Pages: 1 2 3 4 5 6 >>

07/22/15

Permalink 08:21:05 am, by rleale Email , 37 words   English (US) latin1
Categories: CAN BUS

Car Hacking Village at Def Con 23

Link: http://www.carhackingvillage.com

We are excited to officially announce the Car Hacking Village at Def Con 23.  I will be running this allong with many other people.  Please go to CarHackingVillage.com for more information.  I hope to see you there.

02/22/15

Permalink 07:55:37 am, by rleale Email , 470 words   English (US) latin1
Categories: CAN BUS

Who’s In Control?



How to play with Device Control.

Once you found out the Diagnostic ID for any particular controller, you can now start sending new an exciting request to it to see what it can do. Device Control (or I/O Control) is usually to most dynamic. The premise of this service is just as it sounds, to control the hardware. This service is typically used for mechanics to test the controllers output features such as actuating door locks, turning on/off lights, etc. This is a very interesting service in that it allows you to actuate features discretely in the vehicle. So instead of turning on all Left Turn Indicators (like when you do when you push down on the turn indicator switch) you can turn on only the Left Front Indicator Lamp. Now string that together with some music and other lights and you can have a cool Car Disco Party Mode.

So how does it work? When that depend on what kind of Diagnostics your car uses. There are three common types of Diagnostics: Keyword 2000 (ISO 14230), Universal Diagnostic Services (UDS ISO 14229) and GM LAN (GMW3110). I’ll talk about them individually below. For my examples I’ll use the Engine Control Modules standard Diagnostic ID, but you can sub out your modules ID. The effects will likely be different but the concepts remain the same. Also keep in mind that its often the case the you will have to initiate a Start Diagnostics Command (0x10). I will give these in the example but the Subfunction may be different (0x03 being the most common, but also try 0xC0 or 0x90 as well)

Keyword:

0x7E0 02 10 03 00 00 00 00 00 – Start Diagnostics (0x03 is the Mode this may be different on some OEMS)

0x7E8 02 50 03 00 00 00 00 00 – Positive Response to Start Diagnostics

0x7E0 04 30 01 07 01 00 00 00 – IO Control of IO 0x01; Short Term Adjustment (0x07); Turn ON (0x01)

0x7E8 02 70 01 00 00 00 00 00 – Positive Response. (Be careful because it gives you a positive response but does NOTHING; no control is executed. This is rare.)

0x7E0 03 30 01 00 00 00 00 00 – Return Control of IO 0x01 back to ECM.

0x7E8 02 70 01 00 00 00 00 00 – Positive Response.

UDS:

0x7E0 02 10 03 00 00 00 00 00 – Start Diagnostics (0x03 is the Mode this may be different on some OEMS)

0x7E8 02 50 03 00 00 00 00 00 – Positive Response to Start Diagnostics

0x7E0 06 2F 12 34 03 80 00 00 – IO Control of IO 0x1234; Short Term Adjustment (0x03); Turn ON (0x80, this could vary widely depending on the IO being controlled)

0x7E8 03 6F 12 34 00 00 00 00 – Positive Response.

0x7E0 04 2F 12 34 00 00 00 00 – Return Control to ECM.

0x7E8 03 6F 12 34 00 00 00 00 – Positive Response.

GM LAN:

(Start Diagnostics not needed)

0x7E0 07 AE 01 08 00 08 00 64 – IO Control of IO 0x01; Turn on 0x0800 (Bit Map of IOs, IO Bitmap duplicated in next two bytes to prevent accidental triggering) to 100% (0x64).

0x7E8 02 EE 01 00 00 00 00 00 – Positive Response

Common Negative Responses:

0x7E8 03 7F XX 80 00 00 00 00 – Incorrect Diagnostic Session. You need to change the Subfunction in Start Diagnostics.

0x7E8 03 7F XX 22 00 00 00 00 – Condition Not Correct. Likely the Key Needs to be in the RUN Possition.

0x7E8 03 7F XX 31 00 00 00 00 – Incorrect Format. Something’s wrong with your request message.

09/30/14

Permalink 09:51:45 am, by rleale Email , 16 words   English (US) latin1
Categories: CAN BUS

CanBusHack on GMA

Watch out for this guy!  He can control your windshield wipers!  And other things....

 

https://gma.yahoo.com/video/hackers-may-able-control-cars-140640951.html

09/22/14

Permalink 06:34:34 am, by rleale Email , 105 words   English (US) latin1
Categories: CAN BUS

Car Hacking Book

I just recently got my hands on a great introductory book into Car Hacking!  It’s called Car Hackers 2014 by Craig Smith.  I’ve worked with Craig in the past and was pleased to see his book.  It’s a great place to start if you want to get more information about the fundamentals of a lot of car hacking things.

Here is the Outline:

Introduction
Understanding Attack Surfaces
Infotainment Systems
Vehicle Communication Systems
Engine Control Unit
CAN Bus Reversing Methodology
Breaking the Vehicle
CAN Bus Tools
Weaponizing CAN Findings
Attacking TPMS
Ethernet Attacks
Attacking Keyfobs and Immobilizers
Attacking ECUs and other Embedded Systems
What does your hacker garage need?
Creative Commons

Go to http://opengarages.org/handbook/

Search Amazon for “Car Hackers 2014” ISBN: 978-0-9904901-0-4

07/28/14

Permalink 11:56:46 am, by rleale Email , 13 words   English (US) latin1
Categories: CAN BUS

We've Moved!

Now we have a large garage.

New address:

1848 Star Batt Rd.
Rochester Hills, MI
48309

02/20/14

Permalink 02:20:06 pm, by rleale Email , 76 words   English (US) latin1
Categories: CAN BUS

TRAINING -- TRAINING-- TRAINING

Good news training is coming to a Las Vegas near you!

TITLE: Vehicle CAN Bus Communications and Diagnsotics Reverse Engineering

WHEN: August 2-3 or August 4-5, 2014 (Two Sessions of the same course each One Session, two days long)

WHERE: Mandalay Bay, Las Vegas, NV

WHY: BlackHat 2014

WHO: You, Me and 20 other CanBusHackers

HOW: Sign Up Now while there is still the introductory price at <http://www.blackhat.com/us-14/training/vehicle-can-bus-communications-and-diagnostics-reverse-engineering.html>

PRIZES: That's right, Prizes.  I'll do anything to get you in the door.

Permalink 02:20:02 pm, by rleale Email , 74 words   English (US) latin1
Categories: CAN BUS

TRAINING

Good news training is coming to a Las Vegas near you!

TITLE: Vehicle CAN Bus Communications and Diagnsotics Reverse Engineering

WHEN: August 2-3 or August 4-5, 2014 (Two Sessions of the same course each two days long)

WHERE: Mandalay Bay, Las Vegas, NV

WHY: BlackHat 2014

WHO: You, Me and 14 other CanBusHackers

HOW: Sign Up Now while there is still the introductory price at <http://www.blackhat.com/us-14/training/vehicle-can-bus-communications-and-diagnostics-reverse-engineering.html>

PRIZES: That's right, Prizes.  I'll do anything to get you in the door.

1 2 3 4 5 6 >>

July 2015
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
Controlling, Extracting, Owning the data from the Vehicle Network.

Search

Categories

XML Feeds

free blog