LEADER 09529nam 2200697 450 001 9910822423003321 005 20210210005334.0 010 $a1-4571-9884-3 010 $a1-59327-770-9 035 $a(CKB)3710000000635267 035 $a(SSID)ssj0001639574 035 $a(PQKBManifestationID)16398485 035 $a(PQKBTitleCode)TC0001639574 035 $a(PQKBWorkID)14823249 035 $a(PQKB)10300257 035 $a(MiAaPQ)EBC4503176 035 $a(WaSeSS)IndRDA00088945 035 $a(MiAaPQ)EBC6050853 035 $a(Au-PeEL)EBL6050853 035 $a(OCoLC)945554862 035 $a(CaSebORM)9781457198847 035 $a(EXLCZ)993710000000635267 100 $a20170511h20162016 uy 0 101 0 $aeng 135 $aurcnu|||||||| 181 $ctxt 182 $cc 183 $acr 200 14$aThe car hacker's handbook $ea guide for the penetration tester /$fby Craig Smith 205 $a1st edition 210 1$aSan Francisco, [California] :$cNo Starch Press,$d2016. 210 4$d©2016 215 $a1 online resource (306 pages) $cillustrations 300 $aIncludes index. 311 $a1-59327-703-2 320 $aIncludes bibliographical references and index. 327 $aIntro -- Title Page -- Copyright Page -- About the Author -- About the Contributing Author -- About the Technical Reviewer -- Brief Contents -- Contents in Detail -- Foreword by Chris Evans -- Acknowledgments -- Introduction -- Why Car Hacking Is Good for All of Us -- What's in This Book -- Chapter 1: Understanding Threat Models -- Finding Attack Surfaces -- Threat Modeling -- Level 0: Bird's-Eye View -- Level 1: Receivers -- Level 2: Receiver Breakdown -- Threat Identification -- Level 0: Bird's-Eye View -- Level 1: Receivers -- Level 2: Receiver Breakdown -- Threat Rating Systems -- The DREAD Rating System -- CVSS: An Alternative to DREAD -- Working with Threat Model Results -- Summary -- Chapter 2: Bus Protocols -- The CAN Bus -- The OBD-II Connector -- Finding CAN Connections -- CAN Bus Packet Layout -- The ISO-TP Protocol -- The CANopen Protocol -- The GMLAN Bus -- The SAE J1850 Protocol -- The PWM Protocol -- The VPW Protocol -- The Keyword Protocol and ISO 9141-2 -- The Local Interconnect Network Protocol -- The MOST Protocol -- MOST Network Layers -- MOST Control Blocks -- Hacking MOST -- The FlexRay Bus -- Hardware -- Network Topology -- Implementation -- FlexRay Cycles -- Packet Layout -- Sniffing a FlexRay Network -- Automotive Ethernet -- OBD-II Connector Pinout Maps -- The OBD-III Standard -- Summary -- Chapter 3: Vehicle Communication With SocketCAN -- Setting Up can-utils to Connect to CAN Devices -- Installing can-utils -- Configuring Built-In Chipsets -- Configuring Serial CAN Devices -- Setting Up a Virtual CAN Network -- The CAN Utilities Suite -- Installing Additional Kernel Modules -- The can-isotp.ko Module -- Coding SocketCAN Applications -- Connecting to the CAN Socket -- Setting Up the CAN Frame -- The Procfs Interface -- The Socketcand Daemon -- Kayak -- Summary -- Chapter 4: Diagnostics and Logging. 327 $aDiagnostic Trouble Codes -- DTC Format -- Reading DTCs with Scan Tools -- Erasing DTCs -- Unified Diagnostic Services -- Sending Data with ISO-TP and CAN -- Understanding Modes and PIDs -- Brute-Forcing Diagnostic Modes -- Keeping a Vehicle in a Diagnostic State -- Event Data Recorder Logging -- Reading Data from the EDR -- The SAE J1698 Standard -- Other Data Retrieval Practices -- Automated Crash Notification Systems -- Malicious Intent -- Summary -- Chapter 5: Reverse Engineering the CAN Bus -- Locating the CAN Bus -- Reversing CAN Bus Communications with can-utils and Wireshark -- Using Wireshark -- Using candump -- Grouping Streamed Data from the CAN Bus -- Using Record and Playback -- Creative Packet Analysis -- Getting the Tachometer Reading -- Creating Background Noise with the Instrument Cluster Simulator -- Setting Up the ICSim -- Reading CAN Bus Traffic on the ICSim -- Changing the Difficulty of ICSim -- Reversing the CAN Bus with OpenXC -- Translating CAN Bus Messages -- Writing to the CAN Bus -- Hacking OpenXC -- Fuzzing the CAN Bus -- Troubleshooting When Things Go Wrong -- Summary -- Chapter 6: ECU Hacking -- Front Door Attacks -- J2534: The Standardized Vehicle Communication API -- Using J2534 Tools -- KWP2000 and Other Earlier Protocols -- Capitalizing on Front Door Approaches: Seed-Key Algorithms -- Backdoor Attacks -- Exploits -- Reversing Automotive Firmware -- Self-Diagnostic System -- Library Procedures -- Comparing Bytes to Identify Parameters -- Identifying ROM Data with WinOLS -- Code Analysis -- A Plain Disassembler at Work -- Interactive Disassemblers -- Summary -- Chapter 7: Building and Using ECU Test Benches -- The Basic ECU Test Bench -- Finding an ECU -- Dissecting the ECU Wiring -- Wiring Things Up -- Building a More Advanced Test Bench -- Simulating Sensor Signals -- Hall Effect Sensors -- Simulating Vehicle Speed. 327 $aSummary -- Chapter 8: Attacking ECUS And Other Embedded Systems -- Analyzing Circuit Boards -- Identifying Model Numbers -- Dissecting and Identifying a Chip -- Debugging Hardware with JTAG and Serial Wire Debug -- JTAG -- Serial Wire Debug -- The Advanced User Debugger -- Nexus -- Side-Channel Analysis with the ChipWhisperer -- Installing the Software -- Prepping the Victim Board -- Brute-Forcing Secure Boot Loaders in Power-Analysis Attacks -- Prepping Your Test with AVRDUDESS -- Setting Up the ChipWhisperer for Serial Communications -- Setting a Custom Password -- Resetting the AVR -- Setting Up the ChipWhisperer ADC -- Monitoring Power Usage on Password Entry -- Scripting the ChipWhisperer with Python -- Fault Injection -- Clock Glitching -- Setting a Trigger Line -- Power Glitching -- Invasive Fault Injection -- Summary -- Chapter 9: In-Vehicle Infotainment Systems -- Attack Surfaces -- Attacking Through the Update System -- Identifying Your System -- Determining the Update File Type -- Modifying the System -- Apps and Plugins -- Identifying Vulnerabilities -- Attacking the IVI Hardware -- Dissecting the IVI Unit's Connections -- Disassembling the IVI Unit -- Infotainment Test Benches -- GENIVI Meta-IVI -- Automotive Grade Linux -- Acquiring an OEM IVI for Testing -- Summary -- Chapter 10: Vehicle-to-Vehicle Communication -- Methods of V2V Communication -- The DSRC Protocol -- Features and Uses -- Roadside DSRC Systems -- WAVE Standard -- Tracking Vehicles with DSRC -- Security Concerns -- PKI-Based Security Measures -- Vehicle Certificates -- Anonymous Certificates -- Certificate Provisioning -- Updating the Certificate Revocation List -- Misbehavior Reports -- Summary -- Chapter 11: Weaponizing CAN Findings -- Writing the Exploit in C -- Converting to Assembly Code -- Converting Assembly to Shellcode -- Removing NULLs. 327 $aCreating a Metasploit Payload -- Determining Your Target Make -- Interactive Probing -- Passive CAN Bus Fingerprinting -- Responsible Exploitation -- Summary -- Chapter 12: Attacking Wireless Systems with SDR -- Wireless Systems and SDR -- Signal Modulation -- Hacking with TPMS -- Eavesdropping with a Radio Receiver -- TPMS Packets -- Activating a Signal -- Tracking a Vehicle -- Event Triggering -- Sending Forged Packets -- Attacking Key Fobs and Immobilizers -- Key Fob Hacks -- Attacking a PKES System -- Immobilizer Cryptography -- Physical Attacks on the Immobilizer System -- Flashback: Hotwiring -- Summary -- Chapter 13: Performance Tuning -- Performance Tuning Trade-Offs -- ECU Tuning -- Chip Tuning -- Flash Tuning -- Stand-Alone Engine Management -- Summary -- Appendix A: Tools of the Trade -- Hardware -- Lower-End CAN Devices -- Higher-End CAN Devices -- Software -- Wireshark -- PyOBD Module -- Linux Tools -- CANiBUS Server -- Kayak -- SavvyCAN -- O2OO Data Logger -- Caring Caribou -- c0f Fingerprinting Tool -- UDSim ECU Simulator -- Octane CAN Bus Sniffer -- AVRDUDESS GUI -- RomRaider ECU Tuner -- Komodo CAN Bus Sniffer -- Vehicle Spy -- Appendix B: Diagnostic Code Modes and PIDs -- Modes Above 0x10 -- Useful PIDs -- Appendix C: Creating Your Own Open Garage -- Filling Out the Character Sheet -- When to Meet -- Affiliations and Private Memberships -- Defining Your Meeting Space -- Contact Information -- Initial Managing Officers -- Equipment -- Abbreviations -- Index -- Footnotes -- Chapter 10: Vehicle-to-Vehicle Communication -- Chapter 12: Attacking Wireless Systems with SDR. 330 $aThe Car Hacker's Handbook shows how to identify vulnerabilities in modern automotive vehicles. 606 $aAutomotive computers$xSecurity measures$vHandbooks, manuals, etc 606 $aAutomobiles$xPerformance$vHandbooks, manuals, etc 606 $aAutomobiles$xCustomizing$vHandbooks, manuals, etc 606 $aPenetration testing (Computer security)$vHandbooks, manuals, etc 606 $aAutomobiles$xVandalism$xPrevention$vHandbooks, manuals, etc 615 0$aAutomotive computers$xSecurity measures 615 0$aAutomobiles$xPerformance 615 0$aAutomobiles$xCustomizing 615 0$aPenetration testing (Computer security) 615 0$aAutomobiles$xVandalism$xPrevention 676 $a629.2/72 700 $aSmith$b Craig$c(Reverse engineer),$01687188 712 02$aEbscoHost (Servicio en línea) 801 0$bMiAaPQ 801 1$bMiAaPQ 801 2$bMiAaPQ 906 $aBOOK 912 $a9910822423003321 996 $aThe car hacker's handbook$94060476 997 $aUNINA