Craig Smith - The Car Hacker’s Handbook

The Car Hackers Handbook describes, in meticulous detail, how your cars components talk both to one another and to diagnosticiansoutlining all the ways good and bad guys can modify or attack the systems.

The Wall Street Journal

The Car Hackers Handbook, a guide on how to reverse engineer, exploit, and modify any kind of embedded system; cars are just the example. Craig presents this in a way that is eminently comprehensible and spends enough time reinforcing the idea of hacking a car safely, legally, and ethically. Its a great read, an excellent introduction to fiddling with embedded bits, and truly owning the devices youve already purchased.

Brian Benchoff, Hackaday

Smith has done a marvelous job of providing a practical introduction to the world of vehicle systems and the tools used to interact with them for both benign and malicious purposes. Definitely a recommended read.

Richard Austin, IEEE Cipher

The Car Hackers Handbook is a comprehensive guide to reverse-engineering and understanding the digital control systems in a modern vehicle. This book is a wake-up call to automakers, legislators, and regulators, announcing the fact that technology enthusiasts can and will continue to fiddle with their cars. The bar for automotive software quality just got raised.

Jeff Zurschmeide, Digital Trends

By turns funny, scary, and intriguing, The Car Hackers Handbook is a practical guide for tinkerers and a fantastic overview for people who want to know whats going on when they strap themselves into a multi-ton, high-speed computer.

Cory Doctorow, Boing Boing

A Guide for the Penetration Tester

Craig Smith

San Francisco

THE CAR HACKERS HANDBOOK. Copyright 2016 by Craig Smith.

All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.

Ninth printing

26 25 24 23 22 9 10 11 12 13

ISBN-10: 1-59327-703-2
ISBN-13: 978-1-59327-703-1

Publisher: William Pollock
Production Editor: Laurel Chun
Cover Illustration: Garry Booth
Interior Design: Octopod Studios
Developmental Editors: Liz Chadwick and William Pollock
Technical Reviewer: Eric Evenchick
Copyeditor: Julianne Jigour
Compositor: Laurel Chun
Proofreader: James Fraleigh
Indexer: BIM Indexing & Proofreading Services

The following code and images are reproduced with permission: Collin Kidder and EVTV Motor Werks.

For information on distribution, bulk sales, corporate sales, or translations, please contact No Starch Press, Inc. directly at or:

No Starch Press, Inc.
245 8th Street, San Francisco, CA 94103
phone: 1.415.863.9900;
www.nostarch.com

Library of Congress Cataloging-in-Publication Data

Names: Smith, Craig (Reverse engineer), author.
Title: The car hacker's handbook: a guide for the penetration tester / by Craig Smith.
Description: San Francisco : No Starch Press, [2016] | Includes index.
Identifiers: LCCN 2015038297| ISBN 9781593277031 | ISBN 1593277032
Subjects: LCSH: Automotive computers--Security measures--Handbooks, manuals,
etc. | Automobiles--Performance--Handbooks, manuals, etc. |
Automobiles--Customizing--Handbooks, manuals, etc. | Penetration testing
(Computer security)--Handbooks, manuals, etc. |
Automobiles--Vandalism--Prevention--Handbooks, manuals, etc.
Classification: LCC TL272.53 .S65 2016 | DDC 629.2/72--dc23
LC record available at http://lccn.loc.gov/2015038297

No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.

The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.

Craig Smith () runs Theia Labs, a security research firm that focuses on security auditing and building hardware and software prototypes. He is also one of the founders of the Hive13 Hackerspace and Open Garages (@OpenGarages). He has worked for several auto manufacturers, where he provided public research on vehicle security and tools. His specialties are reverse engineering and penetration testing. This book is largely a product of Open Garages and Craigs desire to get people up to speed on auditing their vehicles.

Dave Blundell () works in product development, teaches classes, and provides support for Moates.net, a small company specializing in pre-OBD ECU modification tools. He has worked in the aftermarket engine management sphere for the past few years, doing everything from reverse engineering to dyno tuning cars. He also does aftermarket vehicle calibration on a freelance basis.

Eric Evenchick is an embedded systems developer with a focus on security and automotive systems. While studying electrical engineering at the University of Waterloo, he worked with the University of Waterloo Alternative Fuels Team to design and build a hydrogen electric vehicle for the EcoCAR Advanced Vehicle Technology Competition. Currently, he is a vehicle security architect for Faraday Future and a contributor to Hackaday. He does not own a car.

UNDERSTANDING THREAT MODELS

BUS PROTOCOLS

VEHICLE COMMUNICATION WITH SOCKETCAN

DIAGNOSTICS AND LOGGING

REVERSE ENGINEERING THE CAN BUS

ECU HACKING

BUILDING AND USING ECU TEST BENCHES

ATTACKING ECUS AND OTHER EMBEDDED SYSTEMS

IN-VEHICLE INFOTAINMENT SYSTEMS

VEHICLE-TO-VEHICLE COMMUNICATION

WEAPONIZING CAN FINDINGS

ATTACKING WIRELESS SYSTEMS WITH SDR

PERFORMANCE TUNING

A
TOOLS OF THE TRADE

B
DIAGNOSTIC CODE MODES AND PIDS

C
CREATING YOUR OWN OPEN GARAGE

The world needs more hackers, and the world definitely needs more car hackers. Vehicle technology is trending toward more complexity and more connectivity. Combined, these trends will require a greater focus on automotive security and more talented individuals to provide this focus.