undefined | Better HN

0 pointstitomc10y ago0 comments

I didn't want to give specifics of the hardware. Now that you know , yes its Harman with QNX on Chryslers. Now you need to figure out the remote execution codes to put on the CANBus frames :) . There is a catch though , without the original car keys , you can't move the car or can you ?

In another news , access to the terminal is now based on an "authentication key" , root access is not enough. For development purposes , Harman provides these keys and they expire after a certain period of time. I am not sure those "fixed" telematic models are out there on the market currently.

0 comments

kw7110y ago

I attacked a Harman QNX device done for a different carmaker. When I got access to the serial console I was able to look deeper. I found a script to take down the firewall, and that a series of canbus messages will run the script to enable this debug or development mode (very easy with one of the carmaker's leaked engineering tools), so now we know how to break into the device without taking the car apart to gain access to the connector.

The box is really cool, it would be neat to develop our own applets, but mostly people are only interested in changing the splash screen. We found some really neat things about it too, for instance if a second device appears on the ethernet it can be a 'slave' to the first one and access its media.

We have seen demonstrations of the keyless cars from this automaker being started and driven without the actual rfid-key device. Someone apparently used some hardware to bruteforce the private key of the security controller so that the authorised rfid-key information can be read and modified. This is apparently becoming a problem in Europe where a car thief can simply drive east for a while and be out of reach of the law.

j / k navigate · click thread line to collapse

0 pointstitomc10y ago0 comments

0 comments

kw7110y ago

j / k navigate · click thread line to collapse