A car from 1940 would have been an almost completely mechanical device. These days though, a car without electricity wouldn’t run. It’s not the engine – it’s the computers; the design details of which automotive manufacturers would love to keep out of the hands of hardware hackers like us. [Mastro Gippo] wanted to build a small and powerful CAN bus reverse engineering tool, and the Crunchtrack hits it out of the park. It’s a CAN bus transceiver, GPS receiver, and GSM modem all wrapped up into a single tiny device that fits under your dash.
[Mastro] has a slight fetish for efficiency and tiny, tiny devices, so he’s packaging everything inside the shell of a standard ELM327 Bluetooth adapter. This is a device that can fit in the palm of your hand, but still taps a CAN bus (with the help of a computer), receives GPS, and sends that data out over cell phone towers.
The device is based on the STM32 F3 ARM microcontroller (with mbed support), a ublox 7 GPS module, and an SIM800 GSM module, but the story doesn’t stop with hardware. [Mastro] is also working on a website where reverse engineering data can be shared between car hackers. That makes this an excellent Hackaday Prize entry, and we can’t wait to see where it goes from here.
23 thoughts on “Hackaday Prize Entry: A Tiny Tool For Car Hacking”
Ooh, I am especially interested in the website idea. Right now, car hacking data and experiences are strewn across dozens of conference talks, code repositories, blogs, and twitter. For unity!
It might attract the law, police are nothing if not lazy, they’d love a point-and-click interface that connects to the warrant printer. One site for all your criminals! Since unfortunately security research is now illegal in many countries.
Make the police work for their money!
Useless to a criminal. You need to physically access and plug in the device. As someone who spent summers doing “repo’s”, I can tell you fast-and-dirty, will win out over some geek with a laptop trying to “hack” the car into starting. Much easier to use a tow truck and hook the car (depending on how it was parked, I could hook-and-go, in about 45 seconds). And if you want to ‘hacker proof’ stuff nowadays – *SEVER* the damn connections ! All this IoT crap is just that, crap. Force consumers to physically walk into a bank (none of this online banking stuff – if the records are not on databases exposed to the public, it’s not ‘hackable’ – we used to have dedicated T1 circuits to a “mainframe” – not publicly accessible (unless you were in the network closet, even then, it was a VPN)…..anyway back on topic…no hackable cars if you delete the wireless connections.
I donated a Datsun pickup to charity. It was picked up by a man who often did repo’s.
His tow truck looked like a regular pickup, until he pulled a knob in the cab. Then a boom with hook and winch
raised out of the box, and the tailgate opened and lowered out of the way! Maybe not 45 seconds, but stealthy cool!
I wasn’t referring to the box, but to the website full of car reverse-engineering info. Even having, or sharing, that info can be illegal, and often is. Reverse-engineering any security-enabled thingy is now a crime even on things you “own”. I put that in quotes since the way things are going no individual will own anything, it’ll all be on some sort of complicated lease with the giant corporations that sell it. Or some spinoff company in the Caymans. And they’ll probably figure a way to dodge their tax while they’re doing it.
So any sort of centralised website is a giant mass confession, in countries that support the DMCA and the like.
Security through obscurity, all research shared only on darknets, and an EULA taped to the car door handle that lets the manufacturer / seller off any responsibility to make a safe and working car. That’s the future.
This is what happens when companies are more powerful than governments. It also causes justifiable lack of faith in the political system, so people don’t bother to vote between “more of the same” and “pretty much more of the same but slightly worse”. This makes politicians into even bigger whores. And thus we have a cycle.
I would like to make it clear I have nothing against an honest whore, and I apologise for the derogatory comparison with politicians.
Hacking cars needn’t be about security – criminals already have all the tools to unlock modern cars, disable alarms, bypass immobilisers, etc. etc. so you’re unlikely to be doing anything new.
The real value is reverse-engineering all the other complex systems in the car, these days that can make the difference between a car being scrapped as uneconomical to repair or being back on the road in 5 minutes. The software is so complex and the systems so interlocked that stupid faults can manifest as serious but totally unrelated issues. My other half’s very basic eurobox has a dangerous failure mode where if it thinks you’re riding the brakes, it cuts engine power – she found this out whilst trying to merge into traffic and it just gave up accelerating. The root cause? A faulty brake light switch, £10 / $15 and 5 minutes to fix.
The more of this shit car manufacturers add, the more we really need to be taking control, building the knowledge and tools and establishing the right to do so or we’re going to end up in the John Deere situation of not being allowed to repair or modify our own cars or trucks, and the manufacturer being able to dictate whether it gets fixed or scrapped even years after the warranty expired.
It is a real worry when things like your brake light problem happen. Just HOW could you design a system where that’s possible? If it were me I’d have the components isolated, as few things on each network as posssible. Give the engine it’s own isolated system, with inputs from the (formerly mechanical) controls. Nothing inbetween or sharing an electrical connection. Brakes too, another system for them. Separate networks, with separate busses.
Signal lights are another, slightly less important system. In-car entertainment and aircon etc are the least important, do what you like with those. Split things apart accordingly. You could even use opto-isolators and the like to ensure no bad signals leak into something important.
Airliners are designed along much more secure principles than cars, as far as avionics go. Redundant backups and nothing connected to a vital system without a very good reason. Isolation doesn’t have to cost more (redundancy might cost a small amount extra). And in my mind it would make the whole thing simpler to design.
As ever, all the certification and protocol in the world doesn’t beat an inch-wide gap of air. You can only simulate so many combinations of errors, and combinations mushroom as complexity goes up. So separate things. Simplify, man!
It’s always been this way. Go looking for information on how to reprogram a car ECM. It’s strewn all over the place. Even the most hacked and reverse engineered ECM the GM 7730 does not have everything in one place. When I rewrote the code in my car’s ECM to add a turbo to it (Increased the sensor from 1 BAR to 3 BAR and expanded the timing and Fuel injector maps as well as added 2 knock sensors and retardation tables. I even added a street or performance mode select) I had to search all over the place and finally found the information I needed in 4 seperate ECM hacking forums.
It’s because Car makers utterly hate people that tinker, so they try and sue you out of existence the moment they find a target. Smart guys release it anonymous and in multiple places. CANBUS has been wide open for a decade Heck I made a mp3 player that shows up as a CD changer for a BMW motorcycle back in 2005 and that uses CANBUS. The biggest problem is that there is no standard for communication. Ford uses their own, GM uses their own, etc… Plus you get things that are different from year to year as the engineers at the auto makers are pretty much acting like a random cat herd.
So you need to be able to recognize data and reverse engineer it for the most part. Step one, is to tap the canbus and start listening. pay attention to the broadcast data and learn how it’s formatted and what it is.
PLEASE tell me you documented that all somewhere? I’d love to get my hands dirty with ECM upgrades!
Sounds like typical embedded systems hell. “Here are all these standards, now find a way to !@#$ all them up.”
Relative obscurity and ‘unique’ implementations make it hard for hackers, but as more standards are imposed on an industry, it just exposes the weaknesses within that industry (but hopefully forces better talent to emerge).
I wouldn’t be surprised if the car manufacturers all started off working to the same standard, then before manufacturing obfuscate everything on purpose.
I wonder what Haynes manuals are like nowadays? “In case of error turn engine off then back on again”.
Flippin’ hate them. However the phrase “herding cats” and the word “engineers” have been going together for a long time. The comparison is not meant to be complimentary.
so this isn’t entirely true. Car makers hate people who go off and make their cars worse, make it public, and possibly cause a recall thats not really needed, but based on fear/media and not engineering.
But what they really hate is when people try to tune/hack their own cars and then go to the dealer and try to falsify what happened, they hate tuners that try to hide the fact that the car has been modded, or that mod was removed (see flashcounters) and people turn up with the , i dunno what happened mate it just blew up when day when i was driving the wife and kids to church, and not it blew when i just started click add to the fuel tables while running at full bore on the dyno and i do’t really understand how widebands actually work (more accurate right! ).
What they do like is people who make the warranty void and takes it out of their network of having to pay for it, and of course the semantics of is part a responsible for the failure of part b and they’re usually separated, magnusson moss act helps here a lot.
Car makers do not utterly hate them, car maker accountants do, i’ve worked with a few different OEM’s and they’re usually into cars, they have modded cars, they want to sell more cars to enthusiasts and average joe, a lot of them recognise the aftermarket market as a good place to be and have tried it a few times, but even with that its spoiled by the same type of people, who are basically dishonest. They screwed something up and they don’t want to pay to fix it, and they’ lie, then start believing their own lies and wage way.
Every professional tuner has the same story of the guys who’ve done that, we’ve all met them. I’ve had people blow up a cylinder and then just try to bring it over as if its all ok then have you take a look and then they’ll tell you, wasn’t like that when i brought it in, shrug, and then you have to decide whether not you bite the bullet and pay to fix it, or show them the door knowing they’ll be on every forum bad mouthing you and the product ( also goes for the car makers)
So yes departments of car makers dislike it, but not for the reasons most people think. getting a car off warranty is a big deal, affecting perceived reliability is a big deal.
also some cars have separate busses for instrumentation/ecu and entertainment systems, not all.
in the usa its a federal requirement for people to be able to flash their cars, but its also a federal requirement for it to have some sort of encryption and encryption doesn’t always mean not 1:1 binary. But beyond that its illegal to mod any car’s emission systems at all that hasn’t had approval, you can’t take a car that ever been vin’d emissions stamps (after a certain year ) and then take it off and say its track use only, there is no such rule, and the EPA will just laugh it off.
so a lot of the time at least in the US , it’s the fed/EPA that stops the modifications.
like a lot of things whats really wrong with the system is the punter, not the companies practices, they’ve come out from whats happened in the marketplace and dealer networks/after service experience which can be just the end user taking advantage. it’s not a global conspiracy, there are just a lot of people who try to take advantage and ruin it for everyone else, companies knee jerk just the same as individuals, they just have way more responsibility.
i can’t count the number of good tuners i’ve met who’ve either stopped or severely limited their clientele because of the drama for a few select people. i did.
It’s the difference between people who understand how things work, and people who just want stuff. Consumers. It’s a consumer world, and the Powers That Be have been working on increasing that for decades.
People expect mollycoddling. If they spend money, they expect the laws of physics to accomodate them. Most modern gadgets can either take abuse, or you can take them back to the store, who shift so many units they don’t care, to get your money back. The time of an employee arguing with a customer is worth more than the gadget cost from China. And reputation is important, even if it’s a reputation spread by idiots among other idiots. Idiots spend money!
Tinkering is different, if you’re gonna mod your engine out of factory spec, you have to accept there’s certain things you now shouldn’t do. The responsibility is taken from the manufacturer, who built the car as fairly fool-proof, to the user. But people don’t do that.
Maybe it’s all the useless ass-covering wolf-crying warning labels these days. You can safely ignore most of those. So people take no notice when they should. Maybe people don’t want to know about compression ratios, they just wanna go VROOM! VROOM!!
You’re right about choosing your clientele. Maybe have a chat first, and if they really don’t know what they’re talking about, make up some polite excuse. “Aaaah, see your engine doesn’t HAVE a compression ratio, yeah, very rare that, was a bad year for your model of car.”
tinkering is different, but i can’t count the number of times tinkers/enthusiasts etc etc have pulled the same crap, when you’re looking at a $1,000+ rebuild and the wife is already mad they soon get on that train of, well it wasn’t my faultm you’re making money and you’re probably insured so i’m coming after you, greed is very infectious.
i’ve only met a handful of people that weren’t like that, and thats ones of the reasons i still do stuff, but quietly and behind the scenes, i’ve traveled to a track/dyno shop in almost every state, done a lot of cars and met a lot of people.
even people you suss out to start off with can change, just like any relationship. it sucks but that is life.
its even rarer to meet people that know what they’re talking about, tinkerers/enthusiasts/pros etc, part of that comes from the secrecy of the black box tuning mind set, since its not as hard as they make out it to be they have to protect it because well someone else can buy winols and one of the many off the shelf tuning systems and start their own side business, every week i see someone who’s claimed they’ve written new awesome mapping software and proudly show off what obviously is a screen shot of winols.
people man ;)
unfortunately it seems everyone wants to start a website to share information, and then there are lots of car information websites with copies of the same stuff or stuff the website creator found and then really not a lot else, its a really fragmented space. there are many ecu/car reverse engineering forums and websites that’ve been around for years.. a lot of the people on it won’t share because thats how they make money, or too many threats from car companies etc. hlaf the time you just want to fly under the radar with the whole, i wont bother you, you dont bother me, so its an interesting thing.
Pretty much what I said, though you made it clearer and more succinct.
thanks, i think ;0
Perfect idea, I had the same one half a year ago but did not approach it. I love that website idea. :-)
How are you planning to build a community around it? It only makes progress, if you get lots of data on that platform.
I think a Wiki would be the obvious format. With perhaps a bit of management implemented if people are going to deliberately sabotage it. All sorts of really bizarre ways of fucking with people are now paying jobs. Especially in places like China where technology is cheap, and so is labour. If you’d told me MMORPG gold farming would be a full-time occupation the day before it happened, I wouldn’t have believed you.
Alongside the wiki, a threaded message board too for more in-depth interactive conversations. Or even better Usenet.
Nah, I’m joking / dreaming. Bizarre that Usenet’s been around 40-odd years, yet web-boards are still nowhere near as convenient, versatile, or efficient.
Bluetooth OBDII adapters, that can be had on Amazon for $20 or less, show up as a serial port when you pair to them.
If a manufacturer built a car with this capability, it would be called out as a security hole. Something connected to the Internet that can access the CAN bus? But it’s different because this is a hobbyist and the device is after market, it’s not treated in the same way. It sill seems like a way to turn your car into a rolling security vulnerability. It looks like all the software is open source so hopefully if this becomes popular, vulnerabilities can be patched as they are discovered (and perhaps it can even be used to mitigate vulnerabilities in the manufacture’s devices).
It has great potential, but also seems really scary considering some of the recent hacks in car news.
It’s not Internet, just a good old-fashioned modem. Even if it’s a GSM one. Even those have been around a couple of decades, it’s just recently that they’ve got cheap. Right as obsolescence smiles and starts waving. Hopefully 3G embedded modems will arrive in time for their own obsolescence.
I wonder how much effort it would take to use a consumer USB 3G Internet dongle with embedded? There are Linux drivers so I guess the protocols are understood. Has the advantage you don’t need to order one from a web supplier, you can get them on the high street. And the same for 4G. I wonder if 4G needs particularly different software? Some little Linux board with a USB port ought to be able to do it.
Maybe there’s a new product for somebody to sell. A teeny little ARM board that runs a 3G dongle and speaks to a serial port to connect to your Arduino etc project. The dongle could use a USB extension cable to locate it for decent reception.
Anyway, my initial point… it’s not on the Internet, you have to call it’s number. So you’d have to actively look for it to mess with it. Not gonna show up in an opportunistic skript-kiddie’s scan. And hopefully it keeps any important controls away from GSM access. And if it doesn’t, the car’s CAN services should.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)