by Jianhao Liu + Minrui Yan, SkyGo Vehicle Cyber Security Team, Qihoo 360
With the development of vehicle technology, vehicles become more electronic and intelligent on the basis of inner bus communication network, and draw more attention to the study of vehicle security. To facilitate this process, we developed a platform that evaluates the security of vehicle, which can be used for black-box tests by security researchers and automotive engineers. The software is capable of sniffing CAN bus packets, identifying ECUs, analyzing UDS, as well as launching fuzzing attacks, and brute-force attacks. By visualizing the changes from different packets, it can help us to identify the value range quickly. Users can also share their programmable examples within the platform. This talk will introduce the reverse engineering of CAN packets in details, and present the "CAN-Pick" tool by demonstrations of injecting CAN packets on a car. This tool can also be used as a man-in-the-middle, which can realize full control over the car without adding any actuators on the vehicle.