Speaking CAN With Open Source Hardware

You can buy a dongle with a weird industrial connector that fits under the dash of any car on the road for $15. This is just a simple ODB-II transceiver meant for reading error codes and turning a Crown Vic into a police interceptor. There’s a lot more to the CAN Bus than OBD-II; robots and industrial control units, for instance, and Hackaday alum [Eric] has developed an open source tool for all things CAN.

[Eric] built this tool because of a lac of open-source tools that can talk CAN. There are plenty of boards floating around that can reset codes in a car using OBD-II, but an open hardware CAN device doesn’t really exist.

The CANtact is a small board outfitted with a USB port on one end, a DE-9 port on the other, and enough electronics to talk to any CAN device. The hardware on the CANtact is an STM32F0 – an ARM Cortex M0 that comes with USB and CAN interfaces. This chip connects to a Microchip CAN transceiver, and that’s pretty much all you need to talk to cars and industrial automation equipment. If doing something legal, moral, or safe with the CAN bus in your car isn’t your thing, Wired reports you can digitally cut someone’s brake lines.

On the software side of things, the CANtact can interface with Wireshark and the CANard Python library. All the files, from hardware to software, are available on the Github. Oh, CANtact was at Black Hat Asia, which means [Eric] was at Black Hat Asia. We should have sent stickers with him.

DIY iPhone Mount for a Volvo

[Seandavid010] recently purchased a 2004 Volvo. He really liked the car except for the fact that it was missing some more modern features. He didn’t come stock with any navigation system or Bluetooth capabilities. After adding Bluetooth functionality to the stock stereo himself, he realized he would need a secure location to place his iPhone. This would allow him to control the stereo or use the navigation functions with ease. He ended up building a custom iPhone mount in just a single afternoon.

The key to this project is that the Volvo has an empty pocket on the left side of the stereo. It’s an oddly shaped vertical pocket that doesn’t seem to have any real use. [Seandavid010] decided this would be the perfect place to mount his phone. The only problem was that he didn’t want to make any permanent changes to his car. This meant no drilling into the dash and no gluing.

[Seandavid010] started by lining the pocket with blue masking tape. He then added an additional lining of plastic wrap. All of this was to protect the dashboard from what was to come next. He filled about half of the pocket with epoxy putty. We’ve seen this stuff used before in a similar project. He left a small opening in the middle with a thick washer mounted perpendicular to the ground. The washer would provide a place for an off-the-shelf iPhone holder to mount onto. [Seandavid010] also placed a flat, wooden paint stirrer underneath the putty. This created a pocket that would allow him to route cables and adapters underneath this new mount.

After letting the epoxy putty cure for an hour, he removed the block from the pocket. The stick was then removed, and any gaps were filled in with putty. The whole block was trimmed and smooth down for a more streamlined look. Finally, it was painted over with some flat black spray paint to match the color of the dashboard. An aftermarket iPhone holder allows [Seandavid010] to mount his cell phone to this new bracket. The cell phone holder allows him to rotate the phone into portrait or landscape mode, and even is adjustable to accommodate different sized phones.

MacGyver, Jedi Knights, Ammo Stockpiles, and Candy Crush

Everyone’s favorite machinist, tinkerer, YouTube celebrity, deadpan comedian, and Canadian is back with a tale of popping a few benzos, stumbling around Mexico, and wondering why everyone else on the planet is so stupid.

The hero of our story considered the feasibility of one hundred and eighty-sixth trimester abortions as he stood outside a Mexican airport watching a stockbroker complain about the battery in his cellphone. Meanwhile, cars drove by.

Here’s how you charge a phone with a car battery and an ‘ol Dixon Ticonderoga.

To charge a battery, all you really need to do is connect the terminals to a power source with the right voltage. A cell phone battery needs about three volts, and a car battery has twelve. You need a voltage divider. You can get that with a pencil. Take out a knife, get to the carbon and clay wrapped in wood, and wire the battery up. Make a cut a quarter of the way down this rather long resistor, and there you will find something around three volts.

Does it work? Yeah. It works even better if you have some tape to hold wires onto the cell phone battery when charging. Is it smart? It is if there is no other conceivable way of charging your cell phone. Should you do it? Nah. Video below. Thanks [Morris] for the link.

Continue reading “MacGyver, Jedi Knights, Ammo Stockpiles, and Candy Crush”

Custom Double-Din Mount for Nexus 7 Carputer

Many new vehicles come with computers built into the dashboard. They can be very handy with features like GPS navigation, Bluetooth connectivity, and more. Installing a computer into an older car can sometimes be an expensive process, but [Florian] found a way to do it somewhat inexpensively using a Nexus 7 tablet.

The size of the Nexus 7 is roughly the same as a standard vehicle double-din stereo slot. It’s not perfect, but pretty close. [Florian] began by building a proof of concept mounting bracket. This model was built from sections of MDF hot glued and taped together. Plastic double-din mounting brackets were attached the sides of this new rig, allowing it to be installed into the dashboard.

Once [Florian] knew that the mounting bracket was feasible, it was time to think about power. Most in-vehicle devices are powered from the cigarette lighter adapter. [Florian] went a different direction with this build. He started with a cigarette lighter to USB power adapter, but he cut off the actual cigarette lighter plug. He ended up wiring this directly into the 12V line from the stereo’s wiring harness. This meant that the power cord could stay neatly tucked away inside of the dashboard and also leave the cigarette lighter unused.

[Florian] then wanted to replace the MDF frame with something stronger and nicer. He modeled up his idea in Solidworks to make sure the measurements would be perfect. Then the pieces were all laser cut at his local Techshop. Once assembled, the plastic mounting brackets were placed on the sides and the whole unit fit perfectly inside of the double-din slot.

When it comes to features, this van now has it all. The USB hub allows for multiple USB devices to be plugged in, meaning that Nexus only has a single wire for both power and all of the peripherals. Among these peripherals are a USB audio interface, an SD card reader, and a backup camera. There is also a Bluetooth enabled OBD2 reader that can monitor and track the car’s vitals. If this project seems familiar to you, it’s probably because we’ve seen a remarkably similar project in the past.

Auto-Meter Reader Feeder Keeps Meter-Maids at Bay

Planting your car just about anywhere almost always comes at a price; and, if you’re overdue for your return, odds are good that you’ll end up paying a much steeper price than intended. Parking meters are wonderful devices at telling the authorities just how much time you have left until you’re ticketworthy. [Zack] figured that five–even ten minutes late—is an absurd reason to pay a fine, so he’s developed a tool that will preload a meter with a few extra coins when the authorities get too close.

The law-enforcement detection system puts together of number of tools and techniques that we’re intimately familiar with: 3D printing, Arduino, a photoresistor, and a proximity (PIR) sensor. At the code level, [Zack] filters his analog photo resistor with a rolling average to get a clean signal that triggers both by day and by night. The trigger? Two possibilities. The PIR sensor detects curious law enforcement officers while the filtered photoresistor detects the periodic twirling siren lights. Both events will energize a solenoid to drop a few extra coins through a slide and into the meter slot.

For a collection of well-known components, [Zack] could’ve packed his contraption into a Altoids Tin and called it a day. Not so. As an interaction designer, looks could make or break the experience. For this reason, he opts for a face-hugging design with a steampunk twist. Furthermore, to achieve compatibility across a range of devices, [Zack’s] CAD model is the result of adjusting for various meter profiles from images he snapped in the urban wilderness. The result? A clean, authentic piece of equipment compatible with a family of meters.

For the shrewd-eyed observers, [Zack’s] first video post arrived online in 2011, but his work later resurfaced at a presentation in the 2015 Tangible, Embedded, and Embodied Conference by his former design instructor [Eric Paulos], who was eager to show off [Zack’s] work. For a deeper dive into the upcoming second edition, head on over to [Zack’s] image feed.

Continue reading “Auto-Meter Reader Feeder Keeps Meter-Maids at Bay”

Suburu Dash Mounted Nexus 7 Looks Like Stock

Nexus 7 tablets, being cheap and really quite decent for the price, have long since been used in the dashboards of people’s cars. Sometimes they’re mounted quite good — sometimes not so good — but every once in a while, someone gets it right.

Usually the reason mods like this don’t work out so well is because people are worried about damaging their car’s interior. But [tsubie320] had a better idea — buy a radio bezel off eBay to mess around with — that way he can always revert to stock when he sells the vehicle.

With a crisp-new-freshly-injection-molded-bezel in hand, he got to work. Funny enough, Nexus 7’s tend to be almost the exact size of double DIN stereo slots — hence their appeal. He wrapped the tablet in blue painter’s tape and positioned it in the bezel. Using fiberglass, he created a new shell for the tablet to sit inside of the bezel. Lots of sandpaper later and a whole bunch of bondo, he was done. Continue reading “Suburu Dash Mounted Nexus 7 Looks Like Stock”

Remotely Controlling Automobiles Via Insecure Dongles

Automobiles are getting smarter and smarter. Nowadays many vehicles run on a mostly drive-by-wire system, meaning that a majority of the controls are electronically controlled. We’re not just talking about the window or seat adjustment controls, but also the instrument cluster, steering, brakes, and accelerator. These systems can make the driving experience better, but they also introduce an interesting avenue of attack. If the entire car is controlled by a computer, then what if an attacker were to gain control of that computer? You may think that’s nothing to worry about, because an attacker would have no way to remotely access your vehicle’s computer system. It turns out this isn’t so hard after all. Two recent research projects have shown that some ODBII dongles are very susceptible to attack.

The first was an attack on a device called Zubie. Zubie is a dongle that you can purchase to plug into your vehicle’s ODBII diagnostic port. The device can monitor sensor data from your vehicle and them perform logging and reporting back to your smart phone. It also includes a built-in GPRS modem to connect back to the Zubie cloud. One of the first things the Argus Security research team noticed when dissecting the Zubie was that it included what appeared to be a diagnostic port inside the ODBII connector.

Online documentation showed the researchers that this was a +2.8V UART serial port. They were able to communicate over this port with a computer with minimal effort. Once connected, they were presented with an AT command interface with no authentication. Next, the team decompiled all of the Python pyo files to get the original scripts. After reading through these, they were able to reverse engineer the communication protocols used for communication between the Zubie and the cloud. One particularly interesting finding was that the device was open for firmware updates every time it checked in with the cloud.

The team then setup a rogue cellular tower to perform a man in the middle attack against the Zubie. This allowed them to control the DNS address associated with the Zubie cloud. The Zubie then connected to the team’s own server and downloaded a fake update crafted by the research team. This acted as a trojan horse, which allowed the team to control various aspects of the vehicle remotely via the cellular connection. Functions included tracking the vehicle’s location, unlocking hte doors, and manipulating the instrument cluster. All of this can be done from anywhere in the world as long as the vehicle has a cellular signal.

A separate but similar project was also recently discussed by [Corey Thuen] at the S4x15 security conference. He didn’t attack the Zubie, but it was a similar device. If you are a Progressive insurance customer, you may know that the company offers a device that monitors your driving habits via the ODBII port called SnapShot. In exchange for you providing this data, the company may offer you lower rates. This device also has a cellular modem to upload data back to Progressive.

After some research, [Thuen] found that there were multiple security flaws in Progressive’s tracker. For one, the firmware is neither signed nor validated. On top of that, the system does not authenticate to the cellular network, or even encrypt its Internet traffic. This leaves the system wide open for a man in the middle attack. In fact, [Thuen] mentions that the system can be hacked by using a rogue cellular radio tower, just like the researchers did with the Zubie. [Thuen] didn’t take his research this far, but he likely doesn’t have too in order to prove his point.

The first research team provided their findings to Zubie who have supposedly fixed some of the issues. Progressive has made a statement that they hadn’t heard anything from [Thuen], but they would be happy to listen to his findings. There are far more devices on the market that perform these same functions. These are just two examples that have very similar security flaws. With that in mind, it’s very likely that others have similar issues as well. Hopefully with findings like this made public, these companies will start to take security more seriously before it turns into a big problem.

[Thanks Ellery]