car hacks

449 Articles

RollBack Breaks Into Your Car

August 17, 2022 by 68 Comments

Rolling codes change the signal sent by car keyfobs unpredictably on every use, rendering them safe from replay attacks, and we can all sleep well at night. A research team lead by [Levente Csikor] gave a presentation at Black Hat where they disclose that the situation is not pretty at all (PDF).

You might know [Samy Kamkar]’s RollJam attack, which basically consists of jamming the transmission between fob and car while the owner walks away, fooling the owner into clicking again, and then using one of the two rolling codes to lock up the car, keeping the other in your back pocket to steal it once they’re getting coffee. This is like that, but much, much worse. Continue reading “RollBack Breaks Into Your Car”

Hack Your Engine Virtually

August 11, 2022 by 21 Comments

It is no secret that we like simulating circuits before we build something and there are plenty of great tools for that. But what about those of us who work on cars? Well, you might try engine-sim which is a real-time internal combustion engine simulation. Honestly, the program freely admits that it isn’t accurate enough to do engineering or engine tuning. But on the plus side, it has audio output and is at least good as an educational tool to show an engine running and how different parameters might affect it. You can see a video of the tool below.

[Ange-Yaghi] mentions that the code was primarily to power the YoutTube demo. However, the Readme hints that it might be better — or at least different — and collaboration to make it better is welcome.

Continue reading “Hack Your Engine Virtually”

The Car Of Theseus Boldly Goes Where Many Cars Have Gone Before

August 8, 2022 by 45 Comments

We could all use a good chuckle every once in a while. [William Osman] revisited the ship of Theseus in a simplified manner. How many parts can you remove from a car and still be a car? (Video, embedded below the break.)

Of course, there are legal definitions of what a car is and a minimum set of requirements to be met to drive on the road. So, with two older cars ready for hacking and a group of hackers gathered, they split into two teams and started ripping parts of the vehicle. It becomes pretty humorous as it reminds us of many refactoring projects we’ve undertaken. For example, you move one BGA chip, and suddenly, it might be faster to reroute the whole board. Or you remove one component, you have to rip it out of three other modules, which affect four or more other modules, and so on. Accidentally cutting part of the electrical harness meant that one team had to dig further and further into the car to get back to a working car state. It was a race to get back to street legal while taking off more parts.

By the end of the exercise, they have a technically street-legal car they drove around, enjoying passersby’s pointed looks and confusion. They even take it to a dealership to see how much they could get for it. [William] points out that their abysmally low offer proves that a car with less stuff costs less. While we doubt that car manufacturers will follow his lead, it’s a good 15 minutes of fun.

We’ve got you covered if you’re interested in more minimal motoring.

Continue reading “The Car Of Theseus Boldly Goes Where Many Cars Have Gone Before”

Saving Fuel With Advanced Sensors And An Arduino

August 3, 2022 by 37 Comments

When [Robot Cantina] isn’t busy tweaking the 420cc Big Block engine in their Honda Insight, they’re probably working on some other completely far out automotive atrocity. In the video below the break, you’ll see them take the concept of a ‘lean burn’ system from the Insight and graft hack it into their 1997 Saturn coupe.

What’s a lean burn system? Simply put, it tricks the car into burning less fuel when it’s cruising under a light load to improve the vehicle’s average mileage. The Saturn’s electronics aren’t sophisticated enough to implement a lean burn system simply, and so [Robot Cantina] did what any of us might have done: hacked it in with an Arduino.

The video does a wonderful job going into the details, but essentially by using an oxygen sensor with finer resolution (wide-band) and then outputting the appropriate narrow band signal to the ECU, [Robot Cantina] can fine tune the air/fuel ratio with nothing more than a potentiometer, and the car’s ECU is none the wiser. What were the results? Well… they weren’t as expected, which means more experimentation, more parts, and hopefully, more videos. We love seeing the scientific method put to fun use!

People are ever in the quest to try interesting new (and sometimes old) ideas, such as this hot rod hacked to run with a lawnmower carburetor.

Continue reading “Saving Fuel With Advanced Sensors And An Arduino”

Photo of the head unit , with "Hacked by greenluigi1" in the center of the UI

Hacker Liberates Hyundai Head Unit, Writes Custom Apps

July 18, 2022 by 39 Comments

[greenluigi1] bought a Hyundai Ioniq car, and then, to our astonishment, absolutely demolished the Linux-based head unit firmware. By that, we mean that he bypassed all of the firmware update authentication mechanisms, reverse-engineered the firmware updates, and created subversive update files that gave him a root shell on his own unit. Then, he reverse-engineered the app framework running the dash and created his own app. Not just for show – after hooking into the APIs available to the dash and accessible through header files, he was able to monitor car state from his app, and even lock/unlock doors. In the end, the dash got completely conquered – and he even wrote a tutorial showing how anyone can compile their own apps for the Hyundai Ionic D-Audio 2V dash.

In this series of write-ups [greenluigi1] put together for us, he walks us through the entire hacking process — and they’re a real treat to read. He covers a wide variety of things: breaking encryption of .zip files, reprogramming efused MAC addresses on USB-Ethernet dongles, locating keys for encrypted firmware files, carefully placing backdoors into a Linux system, fighting cryptic C++ compilation errors and flag combinations while cross-compiling the software for the head unit, making plugins for proprietary undocumented frameworks; and many other reverse-engineering aspects that we will encounter when domesticating consumer hardware.

This marks a hacker’s victory over yet another computer in our life that we aren’t meant to modify, and a meticulously documented victory at that — helping each one of us fight back against “unmodifiable” gadgets like these. After reading these tutorials, you’ll leave with a good few new techniques under your belt. We’ve covered head units hacks like these before, for instance, for Subaru and Nissan, and each time it was a journey to behold.

A Honda car behind a gate, with its turn signals shown blinking as it's being unlocked by a portable device implementing the hack in question. Text under the car says "Rolling Pwned".

Unlock Any (Honda) Car

July 8, 2022 by 76 Comments

Honda cars have been found to be severely  vulnerable to a newly published Rolling PWN attack, letting you remotely open the car doors or even start the engine. So far it’s only been proven on Hondas, but ten out of ten models that [kevin2600] tested were vulnerable, leading him to conclude that all Honda vehicles on the market can probably be opened in this way. We simply don’t know yet if it affects other vendors, but in principle it could. This vulnerability has been assigned the CVE-2021-46145.

[kevin2600] goes in depth on the implications of the attack but doesn’t publish many details. [Wesley Li], who discovered the same flaw independently, goes into more technical detail. The hack appears to replay a series of previously valid codes that resets the internal PRNG counter to an older state, allowing the attacker to reuse the known prior keys. Thus, it requires some eavesdropping on previous keyfob-car communication, but this should be easy to set up with a cheap SDR and an SBC of your choice.

If you have one of the models affected, that’s bad news, because Honda probably won’t respond anyway. The researcher contacted Honda customer support weeks ago, and hasn’t received a reply yet. Why customer support? Because Honda doesn’t have a security department to submit such an issue to. And even if they did, just a few months ago, Honda has said they will not be doing any kind of mitigation for “car unlock” vulnerabilities.

As it stands, all these Honda cars affected might just be out there for the taking. This is not the first time Honda is found botching a rolling code implementation – in fact, it’s the second time this year. Perhaps, this string of vulnerabilities is just karma for Honda striking down all those replacement part 3D models, but one thing is for sure – they had better create a proper department for handling security issues.

How Far Can You Push A £500 Small Electric Car; Four Years Of The Hacky Racer

June 22, 2022 by 31 Comments

Four years ago when the idea of a pandemic was something which only worried a few epidemiologists, a group of British hardware hackers and robotic combat enthusiasts came up with an idea. They would take inspiration from the American Power Racing Series to create their own small electric racing formula. Hacky Racers became a rougher version of its transatlantic cousin racing on mixed surfaces rather than tarmac, and as an inaugural meeting that first group of racers convened on a cider farm in Somerset to give it a try. Last weekend they were back at the same farm after four years of Hacky Racer development with racing having been interrupted by the pandemic, and Hackaday came along once more to see how the cars had evolved. Continue reading “How Far Can You Push A £500 Small Electric Car; Four Years Of The Hacky Racer”