Title THE CAR HACKER HAND BOOK.pdf ✅

THE FINEST IN GEEK ENTERTAINMENTTM www.nostarch.com Smith The Car Hacker’s Handbook The Car Hacker’s Handbook A Guide for the Penetration Tester “I LIE FLAT.” This book uses a durable binding that won’t snap shut. $49.95 ($57.95 CDN) Shelve In: Computers/Security Craig Smith Foreword by Chris Evans A Guide for the Penetration Tester Modern cars are more computerized than ever. Infotainment and navigation systems, Wi-Fi, automatic software updates, and other inno- vations aim to make driving more convenient. But vehicle technologies haven’t kept pace with today’s more hostile security environ- ment, leaving millions vulnerable to attack. The Car Hacker’s Handbook will give you a deeper understanding of the computer sys- tems and embedded software in modern vehicles. It begins by examining vulner- abilities and providing detailed explanations of communications over the CAN bus and between devices and systems. Then, once you have an understanding of a vehicle’s communication network, you’ll learn how to intercept data and perform specific hacks to track vehicles, unlock doors, glitch engines, flood communication, and more. With a focus on low-cost, open source hacking tools such as Metasploit, Wireshark, Kayak, can-utils, and ChipWhisperer, The Car Hacker’s Handbook will show you how to: Build an accurate threat model for your vehicle Reverse engineer the CAN bus to fake engine signals Exploit vulnerabilities in diagnostic and data-logging systems Hack the ECU and other firmware and embedded systems Feed exploits through infotainment and vehicle-to-vehicle communication systems Override factory settings with performance- tuning techniques Build physical and virtual test benches to try out exploits safely If you’re curious about automotive security and have the urge to hack a two-ton com- puter, make The Car Hacker’s Handbook your first stop. About the Author Craig Smith runs Theia Labs, a research firm that focuses on security auditing and build- ing hardware and software prototypes. He has worked for several auto manufacturers and provided them with his public research. He is also a founder of the Hive13 hackerspace and OpenGarages.org. Craig is a frequent speaker on car hacking and has run workshops at RSA, DEF CON, and other major security conferences. “We’re all safer when the systems we depend upon are inspectable, auditable, and documented— and this definitely includes cars.”—Chris Evans, hacker and founder of Project Zero
The Car Hacker’s Handbook

T H E C A R H A C K E R ’ S HANDBOOK A G u i d e f o r t h e Penetration Tester by Craig Smith San Francisco
The Car Hacker's handbook. Copyright © 2016 by Craig Smith. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 20 19 18 17 16 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-703-2 ISBN-13: 978-1-59327-703-1 Publisher: William Pollock Production Editor: Laurel Chun Cover Illustration: Garry Booth Interior Design: Octopod Studios Developmental Editors: Liz Chadwick and William Pollock Technical Reviewer: Eric Evenchick Copyeditor: Julianne Jigour Compositor: Laurel Chun Proofreader: James Fraleigh Indexer: BIM Indexing & Proofreading Services The following code and images are reproduced with permission: Figures 5-3 and 5-7 © Jan-Niklas Meier; Figures 6-17 and 6-18 © Matt Wallace; Figures 8-6, 8-7, 8-8, and 8-20 © NewAE Technology Inc.; Brute-forcing keypad entry code on pages 228–230 © Peter Boothe; Figures 13-3 and A-6 © Jared Gould and Paul Brunckhorst; Figures A-1 and A-2 © SECONS Ltd., http://www.obdtester.com/pyobd/; Figure A-4 © Collin Kidder and EVTV Motor Werks. For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; [email protected] www.nostarch.com Library of Congress Cataloging-in-Publication Data Names: Smith, Craig (Reverse engineer), author. Title: The car hacker's handbook: a guide for the penetration tester / by Craig Smith. Description: San Francisco : No Starch Press, [2016] | Includes index. Identifiers: LCCN 2015038297| ISBN 9781593277031 | ISBN 1593277032 Subjects: LCSH: Automotive computers--Security measures--Handbooks, manuals, etc. | Automobiles--Performance--Handbooks, manuals, etc. | Automobiles--Customizing--Handbooks, manuals, etc. | Penetration testing (Computer security)--Handbooks, manuals, etc. | Automobiles--Vandalism--Prevention--Handbooks, manuals, etc. Classification: LCC TL272.53 .S65 2016 | DDC 629.2/72--dc23 LC record available at http://lccn.loc.gov/2015038297 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it.