Hacking Old Honda ECUs

Automotive security specialist by day [P1kachu] hacks his own cars as a hobby in his free time. He recently began to delve into the Engine Control Units (ECUs) of the two old Hondas that he uses to get around in Japan. Both the 1996 Integra and the 1993 Civic have similar engines but different ECU hardware. Making things more interesting; each one has a tuned EPROM, the Civic’s being of completely unknown origin.

[P1kachu] took his Civic to a shop to have some burned-out transistors replaced in the ECU, and a chance conversation with the proprietor [Tuner-san] sends him on a journey into the world of old EPROMs. [Tuner-san] pulled out an old PROM duplicator stashed away under the counter which he originally used as a kid to copy PROM chips from console games like the Famicom. These days he uses it to maintain a backup collection of old ECU chips from cars he has worked on. This tweaked [P1kachu]’s curiosity, and he wondered if he could obtain the contents of the Civic’s mysterious PROM. After a false start trying to use the serial port on the back of the PROM copier, he brute-forces it. A few minutes of Googling reveals the ASCII pinout of the 27C256 EPROM, and he whips out an Arduino Mega and wires it up to the chip and is off and running.

Advantest R4945A EPROM Duplicator c.1980s

He’s currently digging into the firmware, using IDA and a custom disassembler he wrote for the Mitsubishi M7700 family of MCUs. He started a GitHub repository for this effort, and eventually hopes to identify what has been tweaked on this mysterious ECU chip compared to factory stock. He also wants to perform a little tuning himself. We look forward to more updates as [P1kachu] posts the results of his reverse engineering efforts. We also recommend that you be like [P1kachu] and carry an Arduino, a breadboard, and some hookup wire with you at all times — you never know when they might come in handy. Be sure to checkout our articles about his old Subaru hacks from in 2018 if these kinds of projects interest you.

Counterfeit Hardware May Lead To Malware And Failure

Counterfeit parts are becoming increasingly hard to tell the difference from the real deal, the technology used by the counterfeiters has come on leaps and bounds, so even the experts struggle to tell the real product from a good fake. Mere fake branding isn’t the biggest problem with a counterfeit though, as ieee.com reports, counterfeit parts could contain malware or be downright dangerous.

Way back in 2014 the FBI charged [Marc Heera] with selling clones of the Hondata S300, a plugin engine module for Honda cars that reads sensors, and depending on their values can change idle speed, air-fuel mixture and a plethora of other car/engine related settings. What, might you ask, is the problem, except they are obviously not genuine parts? According to Honda they had a number of issues such as random limits on engine rpm and occasionally failure to start. While the fake Hondata S300 parts where just poor clones that looked the part, anything connected to an engine control unit brings up huge safety concerns and researchers have shown that through ECU access, they could hijack a car’s steering and brakes.

It’s not just car parts being cloned, remember the fake USB-to-serial chips of FTDI-Gate? Entire routers are also being cloned, which doesn’t sound too bad until you realise that the cloners could configure your internet traffic to be redirected through their network for snooping. In 2010 Saudi citizen [Ehab Ashoor] was convicted of buying cloned Cisco Systems gigabit interface converters with the intention of selling them to the U.S Dept of Defense. While nothing sinister was afoot in [Ashoor]’s case other than greed, these routers were to be deployed in Iraq for use by the Marine Corps networks. They were then to be used for security, transmitting troop movements and relaying intelligence from field operations back to HQ.

So who are the cloners and why are they doing it? It is speculated that some of them may be state funded, as there are a lot of countries who do not trust American silicon. Circuits are reverse engineered and find their way to the international market. Then just like the FTDI-Gate case, cloners want to make profits from others intellectual property. This also brings up another question, if there is a mistrust of American silicon, nearly everything is made in China these days so why should we trust anything from there? Even analog circuits can be made to spy on you, as you can see from the piece we recently featured on compromising a processor using an analog charge pump. If you want to defend yourself from such attacks, perhaps look at previous Hackaday Prize finalist, ChipWhisperer.