From Overheating to Overachieving: A Comedic Tale of Hacking My Car

[Music] Hello and welcome everybody. Um it's a little bit too late to say good morning, but I hope you enjoyed this event. Um basically the last one. You're almost there. Um so well done. Besides have been one of these conferences that's been on my radar for a while. Um it's a little bit outside of my comfort zone, if you will. Um but it's been a conference that is very interesting to me personally. Um so I'm really excited to be here and thankful and thank you for everybody attending the session. Um a couple of disclosures first before we start maybe um first of all my title has changed a little bit over time but it is

still uh if you see the subtitle the hacking my car bit it's kind of there where this focus is still there but even just looking at the previous session um I mean it's a it's a very very very interesting space now that being said um my title has changed And in a couple of ways, I don't know why my clicker is not clicking. Just give me a second.

Let's see if that works. Yeah, there we go. Okay, so it went from just hacking my car to mostly trying to hack my car. But that that my opinion is still where a lot of the fun lies is in just absolutely trying these things out. So I thought well um at least the lessons learned in this I can hopefully share but also um playing with cars tends to be a little bit more expensive. It's not probably the first thing you should try and hack. So it quickly went from a comedic tale to a tragic tale. And then my original title the from overheating to overachieving just kind of just ended up blowing stuff up. And in this way, you

might think I'm exaggerating here a little bit, and I am, but I did end up selling the car for scrap metal at the end of the day. So, um, still very, very true. And then hopefully, I don't know how many of this audience is exactly like that, but if you're from an insurance company, I might just be anonymous. Um, by way of introduction, my name is Rudy Crobler. I'm a developer. Um, I work for a company called Light Stone. Lightstone is a company that specializes in property and auto data. Um, they tend to tell you things like, "How much is your house worth? Why is the suburb doing those kind of things? For what is worth the people at the

back, this timer is not actually doing anything." So, I don't really know how I'm doing as far as time is concerned. Um but anyway um so I work for Lightstone as a developer and although not clearly evident in necessarily my results here today um I do have a little bit of history of how to reverse engineer pro uh protocols and those kind of things. So yes my results did not end up perfectly uh but hopefully some of the lessons still can translate here. Um and then since this is a car related topic, I hope it's very very clear I am not a mechanic. Neither am I auto electrician. And yes, both of these things would have been

extremely useful up front, but yeah, you live, you learn. And then a little couple of extra spoiler alerts just here. This talk isn't exactly new. So if you were at Defcon conference a little while back, this is a more or less the same talk as that one there. And that was more developer focused. So I do get my audience isn't exactly the same here. So while I tried to adapt it a little bit as far as that is concerned and then I did the I don't know if it's a responsible thing or the sort of the knee-jerk reaction but I took the feedback from defcon and just simply passed it to chat GPT and asked it well

what's the three things people complained about the most. Um and then for some of these suggestions are still not really relevant here. But uh one of the things that it uh complained about if you will is just the balance of the contents because some of this is a little bit more technical, some of this is a little bit more de developer focused and some of it is a storyline. So um and you will still have that same problem here. Uh so sorry about that. Then hardware engagement. Um, I guess it's quite obvious, but it's not that easy to get a car onto the stage and actually work with a car. So, I have a dashboard. I don't know if you can see

it here, but there's a dashboard lying over there that also uses canvas. So, um, I do have some hardware here and I can maybe expand on it a little bit later, but it's not necessarily needed for the talk. And then interactive humor. This is a personal story for me. does it actually happened? So, um hopefully that also translates. Um and I'm also well aware that a lot of people here might actually be more experienced in things like car uh canvas hacking and those kind of things than I am. So, you're welcome to correct me in any stage if you want or interrupt and we can definitely chat about it. U keep in mind that this is from a developer

point of view. So, it's a slightly different way of approaching the same problem and that maybe is a little thing that we should just stand still at for two seconds. Um, companies like SpaceX or the Elon Musk brand of companies, they do these things where they would take a piece of their problem and ask the community or the people around them to uh try and solve it and then they offer some cash incentive based on that and that although SpaceX would want to hire rocket scientists typically, this was not exclusively for rocket science scientists. So you see different approaches to problems that would typically be solved in some way and you see this different approach to it and

hopefully this is more or less the same kind of thing here. Now my problem or my original problem wasn't that complicated. I had this old car and please notice that I said had uh but I had this old car. Um it was nothing special, nothing fancy, no sentimental value. Um, it was a Reynold Quid 2017 or 2018 model, so it's not really really new or anything like that. But I have a son turning 18 soon and I thought to myself, well, well, maybe I'll give this car to him or something like that. I could hopefully reuse this. Um, but this car has a very not a complicated issue, but it kept on overheating. And that was not his only

problem, but that was one of the main problems. And it tended to happen over and over and over. Um, now it has a dashboard with nice big letters for old people like me and stuff like that. But one thing that you should note here is that it has nowhere where it tells you what the heat of the car is. And this is a theme for modern cars also. They have gauges that tell you it's cold, it's okay, and it's hot, but by the time you get too hot, it's a little bit too late. Um, and this car has a similar concept. It has one of its lights that is a dual function light. It's got orange and red, but I'm color

blind, so it didn't really help me in this case. But for all its bad in its dashboard, it was it had a relatively okay media center. So I thought to myself, well, maybe I can show the temperature there or on a phone or something like that, whatever the case may be, but hopefully just show the temperature somewhere. And like I said, I did not really not try and fix this. I should have probably done this better. Uh but I did try and actually fix the problem. I had it a place which eventually just gave it back to me. Still overheated. Then they decided to replace the water pump. That helped a little bit, but it over time it

still gave out. I had it back at the people that I actually bought it from. So I bought it from a dealers brand new when I bought it. I took it back to the dealer. They gave it back to me twice in two weeks time. Both times overheated on a way home. So um really didn't help. Then I thought, well, okay, maybe I'll find something, somebody that can specialize in these kind of diagnostic problems. They told me, one of them told me that um Reynold is a foreign for foreign car. Um so it's a little bit difficult to diagnose. Uh you should take it to somebody else. And then my absolutely worst experience was a

company that told me, "Hey, this is really simple. It's a heat problem. So all we do is we replace all the water parts." Just think about what that means though. It is the radiator, even the radiator cap, the hoses to the thing, the water pump, the thermostat, everything. That's also not good enough in my opinion. Okay. So, although yes, I could have fixed this better. Um, well, life happens. And just uh a shout out though is I did find a company eventually that um actually was willing to take the thing apart for me completely and actually look for the problem. But by this time they also bought it for a scrap metal at the end of the day. So yeah. Um and then

because my problem wasn't in my opinion that difficult, I thought to myself, well really how hard can this be to fix or how hard can it be to understand this problem a little bit better? Uh the full disclaimer, it wasn't that easy, but still. Um so I thought to myself, well, okay, so my problem was I wanted to show the temperature somewhere. So, I thought to myself, well, why don't I try and hack the car? And I'll use inverted commas here for the hack because all I really mean is talk to the car, be able to ask it some questions. Should I be able to ask it questions? I can simply ask it a question like, how

hot are you right now? And it would give me back the temperature and I would show that somewhere. And then um well, that gets me to my third one, which is just show it somewhere. And this goal was really light-hearted. Um, it could have been anything. It could have been a phone that just shows me the temperature. It can be this media center. It can be somewhere else. It could have been almost anything. But the plan was, in my opinion, relatively simple. Turns out that yes, there's a lot of stuff that was really easy to do. Uh, but some of it I simply just did not know what I even do not know. Um, so like and Mike Tyson

says, uh, everybody's got a plan until they get punched in the mouth. That is a little bit true in the scenario, but ironically, uh, Mike Tyson at the age of 57 is trying to fight again. So maybe you never learn. I I'm not sure about this exactly, but anyway, um, as far as cars hacking is concerned, it turns out to be there's a very easy way, and I mean super duper easy. If you can use the rolling attack of the previous person to get into the car, that person is already screwed. Um it's really easy to act a car when once you're inside the car. And then there's harder ways to um to work with these

cars. But let's just take a step back and just talk about cars just in general. And take good notes. This is not from a person that actually knows cars well, but this is my two cents for what it's worth. It doesn't matter if the car is a fancy car like the one you see on this picture or if it's an older car like mine. They all have more or less the same problem. They have these devices inside that uh needs to be able to f work discreetly in a lot of ways, but they also need to share some data. So, think of this as your steering wheel. You might have volume up, volume down cruise control buttons. It might be your

media center. It might be your ABS brakes. It might be your lane assistance if your car has got lane assistance. There's a lot of these things that need to talk to each other. Um, so the way that car manufacturers decided to do this is through what is called the controller area network or a canvas. And this was chosen for a bunch of reasons, but among other it's very reliable. It's very fast. It can update really quickly. Um, it it works really well and it's also relatively cheap to do. Now they standardize on CAN but just be aware there's CAN one there's CA can CAN 2 there's CAN FD there's a bunch of different CAN buses so it's a standard

but it's not a standard if you if you get what I mean but basically if you break down CAN just a little bit more all it means is all of these devices are connected to to each other and the way they do this is through a differential network it's just two wires that run all the way through the car now you keep in mind also. It does not mean you can get to all the devices. There might be multiple CAN buses in your car, but essentially there's two wires that run through your car. It uses differential uh signals to uh distinguish the ones and the zeros, which is really good for things like interference. And then it has like a

termination resistor on each one of the ends to debounce the signal a little bit, but it is relatively simple. And then each one of these devices that you want to talk to just daisy chains or off it. Now again be aware since this is a security conference I'll highlight this is once you're in the car that person's already a little bit screwed because this is a trusted network inside the car but the beauty of this is that you can just add things to the daisy chain and one of the things that are required by a lot of people to add to this lazy chain is the OBD port or the onboard diagnostic port uh which is essentially

just a a port that uh translates the messages for some certain specific things that you want to ask the car to the way that the car specifically answers them because not all cars uh ABS brakes as example ex speaks exactly the same protocol so this is sort of an abstraction that sits on top of it and if you want an analogy for this um you can think of OBD as the language you speak Africans English zulu doesn't matter um and then the can is the phone um and here the the analogy still holds true although it is like a phone you can still have Apple or iPhone etc. So um it it there is differences in the canvas

but essentially the OBD port at the top tries to stay the same and again just to highlight this is that this OBD port is actually required by law because cars now get taxed on the amount of CO2 they produce. So somebody needed a way of actually measuring it. And by the way, this OBD also gives you back a bunch of other things. But if you look at your car, now remember the OBD is the CAN bus is very specific to the car manufacturer. But the OBD port is sort of an abstraction that sits on top of it. It looks like that port that you see over there. And if you wanted to know if your car has got CANbus because

not all cars necessarily have CANbus. There's Linbus, there's LIN, Kline, all sorts of other things. Uh but you will see that the connector actually has little metal met metal pieces sticking out. So you can just compare that to the schematic of the port and you can see if your car actually has got canvas or not. But this gets us to the easy way. And the easy way is or at least one of the ways that you can do this is through the chipset called the ELM 327. Very cheap to buy. It cost roughly about a 100 bucks. Um, they get it in Bluetooth dongles like this or you can get it into serial ports or USB

ports or all sorts of other ways. And this one has got a nice telephone app that you can use. And notice very clearly that it does show you the temperature there. So, this is where I should have stopped because this is really easy. You just plug this thing in, you put your phone down, you can see the temperature. Okay, but obviously I think you get it. I did not stop there, but yeah. Um, and this ELM, by the way, is so super easy to use. Uh, if you recognize this, first of all, you're just old as me, but that is a haze modem, old school modem. It uses the 80 commands. So, it uses this command set

that has existed for it was 1981 design. So, it's 40 plus years. Um, thousands and thousands of examples of how to talk to this thing. This thing talks to the ELM. The ELM talks to the OBD port and the OBD port makes the message work in all the other ones. Really, really, really simple. And this is absolutely where I should have stopped. Um, but yes, unfortunately, stuff did go wrong a little bit. Um, I made many mistakes. Um, we'll get into some of those a little bit, but among other, I actually blew up my OBD port one night. I plugged my Arduino the wrong way around in late at night. Uh uh my eyes aren't great

anymore. So uh yeah. Well anyway um so some mistakes were made. I I showed the OBD port earlier. You can see in the terminals that when it has CAN bus or not but basically it brings out the chassis ground and the signal ground and it brings out the battery and it brings out the CAN high and the CAN low. It could also bring out the convenience can for you. So that's another CAN bus that your car can have or it can bring out some manufacturer specific things. It depends on your car, but essentially you can get to the basic CAN bus through this. And I thought, well, since I already blew up some stuff, I'll start slow. Um,

I'll just first try and confirm that my car has got CAN. So OBD ported a logic analyzer that looks like this thing here into the CAN high and CAN low um lines. And this actually then just shows you the ones and the zeros that the thing sends. So I could see that I have canvas. This has got some fancy features in it as well that it can analyze canvas for you. So it can tell you how fast your canvas is going and stuff like that. But effectively I knew that I have CAN in my car. Uh and unfortunately that was the only way left for me to talk to this thing. So I decided well okay then we'll go the

harder route. As far as CAN is concerned, it has a standard but it also has some variations in it. But essentially, it's a very well-defined serial protocol. It has some start bits, it has some end bits. It has identifier. Here there's a little bit of a niche uh distinction. It either uses 11 by 11 bit bit um identifier or a 29 bit identifier. But still it has this uh identifier and then it has a bunch of data bits anything from 0 to 64. It has some um CRC to just check that the message is valid and then also you can use scan bus just to listen. So it has a act that tells it that you actually part of the network or

not but you can essentially get to everything. Um and it's really easy to use. And then if we think about OBD just for a second again the earlier one that was the easier one. Uh it can also talk over canvas and it's also really easy to use. It uses the identifier at the start which so now we can throw away the start bit the end bit and all of the other details and we can just look at the data. It has the identifier at the start and then it protocol basically just says the first bite that I'm sending you is how many bytes I'm asking for or sending. The second one is the mode. I'll get to the mode now, but you can

think of the mode as one. I just want to read some diagnostic information from you. Mode number nine means I want to get stuff like your VIN number, etc. It has a couple of modes and then it has a program ID or a PD that just tells it what do I want to measure? Uh do I want to measure the temperature, the speed, etc. And again, this is well documented, but uh there's a couple of modes that you can get. one is the one that we want to see is the show current data. So I'm just asking it for mode number one and then the P. Each one of these actually has a very nice description around it.

Um for instance, if it's a temperature and you need to do some sort of a calculation to work out if it's degrees Celsius or whatever, it tells you. We're going to focus on vehicle speed for now because obviously my temperature one did not work great for me. uh but anyway so uh the message here would be 0x0d um and it's in kilometers per hour and if we take it into a concrete example or a just a sort of a high level one identifier by mode P the rest of the bytes are just padded um in my case I would send a message to 7DF which is a broadcast message it says anybody that can respond to this you can

respond to it um I'm telling I'm sending two bytes. I'm telling it that I'm asking for 0x0D, which is vehicle speed. And that um that's basically what I send to the thing. And then somebody responds back. In this case, it would be the uh OBD port, but it could be your ECU or your body controller of your car or whatever else you have in your car. It responds back with a 0x or from from the address 7E8, which was in my case the the OBD port. Uh, it tells me that I'm sending back three bytes. As I'm asking for mode number one, it's just telling me back that it's responding to mode number one, but it just puts a four at

the front to just say it's a response to this message because remember this thing broadcastes a thousands of messages. So, if you want to correlate back what you asked for versus what you get back, you have to worry about this 0x0d, which is my speed one. And then I have no prizes to give away, but anybody want to take a guess at what 0x35 in kilometers/ hour means? Sure. >> You're pretty close. Um, it's 53 km/h. But it is super duper easy to do. You just put it into your calculator and you just ask it to transfer it back. It's really easy to do. Um although yes you can do OBD port versus or you can do canvas through through

some USB adapters or serial adapters. I decided I want to use Arduinos. Uh I had a couple lying around and then I had some plans for how I would use it in the future as well. So this is a piece of code that runs on Arduino Studio. Uh you don't have to worry about the code here. I'll highlight the the bits that are important here. I'm just setting up the canvas port um in this case which is a was a MCP controller that I was using. Don't worry about the details here. Um I have a little bit of setup that says I want to use the 11 bit addressing not the 29 bit addressing. Uh and then I

knew that my canvas was running at 500 kilobits per second. So I already know that. And then the only thing you need to do is on your uh your canvas controller there's a little crystal and you can just read on it if you if you've got good eyes. You can read on it how many mehz it is. In my case it was 8 MHz. Um and then I have a abstraction that's just does that little padding at the end tells this how many bytes I'm asking for and I'm just now I can just ask it which P I want and then it would respond back. So, it's really really easy to do and uh yes, my results have been great, but

this one does work. It's a you'll I can't show it now, but you can have a look afterwards at the speedometer is going up and down and stuff like that. Um, so it's really easy to do, but also uh if I wanted to use the OBD port, that's one thing that is relatively simple, but canvas has got levels to it. um each manufacturer uses slightly different ways of doing this. So now you get into the hacking bit of this where you have to understand what the protocol is actually saying to be able to to to interpret the messages. And here it really depends on how much you want to spend. I used can hacker uh which is a

free piece of software that allows me to analyze the protocol that comes back. Uh but depending on again what you want to spend, Savvy Cam, Peak, Com, AI, all of these have got similar applications. Um and then it needs a little piece of hardware for this one to work. So I have my car on the left hand side that goes to my CAN controller. In this case, I use the MCP2515, which is a little board that just looks like this one here. Um that goes to my Arduino. In this case, I used the Arduino Uno and I used the RP2040 which is a Raspberry Pi chipset just because I liked it and I also had it and

it um it allows me to do comport emulation which this thing needed the software. So it was the stuff that I had around me that I used here and although I can't cannot bring the car onto the stage also but um I had to fly to Cape Town for to do this talk there in defcon and almost everything I built this time around I didn't have to fly anywhere but still everything I built looked a little bit suspicious and I was very very careful that I did not get stopped at the airport. In fact, this thing I bubble wrapped and I put it in my bag and I just hoped for the best and I

stood back and just did not say anything, did not ask anything. It eventually just came there. Uh, but anyway, so it has this OBD port on the right hand side. From that it goes to the CAN bus controller. From that it goes to the Arduino Uno. And from the Arduino Uno, it goes to my PC and the CAN hacker software. And then as far as the CAN hacker software is concerned, it is super easy from there. Now, it's almost almost like going to the doctor or something. Uh you just start doing things to your car. In this case, it was car off. So, you see there's a certain amount of messages coming through and then uh you just

start poking your car. In this case, I just turned my car on and you will see there's more messages, but it is it's still it's still the same concept here. Um you just do something, you see the numbers change. So, press the brake button and brake pad, put it your car in reverse, turn the radio on and off, put it in cruise control, uh, open your window, open your door, whatever you want to do. Just see if something changes in the software. And this software allows you to mark these things and annotate them, and you could quickly understand what the messages actually mean. Um, and like I said, it is almost like a doctor. It's not exactly like a doctor,

but it's almost like a doctor. And like Dr. house says everybody lies. So you should trust the hardware. And this gets me to my first fundamental problem that I had in my conceptual idea here. Um is that my car sort of lied to me once. Um I I thought the heating system of the car is pretty simple. So I'll I hopefully by reasoning of deduction or some sort of a calculation be able to figure out what it means. But I thought it was quite easy. I take a co gun. I mean, we just went through that, so there's plenty of yeast available. I'll measure the intake host. I'll measure the output host. And that difference

between those two temperatures would tell me if my radiator works. Yes, I know my colors are wrong way around. They already pointed it out, but I'm not going to change it. Um, but that so measure the water temperature in, the water temperature out. And then hopefully via OBD or something you can measure stuff like the coolant temperature or the uh the oil temperature and you can even measure the intake temperature at the intake hose and all sorts of other things. So use these things and see if there's sort of a mathematical way of determining if my radiator works. Now this gets me to my first flaw is although yes I could get back the temperature I had no clue what

it actually means. I mean, who here can tell me if 98 degrees is good or bad for your car? Okay, I really didn't know. Um, all I knew is that by 107, if I drive a little bit of a distance, that is how high it gets. And if it gets to 110, the car stops. That's all I knew. But I didn't know if it was good or bad or anything like that. And that gets me to my second big assumption that I made wrong. And that is simply I forgot about the thermostat bit of this. That is the thing that tells the car how hot it is. Mine was broken. So, even though I could

get the temperature, it wasn't exactly the correct temperature. Okay. So, I made quite a lot of mistakes here, but essentially the the the mechanics of this I think is still true. Um maybe now once you have your car and you start poking it around and you do like put your car in brake and etc. you you just look at the differences between the messages. So you remember the state of the car for instance on off or reverse or brake or whatever the case may be and you don't have to worry about all of the messages. Yes, I got more messages. Some of them good, bad, whatever it might mean. But the difference between my car

on and my car off state, if we just look at message 55D, the second bite of it, once I turn my car on versus off, it actually went from five FF to DF. But it also gives me other information software. So it gives me the amount of messages that goes through. It gives me the timing of these messages. It gives me the data bits which I was really interested in. And it also gives me the identifier. But between those things, you can deduce what your car actually trying to say. Uh just by pressing the buttons and seeing if you if you drive your car and you go faster and slower, some of these messages will go up and

down. If you're lucky, you can find the documentation that tells you what that means. But you will see different changes in this and you just keep track of them, annotate them, and that's how you figure out what your car is actually trying to tell you. So, it is really easy, but don't make the same mistakes I do. Um now from a security point of view which we will get to one interesting uh attribute of this system is that the identifier actually tells the car how important the message is. So the higher the number, the lower the priority. The lower the number, the higher the priority. So if for instance something of in the 7,000 700 range is sending a

message and something in the 100 range is sending a message the 100 will be accepted first. Okay. So that just keep that just in the back of your mind. It's called hardware arbitration. Now okay so that is how you get to the result. Um but the question becomes why did I do this? Um, was it just a fun talk to to try and plan or is there some real world examples of how you could use this? Well, first of all, upgrades. Um, so in my case, I just wanted to show the temperature of my car. That's really easy, but maybe you you want to put regenerative brakes in your car or ABS braking or something like that. It's all

possible. It's difficult, but it's possible. Um, and then back to the previous talk of the entry into the car. I thought to myself, well, my car isn't worth that much. I was going to use the Arduino um Nano that's got a Bluetooth chipset inside it and I thought to myself, well, if it pairs with my phone um if I walk close enough to the car, it can unlock. Okay, so that's not the safest thing to do. I wouldn't recommend that. But I thought to myself, well, in this case, ah it's an acceptable risk. Um so you maybe you want to do something like biometric entry or you want to do um keyless entry or keyless start or

those kind of things. A big space this is used in is in electrical vehicles. Now, ironically, that OBD port is to measure the the CO2 level of your car. And if you've got an electric car, it doesn't create any CO2, so it doesn't need that OBD port, but it still uses the CAN bus for quite a lot of things. Think of it, your charger of your car, if you if you if you're converting a petrol car to electrical car, uh the charger of the car, you might want to know when it's actually charged almost full. uh the battery pack that you've got it measures you can get through CAN you can get the temperature of each one

of your battery cells you can talk to the battery charger stuff like that so there's a lot of interesting use cases in the electrical vehicle space if you're very ambitious now I'll go back a second um so if you're very ambitious and your car has got something like um auto lane detection or maybe a steering wheel that it can control okay um you can make your car autonomous or semi-autonomous um So basically what you do is you use something like open pilot uh which is just a camera to the front of your car and that can via open uh visual recognition detect stuff like lanes and it could potentially steer your car in the correct direction.

It's software that is freely available and it's not super hard to use. Now granted I only used it in GTA by the way but still um it is possible. And then for in the same ROM now remember here you get very very ambitious but in the same way maybe your car has got LAR inside and you might want to be able to have it park itself maybe or something like that. Um so there's a lot of interesting things that you could potentially do to your car should you be brave enough. Um, and then from a business perspective, maybe you have a fleet of cars and yes, you want to know where your driver is and are

they abusing the car and stuff like that, but there's also other stuff you can do. You can measure, again, my Arduino Nano, it has a accelerometer and a gyroscope inside it, so I can see if it's going uphill and you can you can measure the amount of power your car uses to actually go uphill. And that can maybe be an indicator that your car needs a service. So over and above the 10,000 km or the 15,000 km that you have to take your car for service, you could predictively maintain your fleet of cars. Um there's also um interestingly enough uh there was a somebody that after one of the DevCom talks told me they they actually use it in mining um

to to detect when something is going close to a a hole that they're not supposed to and they can actually shut down the machines based on that. So there's a lot of interesting things that can happen as far as the predictive maintenance is concerned. Um now yes, a lot of stuff can go wrong. This is how my car ended up looking. Um give you idea of how hot it actually got. There's a pipe that goes from your engine to your oil tank. That thing melted close and the oil couldn't even go through anymore. So that's how hot it actually got. Uh but anyway, um so yeah, that's how it ended up. And then from a

security spec perspective, there's a lot of scaly things you can do here, but there's also some good things you can do. Uh, so let's get to the bad ones first. Um, somebody figured out that the ECU remembers how many kilometers you've driven. The speedometer shows how far you've driven. Okay. Uh, so they just basically put a wire in between the two and sent all the signals through, but intercepted the one that says how many kilometers I've driven, subtracted 40,000 from it, and the car then shows on the speedometer that has driven 40,000 km less. Okay? So, you get a slightly better price for your car. And then, um, again, um, keep in mind that once you're

in the car, you're already screwed. But you can effectively do a denial of service attack on yourself. You can remember lowest um identifier is actually handled first. So all you do is you sit in a while loop very very fast and sending a message to address zero. You can set a bunch of junk to it. It doesn't matter but just send it to address zero because that will always be accepted as the correct answer and then you effectively stop your car. Now this has this has other applications to it. Think about it from a police perspective. Not again, not the greatest example, but a police perspective. You leave a car somewhere to be stolen. You wait for the

person to drive off. Once they've driven off, you do a denial of service attack on the car and you actually stop the car and you caught the criminal. So, there is uses for it. Uh, and again, there's a lot of security things that you have to keep in mind, but once you're inside the car um you already have problems. Now I think the underlining message at the end of the day by necessity I think in this case but the underlining message I think I want to get across here today is that although hacking some of these things seems daunting. Uh you don't necessarily have to start with a car but the more you do it the easier it gets. I

mean trying it on the car first versus doing it on this dashboard over here two different things. Um, so a lot of ways like Gary Player said, the harder I practice, the luckier I got. Um, and that is maybe the message I just want to leave you guys with. If if anything, uh, try and try anything around you. It doesn't really matter what. It doesn't have to be a car. It could be this thing if you wanted to. It really doesn't matter. But the more you try these kind of things, the easier it gets over time. And that, I think, gets me to the end. And I'm still in time, 5 minutes left. So there's time for questions, but I

will be available also afterwards. So if you've got any questions now, welcome to ask them. Alternatively, I'll be around still for a while. Um, and we can chat. But I just want to first of all just thank you for being here. Um, and thank you for coming to the talk. I I truly appreciate it. Um, it's been a blast. And that is it from me. Any questions now or should we wait till afterwards? I think um I think we're already running a little bit later. I'll maybe just stop it here, but you're welcome to come and chat to me afterwards. Yes. >> Because I tried to replace the radio in my car and couldn't even find a wiring

for that. >> Yeah. No. um car manufacturers by default are very protective about that information. Some of it you can actually find uh relatively easily um if it's been tried. Uh but yeah, car manufacturers are protective of this information. So that's why I've showed the CAN hacker software as example because unfortunately you'll you'll end up having to do some of those things. But you're right, even just replacing your car's radio can be difficult. Just remember your radio runs on the convenience scan. So it's the 125 kil kilobits per second one, not the 500 mega 500 kilobits per second. Uh but yeah, unfortunately car manufacturers are protective of that information. Sorry. Uh if you've got a good mechanic

friend, they do actually have access to the documentation. They can actually tell you where the canvas is running your car, but other than that, there's not no real easy answer here. Anything else? Okay. Well, I think that's it for me. Um, thank you. I'm not sure. Thanks,