This presentation was presented at Bsides Myanmar 2019 which focuses on giving the attendees an overview on how to procure cheap parts to start car hacking and some tools needed to get the work done. This is also a shout out to the community effort of the Car Hacking Village.
What's New in Teams Calling, Meetings and Devices March 2024
Building your Car Hacking Labs & Car Hacking Community from Scratch
1. Building your Car Hacking
Labs & Car Hacking
Community from Scratch
Jay Turla @shipcod3
2. > Disclaimer
- Some humor images may (maybe lol) have explicit language or may be offensive (hope not)
in them
- Opinions/ideas/solutions expressed are mine and things I learned from the Car Hacking
Village but not from my employer
- CAN is not the only protocol we can use but this will be our focus for starting up (CAN Bus
Basics)
3. > whoami
- Jay Turla aka @shipcod3
- Security Ops Manager (Philippines) at Bugcrowd
- ROOTCON Goon / CFP Review Board
- Not the author of Turla Malware
- One of the main organizers of the Car Hacking Village in ROOTCON and PH
→ #CarHackVillagePH
- msf contributor (auxiliary & exploit modules)
4. > Previously on my topic related to this...
- Car Infotainment Hacking Methodology and Attack Surface Scenarios
> DEFCON PHV: https://www.youtube.com/watch?v=F0mYkI2FJ_4&t=1027s
> ROOTCON: https://www.youtube.com/watch?v=DEcOLr9sqDU
5.
6. Don’t Forget to Read This Book
- Online version: http://opengarages.org/handbook/ebook/
7. > Why Car Hacking
- It’s fun (great community)
- We use it everyday
- We want to ensure we are safe
- More attack surfaces
- My other computer is your car’s
computer
- Car Hacking bug bashes
pay well
8. The Attack Surface of a Connected Vehicle
Reference and Credits: https://argus-sec.com/attack-surface/
10. CAN & ECU
- CAN - Controller Area Network
- CAN is like the nervous system of the car and is connected via CAN
Bus
- ECU - Electronic Control Unit
- ECUs are set of microprocessors and that the CAN bus protocol
allows the ECus to communicate to each other
- A modern car can have like 50+ ECUs
- Sample ECUs: airbags, infotainment system, etc
12. First things first: BUILD a TEAM
- Find a mentor (#carhacking)
- Find colleagues interested in setting up a Car Hacking Village or a Car
Hacking Labs
- Ideal Team of Hackers, Electronic enthusiasts or hobbyists, and someone
who has basic knowledge of automotive
- Talk or email one of the guys from the @CarHackVillage like @mintynet,
@carfucar, @d0rkv4d3r or I can also refer you to them
13. Why Build A Car Hacking Labs / Test Bench
- Safe Environment
- You don’t want to brick your car right?
20. ECU Simulators are in Online Stores (Tindie, Alibaba, etc)
- Support only OBD / UDS communications (limited)
21. Test Benches are Too Expensive like PASTA
IT
IS
LIKE
BUYING
AN
ACTUAL
CAR
22. Car Hacking Tools You Need to Interact with the CAN
- https://github.com/jaredthecoder/awesome-vehicle-security
- Great collection of tools from that Github repo and some good resources as
well but I have my favorites which are good if you <3 open source or you don’t
want to pay a lot of software
30. Upload code
using Arduino
IDE
- Sample CAN Sniffer:
https://github.com/mintynet/nano-can/tree/master/can-
receive-all (CAN Receive All)
- My other sketches:
https://github.com/ROOTCONLabs/carhackingvillage/tr
ee/master/sketches
31. Using other tools compatible with slcan-
interfaces / CAN over Serial /
SocketCAN
32. SocketCAN (summary from readme)
- Controller Area Network Protocol Family
- implementation of CAN protocols (Controller Area Network) for Linux
- collection of CAN drivers and networking tools for Linux
- This allows for developers to write code that can support a variety of CAN bus
interfaces, including CANtact and STM32 CAN sniffer by TechMaker
- Like TCP/IP, you first need to open a socket for communicating over a CAN
network.
- Unfortunately, SocketCAN only works on Linux.
- Linux-CAN / SocketCAN user space applications: https://github.com/linux-can/can-utils /
sudo apt-get install can-utils
33. Command-line Tools included in can-utils
candump : display, filter and log CAN data to files
canplayer : replay CAN logfiles
cansend : send a single frame
cangen : generate (random) CAN traffic
cansniffer : display CAN data content differences (just 11bit CAN IDs)
34. CarHacking.Tools by jgamblin
- collection of scripts to help jump start car research and hacking
- All the scripts are designed to run on Ubuntu
- Install via Virtual Machine:
https://carhacking.tools/install/beta/CarHackingToolsCHVBeta.ova
- Or can be installed via the repo:
git clone https://github.com/jgamblin/carhackingtools
cd CarHackingTools
sudo chmod +x *.sh
./toolinstall.sh
35. Setting Up Most
Devices
CAN Speeds (-s* option for
slcand)
s0 10Kbps
s1 20Kbps
s2 50Kbps
s3 100Kbps
s4 125Kbps
s5 250Kbps
s6 500Kbps
s7 800Kbps
s8 1Mbps
# This script enables SocketCAN
sudo modprobe can
sudo modprobe vcan
sudo modprobe slcan
sudo slcand -o -c -s6
/dev/ttyACM0 can0
sudo ifconfig can0 up
38. No Hardware , No Problem
https://github.com/zombieCraig/ICSim
39. shoutz and people you should follow related to #carhacking
- @semprix : founder of @rootconph and car hacker as well
- @carfucar: founder of @CarHackVillage
- @mintynet: that nano-can guy & #CarHackVillageUK
- @_specters_: cool guy, friend, car hacker as well and member of @TeamDumpstrFire
- @TeamDumpstrFire: Young bloods composed of 5 car and hardware hackers
- @WillCaruana: the guy who loves hacking elevators & hacker of cars (warning! HIGH Voltage)
- @d0rkv4d3r: car hacker, CHV staff, and a very cool guy from *** (I didn’t ask permission to put him here)
- @BusesCanFly: Member of @TeamDumpstrFire & young hardware hacker
- @anvolhex - founder of @techmakerua
- @Th3Mutley - yez another 1337 car h4x0r
- @LennertWo - car hacker and PhD Researcher @CosicBe
- @fronders - founder of @techmakerua
- @rootkill3r - Founder and director of Amynasec.io
- @NikhilBogam - car hacker from Lear
- And some people in the pics of course (sorry guys)
40. References & Due Credits
- Awesome Vehicle Security: https://github.com/jaredthecoder/awesome-vehicle-security
- SocketCAN (summary by Linklayer): https://wiki.linklayer.com/index.php/SocketCAN
- Car Hacking Village: https://www.carhackingvillage.com/
- CANalyzat0r: https://github.com/schutzwerk/CANalyzat0r
- Readme file SocketCAN: https://www.kernel.org/doc/Documentation/networking/can.txt
- CAN bus basics by Ian Tabor: https://www.mintynet.com/car-hack/chv-44con.pdf
- And all of my friends in #carhackingvillage