Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

awesome-vehicle-security

🚗 A curated list of resources for learning about vehicle security and car hacking.
https://github.com/jaredthecoder/awesome-vehicle-security

Last synced: 5 days ago
JSON representation

  • Applications

    • Episodes

      • Intrepid Tools - Expensive, but extremely versatile tools specifically designed for reversing CAN and other vehicle communication protocols.
      • Wireshark - WireShark can be used for reversing CAN communications.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • RomRaider - An open source tuning suite for the Subaru engine control unit that lets you view and log data and tune the ECU.
      • O2OO - Works with the ELM327 to record data to a SQLite database for graphing purposes. It also supports reading GPS data. You can connect this to your car and have it map out using Google Maps KML data where you drive.
      • OpenXC - Currently, OpenXC works with `Python` and `Android`, with libraries provided to get started.
      • metasploit - The popular metasploit framework now supports Hardware Bridge sessions, that extend the framework's capabilites onto hardware devices such as socketcan and SDR radios.
      • Mazda AIO Tweaks - All-in-one installer/uninstaller for many available Mazda MZD Infotainment System tweaks.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • Kayak - Java application for CAN bus diagnosis and monitoring.
      • O2OO - Works with the ELM327 to record data to a SQLite database for graphing purposes. It also supports reading GPS data. You can connect this to your car and have it map out using Google Maps KML data where you drive.
      • CANToolz - CANToolz is a framework for analysing CAN networks and devices. It is based on several modules which can be assembled in a pipeline.
      • BUSMASTER - An Open Source tool to simulate, analyze and test data bus systems such as CAN, LIN, FlexRay.
      • OpenXC - Currently, OpenXC works with `Python` and `Android`, with libraries provided to get started.
      • openpilot - openpilot is an open source driving agent that performs the functions of Adaptive Cruise Control (ACC) and Lane Keeping Assist System (LKAS) for Hondas and Acuras.
      • openalpr - An open source Automatic License Plate Recognition library written in C++ with bindings in C#, Java, Node.js, Go, and Python.
      • mazda_getInfo - A PoC that the USB port is an attack surface for a Mazda car's infotainment system and how Mazda hacks are made (known bug in the CMU).
      • talking-with-cars - CAN related scripts, and scripts to use a car as a gamepad
      • CANalyzat0r - A security analysis toolkit for proprietary car protocols.
      • RomRaider - An open source tuning suite for the Subaru engine control unit that lets you view and log data and tune the ECU.
      • BlackFlag ECU - Professional ECU diagnostics and tuning suite with OBD-II scanning, DTC reading, live sensor monitoring, and reflash capabilities.
      • Tesla Mod - Tesla CAN bus toolkit for Flipper Zero and ESP32. Nag killer, FSD region unlock, track mode, BMS dashboard, blind spot alert, high beam strobe, and 30+ more CAN handlers. Open source (GPL-3.0).

  • Articles

  • Blogs

  • Books

  • Conferences

    • U.S. Automotve Cyber Security Summit - cyber-security.iqpc.de/) - Conference series dedicated to automotive cyber security involving many OEMs, Tier 1s, academics, consultants, etc.
    • escar conference - Embedded security in cars. European event has run for over 10 years, and they now have US and Asia events.
    • IT Security for Vehicles - Conference run by the Association of German Engineers (VDI), with participation from US and European OEMs, Tier 1s, and others.
    • Cyber Truck Challenge - Conference that focuses on heavy vehicle cybersecurity issues. Includes hands-on assessments of heavy vehicles and subsystems.
    • IT Security for Vehicles - Conference run by the Association of German Engineers (VDI), with participation from US and European OEMs, Tier 1s, and others.
    • U.S. Automotve Cyber Security Summit - cyber-security.iqpc.de/) - Conference series dedicated to automotive cyber security involving many OEMs, Tier 1s, academics, consultants, etc.

  • Coordinated disclosure

  • Courses

    • Udacity's Self Driving Car Engineer Course - The content for Udacity's self driving car software engineer course. The actual course on Udacity's website is [here](https://www.udacity.com/course/self-driving-car-engineer-nanodegree--nd013).

  • Libraries and Tools

    • C

      • SocketCAN Utils - Userspace utilites for SocketCAN on Linux.
      • dbcc - "dbcc is a program for converting a DBC file primarily into into C code that can serialize and deserialize CAN messages." With existing DBC files from a vehicle, this file allows you to convert them to C code that extracts the CAN messages and properties of the CAN environment.

    • C++

      • High Level ViWi Service - High level Volkswagen CAN signaling protocol implementation.
      • CanCat - A "swiss-army knife" for interacting with live CAN data. Primary API interface in Python, but written in C++.
      • CANdevStudio - Development tool for CAN bus simulation. CANdevStudio enables to simulate CAN signals such as ignition status, doors status or reverse gear by every automotive developer.
      • UnlockECU - Free, open-source ECU seed-key unlocking tool.

    • Episodes

    • Go

      • CAN Simulator - A Go based CAN simulator for the Raspberry Pi to be used with PiCAN2 or the open source [CAN Simulator board](https://github.com/carloop/simulator)

    • Java

      • ITS Geonetworking - ETSI ITS G5 GeoNetworking stack, in Java: CAM-DENM / ASN.1 PER / BTP / GeoNetworking

    • JavaScript

      • UberATC - Uber Advanced Technologies Center - <info@uberatc.com>.
      • Tesla - Tesla hires security professionals for a variety of roles, particularly securing their vehicles.
      • Intrepid Control Systems - Embedded security company building tools for reversing vehicles.
      • Rapid7 - Rapid7 does work in information, computer, and embedded security.
      • IOActive - Security consulting firm that does work on pentesting hardware and embedded systems.
      • Cohda Wireless - V2X DSRC Radio and Software
      • UberATC - Uber Advanced Technologies Center, now Uber AV - <info@uberatc.com>.
      • VicOne - A subsidiary of Trend Micro which focuses on automotive security
      • NodeJS extension to SocketCAN - Allows you to communicate over CAN networks with simple JavaScript functions.
      • IOActive - Security consulting firm that does work on pentesting hardware and embedded systems.
      • Cohda Wireless - V2X DSRC Radio and Software
      • Intrepid Control Systems - Embedded security company building tools for reversing vehicles.

    • Python

      • SocketCAN
      • canopen
      • Python-CAN - Python interface to various CAN implementations, including SocketCAN. Allows you to use Python 2.7.x or 3.3.x+ to communicate over CAN networks.
      • Python-OBD - A Python module for handling realtime sensor data from OBD-II vehicle ports. Works with ELM327 OBD-II adapters, and is fit for the Raspberry Pi.
      • Scapy - A python library to send, receive, edit raw packets. Supports CAN and automotive protocols: see the [automotive doc](https://scapy.readthedocs.io/en/latest/layers/automotive.html)
      • canTot - A python-based cli framework based on sploitkit and is easy to use because it similar to working with Metasploit. This similar to an exploit framework but focused on known CAN Bus vulnerabilities or fun CAN Bus hacks.
      • canmatrix
      • Caring Caribou Next - Upgraded and optimized version of the original Caring Caribou project.
      • Jumpstarter - A hardware-in-the-loop testing framework with automotive diagnostic drivers for UDS, DoIP, and CAN bus protocols.
      • canarchy - CANarchy is a stream-first CAN analysis and manipulation runtime designed for automation, security research, and agent-driven workflows.

  • Miscellaneous

    • Episodes

      • Real ORNL Automotive Dynamometer (ROAD) CAN Intrusion Dataset
      • CAN DoS Fuzzing Attack Video
      • ECU Reflashing Detector Demo
      • Uptane - Uptane is an open and secure software update system design protecting software delivered over-the-air to the computerized units of automobiles and is designed to be resilient even to the best efforts of nation state attackers.
      • This article
      • Arduino - Arduino boards have a number of shields you can attach to connect to CAN-enabled devices.
      • ChuangZhou CAN-Bus Shield
      • DFRobot CAN-BUS Shield For Arduino
      • SparkFun CAN-BUS Shield
      • Freematics OBD-II Telematics Kit - Arduino-based OBD-II Bluetooth adapter kit has both an OBD-II device and a data logger, and it comes with GPS, an accelerometer and gyro, and temperature sensors.
      • ELM327 - The de facto chipset that's very cheap and can be used to connect to CAN devices.
      • GoodThopter12 - Crafted by a well-known hardware hacker, this board is a general board that can be used for exploration of automotive networks.
      • ChipWhisperer - A system for side-channel attacks, such as power analysis and clock glitching.
      • HackerSDR - A Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies.
      • CANSPY - A platform giving security auditors to audit CAN devices. It can be used to block, forward or modify CAN frames on the fly autonomously as well as interactively.
      • CANBus Triple - General purpose Controller Area Network swiss army knife and development platform.
      • USBtin - USBtin is a simple USB to CAN interface. It can monitor CAN busses and transmit CAN messages. USBtin implements the USB CDC class and creates a virtual comport on the host computer.
      • OpenXC - OpenXC is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules. It uses standard, well-known tools to open up a wealth of data from the vehicle to developers. Started by researchers at Ford, it works for all 2002 and newer MY vehicles (standard OBD-II interface). Researchers at Ford Motor Company joined up to create a standard way of creating aftermarket software and hardware for vehicles.
      • Macchina M2 - Macchina 2.0 is a complete overhaul of our 1.X generation of Macchina. The goals are still the same: Create an easy-to-use, fully-open, and super-compatible automotive interface.
      • PandwaRF - PandwaRF is a pocket-sized, portable RF analysis tool operating the sub-1 GHz range. It allows the capture, analysis and re-transmission of RF via an Android device or a Linux PC. Capture any data in ASK/OOK/MSK/2-FSK/GFSK modulation from the 300-928 MHz band.
      • CAN MITM Bridge by MUXSCAN - a tool to MITM CAN messages, allowing easy interaction with your car.
      • CANtact - "The Open Source Car Tool" designed to help you hack your car. You can buy one or make your own following the guide here.
      • CANtact - "The Open Source Car Tool" designed to help you hack your car. You can buy one or make your own following the guide here.
      • Macchina M2 - Macchina 2.0 is a complete overhaul of our 1.X generation of Macchina. The goals are still the same: Create an easy-to-use, fully-open, and super-compatible automotive interface.
      • Reverse Engineering Resources
      • Open Vehicle Monitoring System - A community project building a hardware module for your car, a server to talk to it, and a mobile app to talk to the server, in order to allow developers and enthusiasts to add more functionality to their car and control it remotely.
      • Open Source Car Control Project - The Open Source Car Control Project is a hardware and software project detailing the conversion of a late model vehicle into an autonomous driving research and development vehicle.
      • This article
      • CANdiy-Shield
      • arduino-canbus-monitor - No matter which shield is selected you will need your own sniffer. This is implementation of standard Lawicel/SLCAN protocol for Arduino + any MCP CAN Shield to use with many standard CAN bus analysis software packages or SocketCAN
      • Carloop - Open source development kit that makes it easy to connect your car to the Internet. Lowest cost car hacking tool that is compatible with SocketCAN and can-utils. No OBD-II to serial cable required.
      • CANBadger - A tool for reverse-engineering and testing automotive systems. The CANBadger consists of both hardware and software. The main interface is a LPC1768/LPC1769 processor mounted on a custom PCB, which offers two CAN interfaces, SD Card, a blinky LED, some GPIO pins, power supply for peripherals and the ethernet port.
      • OpenXC - OpenXC is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules. It uses standard, well-known tools to open up a wealth of data from the vehicle to developers. Started by researchers at Ford, it works for all 2002 and newer MY vehicles (standard OBD-II interface). Researchers at Ford Motor Company joined up to create a standard way of creating aftermarket software and hardware for vehicles.
      • Red Pitaya - Replaces expensive measurement tools such as oscilloscopes, signal generators, and spectrum analyzers. Red Pitaya has LabView and Matlab interfaces, and you can write your own tools and applications for it. It even supports extensions for things like Arduino shields.
      • USBtin - USBtin is a simple USB to CAN interface. It can monitor CAN busses and transmit CAN messages. USBtin implements the USB CDC class and creates a virtual comport on the host computer.
      • Freematics OBD-II Telematics Kit - Arduino-based OBD-II Bluetooth adapter kit has both an OBD-II device and a data logger, and it comes with GPS, an accelerometer and gyro, and temperature sensors.
      • GoodThopter12 - Crafted by a well-known hardware hacker, this board is a general board that can be used for exploration of automotive networks.
      • USB2CAN - Cheap USB to CAN connector that will register a device on linux that you can use to get data from a CAN network.
      • Rinho Telematics - GPS trackers with native CAN Bus (J1939/FMS), WiFi fallback for offline data download, and BLE 5.0 sensors. Compatible with Traccar and Wialon.
      • PiCCANTE - Open-source CAN hacking tool based on Raspberry Pi Pico [2] (W) - Up to 3x CAN interfaces, includes ELM327 emulator.
      • CAN DoS Fuzzing Attack Video
      • AutoPi - Open-source core software for the AutoPi dongle, a Raspberry Pi-based OBD-II device for vehicle telematics, CAN bus data collection, and automotive IoT applications.

  • Podcasts and Episodes

  • Presentations

Programming Languages
Python 9 C++ 5 C 3 Go 1 Jupyter Notebook 1 Rust 1 Shell 1 JavaScript 1 PHP 1
Categories
Miscellaneous 42 Applications 39 Presentations 33 Libraries and Tools 31 Research Papers 31 Who to Follow 28 Coordinated disclosure 18 Articles 18 Books 12 Websites 10 Podcasts and Episodes 9 Conferences 6 Blogs 2 Uncategorized 2 Courses 1
Sub Categories
Episodes 87 JavaScript 30 Python 10 C++ 4 Podcasts 4 C 2 Uncategorized 2 Java 1 Go 1
Keywords
awesome 10 awesome-list 9 security 6 automotive 6 can-bus 6 can 4 list 4 slcan 3 canbus 3 python 3 car-hacking 3 automotive-security 3 bus-monitoring 2 dbc 2 arduino 2 resources 2 logger 2 obd2 2 lawicel 2 socketcan 2 embedded 2 lists 2 elm327 1 industrial-automation 1 j2534 1 linux 1 robotics 1 canutils 1 driver-assistance-systems 1 advanced-driver-assistance-systems 1 unicorns 1 can-fd 1 incident-response-tooling 1 incident-response 1 application-security 1 curated 1 owasp 1 reading-list 1 security-experts 1 ctf 1 penetration 1 analysis-framework 1 automated-analysis 1 chinese 1 chinese-translation 1 domain-analysis 1 drop-ice 1 dynamic-analysis 1 malware-analysis 1 malware-collection 1