Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Building your Car Hacking Labs & Car Hacking Community from Scratch

580 views

Published on

This presentation was presented at Bsides Myanmar 2019 which focuses on giving the attendees an overview on how to procure cheap parts to start car hacking and some tools needed to get the work done. This is also a shout out to the community effort of the Car Hacking Village.

Published in: Technology
  • Be the first to comment

Building your Car Hacking Labs & Car Hacking Community from Scratch

  1. 1. Building your Car Hacking Labs & Car Hacking Community from Scratch Jay Turla @shipcod3
  2. 2. > Disclaimer - Some humor images may (maybe lol) have explicit language or may be offensive (hope not) in them - Opinions/ideas/solutions expressed are mine and things I learned from the Car Hacking Village but not from my employer - CAN is not the only protocol we can use but this will be our focus for starting up (CAN Bus Basics)
  3. 3. > whoami - Jay Turla aka @shipcod3 - Security Ops Manager (Philippines) at Bugcrowd - ROOTCON Goon / CFP Review Board - Not the author of Turla Malware - One of the main organizers of the Car Hacking Village in ROOTCON and PH → #CarHackVillagePH - msf contributor (auxiliary & exploit modules)
  4. 4. > Previously on my topic related to this... - Car Infotainment Hacking Methodology and Attack Surface Scenarios > DEFCON PHV: https://www.youtube.com/watch?v=F0mYkI2FJ_4&t=1027s > ROOTCON: https://www.youtube.com/watch?v=DEcOLr9sqDU
  5. 5. Don’t Forget to Read This Book - Online version: http://opengarages.org/handbook/ebook/
  6. 6. > Why Car Hacking - It’s fun (great community) - We use it everyday - We want to ensure we are safe - More attack surfaces - My other computer is your car’s computer - Car Hacking bug bashes pay well
  7. 7. The Attack Surface of a Connected Vehicle Reference and Credits: https://argus-sec.com/attack-surface/
  8. 8. Bugcrowd Car Hacking Bug Bash @ Detroit
  9. 9. CAN & ECU - CAN - Controller Area Network - CAN is like the nervous system of the car and is connected via CAN Bus - ECU - Electronic Control Unit - ECUs are set of microprocessors and that the CAN bus protocol allows the ECus to communicate to each other - A modern car can have like 50+ ECUs - Sample ECUs: airbags, infotainment system, etc
  10. 10. CAN Frame Reference: https://en.wikipedia.org/wiki/CAN_bus#/media/File:CAN-Bus-frame_in_base_format_without_stuffbits.svg
  11. 11. First things first: BUILD a TEAM - Find a mentor (#carhacking) - Find colleagues interested in setting up a Car Hacking Village or a Car Hacking Labs - Ideal Team of Hackers, Electronic enthusiasts or hobbyists, and someone who has basic knowledge of automotive - Talk or email one of the guys from the @CarHackVillage like @mintynet, @carfucar, @d0rkv4d3r or I can also refer you to them
  12. 12. Why Build A Car Hacking Labs / Test Bench - Safe Environment - You don’t want to brick your car right?
  13. 13. > Starter Pack Instrument Cluster w/ Nano-Can ECU Simulator
  14. 14. > Medium Pack Taken during ROOTCON 13 at the Car Hacking Village PH
  15. 15. > Advance Pack (Car in a Box from @mintynet) Credits to my friend Ian Tabor aka mintynet for the pic
  16. 16. You can also Build your own Robocar https://github.com/d0rkv4d3r/RoboCars (credits to Sean)
  17. 17. Where to get some parts?
  18. 18. Disclaimer: This presentation is not sponsored by Ebay ;)
  19. 19. ECU Simulators are in Online Stores (Tindie, Alibaba, etc) - Support only OBD / UDS communications (limited)
  20. 20. Test Benches are Too Expensive like PASTA IT IS LIKE BUYING AN ACTUAL CAR
  21. 21. Car Hacking Tools You Need to Interact with the CAN - https://github.com/jaredthecoder/awesome-vehicle-security - Great collection of tools from that Github repo and some good resources as well but I have my favorites which are good if you <3 open source or you don’t want to pay a lot of software
  22. 22. My Favorite <3 nano-can CANtact STM32 Can Sniffer by TechMaker ValueCAN 4
  23. 23. Building your own 5$ Car Hacking Tool
  24. 24. nano-can PCB A 5$ car hacking tool
  25. 25. Solder the two components Arduino nano on top and MCP2515 on bottom (more info: https://github.com/mintynet/nano-can)
  26. 26. Additional Component Solder / Attach wire to Pin 6 to CAN Hi of the MCP2515 and Pin 14 to CAN Low of MCP2515
  27. 27. Samples
  28. 28. New version USB is near the pins of MCP2515
  29. 29. Upload code using Arduino IDE - Sample CAN Sniffer: https://github.com/mintynet/nano-can/tree/master/can- receive-all (CAN Receive All) - My other sketches: https://github.com/ROOTCONLabs/carhackingvillage/tr ee/master/sketches
  30. 30. Using other tools compatible with slcan- interfaces / CAN over Serial / SocketCAN
  31. 31. SocketCAN (summary from readme) - Controller Area Network Protocol Family - implementation of CAN protocols (Controller Area Network) for Linux - collection of CAN drivers and networking tools for Linux - This allows for developers to write code that can support a variety of CAN bus interfaces, including CANtact and STM32 CAN sniffer by TechMaker - Like TCP/IP, you first need to open a socket for communicating over a CAN network. - Unfortunately, SocketCAN only works on Linux. - Linux-CAN / SocketCAN user space applications: https://github.com/linux-can/can-utils / sudo apt-get install can-utils
  32. 32. Command-line Tools included in can-utils candump : display, filter and log CAN data to files canplayer : replay CAN logfiles cansend : send a single frame cangen : generate (random) CAN traffic cansniffer : display CAN data content differences (just 11bit CAN IDs)
  33. 33. CarHacking.Tools by jgamblin - collection of scripts to help jump start car research and hacking - All the scripts are designed to run on Ubuntu - Install via Virtual Machine: https://carhacking.tools/install/beta/CarHackingToolsCHVBeta.ova - Or can be installed via the repo: git clone https://github.com/jgamblin/carhackingtools cd CarHackingTools sudo chmod +x *.sh ./toolinstall.sh
  34. 34. Setting Up Most Devices CAN Speeds (-s* option for slcand) s0 10Kbps s1 20Kbps s2 50Kbps s3 100Kbps s4 125Kbps s5 250Kbps s6 500Kbps s7 800Kbps s8 1Mbps # This script enables SocketCAN sudo modprobe can sudo modprobe vcan sudo modprobe slcan sudo slcand -o -c -s6 /dev/ttyACM0 can0 sudo ifconfig can0 up
  35. 35. DEMO : Fuzzing the Instrument Cluster
  36. 36. > Next Project
  37. 37. No Hardware , No Problem https://github.com/zombieCraig/ICSim
  38. 38. shoutz and people you should follow related to #carhacking - @semprix : founder of @rootconph and car hacker as well - @carfucar: founder of @CarHackVillage - @mintynet: that nano-can guy & #CarHackVillageUK - @_specters_: cool guy, friend, car hacker as well and member of @TeamDumpstrFire - @TeamDumpstrFire: Young bloods composed of 5 car and hardware hackers - @WillCaruana: the guy who loves hacking elevators & hacker of cars (warning! HIGH Voltage) - @d0rkv4d3r: car hacker, CHV staff, and a very cool guy from *** (I didn’t ask permission to put him here) - @BusesCanFly: Member of @TeamDumpstrFire & young hardware hacker - @anvolhex - founder of @techmakerua - @Th3Mutley - yez another 1337 car h4x0r - @LennertWo - car hacker and PhD Researcher @CosicBe - @fronders - founder of @techmakerua - @rootkill3r - Founder and director of Amynasec.io - @NikhilBogam - car hacker from Lear - And some people in the pics of course (sorry guys)
  39. 39. References & Due Credits - Awesome Vehicle Security: https://github.com/jaredthecoder/awesome-vehicle-security - SocketCAN (summary by Linklayer): https://wiki.linklayer.com/index.php/SocketCAN - Car Hacking Village: https://www.carhackingvillage.com/ - CANalyzat0r: https://github.com/schutzwerk/CANalyzat0r - Readme file SocketCAN: https://www.kernel.org/doc/Documentation/networking/can.txt - CAN bus basics by Ian Tabor: https://www.mintynet.com/car-hack/chv-44con.pdf - And all of my friends in #carhackingvillage
  40. 40. Questions?

×