09529nam 2200697 450 991082242300332120210210005334.01-4571-9884-31-59327-770-9(CKB)3710000000635267(SSID)ssj0001639574(PQKBManifestationID)16398485(PQKBTitleCode)TC0001639574(PQKBWorkID)14823249(PQKB)10300257(MiAaPQ)EBC4503176(WaSeSS)IndRDA00088945(MiAaPQ)EBC6050853(Au-PeEL)EBL6050853(OCoLC)945554862(CaSebORM)9781457198847(EXLCZ)99371000000063526720170511h20162016 uy 0engurcnu||||||||txtccrThe car hacker's handbook a guide for the penetration tester /by Craig Smith1st editionSan Francisco, [California] :No Starch Press,2016.©20161 online resource (306 pages) illustrationsIncludes index.1-59327-703-2 Includes bibliographical references and index.Intro -- Title Page -- Copyright Page -- About the Author -- About the Contributing Author -- About the Technical Reviewer -- Brief Contents -- Contents in Detail -- Foreword by Chris Evans -- Acknowledgments -- Introduction -- Why Car Hacking Is Good for All of Us -- What's in This Book -- Chapter 1: Understanding Threat Models -- Finding Attack Surfaces -- Threat Modeling -- Level 0: Bird's-Eye View -- Level 1: Receivers -- Level 2: Receiver Breakdown -- Threat Identification -- Level 0: Bird's-Eye View -- Level 1: Receivers -- Level 2: Receiver Breakdown -- Threat Rating Systems -- The DREAD Rating System -- CVSS: An Alternative to DREAD -- Working with Threat Model Results -- Summary -- Chapter 2: Bus Protocols -- The CAN Bus -- The OBD-II Connector -- Finding CAN Connections -- CAN Bus Packet Layout -- The ISO-TP Protocol -- The CANopen Protocol -- The GMLAN Bus -- The SAE J1850 Protocol -- The PWM Protocol -- The VPW Protocol -- The Keyword Protocol and ISO 9141-2 -- The Local Interconnect Network Protocol -- The MOST Protocol -- MOST Network Layers -- MOST Control Blocks -- Hacking MOST -- The FlexRay Bus -- Hardware -- Network Topology -- Implementation -- FlexRay Cycles -- Packet Layout -- Sniffing a FlexRay Network -- Automotive Ethernet -- OBD-II Connector Pinout Maps -- The OBD-III Standard -- Summary -- Chapter 3: Vehicle Communication With SocketCAN -- Setting Up can-utils to Connect to CAN Devices -- Installing can-utils -- Configuring Built-In Chipsets -- Configuring Serial CAN Devices -- Setting Up a Virtual CAN Network -- The CAN Utilities Suite -- Installing Additional Kernel Modules -- The can-isotp.ko Module -- Coding SocketCAN Applications -- Connecting to the CAN Socket -- Setting Up the CAN Frame -- The Procfs Interface -- The Socketcand Daemon -- Kayak -- Summary -- Chapter 4: Diagnostics and Logging.Diagnostic Trouble Codes -- DTC Format -- Reading DTCs with Scan Tools -- Erasing DTCs -- Unified Diagnostic Services -- Sending Data with ISO-TP and CAN -- Understanding Modes and PIDs -- Brute-Forcing Diagnostic Modes -- Keeping a Vehicle in a Diagnostic State -- Event Data Recorder Logging -- Reading Data from the EDR -- The SAE J1698 Standard -- Other Data Retrieval Practices -- Automated Crash Notification Systems -- Malicious Intent -- Summary -- Chapter 5: Reverse Engineering the CAN Bus -- Locating the CAN Bus -- Reversing CAN Bus Communications with can-utils and Wireshark -- Using Wireshark -- Using candump -- Grouping Streamed Data from the CAN Bus -- Using Record and Playback -- Creative Packet Analysis -- Getting the Tachometer Reading -- Creating Background Noise with the Instrument Cluster Simulator -- Setting Up the ICSim -- Reading CAN Bus Traffic on the ICSim -- Changing the Difficulty of ICSim -- Reversing the CAN Bus with OpenXC -- Translating CAN Bus Messages -- Writing to the CAN Bus -- Hacking OpenXC -- Fuzzing the CAN Bus -- Troubleshooting When Things Go Wrong -- Summary -- Chapter 6: ECU Hacking -- Front Door Attacks -- J2534: The Standardized Vehicle Communication API -- Using J2534 Tools -- KWP2000 and Other Earlier Protocols -- Capitalizing on Front Door Approaches: Seed-Key Algorithms -- Backdoor Attacks -- Exploits -- Reversing Automotive Firmware -- Self-Diagnostic System -- Library Procedures -- Comparing Bytes to Identify Parameters -- Identifying ROM Data with WinOLS -- Code Analysis -- A Plain Disassembler at Work -- Interactive Disassemblers -- Summary -- Chapter 7: Building and Using ECU Test Benches -- The Basic ECU Test Bench -- Finding an ECU -- Dissecting the ECU Wiring -- Wiring Things Up -- Building a More Advanced Test Bench -- Simulating Sensor Signals -- Hall Effect Sensors -- Simulating Vehicle Speed.Summary -- Chapter 8: Attacking ECUS And Other Embedded Systems -- Analyzing Circuit Boards -- Identifying Model Numbers -- Dissecting and Identifying a Chip -- Debugging Hardware with JTAG and Serial Wire Debug -- JTAG -- Serial Wire Debug -- The Advanced User Debugger -- Nexus -- Side-Channel Analysis with the ChipWhisperer -- Installing the Software -- Prepping the Victim Board -- Brute-Forcing Secure Boot Loaders in Power-Analysis Attacks -- Prepping Your Test with AVRDUDESS -- Setting Up the ChipWhisperer for Serial Communications -- Setting a Custom Password -- Resetting the AVR -- Setting Up the ChipWhisperer ADC -- Monitoring Power Usage on Password Entry -- Scripting the ChipWhisperer with Python -- Fault Injection -- Clock Glitching -- Setting a Trigger Line -- Power Glitching -- Invasive Fault Injection -- Summary -- Chapter 9: In-Vehicle Infotainment Systems -- Attack Surfaces -- Attacking Through the Update System -- Identifying Your System -- Determining the Update File Type -- Modifying the System -- Apps and Plugins -- Identifying Vulnerabilities -- Attacking the IVI Hardware -- Dissecting the IVI Unit's Connections -- Disassembling the IVI Unit -- Infotainment Test Benches -- GENIVI Meta-IVI -- Automotive Grade Linux -- Acquiring an OEM IVI for Testing -- Summary -- Chapter 10: Vehicle-to-Vehicle Communication -- Methods of V2V Communication -- The DSRC Protocol -- Features and Uses -- Roadside DSRC Systems -- WAVE Standard -- Tracking Vehicles with DSRC -- Security Concerns -- PKI-Based Security Measures -- Vehicle Certificates -- Anonymous Certificates -- Certificate Provisioning -- Updating the Certificate Revocation List -- Misbehavior Reports -- Summary -- Chapter 11: Weaponizing CAN Findings -- Writing the Exploit in C -- Converting to Assembly Code -- Converting Assembly to Shellcode -- Removing NULLs.Creating a Metasploit Payload -- Determining Your Target Make -- Interactive Probing -- Passive CAN Bus Fingerprinting -- Responsible Exploitation -- Summary -- Chapter 12: Attacking Wireless Systems with SDR -- Wireless Systems and SDR -- Signal Modulation -- Hacking with TPMS -- Eavesdropping with a Radio Receiver -- TPMS Packets -- Activating a Signal -- Tracking a Vehicle -- Event Triggering -- Sending Forged Packets -- Attacking Key Fobs and Immobilizers -- Key Fob Hacks -- Attacking a PKES System -- Immobilizer Cryptography -- Physical Attacks on the Immobilizer System -- Flashback: Hotwiring -- Summary -- Chapter 13: Performance Tuning -- Performance Tuning Trade-Offs -- ECU Tuning -- Chip Tuning -- Flash Tuning -- Stand-Alone Engine Management -- Summary -- Appendix A: Tools of the Trade -- Hardware -- Lower-End CAN Devices -- Higher-End CAN Devices -- Software -- Wireshark -- PyOBD Module -- Linux Tools -- CANiBUS Server -- Kayak -- SavvyCAN -- O2OO Data Logger -- Caring Caribou -- c0f Fingerprinting Tool -- UDSim ECU Simulator -- Octane CAN Bus Sniffer -- AVRDUDESS GUI -- RomRaider ECU Tuner -- Komodo CAN Bus Sniffer -- Vehicle Spy -- Appendix B: Diagnostic Code Modes and PIDs -- Modes Above 0x10 -- Useful PIDs -- Appendix C: Creating Your Own Open Garage -- Filling Out the Character Sheet -- When to Meet -- Affiliations and Private Memberships -- Defining Your Meeting Space -- Contact Information -- Initial Managing Officers -- Equipment -- Abbreviations -- Index -- Footnotes -- Chapter 10: Vehicle-to-Vehicle Communication -- Chapter 12: Attacking Wireless Systems with SDR.The Car Hacker's Handbook shows how to identify vulnerabilities in modern automotive vehicles.Automotive computersSecurity measuresHandbooks, manuals, etcAutomobilesPerformanceHandbooks, manuals, etcAutomobilesCustomizingHandbooks, manuals, etcPenetration testing (Computer security)Handbooks, manuals, etcAutomobilesVandalismPreventionHandbooks, manuals, etcAutomotive computersSecurity measuresAutomobilesPerformanceAutomobilesCustomizingPenetration testing (Computer security)AutomobilesVandalismPrevention629.2/72Smith Craig(Reverse engineer),1687188EbscoHost (Servicio en línea)MiAaPQMiAaPQMiAaPQBOOK9910822423003321The car hacker's handbook4060476UNINA