Learn how to attack and defend Vehicle Diagnostics Adapters (VDAs) in this DEF CON 31 security talk that explores hardware reverse engineering, firmware analysis, and automotive cybersecurity. Dive into the technical process of enumerating components, accessing UART interfaces, extracting and modifying firmware, and understanding update procedures for VDA devices commonly left behind in vehicles. Master defensive techniques including Autotomic Binary Reduction (ABR), RTOS firmware reverse engineering, and feature entry point identification. Explore real-world applications through the Cyber Truck Challenge workshop using OFRAK and VDA, while examining DC30 CHV CTF challenges. Gain practical insights into both offensive and defensive aspects of automotive security, with a focus on protecting these often overlooked vehicle components.
VDA Shenanigans: Attacking and Defending Vehicle Diagnostics Adapters
Overview
Syllabus
Shenanigans We Will Cover
What is a Vehicle Diagnostics Adapter (VDA)?
Attacker Plan
Reverse Hardware: Enumerate Components
Reverse Hardware: UART Time!
Obtain Firmware: UART Time!
Obtain Firmware, Reverse Format
Reverse Firmware Update
Super Complicated Update Procedure
Modify Firmware: Earth, Wind & Coldfire
Why is this a problem? (hypothetically)
Defender Problem
Defender Goal
Autotomic Binary Reduction (ABR)
Reverse Engineer Firmware - RTOS
Identify Feature Entry Points
ABR: Identify code & data to remove, and remove!
Defender Reflections
Cyber Truck Challenge -2-Hour Workshop using OFRAK and VDA
DC30 CHV CTF Challenges
Shenanigans We Covered
Taught by
DEFCONConference
