The Car Of Theseus Boldly Goes Where Many Cars Have Gone Before

We could all use a good chuckle every once in a while. [William Osman] revisited the ship of Theseus in a simplified manner. How many parts can you remove from a car and still be a car? (Video, embedded below the break.)

Of course, there are legal definitions of what a car is and a minimum set of requirements to be met to drive on the road. So, with two older cars ready for hacking and a group of hackers gathered, they split into two teams and started ripping parts of the vehicle. It becomes pretty humorous as it reminds us of many refactoring projects we’ve undertaken. For example, you move one BGA chip, and suddenly, it might be faster to reroute the whole board. Or you remove one component, you have to rip it out of three other modules, which affect four or more other modules, and so on. Accidentally cutting part of the electrical harness meant that one team had to dig further and further into the car to get back to a working car state. It was a race to get back to street legal while taking off more parts.

By the end of the exercise, they have a technically street-legal car they drove around, enjoying passersby’s pointed looks and confusion. They even take it to a dealership to see how much they could get for it. [William] points out that their abysmally low offer proves that a car with less stuff costs less. While we doubt that car manufacturers will follow his lead, it’s a good 15 minutes of fun.

We’ve got you covered if you’re interested in more minimal motoring.

Continue reading “The Car Of Theseus Boldly Goes Where Many Cars Have Gone Before”

Saving Fuel With Advanced Sensors And An Arduino

When [Robot Cantina] isn’t busy tweaking the 420cc Big Block engine in their Honda Insight, they’re probably working on some other completely far out automotive atrocity. In the video below the break, you’ll see them take the concept of a ‘lean burn’ system from the Insight and graft hack it into their 1997 Saturn coupe.

What’s a lean burn system? Simply put, it tricks the car into burning less fuel when it’s cruising under a light load to improve the vehicle’s average mileage. The Saturn’s electronics aren’t sophisticated enough to implement a lean burn system simply, and so [Robot Cantina] did what any of us might have done: hacked it in with an Arduino.

The video does a wonderful job going into the details, but essentially by using an oxygen sensor with finer resolution (wide-band) and then outputting the appropriate narrow band signal to the ECU, [Robot Cantina] can fine tune the air/fuel ratio with nothing more than a potentiometer, and the car’s ECU is none the wiser. What were the results? Well… they weren’t as expected, which means more experimentation, more parts, and hopefully, more videos. We love seeing the scientific method put to fun use!

People are ever in the quest to try interesting new (and sometimes old) ideas, such as this hot rod hacked to run with a lawnmower carburetor.

Continue reading “Saving Fuel With Advanced Sensors And An Arduino”

Photo of the head unit , with "Hacked by greenluigi1" in the center of the UI

Hacker Liberates Hyundai Head Unit, Writes Custom Apps

[greenluigi1] bought a Hyundai Ioniq car, and then, to our astonishment, absolutely demolished the Linux-based head unit firmware. By that, we mean that he bypassed all of the firmware update authentication mechanisms, reverse-engineered the firmware updates, and created subversive update files that gave him a root shell on his own unit. Then, he reverse-engineered the app framework running the dash and created his own app. Not just for show – after hooking into the APIs available to the dash and accessible through header files, he was able to monitor car state from his app, and even lock/unlock doors. In the end, the dash got completely conquered – and he even wrote a tutorial showing how anyone can compile their own apps for the Hyundai Ionic D-Audio 2V dash.

In this series of write-ups [greenluigi1] put together for us, he walks us through the entire hacking process — and they’re a real treat to read. He covers a wide variety of things: breaking encryption of .zip files, reprogramming efused MAC addresses on USB-Ethernet dongles, locating keys for encrypted firmware files, carefully placing backdoors into a Linux system, fighting cryptic C++ compilation errors and flag combinations while cross-compiling the software for the head unit, making plugins for proprietary undocumented frameworks; and many other reverse-engineering aspects that we will encounter when domesticating consumer hardware.

This marks a hacker’s victory over yet another computer in our life that we aren’t meant to modify, and a meticulously documented victory at that — helping each one of us fight back against “unmodifiable” gadgets like these. After reading these tutorials, you’ll leave with a good few new techniques under your belt. We’ve covered head units hacks like these before, for instance, for Subaru and Nissan, and each time it was a journey to behold.

A Honda car behind a gate, with its turn signals shown blinking as it's being unlocked by a portable device implementing the hack in question. Text under the car says "Rolling Pwned".

Unlock Any (Honda) Car

Honda cars have been found to be severely  vulnerable to a newly published Rolling PWN attack, letting you remotely open the car doors or even start the engine. So far it’s only been proven on Hondas, but ten out of ten models that [kevin2600] tested were vulnerable, leading him to conclude that all Honda vehicles on the market can probably be opened in this way. We simply don’t know yet if it affects other vendors, but in principle it could. This vulnerability has been assigned the CVE-2021-46145.

[kevin2600] goes in depth on the implications of the attack but doesn’t publish many details. [Wesley Li], who discovered the same flaw independently, goes into more technical detail. The hack appears to replay a series of previously valid codes that resets the internal PRNG counter to an older state, allowing the attacker to reuse the known prior keys. Thus, it requires some eavesdropping on previous keyfob-car communication, but this should be easy to set up with a cheap SDR and an SBC of your choice.

If you have one of the models affected, that’s bad news, because Honda probably won’t respond anyway. The researcher contacted Honda customer support weeks ago, and hasn’t received a reply yet. Why customer support? Because Honda doesn’t have a security department to submit such an issue to. And even if they did, just a few months ago, Honda has said they will not be doing any kind of mitigation for “car unlock” vulnerabilities.

As it stands, all these Honda cars affected might just be out there for the taking. This is not the first time Honda is found botching a rolling code implementation – in fact, it’s the second time this year. Perhaps, this string of vulnerabilities is just karma for Honda striking down all those replacement part 3D models, but one thing is for sure – they had better create a proper department for handling security issues.

How Far Can You Push A £500 Small Electric Car; Four Years Of The Hacky Racer

Four years ago when the idea of a pandemic was something which only worried a few epidemiologists, a group of British hardware hackers and robotic combat enthusiasts came up with an idea. They would take inspiration from the American Power Racing Series to create their own small electric racing formula. Hacky Racers became a rougher version of its transatlantic cousin racing on mixed surfaces rather than tarmac, and as an inaugural meeting that first group of racers convened on a cider farm in Somerset to give it a try. Last weekend they were back at the same farm after four years of Hacky Racer development with racing having been interrupted by the pandemic, and Hackaday came along once more to see how the cars had evolved. Continue reading “How Far Can You Push A £500 Small Electric Car; Four Years Of The Hacky Racer”

Volvo C30 Custom Gauge And CAN Bus Reverse Engineering

With cars being essentially CAN buses on wheels, it’s no wonder that there’s a lot of juicy information about the car’s status zipping about on these buses. The main question is usually how to get access to this information, both in terms of wiring into the relevant CAN bus, and decoding the used (proprietary) protocol. Fortunately for [Alex], decoding the Volvo VIDA protocol used with his Volvo C30 was relatively straightforward, enabling the creation of a custom gauge that displays information like boost pressure and coolant temperature.

The physical interfacing is accomplished via the car’s OBD port, which conveniently provides access to the car’s two (high-speed and low-speed) CAN buses. Hardware of choice is an M2 UTH (Under the Hood) board, sporting a SAM3X Cortex-M3-based MCU, designed for permanent automotive installations. On [Alex]’s GitHub project page it is explained how the protocol works, and which bytes to look for when replicating the project.

Rounding off the project is a round LCD display from 4D Systems that cycles through the status update screens. As a bonus, the dashboard illumination level is also read out in real-time, so the brightness of the display is adjusted to fit this level. All in all a well-rounded project, with interesting prospects for a more permanent integration of the gauge into the dashboard proper.

Continue reading “Volvo C30 Custom Gauge And CAN Bus Reverse Engineering”

Defeat Your Car’s Autostop Feature With A Little SwitchBot

These days, many new cars come with some variant of an “auto-stop” feature. This shuts down the car’s engine at stop lights and in other similar situations in order to save fuel and reduce emissions. Not everyone is a fan however, and [CGamer_OS] got sick of having to switch off the feature every time they got in the car. So they employed a little robot to handle the problem instead.

The robot in question is a SwitchBot, a small Internet of Things tool that’s highly configurable for pressing buttons. It’s literally a robot designed to press buttons, either when remotely commanded to, or when certain rules are met. It can even be configured to work with IFTTT.

In this case, the Switchbot is set up to activate when [CGamer_OS]’s phone is placed in phone mount, where it scans an NFC tag. When this happens, Switchbot springs into action, switching off the autostop function. It was set up this way to avoid Switchbot hitting the button before the car has been started. Instead, simply popping the smartphone in the cradle activates the ‘bot.

It’s a rather creative use of the SwitchBot. They’re more typically employed to turn on dumb devices like air conditioners or heaters that can otherwise be difficult to control via the Internet. However, it works well, and means that [CGamer_OS] didn’t have to make any permanent modifications to the car.

The design of the SwitchBot reminds us of the Useless Box, even if in this case it has an actual purpose. Video after the break.

Continue reading “Defeat Your Car’s Autostop Feature With A Little SwitchBot”