Writeup for the PowerPC challenge for the Vehicle Cybersecurity Competition 2025 organized by Block Harbor and VicOne.

By obtaining code execution in the bootloader of the Electronic Power Steering (EPS) it was possible to extract the SecOC keys that allows injecting CAN messages.

Obtaining root privileges using ADB on the DJI RM500 Smart Controller by exploiting a shell injection vulnerability in the "djilink" system service.

Using fault injection to bypass the disabled programmer setting on a Renesas RH850/P1M-E automotive microcontroller and access flash memory contents.

Part 4 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll dicuss the bootloader and flashing process.

Part 3 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll reverse engineer the application firmware, and identify the patches I want to make.

Part 2 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll extract a firmware upgrade file and load it in Ghidra.

Part 1 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll get a module running on a desk and establish diagnostics communications. This series will also serve as a general introduction to car hacking.

The goal of this project was to inject steering commands onto the FlexRay bus of an Audi. Using an FPGA a man-in-the-middle attack was performed, and the steering wheel was controled with a joystick.