Introduction to the Tools and Techniques of Car HackingMotor City ADAS Meetup GroupPresenter // John Kost

https://www.meetup.com/Motor-City-ADAS/

Modern Automotive Systems

● 1995 and newer vehicles have at least one CAN Bus.

● Dozens of embedded processors distributed throughout a modern vehicle.

➔ CAN Bus is made up two wires, CAN-H (CAN High) and CAN-L (CAN Low)

➔ The two CAN lines have the same sequence of data, but their amplitudes are opposite

➔ Pulse on the CAN-H line goes from 2.5V to 3.75V then the corresponding pulse on the CAN-L line goes from 2.5V to 1.25V

➔ Allows for greater noise immunity and therefore less chance of the data being corrupted

Status of bit with the value 0 = 2.5V differential voltage = dominant state

Status of bit with the value 1 = 0V differential voltage = recessive state

CAN Bus Messaging

Standards..the beautiful thing about standards is there are so many to choose from..

anonymous

➔ Two different ISO standards for CAN systems that relate to the physical layer: ISO 11898-3 low speed CAN up to 125 kb/s (distance up to 500 m) and ISO 11898-2 high speed CAN up to 1 Mb/s (distance up to 40 m).

➔ CAN protocol is further divided into two formats for the message frames 2.0A and 2.0B, the two standards differ in the size of the identifiers (ID):◆ Standard CAN (version 2.0A) uses 11 bit identifiers in

the arbitration field.◆ Extended CAN (version 2.0B) supports a length of 29

bits for the identifier, made up of the 11 bit identifier (base identifier) and an 18 bit extension.

Message Identifier: defines the level of priority of the data protocol. If, for instance, two CAN Nodes want to send their data protocol simultaneously, the CAN Node with the higher priority takes precedence. The lower the value the higher the priority of the message.

Diagnostic Systems - OBD-II

ELM327Onboard Diagnostics for the

Common Person

Android / iOSHandheld Utilities for Car Tuning

& Maintenance

➢ DashCommand➢ OBD Car Doctor➢ Torque Lite/Pro➢ ..many, many others in both App Stores..just

search on the keyword OBD2..

DIY CodeOpen-source Python Library

(with examples)

http://www.obdtester.com/pyobd-download

AT CommandsSerial Port Codingin your preferred

language

https://github.com/deshi-basara/libreXC/wiki/ELM327-AT-Command-Set

Deeper Into The Rabbit Hole ;)

Tools of theTrade

;)Open-source hardware is

always best..

http://www.8devices.com/products/usb2can/

Open-Source Tooling Volkswagen Group maintains a

repository of open-source software tools for CAN Bus on Linux

https://github.com/linux-can/can-utils

Open-Source Tooling

Kayak is an application for CAN bus diagnosis and monitoring. Its main goals are a simple interface and platform independence.

http://kayak.2codeornot2code.org/

Even Deeper Into The Rabbit Hole ;)

ReverseEngineering World-class reversing tool used by

three-letter agencies around the world.

https://www.hex-rays.com/products/ida/

Threat Vectors

The Short List★ ELM327 devices and ‘clones’★ Splitter cables (yes indeed)★ Mileage/power tuning ‘chips’★ HUD displays, performance

instrumentation etc.★ Infotainment systems (aftermarket)★ Smartphone Apps (including things like

CarPlay, Android Auto)★ Remote starters, unlocks★ Vehicle WiFi Access Point★ V2x communications (starting to appear)

Always be mindful of anything that plugs into or works with you car. Consider the source of the ‘products’ you may be using within your vehicle and the capabilities of your vehicle. For example, Cruise control. If somebody had access to your CAN Bus while you were in cruise mode, what potential harm could they perpetrate..

Join us:

Motor-City-ADASOshawa

https://www.meetup.com/

DON’T PANICNo Known Remote Attack Has Ever Been Carried Out Successfully..yet!!!

Manufacturers are required by law to ensure the safety of their vehicles. You can rest assured that your vehicle is safe.

The openness of the CAN Bus Standard allows the DIY’er or researcher to tinker. Knowledge is power in this context especially if you happen to be a modern car enthusiast. Freedom to explore, investigate and learn are the hallmarks of a technologically savvy community.

Hack Responsibly ;)