HVOC_2023

Spring 2023 Iowa State University Ag Engr 590 Course on "Hacking Vehicle On-board Communications"

Welcome & Setup

FICAA

Used in every lab this semester: FICAA

Use

Each week students:

1. Login to Azure Lab Services and make sure their VM is started.
2. Log into their VM using their xclient.

3. Prepare their environment by pulling the most recent lab content:

   $ git pull

modprobe: FATAL

It seems from time-to-time our Linux kernel 'forgets' the socketCAN module...

To recover:

$ sudo apt-get install -y linux-modules-extra-$(uname -r)

Schedule

Resources

Below are various resources that will be useful during the semester.

Getting Started

1. J1939 Data from Colorado State: https://www.engr.colostate.edu/~jdaily/J1939/candata.html
2. How to Setup a Virtual CAN Interface: https://www.youtube.com/watch?v=iUgaoTJiO70
3. CAN FD Support in Virtual CAN (vcan) in SocketCAN: https://stackoverflow.com/questions/36568167/can-fd-support-for-virtual-can-vcan-on-socketcan
4. [advanced] Using C with SocketCAN: https://www.can-cia.org/fileadmin/resources/documents/proceedings/2012_kleine-budde.pdf
5. [advanced] The Linux Kernel and SocketCAN https://docs.kernel.org/networking/can.html

Case Study in Reverse Engineering an ECU

1. Hacking a VW Golf Power Steering ECU: https://blog.willemmelching.nl/carhacking/2022/01/02/vw-part1/

This four-part blog is a tremendous resource for those wanting to learn about reverse engineering an ECU. Why it is interesting...

Even though the (steering) rack was introduced back in 2008, support for Lane Keep Assist (LKAS) or Heading Control Assist (HCA) in VW terminology, is already present. This makes it possible to use this car with openpilot, an open source driver assistance system

Attack History

1. Wired: Jeep Hack I https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
2. Wired: Jeep Hack II https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/
3. Wired: Univ of Mich Grad Students Homework: https://www.wired.com/2016/08/researchers-hack-big-rig-truck-hijack-accelerator-brakes/
4. Video of Univ of Mich Grad Students: https://www.youtube.com/watch?v=kG91j2JL7F0
5. Python supply chain issue in the news: https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/
6. Sam Curry: attacking multiple OEM fleets via telematics. https://twitter.com/samwcyo/status/1597792097175674880
7. Sam Curry: another attack (03 JAN 2023) https://samcurry.net/web-hackers-vs-the-auto-industry/
8. VM reused 'master' keys for 20 years: https://www.theregister.com/2016/08/11/car_lock_hack/
9. [attack?] Internet search: tractor engine tuner.
10. CAN Injection: Keyless Car Theft; Ken Tindell: https://kentindell.github.io/2023/04/03/can-injection/

Defense

1. NHTSA "Cybersecurity Best Practices for the Safety of Modern Vehicles": https://www.nhtsa.gov/sites/nhtsa.gov/files/2022-09/cybersecurity-best-practices-safety-modern-vehicles-2022-tag.pdf

Books

If you want to buy a book(s) for the course

1. "Serious Cryptography", Jean-Philippe Aumasson. No Starch Press. ISBN-13 978-1593278267.
2. "The Car Hacker's Handbook", Craig Smith. No Starch Press. ISBN-13 978-1593277031.

---

Really good textbooks

1. "Understanding Cryptography", Christof Paar. Springer. ISBN-13 978-3642041006.
2. "Cryptography Engineering", Niels Ferguson, Bruce Schneier, Tadayoshi Kohno. Wiley. ISBN-13 978-0470474242.
3. "Security Engineering", Ross Anderson. Wiley. ISBN-13 978-1119642787.

---

Popular press

1. "The Code Book", Simon Singh. Anchor. ISBN-13 978-0385495325.

Papers

See 'papers' directory

Advanced

1. Working with OpenECU: https://pisnoop.s3.amazonaws.com/snoop_help_getting_started.htm