 car hacking village. Just talk to me what's happening. Sure so I got involved with car hacking about three or four years ago here at Def Con. It's not my primary job. I have learned all of it kind of self-taught and like through awesome people through the village. I have a $300 laptop, a dongle that I bought at ride aid at four o'clock in the morning so that was ended up being $45 in one cat five cable. So you're rolling with just three main pieces here that anyone could just buy. Installed Cali onto this computer and right now I actually pulled up Wireshark. I hadn't used Wireshark since 2007 when everything went to HTTPS. Going old school. Alright so what we're gonna do is I'm gonna teach you how to do basically a packet capture of the car. It's a giant web app so we're gonna get started you ready? Yeah let's go. So let's go ahead and take it and go to ETH0. Alright we got our lovely packets that we're used to seeing from like 2007. Now I'm gonna get in and I'm gonna put the car in party mode. That way I can get a bunch of traffic generated so that I have something to look at. And you have to guess what song is playing. Star Wars. Get in here you know music. Back to the future. Out. We're in the middle of an interview. Hey out. Oh shame on you. Shame if you look around right now all the lights are going off. The trunks are the trunks opening so it's sent all this is being captured traffic. So now I can go back to that PCAP file and actually start looking at what's controlling all the functions of the car. Okay so it's it's a really neat and basic way to start learning how how a Tesla works as far as it being a web application and it's all over HTTP. Insane. Does that leave like a major vulnerability? So supposedly that only happens in the party mode. Okay. That it shouldn't happen to like the actual driving controls the throttle controls but we're kind of hoping to see if somebody can figure that out over the weekend. Just this week somebody released how to actually jailbreak a Tesla and get all the features. Wow. I mean if we're talking bad like how bad could that get could that be something like the accelerator or accelerator like that's and again that's like why party mode is kind of fun is we can capture all that traffic quickly. It doesn't do anything with the brakes but at least let's us start understanding how to communicate. So it's so fun about like having the community here is like hey let's play with this yeah there's way smarter people and it's like but it's fun to just all get down like start thinking through everybody looking at it in a different light which makes it so much fun of like I didn't think of that. Last year when we figured out it was party mode it was like me half drunk going put it in party mode that'll give it a lot of traffic and everybody's like oh you told us one of the flags I'm like I didn't fucking know. Yeah some of the best in realizations happen when people are half drunk. Yeah. I mean really. We met that way. Yeah exactly. Exactly. So there we go. Now should we take a look at this next part with Ross here and see this other half of what you've been working on today. So hey guys what we'll be doing right here is messing with the RDS the radio data system. So most FM stations to this day that we still use this so it's essentially whenever you tune into any frequency your car can tell you what radio station you're tuned into and any sort of radio text. So over here we have GNU radio which is an open source and free tool and we are running this through a HackRF which is an SDR. They used to be really expensive and now you can get them for under $200 but then as of GNU radio you can simulate this entire environment and learn how to use this on your computer. All you need is maybe Windows I mean an Ubuntu machine and with GNU radio and you'll be able to do this. So what we're doing right here is we're broadcasting text through this through the HackRF at 88.7 megahertz and if we go over to the car and tune into that frequency you're going to be able to see the text. If you start fuzzing it it can cause certain infotainment systems to crash and like with a Tesla it's essentially a computer on wheels so what would happen if that crashes? Does that crash the entire car? Does it just stop or what happens? Some other Japanese OEMs of simple percent symbol can crash the entire infotainment system so we can while running while the car's running while running let's let's hop in. The radio text over here is car hacking village 2023 so what you can then do is you can start fuzzing this and RDS has certain features where you can set it to be an alarm an emergency so all cars around are automatically programmed tuned into that frequency and you can mess with a lot of people if you wanted to. Anything from I think 76 to about 90ish megahertz is the same as FM radio. Could you also other than text being notifications could you put say like a video file that would pop up on the screen or something like a GIF or anything like that could that be transmitted or most certainly not with RDS but there is DAB digital audio broadcast so you can put images on there and what you can also do with images is that you can cause buffer overflows and other attacks that can again crash it or the NCC group did some research with DAB where they were able to inject can frames into the car essentially controlling the car with an amplifier you can maybe do an entire city or even more. You could do so you do them all multiple at the same time. Okay that's that's amazing that's giving me a lot of ideas here but you know and hopefully you know the rest of the crowd out here you know you know be safe about what you're doing and you know make smart decisions.