image image

Philippe AZALBERT

Practical Car Hacking


Trainer: Philippe AZALBERT

Date: 30th May to 1st June 2023

Time: 9:00am to 5:00pm PDT

Venue: Santa Clara Marriott

Training Level: Basic to Intermediate


Please note: the training ticket does not include access to the conference. Similarly, the conference ticket does not grant access to the trainings. If you have any questions, reach out to us.

Objectives:

As Electronic Control Unit (ECU) quantity and technology become more and more important in a car, with the advent of autonomous and connected vehicles, threats on these vehicles are growing accordingly. While car manufacturers are mainly interested in remote attacks, we will explain through this training that every bit of information can be useful to an attacker, and that both cars security/safety and users privacy could be affected.

The training will be organized around slides explaining the theory of each attack (how it works, how you can use it), and practical sessions to perform this attack on the demo ECU. Practical sessions should take most of the time of the training, and solutions will be provided during each session so that the attendees can learn how to perform each attack.


Training Detailed Description:

Day 1:
  • Anatomy of a modern CAN
  • What is an ECU
  • Attack surfaces overview
  • The rise of connected and autonomous cars

  • CAN Bus 101
  • How the CAN Bus works
  • Identifying a CAN bus and its parameters
  • CAN Tools : slcan, can-utils, scapy...
  • Reading, writing and replaying messages
  • Fuzzing the CAN Bus
  • Tips & tricks for quick identification of active payloads
  • How a bad CAN implementation can affect privacy

  • CAN attack / defense techniques
  • Protecting CAN messages
  • Ensuring sender authenticity
  • DOS attacks on the bus
  • The CAN gateway

  • Ethernet automotive
  • Network specifications
  • Useful tools : wireshark, scapy...
  • Common attacks

Day 2:
  • Advanced protocols
  • OBD-II
  • ISO-TP
  • UDS
  • Protocol explaination
  • UDS error codes
  • Session control
  • Understanding and cracking security access
  • Reading ECU state with DID
  • Diagnostic commands
  • Firmware dumping / flashing
  • Ethernet Automotive
  • DoIP
  • SOME/IP
  • Manufacturer specifics
  • Examples of various services over IP
  • External API

Day 3:
  • ECU reverse engineering
  • ECU architecture overview
  • How to get the firmware
  • Finding the base address
  • Identifying the CAN database and handlers
  • Reversing specific functions
  • Overview of firmware protection techniques

  • Radio Frequency
  • Embedded radio systems description
  • RF fingerprinting
  • TPMS spoofing
  • Keyless and Passive Keyless Entry

What to Expect? | Key Learning Objectives:

As Electronic Control Unit (ECU) quantity and technology become more and more important in a car, with the advent of autonomous and connected vehicles, threats on these vehicles are growing accordingly. While car manufacturers are mainly interested in remote attacks, we will explain through this training that every bit of information can be useful to an attacker, and that both cars security/safety and users privacy could be affected.

The training will be organized around slides explaining the theory of each attack (how it works, how you can use it), and practical sessions to perform this attack on the demo ECU. Practical sessions should take most of the time of the training, and solutions will be provided during each session so that the attendees can learn how to perform each attack.


Who Should Attend? | Target Audience:

  • Security researchers
  • Car equipment designers
  • Hackers interested in cars

What to Bring? | Software and Hardware Requirements:

  • Laptop with Wi-Fi and at least two standard USB ports
  • VMPlayer or VirtualBox to use the provided VM with all the tools pre-installed

What to Bring? | Prerequisite Knowledge and Skills:

  • Basic knowledge of programming (C, Python)
  • Basic knowledge of Linux
  • Basic knowledge of firmware reversing is a plus, but not mandatory

Resources Provided at the Training | Deliverables:

  • Each trainees will have access to a custom test bench, simulating a real car with various MCU and a real ECU
  • Another test bench made from several real ECU will be shared amongst trainees for real cases practices
  • A virtual machine with all the software needed during the course
  • Lecture materials
  • An USB CAN adapter which will be given to each attendees, so you can practice as soon as you get back home
  • Physical tools to perform exercices (Logic analyser, SDR dongle, RFID detector, UART adapter)

ABOUT THE TRAINERS

Philippe AZALBERT (@Phil_BARR3TT) is a security researcher at Quarkslab. He works for several year on car security and his research interests also lie in embedded devices and software defined radio. He has presented the Car Hacking CTF at Barbhack and a talk on bypassing 2FA using a car.