By obtaining code execution in the bootloader of the Electronic Power Steering (EPS) it was possible to extract the SecOC keys that allows injecting CAN messages. Read more...

Obtaining root privileges using ADB on the DJI RM500 Smart Controller by exploiting a shell injection vulnerability in the "djilink" system service. Read more...

Using fault injection to bypass the disabled programmer setting on a Renesas RH850/P1M-E automotive microcontroller and access flash memory contents. Read more...

Part 4 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll dicuss the bootloader and flashing process. Read more...

Part 3 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll reverse engineer the application firmware, and identify the patches I want to make. Read more...

Part 2 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll extract a firmware upgrade file and load it in Ghidra. Read more...

Part 1 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll get a module running on a desk and establish diagnostics communications. This series will also serve as a general introduction to car hacking. Read more...

The goal of this project was to inject steering commands onto the FlexRay bus of an Audi. Using an FPGA a man-in-the-middle attack was performed, and the steering wheel was controled with a joystick. Read more...