacking bug bashes pay well
The Attack Surface of a Connected Vehicle Reference and Credits: https://argus-sec.com/attack-surface/
Bugcrowd Car Hacking Bug Bash @ Detroit
CAN & ECU - CAN - Controller Area Network - CAN is like the nervous system of the car and is connected via CAN Bus - ECU - Electronic Control Unit - ECUs are set of microprocessors and that the CAN bus protocol allows the ECus to communicate to each other - A modern car can have like 50+ ECUs - Sample ECUs: airbags, infotainment system, etc
CAN Frame Reference: https://en.wikipedia.org/wiki/CAN_bus#/media/File:CAN-Bus-frame_in_base_format_without_stuffbits.svg
First things first: BUILD a TEAM - Find a mentor (#carhacking) - Find colleagues interested in setting up a Car Hacking Village or a Car Hacking Labs - Ideal Team of Hackers, Electronic enthusiasts or hobbyists, and someone who has basic knowledge of automotive - Talk or email one of the guys from the @CarHackVillage like @mintynet, @carfucar, @d0rkv4d3r or I can also refer you to them
Why Build A Car Hacking Labs / Test Bench - Safe Environment - You don’t want to brick your car right?
> Starter Pack Instrument Cluster w/ Nano-Can ECU Simulator
> Medium Pack Taken during ROOTCON 13 at the Car Hacking Village PH
> Advance Pack (Car in a Box from @mintynet) Credits to my friend Ian Tabor aka mintynet for the pic
You can also Build your own Robocar https://github.com/d0rkv4d3r/RoboCars (credits to Sean)
Where to get some parts?
Disclaimer: This presentation is not sponsored by Ebay ;)
ECU Simulators are in Online Stores (Tindie, Alibaba, etc) - Support only OBD / UDS communications (limited)
Test Benches are Too Expensive like PASTA IT IS LIKE BUYING AN ACTUAL CAR
Car Hacking Tools You Need to Interact with the CAN - https://github.com/jaredthecoder/awesome-vehicle-security - Great collection of tools from that Github repo and some good resources as well but I have my favorites which are good if you <3 open source or you don’t want to pay a lot of software
My Favorite <3 nano-can CANtact STM32 Can Sniffer by TechMaker ValueCAN 4
Building your own 5$ Car Hacking Tool
nano-can PCB A 5$ car hacking tool
Solder the two components Arduino nano on top and MCP2515 on bottom (more info: https://github.com/mintynet/nano-can)
Additional Component Solder / Attach wire to Pin 6 to CAN Hi of the MCP2515 and Pin 14 to CAN Low of MCP2515
Samples
New version USB is near the pins of MCP2515
Upload code using Arduino IDE - Sample CAN Sniffer: https://github.com/mintynet/nano-can/tree/master/can- receive-all (CAN Receive All) - My other sketches: https://github.com/ROOTCONLabs/carhackingvillage/tr ee/master/sketches
Using other tools compatible with slcan- interfaces / CAN over Serial / SocketCAN
SocketCAN (summary from readme) - Controller Area Network Protocol Family - implementation of CAN protocols (Controller Area Network) for Linux - collection of CAN drivers and networking tools for Linux - This allows for developers to write code that can support a variety of CAN bus interfaces, including CANtact and STM32 CAN sniffer by TechMaker - Like TCP/IP, you first need to open a socket for communicating over a CAN network. - Unfortunately, SocketCAN only works on Linux. - Linux-CAN / SocketCAN user space applications: https://github.com/linux-can/can-utils / sudo apt-get install can-utils
Command-line Tools included in can-utils candump : display, filter and log CAN data to files canplayer : replay CAN logfiles cansend : send a single frame cangen : generate (random) CAN traffic cansniffer : display CAN data content differences (just 11bit CAN IDs)
CarHacking.Tools by jgamblin - collection of scripts to help jump start car research and hacking - All the scripts are designed to run on Ubuntu - Install via Virtual Machine: https://carhacking.tools/install/beta/CarHackingToolsCHVBeta.ova - Or can be installed via the repo: git clone https://github.com/jgamblin/carhackingtools cd CarHackingTools sudo chmod +x *.sh ./toolinstall.sh
Setting Up Most Devices CAN Speeds (-s* option for slcand) s0 10Kbps s1 20Kbps s2 50Kbps s3 100Kbps s4 125Kbps s5 250Kbps s6 500Kbps s7 800Kbps s8 1Mbps # This script enables SocketCAN sudo modprobe can sudo modprobe vcan sudo modprobe slcan sudo slcand -o -c -s6 /dev/ttyACM0 can0 sudo ifconfig can0 up
DEMO : Fuzzing the Instrument Cluster
> Next Project
No Hardware , No Problem https://github.com/zombieCraig/ICSim
shoutz and people you should follow related to #carhacking - @semprix : founder of @rootconph and car hacker as well - @carfucar: founder of @CarHackVillage - @mintynet: that nano-can guy & #CarHackVillageUK - @_specters_: cool guy, friend, car hacker as well and member of @TeamDumpstrFire - @TeamDumpstrFire: Young bloods composed of 5 car and hardware hackers - @WillCaruana: the guy who loves hacking elevators & hacker of cars (warning! HIGH Voltage) - @d0rkv4d3r: car hacker, CHV staff, and a very cool guy from *** (I didn’t ask permission to put him here) - @BusesCanFly: Member of @TeamDumpstrFire & young hardware hacker - @anvolhex - founder of @techmakerua - @Th3Mutley - yez another 1337 car h4x0r - @LennertWo - car hacker and PhD Researcher @CosicBe - @fronders - founder of @techmakerua - @rootkill3r - Founder and director of Amynasec.io - @NikhilBogam - car hacker from Lear - And some people in the pics of course (sorry guys)
References & Due Credits - Awesome Vehicle Security: https://github.com/jaredthecoder/awesome-vehicle-security - SocketCAN (summary by Linklayer): https://wiki.linklayer.com/index.php/SocketCAN - Car Hacking Village: https://www.carhackingvillage.com/ - CANalyzat0r: https://github.com/schutzwerk/CANalyzat0r - Readme file SocketCAN: https://www.kernel.org/doc/Documentation/networking/can.txt - CAN bus basics by Ian Tabor: https://www.mintynet.com/car-hack/chv-44con.pdf - And all of my friends in #carhackingvillage
Questions?

Recommandé

Semmle Codeql
Semmle Codeql Semmle Codeql
Semmle Codeql M. S.
 
Injection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniquesInjection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniquesenSilo
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellBeau Bullock
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalationnullthreat
 
PIC your malware
PIC your malwarePIC your malware
PIC your malwareCODE WHITE GmbH
 
How to name things: the hardest problem in programming
How to name things: the hardest problem in programmingHow to name things: the hardest problem in programming
How to name things: the hardest problem in programmingPeter Hilton
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device driversHoucheng Lin
 
Golang - Overview of Go (golang) Language
Golang - Overview of Go (golang) LanguageGolang - Overview of Go (golang) Language
Golang - Overview of Go (golang) LanguageAniruddha Chakrabarti
 

Recommandé

Semmle Codeql
Semmle Codeql Semmle Codeql
Semmle Codeql M. S.
 
Injection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniquesInjection on Steroids: Codeless code injection and 0-day techniques
Injection on Steroids: Codeless code injection and 0-day techniquesenSilo
 
Pwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellPwning the Enterprise With PowerShell
Pwning the Enterprise With PowerShellBeau Bullock
 
Fundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege EscalationFundamentals of Linux Privilege Escalation
Fundamentals of Linux Privilege Escalationnullthreat
 
PIC your malware
PIC your malwarePIC your malware
PIC your malwareCODE WHITE GmbH
 
How to name things: the hardest problem in programming
How to name things: the hardest problem in programmingHow to name things: the hardest problem in programming
How to name things: the hardest problem in programmingPeter Hilton
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device driversHoucheng Lin
 
Golang - Overview of Go (golang) Language
Golang - Overview of Go (golang) LanguageGolang - Overview of Go (golang) Language
Golang - Overview of Go (golang) LanguageAniruddha Chakrabarti
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team ApocalypseBeau Bullock
 
Introduction to Rust language programming
Introduction to Rust language programmingIntroduction to Rust language programming
Introduction to Rust language programmingRodolfo Finochietti
 
Page Cache in Linux 2.6.pdf
Page Cache in Linux 2.6.pdfPage Cache in Linux 2.6.pdf
Page Cache in Linux 2.6.pdfycelgemici1
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
 
Client side attacks using PowerShell
Client side attacks using PowerShellClient side attacks using PowerShell
Client side attacks using PowerShellNikhil Mittal
 
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Edureka!
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
A Case Study in Attacking KeePass
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePassWill Schroeder
 
An introduction to Google test framework
An introduction to Google test frameworkAn introduction to Google test framework
An introduction to Google test frameworkAbner Chih Yi Huang
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case studyDusan Klinec
 
Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#Mauricio Velazco
 
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Tom Cappetta
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army ToolChandrapal Badshah
 
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesXXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesAbraham Aranguren
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverLinaro
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 
Cache coloring Xen Summit 2020
Cache coloring Xen Summit 2020Cache coloring Xen Summit 2020
Cache coloring Xen Summit 2020Stefano Stabellini
 
Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEVJasper Nuyens
 
Automotive Security Bugs Explained for Bug Hunters
Automotive Security Bugs Explained for Bug HuntersAutomotive Security Bugs Explained for Bug Hunters
Automotive Security Bugs Explained for Bug HuntersJay Turla
 

Contenu connexe

Tendances

Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team ApocalypseBeau Bullock
 
Introduction to Rust language programming
Introduction to Rust language programmingIntroduction to Rust language programming
Introduction to Rust language programmingRodolfo Finochietti
 
Page Cache in Linux 2.6.pdf
Page Cache in Linux 2.6.pdfPage Cache in Linux 2.6.pdf
Page Cache in Linux 2.6.pdfycelgemici1
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked LookJason Lang
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
 
Client side attacks using PowerShell
Client side attacks using PowerShellClient side attacks using PowerShell
Client side attacks using PowerShellNikhil Mittal
 
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Edureka!
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
A Case Study in Attacking KeePass
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePassWill Schroeder
 
An introduction to Google test framework
An introduction to Google test frameworkAn introduction to Google test framework
An introduction to Google test frameworkAbner Chih Yi Huang
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case studyDusan Klinec
 
Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#Mauricio Velazco
 
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Tom Cappetta
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesXXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesAbraham Aranguren
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverLinaro
 
Cache coloring Xen Summit 2020
Cache coloring Xen Summit 2020Cache coloring Xen Summit 2020
Cache coloring Xen Summit 2020Stefano Stabellini
 

Tendances (20)

Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team Apocalypse
 
Introduction to Rust language programming
Introduction to Rust language programmingIntroduction to Rust language programming
Introduction to Rust language programming
 
Page Cache in Linux 2.6.pdf
Page Cache in Linux 2.6.pdfPage Cache in Linux 2.6.pdf
Page Cache in Linux 2.6.pdf
 
Red Team Methodology - A Naked Look
Red Team Methodology - A Naked LookRed Team Methodology - A Naked Look
Red Team Methodology - A Naked Look
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
 
Client side attacks using PowerShell
Client side attacks using PowerShellClient side attacks using PowerShell
Client side attacks using PowerShell
 
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
Linux Training For Beginners | Linux Administration Tutorial | Introduction T...
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
 
A Case Study in Attacking KeePass
A Case Study in Attacking KeePassA Case Study in Attacking KeePass
A Case Study in Attacking KeePass
 
An introduction to Google test framework
An introduction to Google test frameworkAn introduction to Google test framework
An introduction to Google test framework
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case study
 
Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#
 
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
Cyber Range - An Open-Source Offensive / Defensive Learning Environment on AWS
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web ServicesXXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Cache coloring Xen Summit 2020
Cache coloring Xen Summit 2020Cache coloring Xen Summit 2020
Cache coloring Xen Summit 2020
 

Similaire à Building your Car Hacking Labs & Car Hacking Community from Scratch

Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEVJasper Nuyens
 
Automotive Security Bugs Explained for Bug Hunters
Automotive Security Bugs Explained for Bug HuntersAutomotive Security Bugs Explained for Bug Hunters
Automotive Security Bugs Explained for Bug HuntersJay Turla
 
Velocity London - Chaos Engineering Bootcamp
Velocity London - Chaos Engineering Bootcamp Velocity London - Chaos Engineering Bootcamp
Velocity London - Chaos Engineering Bootcamp Ana Medina
 
Tesla hacking presentation fri3d
Tesla hacking presentation fri3dTesla hacking presentation fri3d
Tesla hacking presentation fri3dJasper Nuyens
 
Tesla hacking presentation 'jaarbeurs World of Technology and Science' Octobe...
Tesla hacking presentation 'jaarbeurs World of Technology and Science' Octobe...Tesla hacking presentation 'jaarbeurs World of Technology and Science' Octobe...
Tesla hacking presentation 'jaarbeurs World of Technology and Science' Octobe...Jasper Nuyens
 
Fuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiFuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiRahul Sasi
 
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersCfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersRaphaël PINSON
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...EC-Council
 
Operating Docker
Operating DockerOperating Docker
Operating DockerJen Andre
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialSamsung Open Source Group
 
ROCm and Distributed Deep Learning on Spark and TensorFlow
ROCm and Distributed Deep Learning on Spark and TensorFlowROCm and Distributed Deep Learning on Spark and TensorFlow
ROCm and Distributed Deep Learning on Spark and TensorFlowDatabricks
 
Building a Gateway Server
Building a Gateway ServerBuilding a Gateway Server
Building a Gateway ServerDashamir Hoxha
 
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...Mike Qin
 
Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Commit University
 
DevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdfDevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdfkanedafromparis
 
PuppetConf 2014 Killer R10K Workflow With Notes
PuppetConf 2014 Killer R10K Workflow With NotesPuppetConf 2014 Killer R10K Workflow With Notes
PuppetConf 2014 Killer R10K Workflow With NotesPhil Zimmerman
 
Building your own RC Car with Raspberry Pi
Building your own RC Car with Raspberry PiBuilding your own RC Car with Raspberry Pi
Building your own RC Car with Raspberry PiJeff Prestes
 

Similaire à Building your Car Hacking Labs & Car Hacking Community from Scratch (20)

Tesla Hacking to FreedomEV
Tesla Hacking to FreedomEVTesla Hacking to FreedomEV
Tesla Hacking to FreedomEV
 
Automotive Security Bugs Explained for Bug Hunters
Automotive Security Bugs Explained for Bug HuntersAutomotive Security Bugs Explained for Bug Hunters
Automotive Security Bugs Explained for Bug Hunters
 
Velocity London - Chaos Engineering Bootcamp
Velocity London - Chaos Engineering Bootcamp Velocity London - Chaos Engineering Bootcamp
Velocity London - Chaos Engineering Bootcamp
 
Tesla hacking presentation fri3d
Tesla hacking presentation fri3dTesla hacking presentation fri3d
Tesla hacking presentation fri3d
 
Tesla hacking presentation 'jaarbeurs World of Technology and Science' Octobe...
Tesla hacking presentation 'jaarbeurs World of Technology and Science' Octobe...Tesla hacking presentation 'jaarbeurs World of Technology and Science' Octobe...
Tesla hacking presentation 'jaarbeurs World of Technology and Science' Octobe...
 
Fuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasiFuzzing usb modems rahu_sasi
Fuzzing usb modems rahu_sasi
 
Cfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF SuperpowersCfgmgmtcamp 2023 — eBPF Superpowers
Cfgmgmtcamp 2023 — eBPF Superpowers
 
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
SWAT Style – Live Network Crypto Hacking and Exploitation by Kevin Cardwell a...
 
Operating Docker
Operating DockerOperating Docker
Operating Docker
 
IoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorialIoTivity for Automotive: meta-ocf-automotive tutorial
IoTivity for Automotive: meta-ocf-automotive tutorial
 
ROCm and Distributed Deep Learning on Spark and TensorFlow
ROCm and Distributed Deep Learning on Spark and TensorFlowROCm and Distributed Deep Learning on Spark and TensorFlow
ROCm and Distributed Deep Learning on Spark and TensorFlow
 
Building a Gateway Server
Building a Gateway ServerBuilding a Gateway Server
Building a Gateway Server
 
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...
Blockchain Software for Hardware: The Canaan AvalonMiner Open Source Embedded...
 
Building aosp
Building aospBuilding aosp
Building aosp
 
Bettercap
BettercapBettercap
Bettercap
 
Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!Microservices, la risposta che (forse) cercavi!
Microservices, la risposta che (forse) cercavi!
 
DevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdfDevOpSec_DockerNPodMan-20230220.pdf
DevOpSec_DockerNPodMan-20230220.pdf
 
PuppetConf 2014 Killer R10K Workflow With Notes
PuppetConf 2014 Killer R10K Workflow With NotesPuppetConf 2014 Killer R10K Workflow With Notes
PuppetConf 2014 Killer R10K Workflow With Notes
 
Building your own RC Car with Raspberry Pi
Building your own RC Car with Raspberry PiBuilding your own RC Car with Raspberry Pi
Building your own RC Car with Raspberry Pi
 
Backtrack Manual Part4
Backtrack Manual Part4Backtrack Manual Part4
Backtrack Manual Part4
 

Dernier

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 

Dernier (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 

Building your Car Hacking Labs & Car Hacking Community from Scratch

  • 1. Building your Car Hacking Labs & Car Hacking Community from Scratch Jay Turla @shipcod3
  • 2. > Disclaimer - Some humor images may (maybe lol) have explicit language or may be offensive (hope not) in them - Opinions/ideas/solutions expressed are mine and things I learned from the Car Hacking Village but not from my employer - CAN is not the only protocol we can use but this will be our focus for starting up (CAN Bus Basics)
  • 3. > whoami - Jay Turla aka @shipcod3 - Security Ops Manager (Philippines) at Bugcrowd - ROOTCON Goon / CFP Review Board - Not the author of Turla Malware - One of the main organizers of the Car Hacking Village in ROOTCON and PH → #CarHackVillagePH - msf contributor (auxiliary & exploit modules)
  • 4. > Previously on my topic related to this... - Car Infotainment Hacking Methodology and Attack Surface Scenarios > DEFCON PHV: https://www.youtube.com/watch?v=F0mYkI2FJ_4&t=1027s > ROOTCON: https://www.youtube.com/watch?v=DEcOLr9sqDU
  • 5.
  • 6. Don’t Forget to Read This Book - Online version: http://opengarages.org/handbook/ebook/
  • 7. > Why Car Hacking - It’s fun (great community) - We use it everyday - We want to ensure we are safe - More attack surfaces - My other computer is your car’s computer - Car Hacking bug bashes pay well
  • 8. The Attack Surface of a Connected Vehicle Reference and Credits: https://argus-sec.com/attack-surface/
  • 9. Bugcrowd Car Hacking Bug Bash @ Detroit
  • 10. CAN & ECU - CAN - Controller Area Network - CAN is like the nervous system of the car and is connected via CAN Bus - ECU - Electronic Control Unit - ECUs are set of microprocessors and that the CAN bus protocol allows the ECus to communicate to each other - A modern car can have like 50+ ECUs - Sample ECUs: airbags, infotainment system, etc
  • 12. First things first: BUILD a TEAM - Find a mentor (#carhacking) - Find colleagues interested in setting up a Car Hacking Village or a Car Hacking Labs - Ideal Team of Hackers, Electronic enthusiasts or hobbyists, and someone who has basic knowledge of automotive - Talk or email one of the guys from the @CarHackVillage like @mintynet, @carfucar, @d0rkv4d3r or I can also refer you to them
  • 13. Why Build A Car Hacking Labs / Test Bench - Safe Environment - You don’t want to brick your car right?
  • 14. > Starter Pack Instrument Cluster w/ Nano-Can ECU Simulator
  • 15. > Medium Pack Taken during ROOTCON 13 at the Car Hacking Village PH
  • 16. > Advance Pack (Car in a Box from @mintynet) Credits to my friend Ian Tabor aka mintynet for the pic
  • 17. You can also Build your own Robocar https://github.com/d0rkv4d3r/RoboCars (credits to Sean)
  • 18. Where to get some parts?
  • 19. Disclaimer: This presentation is not sponsored by Ebay ;)
  • 20. ECU Simulators are in Online Stores (Tindie, Alibaba, etc) - Support only OBD / UDS communications (limited)
  • 21. Test Benches are Too Expensive like PASTA IT IS LIKE BUYING AN ACTUAL CAR
  • 22. Car Hacking Tools You Need to Interact with the CAN - https://github.com/jaredthecoder/awesome-vehicle-security - Great collection of tools from that Github repo and some good resources as well but I have my favorites which are good if you <3 open source or you don’t want to pay a lot of software
  • 23. My Favorite <3 nano-can CANtact STM32 Can Sniffer by TechMaker ValueCAN 4
  • 24. Building your own 5$ Car Hacking Tool
  • 25. nano-can PCB A 5$ car hacking tool
  • 26. Solder the two components Arduino nano on top and MCP2515 on bottom (more info: https://github.com/mintynet/nano-can)
  • 27. Additional Component Solder / Attach wire to Pin 6 to CAN Hi of the MCP2515 and Pin 14 to CAN Low of MCP2515
  • 29. New version USB is near the pins of MCP2515
  • 30. Upload code using Arduino IDE - Sample CAN Sniffer: https://github.com/mintynet/nano-can/tree/master/can- receive-all (CAN Receive All) - My other sketches: https://github.com/ROOTCONLabs/carhackingvillage/tr ee/master/sketches
  • 31. Using other tools compatible with slcan- interfaces / CAN over Serial / SocketCAN
  • 32. SocketCAN (summary from readme) - Controller Area Network Protocol Family - implementation of CAN protocols (Controller Area Network) for Linux - collection of CAN drivers and networking tools for Linux - This allows for developers to write code that can support a variety of CAN bus interfaces, including CANtact and STM32 CAN sniffer by TechMaker - Like TCP/IP, you first need to open a socket for communicating over a CAN network. - Unfortunately, SocketCAN only works on Linux. - Linux-CAN / SocketCAN user space applications: https://github.com/linux-can/can-utils / sudo apt-get install can-utils
  • 33. Command-line Tools included in can-utils candump : display, filter and log CAN data to files canplayer : replay CAN logfiles cansend : send a single frame cangen : generate (random) CAN traffic cansniffer : display CAN data content differences (just 11bit CAN IDs)
  • 34. CarHacking.Tools by jgamblin - collection of scripts to help jump start car research and hacking - All the scripts are designed to run on Ubuntu - Install via Virtual Machine: https://carhacking.tools/install/beta/CarHackingToolsCHVBeta.ova - Or can be installed via the repo: git clone https://github.com/jgamblin/carhackingtools cd CarHackingTools sudo chmod +x *.sh ./toolinstall.sh
  • 35. Setting Up Most Devices CAN Speeds (-s* option for slcand) s0 10Kbps s1 20Kbps s2 50Kbps s3 100Kbps s4 125Kbps s5 250Kbps s6 500Kbps s7 800Kbps s8 1Mbps # This script enables SocketCAN sudo modprobe can sudo modprobe vcan sudo modprobe slcan sudo slcand -o -c -s6 /dev/ttyACM0 can0 sudo ifconfig can0 up
  • 36. DEMO : Fuzzing the Instrument Cluster
  • 38. No Hardware , No Problem https://github.com/zombieCraig/ICSim
  • 39. shoutz and people you should follow related to #carhacking - @semprix : founder of @rootconph and car hacker as well - @carfucar: founder of @CarHackVillage - @mintynet: that nano-can guy & #CarHackVillageUK - @_specters_: cool guy, friend, car hacker as well and member of @TeamDumpstrFire - @TeamDumpstrFire: Young bloods composed of 5 car and hardware hackers - @WillCaruana: the guy who loves hacking elevators & hacker of cars (warning! HIGH Voltage) - @d0rkv4d3r: car hacker, CHV staff, and a very cool guy from *** (I didn’t ask permission to put him here) - @BusesCanFly: Member of @TeamDumpstrFire & young hardware hacker - @anvolhex - founder of @techmakerua - @Th3Mutley - yez another 1337 car h4x0r - @LennertWo - car hacker and PhD Researcher @CosicBe - @fronders - founder of @techmakerua - @rootkill3r - Founder and director of Amynasec.io - @NikhilBogam - car hacker from Lear - And some people in the pics of course (sorry guys)
  • 40. References & Due Credits - Awesome Vehicle Security: https://github.com/jaredthecoder/awesome-vehicle-security - SocketCAN (summary by Linklayer): https://wiki.linklayer.com/index.php/SocketCAN - Car Hacking Village: https://www.carhackingvillage.com/ - CANalyzat0r: https://github.com/schutzwerk/CANalyzat0r - Readme file SocketCAN: https://www.kernel.org/doc/Documentation/networking/can.txt - CAN bus basics by Ian Tabor: https://www.mintynet.com/car-hack/chv-44con.pdf - And all of my friends in #carhackingvillage