Follow-up: Hacking OnStar

Reader [regulatre] has provided us with his furthering of hacking the OnStar system in GM cars. Previously, we wrote about some initial attempts to gain access to the system that OnStar uses to monitor and control cars called GMLAN. [regulatre] has managed to create an adapter between the GMLAN connector and a standard OBD2 plug, which should allow a number of standard readers to be able to retrieve data.

This method details using a bluetooth OBD2 reader, and passing the data onto a linux machine. It looks as though the writer of this method is looking to integrate OnStar reading and writing into an Android App which currently is an OBD monitor.

We love seeing follow-ups like this, because it puts everyone one step closer to full control of closed devices. As always, let us know if you take any of this in a new direction.

Hacking the OnStar GPS v2

[Andy] has provided us with his new guide to hacking the OnStar GPS. Previously, we have covered a way to grab the GPS data from an unused OnStar system, however in recent years GM has added much more complex systems, which make it harder than swapping out a serial line. For the new version, [Andy] has figured out GM’s Controller Area Network (CAN), which they call GMLAN. He has also done most of the software snooping and sleuthing, and has mostly solved GMLAN’s method of announcing GPS data. There is sample code available to convert this information into generic latitude and longitude.

Unfortunately for the project, (and very fortunately for [Andy]), he has a child on the way and new job responsibilities, so he is offering up his results to the HaD community to finish up, double check, and provide a good how-to for everyone else. To anyone who decides to pick up this project and run with it, let us know!

gm onstar hacking

onstar serial hack

this site shows you how to jack in to the gps receiver inside any gm onstar system.  it’s as simple as soldering a up a serial cable.  you can then connect to it and either run some gps diagnostic software, or switch the device to nmea mode so that you can use it with your gps mapping software in your car pc.

if you’ve got an onstar system but aren’t paying for the service this might be just the hack for you.  thanks for the link leo!

Continue reading “gm onstar hacking”

The Year of the Car Hacks

With the summer’s big security conferences over, now is a good time to take a look back on automotive security. With talks about attacks on Chrysler, GM and Tesla, and a whole new Car Hacking village at DEF CON, it’s becoming clear that autosec is a theme that isn’t going away.

Up until this year, the main theme of autosec has been the in-vehicle network. This is the connection between the controllers that run your engine, pulse your anti-lock brakes, fire your airbags, and play your tunes. In most vehicles, they communicate over a protocol called Controller Area Network (CAN).

An early paper on this research [PDF] was published back in 2010 by The Center for Automotive Embedded Systems Security,a joint research effort between University of California San Diego and the University of Washington. They showed a number of vulnerabilities that could be exploited with physical access to a vehicle’s networks.

A number of talks were given on in-vehicle network security, which revealed a common theme: access to the internal network gives control of the vehicle. We even had a series about it here on Hackaday.

The response from the automotive industry was a collective “yeah, we already knew that.” These networks were never designed to be secure, but focused on providing reliable, real-time data transfer between controllers. With data transfer as the main design goal, it was inevitable there would be a few interesting exploits.

Continue reading “The Year of the Car Hacks”

Full featured security lock demonstration

[Arshad Pathan] let us know about his latest project, a modular code lock that can be adapted to many different situations.

The user interface is made up of a character LCD screen and a 3×4 keypad. For this example [Arshad] is using a stepper motor as the locking mechanism. When the board is first powered up it runs the stepper in one direction until receiving input from a limiting switch. In this way, the microcontroller calibrates itself to ensure the lock is in a known position. From there it waits for user input. An unlocked door can be locked at any time by pressing the * key. Unlocking requires entry of the correct password. And a password can be changed by entering 9999 (followed by the old password when prompted).

In the video after the break [Arshad] does a great job of demonstrating the various modes which he has programmed. This stands on its own, but we always love to have more details so we’ve asked if [Arshad] is willing to share a schematic and the source code. We’ll update this post if we hear back from him.

Update: [Arshad] sent in a couple of schematics which can be found after the break.

Continue reading “Full featured security lock demonstration”

PDF redaction still not working


Facebook’s internal valuation was revealed this week thanks to shoddy PDF redaction. Court documents from a settlement between Facebook and ConnectU showed that Facebook values itself at $3.7 billion, much less than the $15 billion that was speculated during the Microsoft investment. The AP uncovered this by cutting and pasting from the redacted court document. It’s the same thing we showed in our PDF redaction screencast last summer… and it will never cease to be funny.

[photo: Bryan Veloso]

Why I Hate Django

[Cal Henderson] delivered a keynote titled Why I Hate Django at the first annual DjangoCon. Django is an open source BSD licensed web framework written in Python. Google has posted the keynote in its entirety to YouTube, which you can find embedded above. While the talk is humorous (and takes many jabs at Rails developers) it does provide insight into what makes a good web framework. [Cal] is Director of Engineering at Flickr and is an authority on how to make websites scale. He points out that most frameworks are designed to get projects off the ground quickly, but are lacking when it comes to building an even larger service. He talks about several things in Django that need work and improvements that could be made. It’s really an interesting look at what it takes to go big. Continue reading “Why I Hate Django”