Pages: 1 2 3 4 5 6 >>

08/15/16

Permalink 06:24:00 pm, by rleale Email , 502 words   English (US) latin1
Categories: CAN BUS

Training - Car Hacking: Hands-On

Who:
Automotive OEM, Automotive Supplier, Police/Law Enforcement, Military, Security Professional, Automotive After-Market, Automotive Hobbyist.

Where:
Berla's Head Quarters
2000 Windermere Ct,
Annapolis, MD 21401, USA

When:
October 11-12 (With Optional Add-on Day October 13th.  A custom, hands-on day for a very small group at an additional fee).

What:
Hands-On Vehicle Reverse Engineering and Security Training using Vehicle Simulator Modules.
Today's vehicles have multiple control modules that are linked via various types of networks. These networks have become pervasive and remain somewhat of an unknown in millions of vehicles on the road today.

This course will be both Lecture and Hands-On with and emphasis on student's ability to re-create course conditions after they have completed the course.

We will cover the following topics:

  • Introduction to ECUs
  • Introduction to Vehicle Networks
  • Vehicle Sub-Systems Overview
  • Hands-On: Build a CAN Bus
  • CAN Bus Tools
  • Connect to our CAN Bus
  • Break/Fix our CAN Bus
  • View Data
  • Reverse Engineer Data
  • Transmit on our CAN Bus
  • Send Commands on our CAN Bus
  • DoS the Bus
  • Vehicle Immobilizer Systems
  • Intro to V2X Infrastructure
  • Diagnostic Protocol
  • Security Access
  • Device Control
  • Sending Diagnostics Commands
  • Handling Errors
  • Open Hack Controllers
  • and Much More

Why:
Learn how vehicle electronic systems work, interconnect, and how to interact with them using vehicle messaging.  Including controlling electronic modules, reverse engineering vehicle messaging, how to read controller memory, and many more advanced techniques.

Please Bring:
Please bring a Laptop running Windows 7 or newer. We will need to install Vehicle Spy application on PCs.  Hardware will be provided, with an option of purchasing hardware when we're complete.

About the Trainers:
Hosted at Berla Corp HQ, Berla has invited CanBusHack's Robert Leale is the President and founder of CanBusHack, a company devoted to reverse engineering vehicle systems for various applications including security penetration testing, vehicle data reverse engineering, and other vehicle electronic applications. Robert is the Car Hacking Hands-On trainer at Black Hat and hosts Def Con's Car Hacking Village. Kristofer Johnson has worked with Robert for over 4 years working side-by-side on training events including Black Hat and numerous other vehicle security training events.  Together they have over 14 years combined in vehicle hacking and reverse engineering.

Berla's team of digital forensic and cyber security experts stays ahead of the curve providing solutions for extracting data used to solve cases, and preventing vehicle network breaches before they occur.

Optional Add-On Day (Max 6):

  • In-Vehicle Reverse Engineer CAN Bus Messages
  • In-Vehicle Transmit on our CAN Bus
  • In-Vehicle Fuzz For Services, PIDs, Memory Address
  • In-Vehicle Find Fuses
  • In-Vehicle Locate Modules
  • In-Vehicle Read a Wiring Diagram
  • In-Vehicle Pull Trim Pannels
  • In-Vehicle Tap Module Wires, Bypass Gateways

Cost:

Main Course:

August 15-September 15: $2300
September 16-October 1st: $2500 (Plus Fees)
October 2nd-October 10th: $2900 (Plus Fees)

Eventbrite - Baltimore Car Hacking: Hands-On

Add-On Day (Min 2, Max 6) (Must sign-up for Main Course first):

August 15-September 15: $1300
September 16-October 1st: $1500 (Plus Fees)
October 2nd-October 10th: $1900 (Plus Fees)

Eventbrite - Car Hacking: Hands-On Add-On Day (Main Course Registration Required)

Pre-Purchase Hardware Interface (Not Required but Discounted):

ValueCAN 2 Wire Dual CAN interface: $375
ValueCAN OBDII Cable: $50
neoVI Fire Multi-CAN interface w/OBDII Cable: $1900
neoVI Fire 2 Multi-CAN interface w/OBDII Cable: $2700

Vehicle Spy Professional Software: $2700
Vehicle Spy Basic Software: $950

05/25/16

Permalink 01:15:54 pm, by rleale Email , 11 words   English (US) latin1
Categories: CAN BUS

We've MOVED.... again. It's bigger too!

We've moved to our new address:

220 Engelwood Dr.
Suite B
Orion, MI
48359

 

Permalink 01:07:57 pm, by rleale Email , 17 words   English (US) latin1
Categories: CAN BUS

Car Hacking Village Returns to Def Con 24

We're happy to be organizing the Def Con 24 Car Hacking Village.  Check out our website at CarHackingVillage.com

03/20/16

Permalink 05:43:07 pm, by rleale Email , 21 words   English (US) latin1
Categories: CAN BUS

Car Hacking High Alert

Well now you've been warned:

The FBI has issued a Car Hacking Warning.  How do they do this?  Keep Reading.

http://jalopnik.com/the-fbi-wants-us-all-to-know-just-how-risky-car-hacking-1765903286

02/13/16

Permalink 12:22:21 pm, by rleale Email , 259 words   English (US) latin1
Categories: CAN BUS

Black Hat Training - Car Hacking Hands-On

We're doing it again!!!11!!!!111!!

Come visit us at Black Hat for some 2 day Hands-On Training.

Course 1: July 30th-July 31st
Course 2: August 1st-August 2nd

Go Here to signup: https://www.blackhat.com/us-16/training/car-hacking-hands-on.html

 

Overview

Today's vehicles have multiple control modules that are linked via various types of networks. These networks have become pervasive and remain somewhat of an unknown in millions of vehicles on the road today.

This course will be both Lecture and Hands-On with and emphasis on student's ability to re-create course conditions after they have completed the course.

We will cover the following topics:

  • Introduction to ECUs
  • Introduction to Vehicle Networks
  • Vehicle Sub-Systems Overview
  • Hands-On: Build a CAN Bus
  • CAN Bus Tools
  • Connect to our CAN Bus
  • Break/Fix our CAN Bus
  • View Data
  • Reverse Engineer Data
  • Transmit on our CAN Bus
  • Send Commands on our CAN Bus
  • DoS the Bus
  • Vehicle Immobilizer Systems
  • X-By-Wire Systems
  • Intro to V2X Infrastructure
  • Diagnostic Protocol
  • Security Access
  • Device Control
  • Sending Diagnostics Commands
  • Handling Errors
  • Device Control Redux
  • Open Hack Controllers

Who Should Take this Course

  • Automotive Manufacturers
  • Automotive Suppliers
  • Embedded Security Personnel
  • Aftermarket Electronics Engineers
  • Hobbyists

Student Requirements

Introduction Course, no prior knowledge is required.

What Students Should Bring

PC Running Windows XP, Windows 7, Windows 8.x (or Windows 10)

What Students Will Be Provided With

Hardware interface and simulation hardware.

Trainers

Robert Leale has been a regular trainer of automotive electronic security for over 4 years. He also consult with the automotive industry on securing electronic systems. As the founder of CanBusHack, he has been at the forefront of vehicle data reverse engineering for over six years.

07/22/15

Permalink 08:21:05 am, by rleale Email , 37 words   English (US) latin1
Categories: CAN BUS

Car Hacking Village at Def Con 23

Link: http://www.carhackingvillage.com

We are excited to officially announce the Car Hacking Village at Def Con 23.  I will be running this allong with many other people.  Please go to CarHackingVillage.com for more information.  I hope to see you there.

02/22/15

Permalink 07:55:37 am, by rleale Email , 470 words   English (US) latin1
Categories: CAN BUS

Who’s In Control?



How to play with Device Control.

Once you found out the Diagnostic ID for any particular controller, you can now start sending new an exciting request to it to see what it can do. Device Control (or I/O Control) is usually to most dynamic. The premise of this service is just as it sounds, to control the hardware. This service is typically used for mechanics to test the controllers output features such as actuating door locks, turning on/off lights, etc. This is a very interesting service in that it allows you to actuate features discretely in the vehicle. So instead of turning on all Left Turn Indicators (like when you do when you push down on the turn indicator switch) you can turn on only the Left Front Indicator Lamp. Now string that together with some music and other lights and you can have a cool Car Disco Party Mode.

So how does it work? When that depend on what kind of Diagnostics your car uses. There are three common types of Diagnostics: Keyword 2000 (ISO 14230), Universal Diagnostic Services (UDS ISO 14229) and GM LAN (GMW3110). I’ll talk about them individually below. For my examples I’ll use the Engine Control Modules standard Diagnostic ID, but you can sub out your modules ID. The effects will likely be different but the concepts remain the same. Also keep in mind that its often the case the you will have to initiate a Start Diagnostics Command (0x10). I will give these in the example but the Subfunction may be different (0x03 being the most common, but also try 0xC0 or 0x90 as well)

Keyword:

0x7E0 02 10 03 00 00 00 00 00 – Start Diagnostics (0x03 is the Mode this may be different on some OEMS)

0x7E8 02 50 03 00 00 00 00 00 – Positive Response to Start Diagnostics

0x7E0 04 30 01 07 01 00 00 00 – IO Control of IO 0x01; Short Term Adjustment (0x07); Turn ON (0x01)

0x7E8 02 70 01 00 00 00 00 00 – Positive Response. (Be careful because it gives you a positive response but does NOTHING; no control is executed. This is rare.)

0x7E0 03 30 01 00 00 00 00 00 – Return Control of IO 0x01 back to ECM.

0x7E8 02 70 01 00 00 00 00 00 – Positive Response.

UDS:

0x7E0 02 10 03 00 00 00 00 00 – Start Diagnostics (0x03 is the Mode this may be different on some OEMS)

0x7E8 02 50 03 00 00 00 00 00 – Positive Response to Start Diagnostics

0x7E0 06 2F 12 34 03 80 00 00 – IO Control of IO 0x1234; Short Term Adjustment (0x03); Turn ON (0x80, this could vary widely depending on the IO being controlled)

0x7E8 03 6F 12 34 00 00 00 00 – Positive Response.

0x7E0 04 2F 12 34 00 00 00 00 – Return Control to ECM.

0x7E8 03 6F 12 34 00 00 00 00 – Positive Response.

GM LAN:

(Start Diagnostics not needed)

0x7E0 07 AE 01 08 00 08 00 64 – IO Control of IO 0x01; Turn on 0x0800 (Bit Map of IOs, IO Bitmap duplicated in next two bytes to prevent accidental triggering) to 100% (0x64).

0x7E8 02 EE 01 00 00 00 00 00 – Positive Response

Common Negative Responses:

0x7E8 03 7F XX 80 00 00 00 00 – Incorrect Diagnostic Session. You need to change the Subfunction in Start Diagnostics.

0x7E8 03 7F XX 22 00 00 00 00 – Condition Not Correct. Likely the Key Needs to be in the RUN Possition.

0x7E8 03 7F XX 31 00 00 00 00 – Incorrect Format. Something’s wrong with your request message.

1 2 3 4 5 6 >>

August 2016
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
Controlling, Extracting, Owning the data from the Vehicle Network.

Search

Categories

XML Feeds

free blog