Jeep how to be hacked crack report exclusive secret

In August 2015, DEFCON, the world's largest hacker conference, set off a climax of car attacks. More than 20,000 hackers and security personnel witnessed repeated car cracking demonstrations in Las Vegas, USA. It is the attackers like them who have focused and contributed to the field of car safety in the past two years, so that conservative American car manufacturers have to gradually let the public know about the car safety hazards that were previously only known internally. Until July this year, Chrysler was in the United States. The scale recalled 1.4 million Jeep.

This article refers to the address: http://

1.jpg

As one of the earliest researchers in China to invest in the safety of car networking, I am pleased to see how car safety has been valued from a research field of the door to the present, and this group of "people" includes the car factory and related car networking. Manufacturer. Therefore, I boldly and firmly believe that 2015 is the first year of car safety.

Hacker duo: Charlie Miller and Chris Valasek

How is Jeep hacked? Crack report exclusive secret

The Jeep cracking hackers were Charlie Miller and Chris Valasek from the US, who worked at IOActive and Twitter respectively. However, hacking is just their own hobbies and has little to do with their company. The two of them are currently the hottest in the car hacking world, and it is no wonder that the hacker conference in their place is not clear, and even there is no place to stand.

I have had two meetings with Charlie Miller and Chris Valasek and discussed with them about car protection: their demonstration of car attacks at the DEFCON conference in 2013 largely ignited the research passion of car networking security; 2015 At the Automated Cyber ​​Security Summit in April, they didn't have anything new (think of it now, it is estimated that it is accumulating for the August JEEP vulnerability).

Jeep crack report

I read this article before Charlie and Chris's 91-page English crack report on Jeep - Remote Exploitation of an Unaltered Passenger Vehicle.

On August 10th, I was waiting for this report to be released, but I didn't see the author release it as scheduled in the middle of the night. Fortunately, the next morning I first saw the PDF version on illmatics.com, and 91 pages were enough.

I can't describe the details of the report one by one. Based on the background knowledge I know and the work done by the two hackers, I will introduce you to the difference between their recent research work and how they have been implemented. Conduct protection against hacker attacks. I will write my feelings according to my own understanding, not necessarily translated according to the contents of the report.

The word "unaltered" means no change, not including the OBD box, the hands and feet of the car, access to WIFI hotspots, etc. The meaning behind this word is to call the board, I will not mess with you.

The first few pages of the report describe their car safety research work and the initial focus of cracking Jeep: most of the car attacks since 2009 have been based on physical contact attacks. This time they want to start from a long-range attack and achieve large-scale reproducibility. Car attack, this is precisely the characteristics of the virus attack, but also the car factory is most worried; another reason, the limitation of physical attack is the concentration point of the feedback from the car manufacturer. OBD entry attacks, equipment placed in the car (such as attacking OnStar's Ownstar equipment) were selectively ignored by the depot for this reason. Therefore, this long-range attack is a bright sword of the researchers, to see what reason the car factory has to evade.

Choosing Jeep is not accidental.

How is Jeep hacked? Crack report exclusive secret

I know from the FCA car related personnel that they are not without their own cybersecurity security team, but the current scale is relatively small. But Jeep was still lying in the air twice! At last year's World Hacking Conference, Charlie and Chris published a survey of different cars: in many cars, Jeep is considered vulnerable because of potential risks. Kind of vehicle. This year, Jeep is really unfortunate to be a candidate vehicle. So if you also understand this history, when you first know that Jeep is exploding, you will have the same thoughts as me, "How is Jeep?!"

Crack the idea: Why choose to start with the entertainment system?

Who asked you to connect the entertainment system directly to the CAN bus? If you break the entertainment system, you can write the CAN command to the CAN bus. The private protocol CAN command accumulated by the two hackers will be useful.

Pages 9-19 of the report describe some of the auxiliary features of the 2014 Jeep and the corresponding potential attack points, which are not particularly important. It is worth mentioning that the Wifi hotspot, the author is through this into the car.

The following pages describe Jeep's Uconnect, operating system, file system, etc., and the IFS jailbreak will be introduced later in the report.

Page 25 is very important, because the starting point of this cracking work: Jeep's WPA2 password setting is very weak: a password is generated according to the fixed time plus the number of seconds the car is started. In this way, you only need to try no more than dozens of times, the password can be broken! Originally wanted to follow the car start time plus the car start time, but the car can not know when to start, so the function start () is hard coded A fixed time: 0:00 on January 1, 2013, oops!

Then, on page 28, the results were expanded, and a series of open ports were discovered through port scanning, including 6667 D-Bus, an IPC, RPC process communication mechanism. Since D-BUS allows anonymous login, the two crackers made a series of attempts (P29).

Finally, through the analysis of the D-BUS service, it was found that there are several kinds of operations that can be directly performed, such as adjusting the volume of the car and obtaining PPS data (page P31).

Another discovery: mobile provider internal network

Since Uconnect can connect to mobile operator Sprint, the latter provides telematics services using Qualcomm 3G baseband chips. Although the TI OMAP system inside the car can't connect directly to the CAN bus, the two crackers found another place that absolutely needs protection, which is commonly known as the CAN controller. The controller here is Renesas (someone used to call NEC) V850 MCU, which is a more common processor. Even the anti-debugging magic IDA Pro has a corresponding debugging module (P33). The next step is how to jailbreak Uconnect, but they point out that this is not necessary, pure crush is the interest, so the public observer can skip this part if you are not a Geek.

Page 40 begins to return to the attack on the road: Uconnect commands such as controlling the volume of the entertainment system, air conditioning fans, radios, and even turning off the screen, changing the boot image.

The aforementioned D-Bus once again provided the attacker with a new attack point GPS. It can track any car running Uconnect through port 6667, which provides the necessary conditions for large-scale and arbitrary attacks.

Jasminer Machine

Jasminer Machine:Jasminer X4,Jasminer X4-Q,Jasminer X4-1U,Jasminer X4-C 1U,Jasminer X4 BRICK


As a leading brand in the high-throughput server industry, JASMINER has always placed scientific and technological research and product innovation in the highest strategic position and has no upper limit on R&D investment. It is the dedication to technology research and development that enables JASMINER to take the lead in the field of energy saving technology.

At present, JASMINER is one of the world's few cutting-edge computing server brands that apply the core chip technology of "integrated storage and computing". With the chip stacking technology, JASMINER X4, the industry's leading high-throughput computing chip of integrated storage and computing, has overcome Moore's law and led the world. Thus, the energy saving, stability and reliability of the computing power server are further improved.

Based on energy saving, consumption reduction and comprehensive cost optimization, JASMINER X4 series server products have gained strong competitiveness in green environment protection, cost reduction and efficiency improvement for global customers. X4 products based on high-throughput chip architecture, with strong computing performance and excellent energy efficiency, fully meet the needs of green computing, for the development of the new generation of information technology to provide a powerful new data infrastructure guarantee.

Jasminer Machine,X4 1U Etc Miner,jasminer miner,X4 1U 520Mh Miner,jasminer x4

Shenzhen YLHM Technology Co., Ltd. , https://www.hkcryptominer.com

Posted on