AVS-awesome-vehicle-security-

UNA LISTA SELECCIONADA DE RECURSOS PARA AUTOMOVIL
https://github.com/TheRipperJhon/AVS-awesome-vehicle-security-

Last synced: 2 days ago
JSON representation

Coordinated disclosure
- JavaScript
  - Application Security
  - Security
  - Capture the Flag
  - Malware Analysis
  - Android Security
  - Hacking
  - Honeypots
  - Incident Response
  - General Motors - Coordinated disclosure submissions accepted
  - Fiat Chrysler Automobiles - Coordinated disclosure submissions accepted, paid bounties offered
  - Tesla Motors - Coordinated disclosure submissions accepted, paid bounties offered
  - awesome
  - lists
Applications
- Episodes
  - Wireshark - WireShark can be used for reversing CAN communications.
  - OpenXC - Currently, OpenXC works with `Python` and `Android`, with libraries provided to get started.
  - metasploit - The popular metasploit framework now supports Hardware Bridge sessions, that extend the framework's capabilites onto hardware devices such as socketcan and SDR radios.
  - Mazda AIO Tweaks - All-in-one installer/uninstaller for many available Mazda MZD Infotainment System tweaks.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - openpilot - openpilot is an open source driving agent that performs the functions of Adaptive Cruise Control (ACC) and Lane Keeping Assist System (LKAS) for Hondas and Acuras.
  - openalpr - An open source Automatic License Plate Recognition library written in C++ with bindings in C#, Java, Node.js, Go, and Python.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - CANToolz - CANToolz is a framework for analysing CAN networks and devices. It is based on several modules which can be assembled in a pipeline.
  - BUSMASTER - An Open Source tool to simulate, analyze and test data bus systems such as CAN, LIN, FlexRay.
  - OpenXC - Currently, OpenXC works with `Python` and `Android`, with libraries provided to get started.
  - mazda_getInfo - A PoC that the USB port is an attack surface for a Mazda car's infotainment system and how Mazda hacks are made (known bug in the CMU).
Podcasts and Episodes
- Episodes
  - Arduino - Arduino boards have a number of shields you can attach to connect to CAN-enabled devices.
  - HackerSDR - A Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies.
  - Hacking Connected Vehicles with Chris Valasek of IOActive - Chris Valasek talks about hacking into connected vehicles.
  - ChuangZhou CAN-Bus Shield
  - SparkFun CAN-BUS Shield
  - ELM327 - The de facto chipset that's very cheap and can be used to connect to CAN devices.
  - Hackable? - Cars are Computers - Geoff Siskind paired up with Craig Smith, author of The Car Hacker’s Handbook, to show us just how easy – or not – it is to hack a car.
  - CANSPY - A platform giving security auditors to audit CAN devices. It can be used to block, forward or modify CAN frames on the fly autonomously as well as interactively.
  - CANBus Triple - General purpose Controller Area Network swiss army knife and development platform.
  - OpenXC - OpenXC is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules. It uses standard, well-known tools to open up a wealth of data from the vehicle to developers. Started by researchers at Ford, it works for all 2002 and newer MY vehicles (standard OBD-II interface). Researchers at Ford Motor Company joined up to create a standard way of creating aftermarket software and hardware for vehicles.
  - Macchina M2 - Macchina 2.0 is a complete overhaul of our 1.X generation of Macchina. The goals are still the same: Create an easy-to-use, fully-open, and super-compatible automotive interface.
  - PandwaRF - PandwaRF is a pocket-sized, portable RF analysis tool operating the sub-1 GHz range. It allows the capture, analysis and re-transmission of RF via an Android device or a Linux PC. Capture any data in ASK/OOK/MSK/2-FSK/GFSK modulation from the 300-928 MHz band.
  - CANtact - "The Open Source Car Tool" designed to help you hack your car. You can buy one or make your own following the guide here.
  - arduino-canbus-monitor - No matter which shield is selected you will need your own sniffer. This is implementation of standard Lawicel/SLCAN protocol for Arduino + any MCP CAN Shield to use with many standard CAN bus analysis software packages or SocketCAN
  - Open Source Car Control Project - The Open Source Car Control Project is a hardware and software project detailing the conversion of a late model vehicle into an autonomous driving research and development vehicle.
  - Open Vehicle Monitoring System - A community project building a hardware module for your car, a server to talk to it, and a mobile app to talk to the server, in order to allow developers and enthusiasts to add more functionality to their car and control it remotely.
  - CANdiy-Shield
  - Carloop - Open source development kit that makes it easy to connect your car to the Internet. Lowest cost car hacking tool that is compatible with SocketCAN and can-utils. No OBD-II to serial cable required.
  - CANBadger - A tool for reverse-engineering and testing automotive systems. The CANBadger consists of both hardware and software. The main interface is a LPC1768/LPC1769 processor mounted on a custom PCB, which offers two CAN interfaces, SD Card, a blinky LED, some GPIO pins, power supply for peripherals and the ethernet port.
  - OpenXC - OpenXC is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules. It uses standard, well-known tools to open up a wealth of data from the vehicle to developers. Started by researchers at Ford, it works for all 2002 and newer MY vehicles (standard OBD-II interface). Researchers at Ford Motor Company joined up to create a standard way of creating aftermarket software and hardware for vehicles.
  - Red Pitaya - Replaces expensive measurement tools such as oscilloscopes, signal generators, and spectrum analyzers. Red Pitaya has LabView and Matlab interfaces, and you can write your own tools and applications for it. It even supports extensions for things like Arduino shields.
  - USBtin - USBtin is a simple USB to CAN interface. It can monitor CAN busses and transmit CAN messages. USBtin implements the USB CDC class and creates a virtual comport on the host computer.
  - Freematics OBD-II Telematics Kit - Arduino-based OBD-II Bluetooth adapter kit has both an OBD-II device and a data logger, and it comes with GPS, an accelerometer and gyro, and temperature sensors.
  - GoodThopter12 - Crafted by a well-known hardware hacker, this board is a general board that can be used for exploration of automotive networks.
- Podcasts
  - SANS Internet Storm Center - the ISC run a regular podcast going into the latest vulnerabilities and security news.
  - Security Ledger - A podcast focusing on interviewing security experts about topics related to security.
  - Security Weekly - Excellent podcast covering all ranges of security, with some episodes focusing portions on vehicle security from cars to drones.
  - TrustedSec Podcast - From the people at TrustedSec, leaders in Social Engineering, their episodes often go into recent vehicle vulnerabilities and exploits.
Presentations
- "Hopping on the CAN Bus" from BlackHat Asia 2015 - A talk from BlackHat Asia 2015 that aims to enable the audience to "gain an understanding of automotive systems, but will also have the tools to attack them".
- "Drive It Like You Hacked It" from DEFCON 23 - A talk and slides from Samy Kamkar's DEFCON 23/2015 talk that includes hacking garages, exploiting automotive mobile apps, and breaking rolling codes to unlock any vehicle with low cost tools.
- Samy Kamkar on Hacking Vehicles with OnStar - Samy Kamkar, the prolific hacker behind the Samy worm on MySpace, explores hacking into vehicles with OnStar systems.
- Remote Exploitation of an Unaltered Passenger Vehicle - DEFCON 23 talk Chris Valasek and Charlie Miller give their now famous talk on hacking into a Jeep remotely and stopping it dead in its tracks.
- Adventures in Automotive Networks and Control Units - DEFCON 21 talk by Chris Valasek and Charlie Miller on automotive networks.
- Can You Trust Autonomous Vehicles? - DEFCON 24 talk by Jianhao Liu, Chen Yan, Wenyuan Xu
- Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT - talk from BSides Manchester 2016 by Ken and Dave of [Pen Test Partners](#who-to-follow)
- A Platform base on Visualization for Protecting CAN Bus Security - Syscan360 2016 SH talk by Jianhao Liu
- Gateway Internals of Tesla Motors - Zeronights 2016 talk by Nie Seng and Liu Ling
- Car Hacking 101 - Bugcrowd LevelUp 2017 by Alan Mond
- State of Automotive Cyber Safety, 2015 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2015.
- State of Automotive Cyber Safety, 2016 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2016.
- How to Hack a Tesla Model S - DEF CON 23 talk by Marc Rogers and Kevin Mahaffey on hacking a Tesla. Tesla Co-Founder and CTO, JB Straubel, joins them to thank them and present a challenge coin.
- Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers - Black Hat talk by Jonathan Petit. Automated and connected vehicles are the next evolution in transportation and will improve safety, traffic efficiency and driving experience. This talk will be divided in two parts: 1) security of autonomous automated vehicles and 2) privacy of connected vehicles. 2015
- A Survey of Remote Automotive Attack Surfaces - Black Hat talk By Charlie Miller and Chris Valasek. Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. Discussion of vehicle attack surfaces. 2014.
- Pentesting vehicles with YACHT (Yet Another Car Hacking Tool) - A presentation that discuesses different attack surfaces of a vehicle, then continues to describe an approach to car hacking along with tools needed to analyse and gather useful information.
Who to Follow
- Website
- Twitter
- haveibeenpwned
- Website
- Twitter
- Twitter
- Twitter
- Twitter
- Twitter
- Twitter
- Website
- Twitter
- Twitter
- Twitter
- Twitter
- Twitter
Articles
- Stopping a Jeep Cherokee on the Highway Remotely - Chris Valasek's and Charlie Miller's pivotal research on hacking into Jeep's presented at DEFCON in 2015.
- Troy Hunt on Controlling Nissans - Troy Hunt goes into controlling Nissan vehicles.
- Car Hacking on the cheap - Craig Smith wrote a brief article on working with Metasploit’s HWBrige using ELM327 Bluetooth dongle
- Researchers tackle autonomous vehicle security - Texas A&M researchers develop intelligence system prototype.
- How big data will impact car security in the proximate future: Concerns and solutions - Impact of big data on car security.
- IOActive's Tools and Data - Chris Valasek and Charlie Miller release some of their tools and data for hacking into vehicles in an effort to get more people into vehicle security research.
- Tesla hackers explain how they did it at Defcon - Overview of DEFCON 23 presentation on hacking into Tesla cars.
Books
- 2014 Car Hacker's Handbook - Free guide to hacking vehicles from 2014. You can also buy the book on Amazon [here](https://www.amazon.com/Car-Hackers-Manual-Craig-Smith/dp/0990490106?ie=UTF8&keywords=2014%20car%20hacker%27s%20manual&qid=1405445024&ref_=sr_1_1&sr=8-1).
- 2016 Car Hacker's Handbook - Latest version of the Car Hacker's handbook with updated information to hack your own vehicle and learning vehicle security. For a physical copy as well unlimited PDF, MOBI, and EPUB copies of the book, buy it at [No Starch Press](https://www.nostarch.com/carhacking). Sections are available online [here](https://books.google.com/books?id=Ao_QCwAAQBAJ&lpg=PP1&dq=car%20hacking&pg=PP1#v=onepage&q&f=false).
- Controller Area Network Prototyping with Arduino - This book guides you through prototyping CAN applications on Arduinos, which can help when working with CAN on your own car.
- Embedded Networking with CAN and CANopen - From 2003, this book fills in gaps in CAN literature and will educate you further on CAN networks and working with embedded systems.
- A Comprehensible Guide to Controller Area Network - An older book from 2005, but still a comprehensive guide on CAN buses and networking in vehicles.
Libraries and Tools
- JavaScript
  - UberATC - Uber Advanced Technologies Center - <info@uberatc.com>.
  - Tesla - Tesla hires security professionals for a variety of roles, particularly securing their vehicles.
  - Rapid7 - Rapid7 does work in information, computer, and embedded security.
  - NodeJS extension to SocketCAN - Allows you to communicate over CAN networks with simple JavaScript functions.
- C
  - SocketCAN Utils - Userspace utilites for SocketCAN on Linux.
- Episodes
  - Custom Applications SDK for Mazda Connect Infotainment System - A micro framework that allows you to write and deploy custom applications for the Mazda Infotainment System.
- Python
  - Python-OBD - A Python module for handling realtime sensor data from OBD-II vehicle ports. Works with ELM327 OBD-II adapters, and is fit for the Raspberry Pi.
- Go
  - CAN Simulator - A Go based CAN simulator for the Raspberry Pi to be used with PiCAN2 or the open source [CAN Simulator board](https://github.com/carloop/simulator)
Research Papers
Websites
- Carloop Community - Community of people interested in car hacking and connecting vehicles to the cloud.
- canbushack: Hack Your Car - course on Vehicle Hacking methodology.
- Carloop Community - Community of people interested in car hacking and connecting vehicles to the cloud.
- Python Security - A website for browsing and buying python-integrated cars having certain vehicular security features.
Conferences
- U.S. Automotve Cyber Security Summit - cyber-security.iqpc.de/) - Conference series dedicated to automotive cyber security involving many OEMs, Tier 1s, academics, consultants, etc.
- escar conference - Embedded security in cars. European event has run for over 10 years, and they now have US and Asia events.
- IT Security for Vehicles - Conference run by the Association of German Engineers (VDI), with participation from US and European OEMs, Tier 1s, and others.
- U.S. Automotve Cyber Security Summit - cyber-security.iqpc.de/) - Conference series dedicated to automotive cyber security involving many OEMs, Tier 1s, academics, consultants, etc.
Blogs
- Keen Security Lab Blog - Blog created by Keen Security Lab of Tencent that posts research on car security.
Courses
- Udacity's Self Driving Car Engineer Course - The content for Udacity's self driving car software engineer course. The actual course on Udacity's website is [here](https://www.udacity.com/course/self-driving-car-engineer-nanodegree--nd013).

Programming Languages

C++ 4 Python 2 Go 1 C 1 Jupyter Notebook 1 Rust 1 Shell 1 JavaScript 1 PHP 1

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

AVS-awesome-vehicle-security-

Coordinated disclosure

JavaScript

Applications

Episodes

Podcasts and Episodes

Episodes

Podcasts

Presentations

Who to Follow

Articles

Books

Libraries and Tools

JavaScript

C

Episodes

Python

Go

Research Papers

Websites

Conferences

Blogs

Courses