Home Exploits Tools CBM – Car Backdoor Maker (Hacking a Car)

CBM – Car Backdoor Maker (Hacking a Car)

August 2, 2019 Leave a Comment
CBM - Car Backdoor Maker (hacking a car)

Technology is grow very fast, smart car is not just a dream. But, you know what, along with the advancement of technology security on that is can be exploit, even a car.

This time i will share with you a hardware-backdoor for CAN bus – by Sheila A. Berta & Claudio Caracciolo the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a configuration interface that allows users to create attack payloads in an easy manner. Have you ever imagined the possibility of your car being automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? Now it’s possible :-)The project is divided in two parts: the “Car Backdoor Maker” (PC software) and “The Bicho” (hardware-backdoor for CAN bus).

Car Backdoor Maker

The Car Backdoor Maker is a software for making attack templates and load them into The Bicho.
Before starting, please read how to Get The Bicho hardware.

CBM - Car Backdoor Maker (hacking a car)

Under “car backdoor maker” folder, you’ll find the source code to compile it using Qt C++ 5.6.

The Bicho

The Bicho is a hardware backdoor for CAN bus.
By backdooring a car with The Bicho you will able to remotely control that car from any geographical point by injecting CAN frames through SMS commands.

The Bicho is a hardware-backdoor that must be connected to the car’s OBD-II port. It supports multiple attack payloads (pre-configured using Car Backdoor Maker) and it can be used against any vehicle that supports CAN, without limitations regarding manufacturer or model. Each one of the payloads is associated to a command that can be delivered via SMS, allowing remote execution from any geographical point. Furthermore, as an advanced feature, the attack payload can be configured to be automatically executed once the victim’s vehicle is proximate to a given GPS location. The execution can also be triggered by detecting the transmission of a particular CAN frame, which can be associated with the speed of the vehicle, its fuel level, and some other factors, providing the means to design highly sophisticated attacks and execute them remotely.

The-Bicho - hacking car (car backdoor maker)
The-Bicho - Hardware For Hacking (hacking a car) xploitlab

Install and Usage

This project has its wiki where you will find the following useful documentation:

Disclaimer

We are not responsible for bad uses.

Authors

Download CBM

You May Also Like

OpenRedireX - Open Redirect Scanner and Fuzzer Tool

OpenRedireX – Open Redirect Scanner and Fuzzer Tool

Mantra - Tool to Find API key and Sensitive Information Leaks in JS Files and Pages

Mantra – Tool to Find API key Leaks in JS Files & Pages

Bypass 403 - Simple Script Tool For Bypassing 403 Forbidden Response

Bypass 403 – Simple Script For Bypassing 403 Forbidden Response

Burpgpt - Connect OpenAI gpt with burp suite to detect security vulnerabilities that traditional scanners might miss

Burpgpt –  Integrate OpenAI GPT with Burp Suite to Discover Highly Bespoke Vulnerabilities

WaybackSQLiScanner automatically gather urls from wayback machine then test each GET parameter for sql injection

waybackSqliScanner – Tool to Gather URLs from Wayback Machine Then Test For SQL Injection

Commix - Tool to automates the process of command injection detection and exploitation

Commix – Automated OS Command Injection Exploitation Tool

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − four =