About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

How I Hacked my Car Part 2: Making a Backdoor- 961

GreenLuigi1Posted 3 Years Ago
  • Each file is encrypted individually, with the name being enc_{OriginalName}. There is a configuration file with the file name and the SHA224 hash. The hash of the configuration file is signed. Finally, everything is put into an encrypted zip file for the firmware.
  • Knowing all of the information about method for creating the image is vastly important. Since we have the encryption key and the signing key, we can create valid firmware with a backdoor in it.
  • To backdoor the device, they changed a few scripts. The device has Python on it. So, a backdoor shell was added. Additionally, if a USB drive was plugged in, it would search for a special file that would execute. With the backdoor setup, the device needs to be put into engineering mode.
  • But, the password doesn't work for the mode!? With the newest firmware update, they had came from the website, the password had changed. The hash of the pin (parts of the pin) was put into the logs. By brute forcing these individually they part of the new pin to be 02. Additionally, a hardcoded hash was in the binary and found to be 38. Putting these together is our code for engineering mode.
  • A good post on reverse engineering and setting up the process for further security research. A large amount of the time this is in posts, even if it is just as important.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed