Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

VDA Shenanigans: Attacking and Defending Vehicle Diagnostics Adapters

DEFCONConference via YouTube

Overview

Learn how to attack and defend Vehicle Diagnostics Adapters (VDAs) in this DEF CON 31 security talk that explores hardware reverse engineering, firmware analysis, and automotive cybersecurity. Dive into the technical process of enumerating components, accessing UART interfaces, extracting and modifying firmware, and understanding update procedures for VDA devices commonly left behind in vehicles. Master defensive techniques including Autotomic Binary Reduction (ABR), RTOS firmware reverse engineering, and feature entry point identification. Explore real-world applications through the Cyber Truck Challenge workshop using OFRAK and VDA, while examining DC30 CHV CTF challenges. Gain practical insights into both offensive and defensive aspects of automotive security, with a focus on protecting these often overlooked vehicle components.

Syllabus

Shenanigans We Will Cover
What is a Vehicle Diagnostics Adapter (VDA)?
Attacker Plan
Reverse Hardware: Enumerate Components
Reverse Hardware: UART Time!
Obtain Firmware: UART Time!
Obtain Firmware, Reverse Format
Reverse Firmware Update
Super Complicated Update Procedure
Modify Firmware: Earth, Wind & Coldfire
Why is this a problem? (hypothetically)
Defender Problem
Defender Goal
Autotomic Binary Reduction (ABR)
Reverse Engineer Firmware - RTOS
Identify Feature Entry Points
ABR: Identify code & data to remove, and remove!
Defender Reflections
Cyber Truck Challenge -2-Hour Workshop using OFRAK and VDA
DC30 CHV CTF Challenges
Shenanigans We Covered

Taught by

DEFCONConference

Reviews

Start your review of VDA Shenanigans: Attacking and Defending Vehicle Diagnostics Adapters

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.