汽车黑客手册-章节简介

章节简介

《汽车黑客手册》带你了解如何黑掉一台汽车。我们先来简单介绍下有关汽车安全的策略，然后深入研究如何检查车辆是否安全，以及如何在复杂的硬件系统中找到漏洞。

这是你在每一个章节中能发现的信息：

第一章：了解威胁模型

教会你如何评估一辆汽车。你将学会如何识别危险组件的区域。如果你是在汽车行业工作，这将会是一份非常有用的指南来建立你自己的威胁模型。

第二章：总线协议

详细说明审计一辆汽车时可能遇到的各种总线网络，并探索每一总线使用的线路、电压和协议。

第三章：SocketCAN汽车通信

演示如何在Linux上使用SocketCAN接口集成大量CAN硬件工具，以便你可以编写或使用一个工具，而不管你用的是什么设备

第四章：诊断和日志

介绍如何读取引擎代码、统一诊断服务和ISO-TP协议。你将了解不同的模块服务如何工作、它们的共同弱点是什么、它们记录了关于你的哪些信息以及这些信息存储在哪里。

第五章：CAN总线的逆向工程

详细介绍如何分析CAN网络，包括如何设置虚拟测试环境，以及如何使用与CAN安全相关的工具和模糊器。

第六章：黑掉ECU

重点关注在ECU上运行的固件。你将了解如何访问固件、如何修改固件以及如何分析固件的二进制数据。

第七章：建立和使用ECU测试台

说明如何从车辆上拆卸零件，以建立一个安全的测试环境。它还讨论了如何读取接线图和模拟发动机组件到ECU，如温度传感器和曲轴。

第八章：攻击ECU和其他嵌入式系统

介绍了集成电路调试引脚和方法。我们还研究了侧信道分析攻击，例如差分功率分析和时钟故障，并给出了详细的示例。

第九章：车载信息娱乐系统

详细说明信息娱乐系统是如何工作的。因为车载信息娱乐系统可能有最大的攻击面，我们将集中在不同的方式获得它的固件和在系统上执行。本章还讨论了一些可用于测试的开源车载信息娱乐系统。

第十章：车与车之间的通信

解释车与车自建的网络时如何设计并工作的。本章涵盖了密码学以及来自多个国家的不同协议提议。我们还将讨论车对车系统的一些潜在弱点。

第十一章：把CAN总线当做武器

详细介绍如何将你的研究真正利用起来。你将学会如何将伪代码转换成汇编代码和最终的可执行代码，你将研究如何在你的目标车辆上用起来，包括未知车辆。

第十二章：用SDR攻击无线系统

介绍如何用软件无线电（software-defined radio，简称：SDR）来分析无线通信，比如：TPMS（胎压监测系统，Tire Pressure Monitoring System）、电子钥匙、防盗系统。我们回顾在攻击防盗系统和已知漏洞时可能遇到的一些加密方案。

第十三章：性能优化

讨论能用来提升和改进车辆性能的技术。我们将介绍芯片调优以及常用的工具和技术，这些工具和技术用于调整引擎，使其按照你希望的方式工作。

附录一：工具集

提供一个软件和硬件工具的列表，这些工具在构建汽车安全实验室时非常有用。

附录二：诊断代码模式列表和参数ID列表

列出一些常见的模式和便利的参数ID列表。

附录三：创建你自己的Open Garages（汽车黑客社区）

解释如何参与汽车黑客社区和启动自己的Open Garages。

当你读完这本书时，你应该对你车辆的计算机系统如何工作，它们在哪里最容易受到攻击，以及如何利用这些漏洞有更深入的了解了。

What’s in This Book

The Car Hacker’s Handbook walks you through what it takes to hack a vehicle. We begin with an overview of the policies surrounding vehicle security and then delve in to how to check whether your vehicle is secure and how to find vulnerabilities in more sophisticated hardware systems.

Here’s a breakdown of what you’ll find in each chapter:

• Chapter 1: Understanding Threat Models teaches you how to assess a vehicle. You’ll learn how to identify areas with the highest risk components. If you work for the auto industry, this will serve as a useful guide for building your own threat model systems.

• Chapter 2: Bus Protocols details the various bus networks you may run into when auditing a vehicle and explores the wiring, voltages, and protocols that each bus uses.

• Chapter 3: Vehicle Communication with SocketCAN shows how to use the SocketCAN interface on Linux to integrate numerous CAN hardware tools so that you can write or use one tool regardless of your equipment.

• Chapter 4: Diagnostics and Logging covers how to read engine codes, the Unified Diagnostic Services, and the ISO-TP protocol. You’ll learn how different module services work, what their common weaknesses are, and what information is logged about you and where that information is stored.

• Chapter 5: Reverse Engineering the CAN Bus details how to analyze the CAN network, including how to set up virtual testing environments and how to use CAN security–related tools and fuzzers.

• Chapter 6: ECU Hacking focuses on the firmware that runs on the ECU. You’ll discover how to access the firmware, how to modify it, and how to analyze the firmware’s binary data.

• Chapter 7: Building and Using ECU Test Benches explains how to remove parts from a vehicle to set up a safe testing environment. It also discusses how to read wiring diagrams and simulate components of the engine to the ECU, such as temperature sensors and the crank shaft.

• Chapter 8: Attacking ECUs and Other Embedded Systems covers integrated circuit debugging pins and methodologies. We also look at side channel analysis attacks, such as differential power analysis and clock glitching, with step-by-step examples.

• Chapter 9: In-Vehicle Infotainment Systems details how infotainment systems work. Because the in-vehicle infotainment system probably has the largest attack surface, we’ll focus on different ways to get to its firmware and execute on the system. This chapter also discusses some open source in-vehicle infotainment systems that can be used for testing.

• Chapter 10: Vehicle-to-Vehicle Communication explains how the proposed vehicle-to-vehicle network is designed to work. This chapter covers cryptography as well as the different protocol proposals from multiple countries. We’ll also discuss some potential weaknesses with vehicle-to-vehicle systems.

• Chapter 11: Weaponizing CAN Findings details how to turn your research into a working exploit. You’ll learn how to convert proof-of-concept code to assembly code, and ultimately shellcode, and you’ll examine ways of exploiting only the targeted vehicle, including ways to probe a vehicle undetected.

• Chapter 12: Attacking Wireless Systems with SDR covers how to use software-defined radio to analyze wireless communications, such as TPMS, key fobs, and immobilizer systems. We review the encryption schemes you may run into when dealing with immobilizers as well as any known weaknesses.

• Chapter 13: Performance Tuning discusses techniques used to enhance and modify a vehicle’s performance. We’ll cover chip tuning as well as common tools and techniques used to tweak an engine so it works the way you want it to.

• Appendix A: Tools of the Trade provides a list of software and hardware tools that will be useful when building your automotive security lab.

• Appendix B: Diagnostic Code Modes and PIDs lists some common modes and handy PIDS.

• Appendix C: Creating Your Own Open Garage explains how to get involved in the car hacking community and start your own Open Garage.

By the end of the book, you should have a much deeper understanding of how your vehicle’s computer systems work, where they’re most vulnerable, and how those vulnerabilities might be exploited.