New. AE Technology Inc. Brute forcing keypad entry code on pages 2. Peter Boothe Figures 1. A 6 Jared Gould and Paul Brunckhorst Figures A 1 and A 2 SECONS Ltd., http www. Figure A 4 Collin Kidder and EVTV Motor Werks. For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. No Starch Press, Inc. Street, San Francisco, CA 9. Library of Congress Cataloging in Publication Data. Names Smith, Craig Reverse engineer, author. Title The car hackers handbook a guide for the penetration tester by Craig Smith. Description San Francisco No Starch Press, 2. Includes index. Identifiers LCCN 2. ISBN 9. 78. 15. 93. ISBN 1. 59. 32. 77. Subjects LCSH Automotive computers Security measures Handbooks, manuals, etc. Automobiles Performance Handbooks, manuals, etc. Automobiles Customizing Handbooks, manuals, etc. Penetration testing Computer security Handbooks, manuals, etc. Automobiles Vandalism Prevention Handbooks, manuals, etc. Classification LCC TL2. S6. 5 2. 01. 6 DDC 6. LC record available at http lccn. No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an As Is basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. About the Author. Craig Smith craigtheialabs. Theia Labs, a security research firm that focuses on security auditing and building hardware and software prototypes. He is also one of the founders of the Hive. Hackerspace and Open Garages Open. Garages. He has worked for several auto manufacturers, where he provided public research on vehicle security and tools. His specialties are reverse engineering and penetration testing. This book is largely a product of Open Garages and Craigs desire to get people up to speed on auditing their vehicles. About the Contributing Author. Dave Blundell accelbydavegmail. Moates. net, a small company specializing in pre OBD ECU modification tools. He has worked in the aftermarket engine management sphere for the past few years, doing everything from reverse engineering to dyno tuning cars. He also does aftermarket vehicle calibration on a freelance basis. About the Technical Reviewer. Eric Evenchick is an embedded systems developer with a focus on security and automotive systems. While studying electrical engineering at the University of Waterloo, he worked with the University of Waterloo Alternative Fuels Team to design and build a hydrogen electric vehicle for the Eco. CAR Advanced Vehicle Technology Competition. Currently, he is a vehicle security architect for Faraday Future and a contributor to Hackaday. He does not own a car. FOREWORDThe world needs more hackers, and the world definitely needs more car hackers. Vehicle technology is trending toward more complexity and more connectivity. Combined, these trends will require a greater focus on automotive security and more talented individuals to provide this focus. But what is a hackerThe term is widely corrupted by the mainstream media, but correct use of the term hacker refers to someone who creates, who explores, who tinkerssomeone who discovers by the art of experimentation and by disassembling systems to understand how they work. In my experience, the best security professionals and hobbyists are those who are naturally curious about how things work. These people explore, tinker, experiment, and disassemble, sometimes just for the joy of discovery. These people hack. A car can be a daunting hacking target. Most cars dont come with a keyboard and login prompt, but they do come with a possibly unfamiliar array of protocols, CPUs, connectors, and operating systems. This book will demystify the common components in cars and introduce you to readily available tools and information to help get you started. By the time youve finished reading the book, youll understand that a car is a collection of connected computersthere just happen to be wheels attached. Armed with appropriate tooling and information, youll have the confidence to get hacking. This book also contains many themes about openness. Were all safer when the systems we depend upon are inspectable, auditable, and documentedand this definitely includes cars. So Id encourage you to use the knowledge gained from this book to inspect, audit, and document. I look forward to reading about some of your discoveries Chris Evans scarybeastsJanuary 2. ACKNOWLEDGMENTSThanks to the Open Garages community for contributing time, examples, and information that helped make this book possible. Thanks to the Electronic Frontier Foundation EFF for supporting the Right to Tinker and just generally being awesome. Thanks to Dave Blundell for contributing several chapters of this book, and to Colin OFlynn for making the Chip. Whisperer and letting me use his examples and illustrations. Finally, thanks to Eric Evenchick for single handedly reviewing all of the chapters of this book, and special thanks to No Starch Press for greatly improving the quality of my original ramblings. INTRODUCTIONIn 2. Open Garagesa group of people interested in sharing and collaborating on vehicle securityreleased the first Car Hackers Manual as course material for car hacking classes. World Of Warships Free Download War Gaming Net. The original book was designed to fit in a vehicles glove box and to cover the basics of car hacking in a one or two day class on auto security. Little did we know how much interest there would be in that that first book we had over 3. In fact, the books popularity shut down our Internet service provider twice and made them a bit unhappy with us. Its okay, they forgave us, which is good because I love my small ISP. Hi Speed. Span. netThe feedback from readers was mostly fantastic most of the criticism had to do with the fact that the manual was too short and didnt go into enough detail. This book aims to address those complaints. The Car Hackers Handbook goes into a lot more detail about car hacking and even covers some things that arent directly related to security, like performance tuning and useful tools for understanding and working with vehicles. Why Car Hacking Is Good for All of Us. If youre holding this book, you may already know why youd want to hack cars. But just in case, heres a handy list detailing the benefits of car hacking Understanding How Your Vehicle Works. The automotive industry has churned out some amazing vehicles, with complicated electronics and computer systems, but it has released little information about what makes those systems work. My Gmail Account Was Hacked The Fix Made Simple. I will do my best to make this simple youre frustrated, and need help now. I just spent 1. 2 hours and counting dealing with a spamphishing hack of my Gmail account. Brutal and you feel quite violated in the process. Hang in there, and dont be afraid of the internet. It happens fix it and move ahead. Ill try to make the rocket science I found it to be as simple as possible. It may cut your time in half. My experience My entire Contact list it was my business email was informed I was stranded in Malaga, Spain without a passport. Phone calls and emails came in it was very convincing. I could find no one to directly help me, who knew everything to do. Arg. If anything like this happens to you, I hope this helps. Disclaimer Im not tech support, nor do I know much, so what is here below is drawn from other sites, and you may follow the instructions if you choose. FIRST Change your password on that Gmail account spamming people. Now, youre clear. SECOND Quick change any other site you used that same password on. NEVER use your same Gmail password for other sites. THIRD Go to the bottom right hand corner of your Gmail account. See where it says Last Account Activity Details Click that, and youll see how long ago someone other than you was on your Gmail. I saw two states I hadnt heard of. Note hackers apparently often use a shadow i. How did they get inPossibly they got your password from some email you sent, text, or scam email, etc. NEVER send a password over email or text, and NEVER respond to a Google email or other email asking for password or financial info. See at the bottom of this post for more possible ways they got your password. If your account has been compromisedhackedstolen you will need to check and fix at least ALL of the following things, including the password change. STEP 1 Be Thorough. Go to your Gmail Account, Mail Settings. Log in, and click on your mail settings in the upper right hand corner the little gear. Do the following, according to a Google expert Account Security Settings Accounts and Import Google Account Settings Change Password pick a new secure passwordSettings Accounts and Import Google Account Settings Change Password Recovery Options verify secret question, SMS and secondary e mail addressPotential Spam Settings General Signature make sure nothing as been addedSettings General Vacation Responder make sure its disabled and emptyE mail Theft. Settings Accounts and Import Send Mail As make sure it is using your correct e mail addressSettings Filters no filters that forward or delete e mailSettings Forwarding and POPIMAP Forwarding disabled or correct addressSettings Forwarding and POPIMAP POP Download disabledSettings Forwarding and POPIMAP IMAP Access disabledSTEP 2 Review and Clean Up. Now, after you have done all of that, you need to go to this link below, and go through each one of these tabs. Its a burden, but you need to at least think about each thing they mention and make a choice. Review And Clean Up http mail. STEP 3 Mourn, Weep and Wail In Peops Junk Filter. Heres the reality. Right now, it seems no one can receive an email from me. I am blocked as a sender and get this message whenever I try to send an email, I get this rejection message Delivery to the following recipient failed permanently Technical details of permanent failure Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was 5. Username and Password not accepted. Due to this, I chose to deactivate my account forever. Before you do see below transfer all your old emails and contacts to a new Gmail account. The link at the bottom tells you how to do this, and from there you can also see how to do it with your contacts. At the end of the day, the information above was all linked up through this page, the most helpful to me by far http www. Neither of us had time for this, but if you want to keep using that particular Gmail account, you have to do this. If not, delete the account forever by clicking on your face in the upper right, and under Services click Delete this account forever. STEP 4 Due Diligence. You have no clue how much of your info they got. You can freak out and close every account or credit card you ever had, or you can do some cleanup on other sites and do your best. Think through all your financial sites did you use this username and password Think through all your social sites Facebook, Twitter, etc. Think through your family sites how secure are they Give them all some lessons from the ashes of your pain. I will alert my banks about what happened, so they can watch for suspicious activity. Let me know if this helped you. I cant help any more, as Im no techie, but I can post this on my blog. Other Most Helpful Posts Or Numbers. Best Gmail Help Support Volunteer Ive Encountered Fyi, if you just have a free gmail account, google wont talk to you this guy willHow did someone get my passwordHow do I transfer all my old emails from the compromised account to a new one If you are concerned someone may have seen vital information, go here in the US. Some pre recorded info is very helpful, and you can contact the 3 major credit bureaus to put an alert on your credit world.