AutoHackOS.pptx
Animeshkumar51
582 views
22 slides
May 12, 2023
Slide 1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
About This Presentation
Operating system for automotive penetration testing.
One distribution for anything related to car hacking
Supports multiple domains (BLE, WiFi, RF, USB)
Preconfigured telecom stack
Preconfigured tools for V2X
Slide Content
AutoHack OS Operating system for automotive penetration testing Ravi Rajput @frustratedresearcher
Ravi Rajput (Frustrated Researcher) Security Manager @ Exela Technologies Focusing on Binary exploitation and has experience in automotive testing. Ex – Null Ahmedabad chapter lead Speaker at Bsides Delhi, Bsides Maharastra , Bounty Bash, UnitedCon and Null Community Core team - Telecom village @DefCon https://autohackos.com
Why Automotive Security OS ? Lack of dedicated automotive security OS. Modern cars contain 100+ specialized ECUs. Various ECU functions (e.g., BCM, TBOX). Testing beyond CAN Bus needed ( WiFi , Bluetooth, telecom). Because ChatGPT can’t hack your Car.
Current Scenario Traditional auto testing emphasizes CAN Bus. Need diverse tools for various automotive functionalities. Existing online tools focus on conventional testing; OS with comprehensive security tools lacking.
Shortcomings Multiple VMs/toolchains needed for various module testing. Time-consuming setup of multiple testing tools. Challenges for trainers and learners. Increased effort to track and apply tool updates. Multiple tools, configurations, OS versions, and conflicts lead to significant frustration.
Causes for short comings Resource-intensive monitoring with multiple VMs/toolchains. Multi-OS setup hampers monitoring during testing. Automotive testing complexity: CAN Bus, WiFi , BLE, Web, Cloud, RF, Telecom, Mobile, IoT.
Solution Pre-installed and pre-configured OS with popular toolset. Systematic toolset categorization. Community-driven bug/feature reporting with changelogs. Public OS and application bug tracking ; regular updates. Comprehensive documentation for current and upcoming tools. Universal design for all users. OS that support m ajorly popular hardwares .
AutoHack OS Compatible with most CAN Bus adapters. Firmware extraction tools for physical testing. Supports popular SDRs in the market. Comprehensive attack tool support (BLE, RF, WiFi , USB). Pre-configured telecom stack for TBOX testing and automation scripts. Cloud and web application tools for V2X testing. Fuzzing tools for protocols and Android Automotive OS browsers. Simulators and vulnerable apps for skill development . VM and ISO availability for host setup and Live OS .
Methodology Reverse engineer and identify CAN ID/messages for vehicle functions. Test and exploit other vehicle interfaces. Monitor CAN bus, identify CAN ID/messages triggered during other interface exploitation. Reproduce identified CAN ID/messages in conjunction with other vehicle interface exploitation.
Tools for conventional CAN pentesting Simulators : ICSim , UDSim , CANToolz , Virtual Car Attacking tools: canutils (of course), Caring Caribou, CanTot Automated setup: VCan setup, CAN Baud rate setup Hardware Supported: USBCAN, MCP 2515, CanPico , USBtin , Macchina M2
Tools for Telecom testing Stack: Osmocom , srsRAN Attacking tools: Modmobjam , Modmobmap Automated setup: LTE Deploy, Osmo NITB Scripts Hardware Supported: HackRF , BladeRF , USRP, LimeSDR Why? To test TBOX of automotive
Tools for BLE testing Attacking tools: hcitool , GATTool , Blueborne , Crackle, braktooth , btlejack , btlejuice Hardware Supported: CYW920819EVB-02, nRF52840-Dongle, Ubertooth , Bluefruit LE Sniffer - Bluetooth Low Energy (BLE 4.0) - nRF51822
Tools for Firmware testing Attacking tools: binwalk Automated setup: emba , Firmware Slap, Firmwalker , Firmadyne , fwanalyzer , FACT, expliot Hardware Supported: Bus Pirate, JTAGulator , ST-Link V2
Tools for Web & Cloud pentesting Attacking tools: Nuclei, Interactsh , OWASP Zap, Postman, Burpsuite Community, Scout, awscli , azurecli
Tools for Network pentesting Attacking tools: GPS Spoof, MSF, Aircrack -ng, Airgeddon , Wireshark, Ettercap, Nmap
Tools for Mobile testing Attacking tools: adb , apktools , jadx , Frida Automated setup: MobSF , Frida Scripts
Tools for Fuzz testing Attacking tools: AFL, Domato , FreeDOM Automated setup: Automated Browser Fuzzing
Tools for Reverse Engineering Attacking tools: Radre2, Ghidra , IDA Pro, Cutter
What Next? Foster community support for project maintenance and enhancement. Develop comprehensive tool documentation. Encourage community members to submit documentation. Provide learning resources for enthusiasts. Establish a community forum. Collaborate with tool authors for prompt bug fixes. Emphasize the importance of individual contributions.
Links Website – autohackos.com Forum – forum.autohackos.com (in progress) Bug tracker – bugs.autohackos.com Documentation – https://autohackos.readthedocs.io/en/latest/ Github - https://github.com/autohackos
Credits Adhokshaj Mishra (IN: / adhokshajmishra ) – Hosting, Linux automation, testing, debugging Animesh Roy (IN: /anir0y) – Technical discussions, brain storming Chandresh Gupta (@chandresh_ss) – to ensure that we actually work Credit goes to all of these, to make this project happen, and facilitate a lot of discussions which helped ironing out most of the issues.
Thank you @frustratedresearcher
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 582
- Slides 22
- Age 934 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views