Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover Page Title Page Copyright Page About the Author About the Contributing Author About the Technical Reviewer Brief Contents Contents in Detail Foreword by Chris Evans Acknowledgments Introduction
Why Car Hacking Is Good for All of Us What’s in This Book
Chapter 1: Understanding Threat Models
Finding Attack Surfaces Threat Modeling
Level 0: Bird’s-Eye View Level 1: Receivers Level 2: Receiver Breakdown
Threat Identification
Level 0: Bird’s-Eye View Level 1: Receivers Level 2: Receiver Breakdown
Threat Rating Systems
The DREAD Rating System CVSS: An Alternative to DREAD
Working with Threat Model Results Summary
Chapter 2: Bus Protocols
The CAN Bus
The OBD-II Connector Finding CAN Connections CAN Bus Packet Layout The ISO-TP Protocol The CANopen Protocol The GMLAN Bus
The SAE J1850 Protocol
The PWM Protocol The VPW Protocol
The Keyword Protocol and ISO 9141-2 The Local Interconnect Network Protocol The MOST Protocol
MOST Network Layers MOST Control Blocks Hacking MOST
The FlexRay Bus
Hardware Network Topology Implementation FlexRay Cycles Packet Layout Sniffing a FlexRay Network
Automotive Ethernet OBD-II Connector Pinout Maps The OBD-III Standard Summary
Chapter 3: Vehicle Communication With SocketCAN
Setting Up can-utils to Connect to CAN Devices
Installing can-utils Configuring Built-In Chipsets Configuring Serial CAN Devices Setting Up a Virtual CAN Network
The CAN Utilities Suite
Installing Additional Kernel Modules The can-isotp.ko Module
Coding SocketCAN Applications
Connecting to the CAN Socket Setting Up the CAN Frame The Procfs Interface
The Socketcand Daemon Kayak Summary
Chapter 4: Diagnostics and Logging
Diagnostic Trouble Codes
DTC Format Reading DTCs with Scan Tools Erasing DTCs
Unified Diagnostic Services
Sending Data with ISO-TP and CAN Understanding Modes and PIDs Brute-Forcing Diagnostic Modes Keeping a Vehicle in a Diagnostic State
Event Data Recorder Logging
Reading Data from the EDR The SAE J1698 Standard Other Data Retrieval Practices
Automated Crash Notification Systems Malicious Intent Summary
Chapter 5: Reverse Engineering the CAN Bus
Locating the CAN Bus Reversing CAN Bus Communications with can-utils and Wireshark
Using Wireshark Using candump Grouping Streamed Data from the CAN Bus Using Record and Playback Creative Packet Analysis Getting the Tachometer Reading
Creating Background Noise with the Instrument Cluster Simulator
Setting Up the ICSim Reading CAN Bus Traffic on the ICSim Changing the Difficulty of ICSim
Reversing the CAN Bus with OpenXC
Translating CAN Bus Messages Writing to the CAN Bus Hacking OpenXC
Fuzzing the CAN Bus Troubleshooting When Things Go Wrong Summary
Chapter 6: ECU Hacking
Front Door Attacks
J2534: The Standardized Vehicle Communication API Using J2534 Tools KWP2000 and Other Earlier Protocols Capitalizing on Front Door Approaches: Seed-Key Algorithms
Backdoor Attacks Exploits Reversing Automotive Firmware
Self-Diagnostic System Library Procedures Comparing Bytes to Identify Parameters Identifying ROM Data with WinOLS
Code Analysis
A Plain Disassembler at Work Interactive Disassemblers
Summary
Chapter 7: Building and Using ECU Test Benches
The Basic ECU Test Bench
Finding an ECU Dissecting the ECU Wiring Wiring Things Up
Building a More Advanced Test Bench
Simulating Sensor Signals Hall Effect Sensors
Simulating Vehicle Speed Summary
Chapter 8: Attacking ECUS And Other Embedded Systems
Analyzing Circuit Boards
Identifying Model Numbers Dissecting and Identifying a Chip
Debugging Hardware with JTAG and Serial Wire Debug
JTAG Serial Wire Debug The Advanced User Debugger Nexus
Side-Channel Analysis with the ChipWhisperer
Installing the Software Prepping the Victim Board
Brute-Forcing Secure Boot Loaders in Power-Analysis Attacks
Prepping Your Test with AVRDUDESS Setting Up the ChipWhisperer for Serial Communications Setting a Custom Password Resetting the AVR Setting Up the ChipWhisperer ADC Monitoring Power Usage on Password Entry Scripting the ChipWhisperer with Python
Fault Injection
Clock Glitching Setting a Trigger Line Power Glitching Invasive Fault Injection
Summary
Chapter 9: In-Vehicle Infotainment Systems
Attack Surfaces Attacking Through the Update System
Identifying Your System Determining the Update File Type Modifying the System Apps and Plugins Identifying Vulnerabilities
Attacking the IVI Hardware
Dissecting the IVI Unit’s Connections Disassembling the IVI Unit
Infotainment Test Benches
GENIVI Meta-IVI Automotive Grade Linux
Acquiring an OEM IVI for Testing Summary
Chapter 10: Vehicle-to-Vehicle Communication
Methods of V2V Communication The DSRC Protocol
Features and Uses Roadside DSRC Systems WAVE Standard Tracking Vehicles with DSRC
Security Concerns PKI-Based Security Measures
Vehicle Certificates Anonymous Certificates Certificate Provisioning Updating the Certificate Revocation List Misbehavior Reports
Summary
Chapter 11: Weaponizing CAN Findings
Writing the Exploit in C
Converting to Assembly Code Converting Assembly to Shellcode Removing NULLs Creating a Metasploit Payload
Determining Your Target Make
Interactive Probing Passive CAN Bus Fingerprinting
Responsible Exploitation Summary
Chapter 12: Attacking Wireless Systems with SDR
Wireless Systems and SDR
Signal Modulation
Hacking with TPMS
Eavesdropping with a Radio Receiver TPMS Packets Activating a Signal Tracking a Vehicle Event Triggering Sending Forged Packets
Attacking Key Fobs and Immobilizers
Key Fob Hacks Attacking a PKES System Immobilizer Cryptography Physical Attacks on the Immobilizer System Flashback: Hotwiring
Summary
Chapter 13: Performance Tuning
Performance Tuning Trade-Offs ECU Tuning
Chip Tuning Flash Tuning
Stand-Alone Engine Management Summary
Appendix A: Tools of the Trade
Hardware
Lower-End CAN Devices Higher-End CAN Devices
Software
Wireshark PyOBD Module Linux Tools CANiBUS Server Kayak SavvyCAN O2OO Data Logger Caring Caribou c0f Fingerprinting Tool UDSim ECU Simulator Octane CAN Bus Sniffer AVRDUDESS GUI RomRaider ECU Tuner Komodo CAN Bus Sniffer Vehicle Spy
Appendix B: Diagnostic Code Modes and PIDs
Modes Above 0x10 Useful PIDs
Appendix C: Creating Your Own Open Garage
Filling Out the Character Sheet
When to Meet Affiliations and Private Memberships Defining Your Meeting Space Contact Information Initial Managing Officers Equipment
Abbreviations Index Footnotes
Chapter 10: Vehicle-to-Vehicle Communication Chapter 12: Attacking Wireless Systems with SDR
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion