Attacks On Automotive Diagnostics

hello everyone thanks very much for being here we hope that you're enjoying besides munich after such a long drop down so our talk is going to be obviously about hacking i mean you guys can see the picture there's two hackers on the on the slide so let's start with the introduction so who are we i'm javier i'm a hardware security specialist on the embedded site i am from cadiz from the south of spain i i enjoy reverse engineering products because quite often more than not i'm disappointed with the features that devices have and i always want to improve them myself right like why not if i can and i do like cake when it's not alive

has happened sometimes and i do like barbecues i mean the barbecues are good hi my name is ethan briggs i am from california in the u.s and i just graduated from college about a year ago and it's a mechanical engineering degree and a math degree but the math degree was more for fun honestly but over this last year i've been able to work with javier a lot and i've been really lucky work with him in automotive security engineering specifically in the hardware and a lot of the embedded systems electricity parts and um i would really like to have that i'm looking forward to more so why are we here okay well current day car hack has become kind of

mainstream um you can see examples up there of people who post things like hacked on their dashboards like look at me i've done all this work or whatever uh a car is hacked um that's that and that's uh was mainly popularized in the 90s that's can injection injection it's not all that difficult you can tell because you can probably look up a guide for it you could probably find something to do it um in about 15 minutes or so um but further than that the reason why it's so simple is because a lot of the mechanisms for security on the ecu are pretty simple and they kind of uh they don't need to be but they

are because the ecu's are so lightweight and they are so resistant to noise because they have to be they're in cars the cars are going to be jostling around there's going to be a lot of noise there has to be um i might have said it already whoops um but on the uh and this goes hand in hand with diagnostics which are also pretty simple um once you understand what they're doing because they talk in exclusively codes once you memorize them it's you can read it like you read letters on this or like you read words um yeah what we'll be showing you specifically is three specific uh what are the hacks yeah so let's call them flaws in the

implementations of the state machine for diagnostics right and to add to what this and was saying these two pictures i find them personally funny you cannot see the hacked here but it says hacked here so you have to believe that one uh typically these people start thinking that they can inject a camp frame and they put an ascii string right so it shows up here now they're car hackers and that's the first and the last tweet you see about car hacking that they make because automotive security is actually not as easy as just injecting so let's talk a little bit about the automotive diagnostic protocols and this is just a heads up we are not going to

waste waste too much time on that so the the diagnostic protocols usually are based on a request response scheme where the tester or the device that you connect to the car is a client and the duty the is under test which is the ecu acts as a server right and then like a most things not everything unfortunately it requires like certain authentication it has security measures for some functionality right so security access which is going to be the target of our talk uh which is the service id 27 hex it is the the the tool that's used most commonly to restrict a functionality right so such as if you want to update the firmware on an ecu you will

most likely hopefully need to perform a security access uh challenge response right the same thing if there are some things that could be critical such as the bin right it should not be easy it should not be easy to spoof the bin by just changing it right or there might be some other operations which are restricted to the manufacturer such as adding a new key fob like sometimes when your car you have a key lost or you need a new key i mean you have to go to the dealer and then the dealer wants to charge you like 200 euros for adding a new key right that's because they have two links that is specifically required

to do that all right i mean and security access is actually so relevant to automotive security that they're saving a market for selling and buying security access algorithms okay so thank you um how the actual security access protocol works is you first you have the tester you have the thing that talks to uh the ecu or the diagnostic supports the dut the device under test um and it starts off with the tester sending a request for security access which you can uh there it is request for security access which is that top left uh option right there the uh the dut recognizes that as you can see right here receives it and then it generates a 32-bit random seed um

this seed is random and it's once again four bytes which is important and will come into play later um then sends that seed back to the tester where the tester receives a c and both of them they calculate uh using an algorithm that is generally not known uh a key that you will have to use to unlock it and then proceed to calculate the key send it to the tester or send the tester sends it to the duty my apologies um and after it sends it to the duty the dut tests the key against the key that it calculated on its own and if it's correct it has two states that it goes into it

go it says either security access is granted or on the other hand if it was incorrect they increment the wrong attempts counter and they don't give you access um okay this is important because as i mentioned they're kind of random but more importantly that changes based on your security level um and most likely based on the dut so if you're trying to get access to the very lowest level you can generally get access or you have one key for that and then if you get access the next one um a higher level um you probably won't be able to get access with the same key and even then they're oftentimes random um on top of that the uh security accesses

often times change based on what level of security that you want which is a little bit different but if you're going in for a default diagnostic section uh hex 10 um you are pro might not be able to do some things that require a a programming session which is which is hex 13 i believe a diagnostic session is 10. so to add something and maybe this helps understand a little bit about the security access different levels think of a building right an office building so and all the doors have a key like a physical key like the one you guys most likely used to get in your house so now there's gonna be a let's say lower level

by lower i mean like more more restricted so it would be the inverse if we're talking about actually reverse engineering so a higher level key which allows you access to a building so you get into the building that's a security access algorithm right usually that's the most simple uh so now you got that so you got into the building now once you're into the building you can have access to different compartments offices right or rooms if you wish now the key for those rooms will be different and you can obviously not attempt to open the an office door if you're not already in the building right so that's what it means by switching different diagnostics modes diagnostics mods could

be a standard session which is zero one right then you have you can perform certain security access levels which would be equivalent to getting inside the building then if you change to a a standard session or a programming session right which maybe you need to perform the this security access before it allows you to change to that session then you could use a different uh more secure hopefully a security access algorithm right and i also mentioned before that the wrong attempts counter increment and this is important because that prevents brute force attacks um after you have three or so it depends on the manufacturer but then it locks down for generally one to thirty minutes just

once again prevent proof forcing so just a for the for the ones of you that are familiar with coding a little bit i will explain it nonetheless this is if you can read it it might be a little bit too small but i'll walk you guys through the code this would be a so the first part of the security access uh challenge right response so one thing that we need to mention is that security access is divided into two different parts one is requesting the seed and the other one is providing the key they are separated usually you will see them one after the other but you could very well request a seed read the ecu

bin and then send the key they do not need to be sequential so what does the request do this is the code from a dut the bystander test perspective so you just provide like the data which would be like the the array that contains the level so then the the duty checks for the level because as we said earlier ideally there would be different keys different algorithms right now when it checks for the level the first check it does is see if that security access level is locked because the tester had too many wrong attempts right so if it's locked then it returns false it tells like yeah see you later like you've got to wait out the time

if it's not locked then it will create a random number usually it's four bytes i mean there's different algorithms right but let's go with the standard it will create four random bytes and then it will just send those four random bytes so that's as far as it goes for the requesting the seed parts now the second part which is actually now the tester uh csun showed by before has calculated the the reply the response and centered so the check key function the verify we call it here again we'll just use the seed that the ecu itself generated earlier perform its own calculation because obviously the ecu knows the algorithm right and then it would just compare

if the result that it got is the same that the tester sent now if it was the same then yep all good right there you go you got security access if it was not correct then it would increment the wrong attempts right because remember we got here because it wasn't yet locked so what happens when you up and you just like give the wrong reply wrong attempts increase so hacker kitty knows something i don't think i personally noticed it but i trust him he has a cool hacker hoodie on he's attacked the planet behind him he seems like he knows what he's talking about yeah we'll we'll see what the kitty found probably in a little bit

okay um so the next thing is man-in-the-middle attacks specifically um male limital attacks similar to canon injection they're they're not really new they were around in the 90s that they're used for a lot of attacks and it's oftentimes very effective um but specifically because they were developed in the 90s at the same time kwp2000 and uds were also designed so you might think that they may take into account this um this popular attack but obviously you probably guessed by the fact that we're presenting on it they they didn't but still it's still very widely used in uh current systems yeah which you can tell from security hijack which are um uh which was uh my apologies

um presented on in 2016's black hat and defcon 24 by javier about this attack which uses a man in the middle on ecu's that are still being manufactured today and it's the standard man in the middle attack and it has three steps to it first of all you forward all traffic from the tester to the duty and from the du2 back to the tester until there was a uh security access and then after that the tester goes tester and the duty go through the steps that i mentioned before about getting security access and then it disconnects and suddenly without the tester there um you have all the security access that the tester just gave you or would have

had access to without them in the middle there so to make it like a perhaps easier to understand with letters that even i can barely see so i can't only imagine like what you guys can see there so let's imagine you can see them so here there's the tester side there would be the money in the middle attacker there would be the duty here right so tester sends the request for seat right for security access the money in the middle forwards that doesn't touch the ac receives the request so it generates a seat that the money in the middle attacker forwards it doesn't touch now the tester gets the seed it does its calculations that we learned earlier

the money in the attacker forwards the result now the ecu verifies the seed and when the ecu sends a positive reply and only when that happens then the money in the middle attacker kicks the tester says goodbye and takes over diagnostic session so to the eyes of the duty this the money in the mail attacker and the tester are the same because there's like literally no validation there's no authentication there's nothing so you end up having a secured a diagnostic session like having security access without needing to know the key or the algorithm so let's talk a little bit about the pros and cons this will be more obvious later so the pros of this attack where the

immediate one is that an attacker does not need to know the key or the security access algorithm like you just don't care you just like take a hijacker session that's the name right that's where name comes and the operation is easily repeatable with consistent timing i mean if you have a tool that let's say performs a firmware update right and you're gonna use that to hijack its session right then you can measure how long does it take for that tool since you press start on the flashing process until you can get a hijack the session right when the security access happens so it is easily replica you can do it like easily over and over

consistently now the only con is that for every time you want to hijack a security access session you will need to have the tool so if you're gonna be working on a project where you're gonna attempt to hijack a session let's say twice a day for a month you're gonna need the tool for a month right so that's the only the only con um now security hammer is a a programming attack that or software attack that javier once again developed um and it explore exploits poor implementation project uh practices in state machine logic specifically for the diagnostics and before i really explain what exactly sec hammer does i kind of have to explain the implementation practices that it

exploits um so i want you to first think about the tester it's set and the final step when the tester sends the key to the dut the dut gives you two options you can either have the right answer or the wrong answer but what if you didn't send that final answer then you didn't get a right answer or a wrong answer um this might be what hacker kitty was trying to point out earlier as well but back to set hammer if you instead of not sending anything you asked for another seed you weren't right and you weren't wrong but you still get another seed and then you do it again and again set hammer does it thousands of times until

you have um thousands of seeds and with that you can look at uh randomize these randomized seeds that i mentioned earlier and you can see uh if they are really random you can try to look for some sort of pattern in them and just gather general information on them yeah so we are running a little bit tight on time so we're going to have to speed it up nonetheless again another blurry image hopefully you guys can see some of it so basically this is an example of sega hammer on the first line we just started a standard diagnostic session well not the standard er zero two so it says wait wait okay we got the diagnostic session then we

request like seed level one yeah here's your seed seed level one here's your seed seed level one i mean on the wait time because we are using the standard but we could go way faster you can see that well you cannot probably but the ecu takes it from 855 microseconds to reply we're waiting 30 milliseconds we could narrow this down to one millisecond so we could be getting around 500 seats per per second perhaps i mean like the this is pretty fast and pretty powerful and like kissing said with this you can actually get a feeling of the randomness right in the security access the seat key algorithm which until now was not really possible

now does it always work so they we tested more than 40 cus including my own car i mean like they we we have tested like issues on the bench different cars all the stuff of the 40 38 were were vulnerable and one of them we didn't consider it vulnerable because it was just repeating the same seat zero zero zero zero like no matter what you unplug it we plug it always the same seat so we will just say it's not vulnerable and now this is important some seats actually they a little bit accounted for this not like a lot but they did so they actually if you request them the seed again they send you the same seed again

now there's ways around that we need to remember that diagnostics is actually a state machine so if you are in a diagnostic session right and you ask for a seat then if you ask again and you get the same seat you need to change something now what can you change you can request perhaps security access for a different level because that would overwrite the seed value right again we're thinking about poor implementations here so they have an embedded systems they have only one variable for seeds so when you replace it with a different security access then that gets replaced right or you could try switching to a different session right that diagnostic station because we also said that

security access does not carry over two different diagnostic levels so or you could just like let's go now full here you could just disconnect and reconnect from the ecu right that takes longer but still that would work and the thing is that you don't get locked right like with typical security access if you send three wrong attempts you're gonna wait out from 10 seconds to 30 minutes with this method you don't get locked out you just get like all the time all the seats and now sac puppet combines the sec hammer uh that i mentioned and uh the man in the middle attack um and it's divided into three primary parts um first of all

it analyzes the randomness it gets the randomness and it generates uh figures out what kind of seed or picks out a specific seed that it wants to use using sec hammer then you go over to the man in the middle part and it forces that seed um once you're in the man in the middle attack so that it pulls out a specific one now once man in the middle has given you uh that seed and you've using the process that we mentioned before found the key for that seed you can use set hammer again and force that same seed and now you have the key and you can get access to that level whenever you want without the tester

using just sec hammer because you know exactly what the c that you can get and the key so to add a little something to what he has said so basically what we're going to do is we're going to use egg hammer we're going to figure out if the randomness is good we're going to figure out if there's a number that gets repeated more often than the others or the most repeated number in the randomness uh or we're gonna figure out if there's a pattern if there's like a counter that goes up and since reset then you know the initial value and then you can see it going up all these are true cases now if you find that value that you

already know then you're going to use the money in the middle and what you're going to do he will explain in a second is you're going to force your own seed right and then you're going to get the pre-calculated reply from the tester and then you will use seg hammer again to try to force the duty to give you the same seed that seemed to appear most commonly right or in the pattern sorry go ahead okay sec puppet follows a very similar thank you um follows very similar patterns was before there's uh requesting to succeed for security uh for security access um goes uh the mail in the middle then more middle forwards it requests uh the dut

request uh sees that seed request um and then it responds with the seed calculates it um uh before it uh receives that seed we force the seed force to seed very specifically um

sorry so it forces the seed very specifically um as i mentioned earlier forces the seed for that one seed that we want to have that one seed that we're going to recreate and reuse every single time and then once it gets that seed then it sends it to the tester and the tester then calculates yeah it calculates using um the algorithm that we don't know and then we save that key we save it so that we can use it whenever so really quick so here would be right when the duty is sent see its own seed we would the man in the mid attacker would replace that seed with the one that we found out that

gets uh mostly repeated right or the most common one or the one we want to find so then when we give that seed that we want to give to the tester the tester uses that seed and then it gives us the reply to that seed what does that mean the pros i again an attacker does not need to know or care about keys or algorithms right with this method a it this one unlike security hijack requires a one-time access to a test training equipment right just to do the money in the middle attack to get your seat pre-calculated and now the cons the the biggest one obviously is that the target needs to be vulnerable to

sick hammer right if you cannot analyze the randomness the source of randomness uh then that's not gonna work too well right or if you cannot get it to give you many seats right fast and then the target needs to have like poor or predictable randomness because it might be successful to a sec hammer but it might actually have good randomness and a few use cases for these attacks one would be this is more a rather fun test for testing than for an attacker it would be like testing the easy randomness source right like if you get a like uh an ecu front tire one and they are telling you or you having your requirements like yeah the the it should

be like truly random and then you perform this test and you see it's just sequential based on a timer on the microseconds that's the seed right or the ticks have seen then you can tell them like yeah this does not meet whatever another one would be like reading and writing memory or flash offsets that are like of limits in the sense of if you get like one of these tools from ebay that allows you to flash your ecu you could do security hijack or you could do a sec puppet or anything and then you could try to read into the ram range with that which that tool does not do by default right or any other tool

and then performing operations that are not supported by the testers like if you know like the payload to send to execute a specific action but the tool you have in your hands does not do that you could hijack the session and then send your authenticated command right and that was it we were a little bit over thank you very much for attending everyone we hoped you enjoyed the talk and if you have any questions feel free to reach us out we're going to be around yeah so if you have any questions we have a microphone in front um what would oh maybe you can walk up to the microphone in the center okay hi good talk

um given that the system would be vulnerable to the sake hammer could you just go ahead and do something like like rainbow tables just pre-computed the precomputation of all the seeds that you send to the testing device and then simply save it and then basically use the one that that you want to use just when it appears so that would be doable yeah the thing is that that would take too much time because let's go to this would be for the sec puppet attack right because on sega hammer you just get seats but you want to have a tester pre-calculate the key right i mean we're talking about a scenario where you do not know the

security access algorithm or you do not know the key so you will have the tester and what the the best you could do is like automate the testers starting the process whatever right or if the tester has literally a command to authenticate right uh then you could just like hammer the tester with your own seats yeah that would be an option i think i mean it is doable but it will be very slow that would be mostly useful if you have a subset of let's say 20 most repeated seats right then you want to create a table for all those 20 seats that is doable but if you want to do the whole a like four bytes calculation that's

gonna take some time i mean if you're sitting in the middle uh you could be seeing all the traffic going on and never sending the response as you just did so even if that could overcome the good randomness so you can work maybe with that so that was just i know yeah i mean that should be doable yes thank you so it sounds like you have something to discuss afterwards off the stage so i have to kick you off the stage you kicked out the security no and we will prepare here for the next talk thank you very much everyone