Learn, hack!

URL

http://recon.cx/2013/slides/Recon2013-Ted%20Summers%20and%20Chris%20Hoder-Hot-wiring%20of%20the%20Future.pdf

File name

Recon2013-Ted%20Summers%20and%20Chris%20Hoder-Hot-wiring%20of%20the%20Future.pdf

File size

9.6 MB

MD5

3b9b10af88499a848cf14a38823ec68d

SHA1

0c7b5653d7482341ca1a49131339cd22a3ea3d8c

We present a software package and reverse-engineering methodology abstracting away the CAN protocol and giving users an intuitive process to gain control over any CAN bus. Based on the GoodTHOPTER10 board, our software integrates with SQL and Wireshark and is highly extensible for the users’ individual needs. Using Travis Goodspeed’s GoodThopter10 board to interface with the vehicle’s OBD-II port, the team developed a reverse-engineering methodology and a software package to allow for easy interaction with the CAN bus. This generalizable methodology outlines a series of experiments to map out a given vehicle’s CAN bus and decode the higher-level protocols employed, ultimately giving the user control over the bus. Currently, the baseline software package provides a user interface to view, store, and analyze raw CAN data. Additional functionality includes integration with a SQL database, experimental documentation, basic fuzzing and other general experiments, and writing to .pcap format for eventual analysis in Wireshark. This interface also provides the user the ability to attach experimental modules for customized capabilities. A proof-of-concept hack was carried out on a 2004 Ford Taurus, where the team successfully reverse-engineered the manufacturer-specific CAN protocols and demonstrated repeatable hacks, including a complete denial-of-view attack in which we systematically manipulated every component on the dashboard. Currently, the software is fully functional and provides a user interface to carry out these capabilities. In the next few weeks, we will rewrite our packet manipulation, using the Scapy package in Python, to mirror current standards used in Ethernet packet construction. We plan to present our methodology and a brief introduction to how to use and build upon the existing open-source software package, as well as the exciting results achieved. The group will start with a discussion of the problem area before delving into a technical discussion, bringing the audience from the lowest level bytes used to construct a higher-level protocol through the implementation of our software package, which abstracts away the bits and bytes for an efficient and streamlined hacking interface. The code will be released at REcon under a BSD license.