Explore the world of Controller Area Network (CAN) in this Black Hat conference talk. Gain insights into the main networking system used in the automotive industry, controlling everything from engine components to power seats. Learn about CANard, an open-source toolkit for CAN bus tasks, and discover how to script various operations. Delve into CAN basics, required hardware, and message sending/receiving techniques. Witness demonstrations of real-world vulnerabilities using CANard, including reading and clearing fault codes, cracking diagnostics security, and fuzzing controllers to manipulate vehicle operations. Master practical applications of automotive system attacks, understanding both the technology and the tools to exploit it. Cover topics such as CAN message structure, hardware and software requirements, diagnostic protocols like OBD-II and Unified Diagnostic Services, and fuzzing techniques. By the end, acquire the knowledge and tools necessary to effectively work with and potentially exploit CAN bus systems in modern vehicles.
Overview
Syllabus
Intro
What is CAN?
Why do I care?
Easy Attacks - Dos
How CAN Works Message Structure
Easy Attacks - Injection
Getting on the Bus
CAN Hardware
CAN Software
SocketCAN
Wireshark
CANard A Python Toolkit for CAN
Hardware Abstraction
Diagnostics Protocols
OBD-II
Unified Diagnostic Services
UDS With CANard
UDS Security Access
Fuzzing Diagnostics
Conclusions
Taught by
Black Hat
