Autohackers was established in August 2022 in response to a greater perceived need to explore and foster ethical security research into land, sea, air, and space vehicles.

With this in mind, we decided to build a local, diverse and inclusive, expanding community of people that want to get and be involved in this domain of security, and who care about making things more open, safer, and sustainable.

At the core of Autohackers is our vision to bring together like-minded members of our community who have an interest in cyber/information/ IT/OT/IoT security, vehicular engineering and security, and vehicular safety, to collaborate on further enhancing and strengthening the security posture of this increasingly critical area of humankind.

The Autohackers Beta Conference was held on Friday 14 July 2023 at the Polonia, Milton, with over 140 tickets sold and over 120 delegates managing to attend on the day, from both South East QLD and other parts of Australia.

In talking amongst the crew and delegates, we were happy the day went so well (for a ‘beta’ conference, to try out the format) and informal feedback throughout the day was positive – the conference was well received.

As a last note, we’d like to thank our sponsors again, for without them, the day would not have been possible. 😊

Key information for those attending the Autohackers2023 Beta conference this Friday 14-July-2023.

Location:

• The conference is on from 12-5 pm with registration opening at 11 am.
• The venue is Polonia - Polish Association of Queensland Inc, 10 Marie St, Milton QLD 4064, Australia – please see their website for more details.
• There are easy and short bus, train and ferry routes (or taxi/rideshare) to the venue from the city but note there is no parking available onsite.
• To ensure a smooth registration process please have your QR code ready on your smart phone or printout of your ticket.

Food and Beverages:

• We are not serving food as part of the conference. However, please note that food is available for purchase at the venue (see their website for a menu). Their restaurant is open 11am-2pm and 4pm-9pm and a restricted bar food menu will be available between 2pm-4pm. There will likely be long wait times… you might want to try other restaurants in the area – Park Rd has many.
• There will be some drinks held directly after the conference.

We are super excited for the event and can’t wait to see you there!

Regards,

Ticket sales are up now at https://events.humanitix.com/autohackers2023

There are a limited number of tickets as there's only so many people we can fit in the venue!

Hacked something that moved?

Was it on the land, in/on the sea, in the air or up in space?

Can you talk about it?

Please fill out the Autohackers2023 Beta conference Call For Presentations form - thanks!

Note: the sooner you submit, the sooner we can see if we can fit your presentation into the limited speaking slots we have - so please don't leave it until the closing date, as it could be too late.

The conference date has been set as Friday 14-Jul-2023 in Brisbane, Australia. We're calling this the 'Beta' Con as we'll be trying out how to make this work best.

Further details will be forthcoming on the Conference web page as soon as we can release them.

Needless to say, we're working hard to turn our ideas into reality... and we're really excited to be on this journey!

Have you ever wanted to hack the CAN data of a Porsche 911?

The following is the background you might want if you're trying the CrikeyCon CTF car hacking challenges... then you can have a go at data recorded directly from the CAN bus of a 911 and make real-time changes to what the instrument cluster is showing you.

Context - where the CAN bus data came from

The data was collected using exactly the same Raspberry Pi4 + PICAN3 hat combination as is used in the challenge.

This device was connected to the CAN bus of a 2004 Porsche 996 "40th Anniversary Edition" vehicle - one of the earliest Porsche cars with a CAN bus controlling the engine as well as other functions throughout the car. The model belongs to the 996 "gen 2", "facelift" or 996.2 version of the 996, if you're searching for more data.

It has an 'eGas' pedal connected to the instrument cluster, which in turn was connected to two CAN buses - one for the drive-train and one for 'comfort' (Porsche's word for climate control and entertainment systems). Having two buses keeps the important traffic like accelerator & brakes separate from the non-important traffic, like what the air conditioning is doing. (There is some overlap, as the a/c will trigger the compressor which does alter what the engine is doing... but this is controlled by the instrument cluster which is connected to both CAN buses.)

The capture of traffic was performed after tapping the CAN high and low wires (and getting decent grounding to the chassis of the car).

CAN dump log file is in https://github.com/autohackers/CrikeyCon8CTF

The dump file shows the following:

• engine being started (and a pause while I'm "wow, this is working!")
• reversing up/out of driveway
• driving around our block
• back into driveway and switching off engine

Instrument Cluster for playback

The idea of the capture was to learn about the CAN bus traffic in the 996 and also to be able to replay it and see what we can tweak.

Unfortunately there aren't that many of this specific model in the whole world (just over 1200 accounted for - see https://www.40jahre911.com/ if you're curious about the model) so finding any parts at a wrecker in Australia is kind of tough.

However I was able to locally(ish) source the instrument cluster from a similar vintage Porsche Boxter, that I know uses the same electronics gear, so I figured (honestly, made an "educated gamble") it would serve to replay the CAN traffic.🤞

In case you're looking up details, the numbers from the dashboard above are Porsche: 986 641 217 03 FHB, type UK and VDO: 110.080.039/161

And, after figuring out the wiring of the connectors on the back of the cluster, a little wiring (you need +battery and +ignition for it to start accepting traffic) to hook the dashboard to a 12V supply and the CAN bus of the RPi, it worked!

The final step was stopping the playback and seeing what items on the cluster could be directly addressed (or faked) using the CANsend tool. Some things, like the fuel gauge, are directly hooked up to sensors in the car (i.e. not the CAN bus). I managed to change data bound for the speedo, the tacho (RPM guage) and the engine temperature gauge. (I believe some other warning lights are also addressable but, at this point, I haven't found their identities - eg ABS & traction control - as I haven't had the RPi secured well enough to, er, engage the traction control to the point it flashes a warning at me!)

Hence the CrikeyCon challenges available today are based on those three gauges. See the CTF board in the conference for more details... or come and see me at the car hacking desk! 😎

This is a little light background reading list for anyone looking at doing a touch of CAN bus 101 hackety while at CrikeyCon.

First up, is the Car Hacker's Handbook by Craig Smith (click on the ebook link to read it online). I can't say I've read every page yet but the CAN related chapters really helped me get my head around the concepts and topics.

If you want to know more about the actual CAN bus, especially the wiring-up-a-fakey, it's worth having a read of the Basics of CAN-Bus.

This provided validation of how we wired up our breadboard based CAN bus before we plugged in the RPi and our CAN based instrument cluster. It's important to get these details right... you don't want to fry the circuits in your gear!

After we received the PICAN3 hardware to go with our Raspberry Pi 4 units, we had to install the driver lines into the RPi config... however then you need the SocketCAN library installed (aka 'can-utils'). Naturally it would be far too easy if the CAN interface (usually can0) would simply stay up...

See https://www.pragmaticlinux.com/2021/07/automatically-bring-up-a-socketcan-interface-on-boot/ for a good, step-by-step (we need that!) guide on getting it running... and keeping it running! (Windows/MacOS has spoilt us.)

Another good primer was Hacking into a vehicle CAN bus and this also has some good examples of CAN frames and how they work. If you're coming from computer networking with TCP or UDP, this is the info you need to understand some more about CAN traffic.

That's it for now - the above should be reading material that either keeps you awake all night... or puts you straight to sleep!

Enjoy the learning.

Cars. Drones/UAVs. Submarines. Planes. Sharks with lasers. The interest levels in hacking things that move is rising. Autohackers.com has been formed to meet this challenge.

This year at CrikeyCon we’re starting with some basics – understanding the automotive CAN bus, with a capture from a vehicle and an instrument cluster from the same, to ‘replay’ the drive. See and learn the CAN interactions using can-utils on a RPi+PICAN3 and see if you can make the instrument cluster dance to your tune…

We're going to be joining Droppy at CrikeyCon (yay!) for our inaugural appearance for car hacking... and we are very excited to start with such a bang! Though hopefully not too literal a bang... <checks voltage setting on the PSU>

I've been looking at ways to start "car hacking" for a while, with the underlying reason that I want to be able to fix, modify and upgrade (aka 'hack' in the old school definition of the word) older cars that we own that aren't ready for the scrap heap. As long as they're roadworthy and as safe as they can be for their vintage, why shouldn't we use the carbon debt we've already incurred in the manufacture of that vehicle by keeping it running? But I digress... food for another post.

Anyway, I managed to find similar instrument cluster for the early CAN bus enabled model of car that I already own. I wondered, could I 'record' the the CAN bus of the traffic on my car and 'play it back' on my replacement instrument cluster that I bought from the wreckers?

And if so... can I tweak the replay of traffic to show what I want instead?

This is all good and fine as a side-project. But I opened my mouth around the CrikeyCon crew about adding a "car hacking village" sometime soon... and the level of support I got for this idea was amazing. It had to be done!

...more on the setup of the CTF challenges as we draw closer to the Con (on the 3rd September 2022).