Beneath

the Bonnet: a Breakdown of

Automotive Diagnostic Security
Flavio D. Garcia
work with Jan Van den Herrewegen
University of Birmingham

Mostly based on our ESORICS’18 paper


 Previous work on automotive security
Attacks on immobiliser chips (used 2000-16):
•  TI’s DST (40-bit key)
“Security Analysis of a Cryptographically-Enabled RFID Device”
Bono et al. [Usenix Security’05]

•  NXP’s Hitag2 (48-bit key)

[Usenix Security’12]

•  EM’s Megamos Crypto (VAG) (96-bit key)

[Usenix Security’13]
[Usenix Security’15]

•  Atmel’s Aut64 (smaller market share) (120-bit key)

[CHES’18]


 Previous work on automotive security
Attacks on Remote Keyless Entry systems (used 2000-16):

•  Relay attacks on passive keyless entry systems

Francillon et al. [NDSS’11]

•  VW Group Cars (Aut64/XTEA) [Usenix Security’16]

•  NXP’s Hitag2 (48-bit key)

[Usenix Security’16]


All of that in less than 90 seconds
 Change is in the Air

•  Many cars are now (2017-2018) are using AES

enabled transponders:
–  Hitag Pro
–  Hitag AES
–  Megamos AES

…but still being stolen…

 Automotive Diagnostics
Overview
1.  Introduction & Motivation
2.  Diagnostic protocols
3.  Security analysis of diagnostic protocols
4.  Executing arbitrary code on an ECU via CAN
5.  Implications & mitigation
Typical automotive
network
Telematics
Instrument
Unit
Cluster
Gateway
ECU

Controller Area Network (CAN) bus

OBDII
port
Body Control
Module

Engine
Control
Unit
“BMW Group considers the security level “The objective of manipulating the
for our customers and products ensured” steering and brake was not achieved”
 Attacker model
Telematics
Instrument
Unit
Cluster
Gateway
ECU

CAN bus

OBDII
port
Body Control
Module

Engine
Control
Unit
 Attacker model
Telematics
Instrument
Unit
Cluster
Gateway
ECU

Unencrypted
Unauthenticated
OBDII
port
Body Control
Module

Engine
Control
Unit
 Overview
1.  Motivation & attacker model
2.  Introduction to diagnostic protocols
3.  Security analysis of diagnostic protocols
4.  Executing arbitrary code on an ECU via CAN
5.  Implications & mitigation

 What are automotive diagnostics?
For diagnosing
Electronic Control
Units (ECUs)
Used by service
technicians
-  Request fault
codes
-  (Re)calibrate ECU
-  Reprogram ECU
 Diagnostic Protocol Standards

Keyword Protocol 2000 Unified Diagnostic Services

(KWP) (UDS)


ISO 14230 ISO 14229-1 Application


ISO 15765 (ISO-TP)
ISO 15765 (ISO-TP) Transport
TP 2.0 (VW)


CAN CAN Data-link & Physical
K-line
 Diagnostic Protocol Standards

●  Very advanced
Universal Measurement and Calibration Protocol (XCP) diagnostics


●  Debugging
ASAM MCD-1 XCP interface to the


ECU


●  Reprogramming
CAN, Ethernet, USB, Flexray,...
functionality
Diagnostic Protocol Standards

Download through
Unified Diagnostic Services UDS
(UDS)


ISO 14229-1

XCP
ISO 15765 (ISO-TP)


CAN Flash
CAN ...
driver driver

 Unified Diagnostic Services
Requests defined by keyword and
optional arguments

CAN ID CAN ID
0x726 0x72E
 Unified Diagnostic Services
Requests defined by keyword
and optional arguments

Diagnostic Session Control
-  Programming
-  Extended Diagnostic
10 02



0
50 02 00 01 5

CAN ID CAN ID
0x726 0x72E
 Unified Diagnostic Services
Requests defined by keyword
and optional arguments

ECU Reset
-  Soft reset of ECU

11 01

51 01

REBOOT

CAN ID CAN ID
0x726 0x72E
 Unified Diagnostic Services
Requests defined by keyword
and optional arguments

Security Access
-  Challenge-Response

27 01
challenge/response size and
cipher left up to manufacturer

E
67 01 2B 46 6

27 02 5F C1 0
5

67 02

CAN ID CAN ID
0x726 0x72E
 Unified Diagnostic Services
Requests defined by
keyword and optional
arguments
34 00 22 10 0
0 01 00
Download Services:
74 20 04 02

36 01
RequestDownload
-  Optional encryption
DATA
-  Address and size
TransferData 76 01
TransferExit
37 01
-  Provides checksum
77 F3 2A

 Unified Diagnostic Services
Requests defined by
keyword and optional
arguments

RoutineControl: execute 31 01 03 01 1
0 10
manufacturer-defined
routines 71 01
-  Identified by Routine
Execute
ID and optional Routine 0301
arguments



CAN ID CAN ID
0x726 0x72E
 Overview
1.  Motivation & attacker model
2.  Introduction to diagnostic protocols
3.  Security analysis of diagnostic protocols
4.  Executing arbitrary code on an ECU via CAN
5.  Implications & mitigation
 Extracting and analysing ECU firmware
1.  Collect car parts
 Extracting and analysing ECU firmware

1.  Collect car parts

2.  Identify test points (JTAG, BDM) & dump firmware
 Extracting and analysing ECU firmware
1.  Collect car parts
2.  Identify test points (JTAG, BDM, …)
3.  Dump Firmware
4.  Analyse in IDA
Security analysis of Diagnostic Protocols
 Ford challenge-response cipher

in: 24-bit Challenge C, 40-bit Secret S

out: 24-bit Response R
I0..24 = C0..24

I24..64= S0..40

Response R = nibbles of internal state permuted

 Ford challenge-response cipher

First described by Valasek and Miller

Weaknesses:
-  same initial state across all examined ECUs (e.g.
0xC541A9)
-  same bits are tapped across all examined ECUs
-  secrets not diversified
-  only 24 bit of entropy (2^16 equivalent keys)
Ford challenge-response cipher

Brute force:
 Fiat challenge-response cipher

Two 16-bit LFSRs with Input I0 and I1 both run for 24 rounds

In: 32-bit Challenge C, 32-bit Secret S, 16 bit tapping sequence, 16-bit
start state
Out: 32-bit Response R
I0 = C0..8 ⊕ S8..16 | C16..24 >>> 5 | S0..8

I1 = C24..32 ⊕ S24..32 | Permute(C8..16) | S16..24

R = bytes of both internal LFSR states permuted
 Fiat challenge-response cipher

WEAKNESSES:
-  two 16-bit LFSRs instead of one 32-bit LFSR
-  key diversification

ECU S[0] S[1] S[2] S[3] taps start state

Fiat BSI
0x12 0xDC 0x34 0x7A 0x8408 0xFFFF
2012+

Fiat BSI
0x21 0xDC 0x43 0x7A 0x3423 0xFFFF
2012-
 Fiat challenge-response cipher

WEAKNESSES:
-  two 16-bit LFSRs instead of one 32-bit LFSR
-  key diversification

ECU S[0] S[1] S[2] S[3] taps start state

Fiat BSI
0x12 0xDC 0x34 0x7A 0x8408 0xFFFF
2012+

Fiat BSI
0x21 0xDC 0x43 0x7A 0x3423 0xFFFF
2012-
 Audi challenge-response cipher
ECU translates a sequence of bytes (~Secret) into
operations on ‘internal state’: XOR with given value
(0x87), rotate left (0x81) /right (0x82), add (0x93)/
substract (0x84) given value / loops (0x68) and if-
statements (0x4A)
internal state initialised with Challenge C (32 bits)
Example:
814a0a84000000018704c11db7814a078704c11db76b059300000001814a0a840000000187
04c11db7814a078704c11db76b059300000001814a078704c11db76b059300000001814a07
8704c11db76b059300000001814a0a84000000018704c11db7814a0a84000000018704c11d
b7814a078704c11db76b059300000001814a078704c11db76b059300000001814a078704c1
1db76b0593000000014c
 Audi challenge-response cipher
Internal state initialised with Challenge C (32 bits)
ECU interprets a sequence of bytes (~Secret) into
operations on ‘internal state’: XOR with given
value, rotate left/right, add/subtract given value
814a0a84000000018704c11db7814a078704c11db76b05
9300000001814a0a84000000018704c11db7814a078704
c11db76b059300000001814a078704c11db76b05930000
0001814a078704c11db76b059300000001814a0a840000
00018704c11db7814a0a84000000018704c11db7814a07
8704c11db76b059300000001814a078704c11db76b0593
00000001814a078704c11db76b0593000000014c
 Audi challenge-response cipher
Internal state S initialised with Challenge C (32
bits)
ECU interprets a sequence of bytes (~Secret) into
operations on ‘internal state’: XOR with given
value, rotate left/right, add/subtract given value
814a0a84000000018704c11db7814a078704c11d
b76b059300000001
S = S <<< 1
 Audi challenge-response cipher
Internal state S initialised with Challenge C (32
bits)
ECU interprets a sequence of bytes (~Secret) into
operations on ‘internal state’: XOR with given
value, rotate left/right, add/subtract given value
814a0a84000000018704c11db7814a078704c11d
b76b059300000001
if(! shifted_bit): skip 0x0a * 2 bytes
 Audi challenge-response cipher
Internal state S initialised with Challenge C (32
bits)
ECU interprets a sequence of bytes (~Secret) into
operations on ‘internal state’: XOR with given
value, rotate left/right, add/subtract given value
814a0a84000000018704c11db7814a078704c11d
b76b059300000001
S = S - 1
 Audi challenge-response cipher
internal state S initialised with Challenge C (32
bits)
ECU interprets a sequence of bytes (~Secret) into
operations on ‘internal state’: XOR with given
value, rotate left/right, add/subtract given value
814a0a84000000018704c11db7814a078704c11d
b76b059300000001
S = S XOR 0x04c11db7
 Audi challenge-response cipher
internal state S initialised with Challenge C (32
bits)
ECU interprets a sequence of bytes (~Secret) into
operations on ‘internal state’: XOR with given
value, rotate left/right, add/subtract given value
814a0a84000000018704c11db7814a078704c11d
b76b059300000001
…
Cipher structure dependent on Secret!
Audi challenge-response cipher
 Audi challenge-response cipher

hardcoded backdoor:

0xCAFFE012
 Challenge-Response security
●  Small challenge, response and internal state: 24
or 32-bit lead to insecure ciphers
-> One valid challenge-response pair allows
an attacker to recover secret
Can be obtained by:
-  Observing existing diagnostic tools
-  Search over CAN

●  Secrets reused in different ECUs

 Attack over CAN
Goal: recover diagnostic secret for certain ECU






 Attack over CAN
Goal: recover diagnostic secret for certain ECU

Try secret


Invalid Response
 Attack over CAN
Goal: recover diagnostic secret for certain ECU

After certain
number of
invalid attempts

Exceeded number of attempts: Delay timer active

 Attack over CAN
Goal: recover diagnostic secret for certain ECU

After an

ECUReset

Delay timer not expired

 Attack over CAN
Goal: recover diagnostic secret for certain ECU
Circumvent delay mechanism:
●  Request new Programming Mode
●  ECUReset (~1s)

Ford: 24-bit search space ~ 15 hours

Fiat: 16-bit search space ~ 1 hour
Audi: ... ~ 0.001 s J
Only has to be done once for each ECU type !

 Overview
1.  Motivation & attacker model
2.  Introduction to diagnostic protocols
3.  Security analysis of diagnostic protocols
4.  Executing arbitrary code on an ECU via CAN
5.  Implications & mitigation

 Executing Arbitrary code on an ECU
Download of machine code to

the ECU through UDS functions


ECU can activate Watchdog
Reset Timer before execution

No access restrictions in place!

Gives attacker full access to:
- CAN
- Flash (External/Internal)
- EEPROM
- Any other peripherals

 Overview
1.  Motivation & attacker model
2.  Introduction to diagnostic protocols
3.  Security analysis of diagnostic protocols
4.  Executing arbitrary code on an ECU via CAN
5.  Implications & mitigation

 Practical Implications

●  Firmware extraction over CAN (can contain

secret keys from immobiliser, Remote Keyless
Entry, …)
●  Adding car keys to the whitelists
●  Reprogramming of an ECU / perfect crime
●  Automotive worm
●  You only need to `pop’ a parking sensor/
camera from the outside of the vehicle
 Mitigation: challenge-response

Challenge
Request

SKdiag
t C h a l l en ge C
128-bi

C SIGN R Signature PKdiag

R

ca ted R VERIFY
Authenti
 Mitigation: code execution

Compiled code
PKmanuf

SKmanuf SIGN VERIFY

CAN bus

Diagnostic
client ECU
 Mitigation: code execution

Compiled code
PKmanuf

SKmanuf SIGN VERIFY

CAN bus

One authentication key per

CAN ID (LeiA [Esorics ‘16])
Diagnostic
client ECU
 Conclusions
●  Weak cryptographic primitives make diagnostic
security easily circumvented
●  Once authenticated, an attacker has full access
to the ECU and its peripherals
●  Notified the affected car manufacturers in April
2018
○  5 months ahead of publication
○  Following standard responsible disclosure practise