Suche senden
Hochladen
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
•
0 gefällt mir
•
19 views
Felipe Prado
Folgen
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 26
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Startupfest 2012 - why you should share
Startupfest 2012 - why you should share
Startupfest
Using Content as Design Material
Using Content as Design Material
Carrie Hane
hkdi team 1
hkdi team 1
bestsceneintown
Just Write Design Services-PCP 9-14
Just Write Design Services-PCP 9-14
DJR310
On the Value of User Preferences in Search-Based Software Engineering:
On the Value of User Preferences in Search-Based Software Engineering:
CS, NcState
Closing the Wealth Gap
Closing the Wealth Gap
ScaleUp Partners LLC
python_assignmentHanoi (1).py################################.docx
python_assignmentHanoi (1).py################################.docx
amrit47
Fraglist
Fraglist
CaitlinR
Empfohlen
Startupfest 2012 - why you should share
Startupfest 2012 - why you should share
Startupfest
Using Content as Design Material
Using Content as Design Material
Carrie Hane
hkdi team 1
hkdi team 1
bestsceneintown
Just Write Design Services-PCP 9-14
Just Write Design Services-PCP 9-14
DJR310
On the Value of User Preferences in Search-Based Software Engineering:
On the Value of User Preferences in Search-Based Software Engineering:
CS, NcState
Closing the Wealth Gap
Closing the Wealth Gap
ScaleUp Partners LLC
python_assignmentHanoi (1).py################################.docx
python_assignmentHanoi (1).py################################.docx
amrit47
Fraglist
Fraglist
CaitlinR
Why Personal Clouds Need A Network
Why Personal Clouds Need A Network
Phil Wolff
Vid 00020 20120316-0350.3 gp
Vid 00020 20120316-0350.3 gp
Gina Paola Paez Gaviria
Viva
Viva
Danilo Martins
Música
Música
Danilo Martins
Avseq01.dat
Avseq01.dat
Ngoc Pham
Wpi log 2012.06.26_17.19.20
Wpi log 2012.06.26_17.19.20
HugoPaco
Purchased
Purchased
94240577
Wpi log 2014.10.18_18.42.26
Wpi log 2014.10.18_18.42.26
Roxana Manfer
Sched lgullll
Sched lgullll
Pablo Guzmán
Sched lgu
Sched lgu
chupacabra123h
Wpi log
Wpi log
fernanda criollo
Play claw
Play claw
Nikolas Aguilera
TABridge Webinar: Communications Planning
TABridge Webinar: Communications Planning
Jed Miller
Kbs
Kbs
khovcheav
Volumen c final
Volumen c final
jhurtado2013
Recently added
Recently added
tommyglass
texas music
texas music
tommyglass
Loc
Loc
cuong030
Wpi log 2014.01.07_21.21.39
Wpi log 2014.01.07_21.21.39
Ever Pulse
Postage Cost analysis
Postage Cost analysis
Clive
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
Felipe Prado
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
Felipe Prado
Weitere ähnliche Inhalte
Ähnlich wie DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
Why Personal Clouds Need A Network
Why Personal Clouds Need A Network
Phil Wolff
Vid 00020 20120316-0350.3 gp
Vid 00020 20120316-0350.3 gp
Gina Paola Paez Gaviria
Viva
Viva
Danilo Martins
Música
Música
Danilo Martins
Avseq01.dat
Avseq01.dat
Ngoc Pham
Wpi log 2012.06.26_17.19.20
Wpi log 2012.06.26_17.19.20
HugoPaco
Purchased
Purchased
94240577
Wpi log 2014.10.18_18.42.26
Wpi log 2014.10.18_18.42.26
Roxana Manfer
Sched lgullll
Sched lgullll
Pablo Guzmán
Sched lgu
Sched lgu
chupacabra123h
Wpi log
Wpi log
fernanda criollo
Play claw
Play claw
Nikolas Aguilera
TABridge Webinar: Communications Planning
TABridge Webinar: Communications Planning
Jed Miller
Kbs
Kbs
khovcheav
Volumen c final
Volumen c final
jhurtado2013
Recently added
Recently added
tommyglass
texas music
texas music
tommyglass
Loc
Loc
cuong030
Wpi log 2014.01.07_21.21.39
Wpi log 2014.01.07_21.21.39
Ever Pulse
Postage Cost analysis
Postage Cost analysis
Clive
Ähnlich wie DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
(20)
Why Personal Clouds Need A Network
Why Personal Clouds Need A Network
Vid 00020 20120316-0350.3 gp
Vid 00020 20120316-0350.3 gp
Viva
Viva
Música
Música
Avseq01.dat
Avseq01.dat
Wpi log 2012.06.26_17.19.20
Wpi log 2012.06.26_17.19.20
Purchased
Purchased
Wpi log 2014.10.18_18.42.26
Wpi log 2014.10.18_18.42.26
Sched lgullll
Sched lgullll
Sched lgu
Sched lgu
Wpi log
Wpi log
Play claw
Play claw
TABridge Webinar: Communications Planning
TABridge Webinar: Communications Planning
Kbs
Kbs
Volumen c final
Volumen c final
Recently added
Recently added
texas music
texas music
Loc
Loc
Wpi log 2014.01.07_21.21.39
Wpi log 2014.01.07_21.21.39
Postage Cost analysis
Postage Cost analysis
Mehr von Felipe Prado
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
Felipe Prado
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
Felipe Prado
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
Felipe Prado
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
Felipe Prado
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
Felipe Prado
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
Felipe Prado
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
Felipe Prado
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
Felipe Prado
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
Felipe Prado
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
Felipe Prado
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
Felipe Prado
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
Felipe Prado
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
Felipe Prado
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
Felipe Prado
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
Felipe Prado
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
Felipe Prado
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
Felipe Prado
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
Felipe Prado
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
Felipe Prado
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Felipe Prado
Mehr von Felipe Prado
(20)
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Sean Metcalf - beyond the mcse red teaming active directory
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Bertin Bervis and James Jara - exploiting and attacking seismolo...
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Tamas Szakaly - help i got ants
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Ladar Levison - compelled decryption
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Clarence Chio - machine duping 101
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Chris Rock - how to overthrow a government
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Fitzpatrick and Grand - 101 ways to brick your hardware
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Rogan Dawes and Dominic White - universal serial aBUSe remote at...
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Jay Beale and Larry Pesce - phishing without frustration
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Gorenc Sands - hacker machine interface
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Allan Cecil and DwangoAC - tasbot the perfectionist
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rose and Ramsey - picking bluetooth low energy locks
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Rich Mogull - pragmatic cloud security
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Grant Bugher - Bypassing captive portals
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Patrick Wardle - 99 problems little snitch
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Plore - side -channel attacks on high security electronic safe l...
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Dinesh and Shetty - practical android application exploitation
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Klijnsma and Tentler - stargate pivoting through vnc
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - Antonio Joseph - fuzzing android devices
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Kürzlich hochgeladen
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
Kürzlich hochgeladen
(20)
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
DEF CON 24 - Six Volts and Haystack - cheap tools for hacking heavy trucks
1.
The$newest$version$of$this$slide$deck$and$other$ related$stuff$can$be$found$at$ http://truckhacking.github.io/
2.
Cheap$Tools$for$Hacking$ Heavy$Truck By#Haystack#and#Six#Volts
3.
What$we$are$going$to$talk$about • Heavy#Trucks:#similarities#and#differences#from#cars • R&D#Problems:#Trucks#are#expensive#and#the#workaround •
Networking#Protocols#and#Standards • Adventures#in#truck#hacking • New#Hardware#Tools
4.
Some$Quick$Notes • We#assume#that#you#are#familiar#with#basic#vehicle#networking# concepts#– e.g.#there#are#computers#in#cars#and#they#use#a#network •
We#also#assume#you#are#familiar#with#the#idea#that#you#can#do#bad# things#once#you#are#on#those#networks • We#are#leaving#out#LOTS#of#details#for#time#reasons • Check#out#our#github • Safety#Disclaimer:#Moving#vehicles#are#dangerous.#Do#not#fuzz#a#rental# vehicle#while#driving,#or#do#anything#else#stupid
5.
Trucks$vs.$Cars • “Trucks”#are#really#any#heavy#vehicle#including#but#not#limited#to# OverPtheProad#Semis,#Vocation#Trucks,#Fire#Engines,#Busses,#some# Armored#Personnel#Carriers,#Ambulances,#Armored#cars,#boats,#diesel# generators#and#agricultural#equipment.# • Exception:#Diesel#Pickup#Trucks#(these#act#more#like#cars) •
Nearly#all#heavy#vehicles#are#Diesel#engines. • Different#OnPboard#Diagnostic#and#Networking#Standards# (J1939/J1708) • RP1210#governs#workstationP>adapter#interface
6.
Truck$Economics • Many#components#from#different#manufacturers#are#interchangeable# (engine,#brakes,#etc) • Example:#Navistar/International#Truck#can#be#purchased#with#either#a# Cummins#or#International/Navistar#Engine#(and#Previously#CAT#also) •
This#means#that#products#from#different#manufacturers#have#to#be# interoperable • Many#trucks#operate#in#Fleets,#typically#as#homogenous#as#possible# • The#industry#is#incredibly#data#hungry,#lots#of#data#are#stored#and# transmitted • Data#hungry#industry#+#lots#of#miles#=#trucks#spend#(comparatively)# more#time#connected#to#diagnostic#computers
7.
Trucks$are$EXPENSIVE • A#new#Truck#can#cost#over#$100,000.#Ouch. • For#the#aspiring#hacker#P
They#are#big,#hard#to#store,#hard#to#drive#and# expensive#to#operate. • So#we#didn’t#have#one#(and#still#don’t)… • …so#how#do#we#experiment?#We#built#a#thing.
8.
TruckPInPAPBox,#Version#1.0
9.
TruckGInGAGBox$(TIB)$ • We#bought#an#ECM#(Engine#Control#Module)#and#built#the#electronics# around#it#such#that#it#functioned#enough#for#analysis#(KeyPon,#engine# off) • The#first#one#took#6+#months#and#cost#over#$10,000 •
However,#that’s#less#than#the#cost#of#a#truck • Since#then,#we’ve#built#over#a#dozen#of#these#fullPsize#versions# • Later,#we#compressed#the#concept#into#small#box#with#one#or#two# PCBs#that#hook#up#to#the#ECM#for#each#make/model
10.
TruckGInGAGBox$Concepts • Recreate#the#Vehicle#Networks,#J1939#(CAN),#J1708#(RS485Pish) • Fake#Passive#sensor#signals#(usually#just#a#set#voltage#or#resistance) •
Fake#Simple#Active#Signals#(PWM#for#Accelerator#Pedal) • Generate#Complex#Analog#Signals#(Vehicle#Speed)
11.
12.
13.
14.
Networking$Protocols$and$Standards • 2#main#protocols:#SAE#J1939#and#J1708 • J1708#is#the#old#one#(1985) •
Based#on#9600#baud#UART • J1587#operates#on#top#of#it#(transport#layer) • J1939#is#the#new#one#(?) • Physical#&#data#link#layers#are#250K#CAN • Addressing,#transport,#etc • ISO15765#also#used,#but#only#for#diagnostics#comms • (details#in#whitepaper)
15.
J1708$basics • 9600#baud#serial • Can#be#read#with#a#tty
with#a#little#work • Messages#are#time#delimited • MIDs#and#PIDs • Mostly#older#trucks#will#have#only#J1708 • Some#newer#ones#will#have#components#using#it • Also,#gliders • Data#link#escape#for#proprietary#comms (PID#0xFE) • Message#fragmentation#&#reliable#delivery#(J1587)
16.
J1939$Basics • 250k#CAN#(500k#in#the#nearPish future) •
Extended#CAN#ID#broken#into#source,#(maybe)#destination,#etc • Address#management,#transport,#message#fragmentation • There’s#a#bajillion#different#J1939#standards • Also#a#PGN#or#two#reserved#for#proprietary#comms
17.
VDA$basics • Vehicle#diagnostics#adapters • Similar#in#purpose#to#OBDPII#scan#tools •
Basically#USB/Serial/Ethernet#P>#J1939/J1708#brid • Governs#functions#exposed#by#vehicle#diagnostic#adapters#(VDAs) • Best#VDAs#for#RE#are#Dearborn#Group#DPA • Robust#logging#facilities#allow#for#easy#dynamic#analysis • For#now;#we#want#to#write#a#RP1210#driver#for…
18.
Truck$Hacking$Tools:$Truck$Duck • Cape#for#a#BeagleBone • Hardware#for#CAN#and#J1708 •
2#of#each#for#potential#filtering/modification#purposes • We#also#have#a#software#stack#for#doing#comms • J1939#kernel#extensions#(plus#J1939Penabled#Python#build) • Homegrown#J1708#implementation#using#AM335x#PRU#(it#is#ugly)
19.
20.
Adventures$in$Truck$Hacking
21.
Screwing$with$engine$parameters$ • Most#engine#parameter#configuration#is#done#over#proprietary# protocol#extensions • Pretty#easy#to#reverse •
Most#OEM#software#is#unPobfuscated#.NET#linked#to#some#legacy#C • We#super#promised#not#to#give#too many#specifics • Demonstration#of#what#is#possible#with#TruckDuck
22.
Engine$parameter$modification$demo • <demo#goes#here>
23.
ECM$impersonation • Useful#for#reversing#proprietary#comms parameters •
(details#later)
24.
Bad$Crypto$A$Go$Go • (disclosed#at#con)
25.
• More#demos#to#come#probably!
26.
Heads$up: There#is#a#ton#of#related#material#on#our#github including#a#white#paper,#schematics,#assembly# instructions,#code,#and#embedded#OS#image. truckhacking.github.io
Jetzt herunterladen