Пожалуйста, обратите внимание, что пользователь заблокирован
Description
During car hacking, the first consideration typically revolves around the manufacturer or Tier 1 provider’s hidden services. This spans from common engineer mode applications to deeply concealed mechanisms. However, due to regulatory requirements and increased manufacturer security awareness, high-level privilege hidden services have dramatically decreased. Through analyzing dozens of Intelligent Connected Vehicles, we’ve discovered new tactics for managing hidden services.
In this talk, we’ll demonstrate multiple methods to access hidden functions and thoroughly analyze underlying theories which involving both traditional and new era approaches. Once we understand the background mechanisms, we attempted to bypass security protections and share our journey, including some bypass skills. Such as use Fipper Zero crack the engineer mode pincode. Upon gaining access to hidden services, we’ll show how to leverage these functions to attain root privileges, execute lateral movement to other Electronic Control Units (ECUs), and gain control of the vehicle.
Lastly, I’ll introduce a self-developed graphical hacking tool designed to reveal hidden services. This tool extracts information from firmware and automatically generates a graphical representation of the hidden services relationships. By using this tool, we’ve successfully identified entry paths for many vehicles, including deeply hidden ones.
