31 Jan, 2022

How Should New Generation Automobile Safety Tests Be Performed? [3]

Metasploit for Infiltrating Step

Metasploit has developed modules and the ability to connect to cars. It is to connect to the car ‘s CAN protocol via a serial interface. From there, we can send malicious traffic onto the vehicle’s network with a few of the modules already built in Metasploit.

It will be necessary to own a device to connect to the car‘s ODC II Connector. There are several on the market, but a relatively inexpensive Bluetooth ODB II mini- interface will do. You will need to have a computer with built-in Bluetooth, or purchase a Bluetooth USB adapter, which effectively communicates with the vehicle’s CAN network and connects via Bluetooth to your system via Metasploit.

otomobil güvenlik test,

Install Serial Port

Now that we have placed our hardware, we need to install the necessary software. Remember, the CAN protocol is a serial protocol, so we will need to set up a Ruby gem “serial port” to “talk” to serial.

kali> gem install serialport

Connect to Bluetooth on ELM 327

Then we need to connect our Bluetooth adapter to make it talk to the ELM 327 adapter of the car we are testing. It is worth noting here that you need to insert the ELM 327 into the ODB II connector in the car and open the utilities in the car.

We need the MAC address to connect to the ELM 327 device. We can use the hcitool utility to scan for bluetooth devices and provide us with the MAC address.

kali> hcitool scan

otomobil güvenlik testi

Now we need to connect it to the ELM 327 using the MAC address of our Bluetooth adapter. Make sure to use the MAC address in double quotes like below.

kali> rfcomm connect /dev/rfcomm1 "00:19:6D:36:4A:9D"

otomobil güvenlik testi

ELM 327 Replay Program

The next step is to run the ELM 327 replay, which allows Metasploit to communicate with the ELM 327 chipset. You can find it by going to / usr / share / metasploit-framework / tools /hardware.

otomobil güvenlik testi

Let’s take a look at the help screen before running it.

otomobil güvenlik testi

As you can see, it basically only requires two parameters; 

Speed (default 115200) and serial device (default /dev/ttyUSB0). To determine which serial device to use, check the Linux program dmesg (screen message) and grep for ” tty “. In my case it is ttyS0. It may vary for you.

Now run elm327 replay with serial device and leave the speed at default value as seen below.

kali> ruby elm327_relay.rb -s /dev/ttyS0

Launch Metasploit

Now that we have configured our Kali Linux to talk to the ELM 327 device, we need to create a hardware bridge to Metasploit . Metasploit is designed to communicate with TCP/IP. Now we need it to communicate with the car specific CAN protocol over the serial port.

First start Metasploit.

kali> msfconsole

Next, search for automotive modules.

kali>  search automotive

otomobil güvenlik testi

For our case / auxiliary / client / hwbridge / connect We need to use the module.

otomobil güvenlik testi

run this module to create our hardware bridge.

otomobil güvenlik testi

Use Infiltration Modules with MSF

Now that we have created our hardware bridge between Metasploit and the CAN protocol in the vehicle, we can now start using Metasploit ‘s car hacking modules.

For example, if we want to get the information of the vehicle;

otomobil güvenlik testi

When we enter information for this module, we can see that this module interrogates and collects all vehicle DTCs ( Diagnostic Trouble Codes) and other information such as speed, coolant temperature, VIN and even clears DTCs.

Our Linux system and Metasploit directly to the car’s network to communicate directly with the car’s devices.



Disclaimer

Dear visitor,

This blog post is for information purposes and has been prepared with the aim of raising awareness against attacks and taking measures in this direction. We remind you that it is not legal to use the information in this article for any other purpose. We declare that CyberArts company cannot be held responsible for direct or indirect damages and losses that may arise from what is explained.

To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.

 

About Content:
Share on Social Media:
Facebook
Twitter
LinkedIn
Telegram