Local Privilege Escalation on the DJI RM500 Smart Controller

Obtaining root privileges using ADB on the DJI RM500 Smart Controller by exploiting a shell injection vulnerability in the "djilink" system service. Read more...

Willem Melching
Aug 6, 2023

Bypassing the Renesas RH850/P1M-E read protection using fault injection

Using fault injection to bypass the disabled programmer setting on a Renesas RH850/P1M-E automotive microcontroller and access flash memory contents. Read more...

Willem Melching
Nov 8, 2022

Hacking a VW Golf Power Steering ECU - Part 4

Part 4 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll dicuss the bootloader and flashing process. Read more...

Willem Melching
Jan 4, 2022

Hacking a VW Golf Power Steering ECU - Part 3

Part 3 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll reverse engineer the application firmware, and identify the patches I want to make. Read more...

Willem Melching
Jan 3, 2022

Hacking a VW Golf Power Steering ECU - Part 2

Part 2 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll extract a firmware upgrade file and load it in Ghidra. Read more...

Willem Melching
Jan 2, 2022

Hacking a VW Golf Power Steering ECU - Part 1

Part 1 in the series of modifying the firmware running on a VW Golf Power Steering. In this post I'll get a module running on a desk and establish diagnostics communications. This series will also serve as a general introduction to car hacking. Read more...

Willem Melching
Jan 1, 2022

Adventures with Flexray: performing a man-in-the-middle attack

The goal of this project was to inject steering commands onto the FlexRay bus of an Audi. Using an FPGA a man-in-the-middle attack was performed, and the steering wheel was controled with a joystick. Read more...

Willem Melching
Apr 12, 2020