[HH] $60 ODB2 to USB interface and EFF's right to repair your car petition

Tom Metro tmetro+hhacking at gmail.com
Sat Apr 11 13:33:35 EDT 2015 

I heard this mentioned a few weeks back on "Know How" (twit.tv/kh, a
much improved online show for makers; worth sampling if you haven't seen
it or haven't looked at it in the last 6 months).

A $60 Gadget That Makes Car Hacking Far Easier
http://www.wired.com/2015/03/60-gadget-thatll-make-car-hacking-easier-ever/

  Tomorrow at the Black Hat Asia security conference in Singapore,
  24-year-old Eric Evenchick plans to present a new device he calls the
  CANtact. The open source board, which he hopes to sell for between $60
  and $100, connects on one end to a computer's USB port, and on the
  other to a car or truck's OBD2 port, a network port under its
  dashboard. That makes the CANtact a cheap interface between any PC and
  a vehicle's controller area network or CAN bus...

My first thought was, "yeah, so? How is this better than the
ODB2-to-Bluetooth interfaces you can get on Amazon for $20?"

It seems that some of the answer is less about hardware and more about
software.

  ...the CANtact is designed to send commands in Unified Diagnostics
  Services, the CAN protocol that auto mechanics use to communicate with
  electronic control units (or ECUs) throughout a vehicle.
  ...Evenchick has written open source software for CANtact that
  automates much of the manual work of CAN bus hacking. ... That allows
  anyone to write python scripts that can automatically trigger commands
  in a car's digital network that range from turning off its "check
  engine" light to automatically pumping its brakes.
  ...by publishing its software on Github, he hopes the code will become
  a collection of different hackers' techniques that target individual
  vehicle makes and models.

It's still an open question why you can't use one of those cheap
Bluetooth interfaces. They are claiming their USB interface replaces
rather expensive gear:

  "I realized that there were no good tools for me to play around with
  this stuff outside of what the auto industry uses, and those are
  incredibly expensive," Evenchick says, referring to products sold by
  companies like Vector that can cost tens of thousands of dollars.

Although they partially contradict that later when they say they
reurposed a $150 device made for some other purpose to substitute for an
auto industry device costing $1200. All of those are cheaper than "tens
of thousands of dollars," but that price probably includes software tooling.

Anyway, seems like good news for those who want to hack the electronics
on their cars. Even if the hardware side of his project isn't entirely
needed (if a $150 device can be used, dropping the price to $100 won't
necessarily expand the market much) the software and community formed
around it might spur on a flood of reverse engineered data being shared.

That is until the auto industry starts to view it as a threat and locks
down the CAN bus so only authorized devices can connect. (Although
chances are good that they'll do it in a dumb way, like DVD encryption,
so everyone will have a usable, though illegal (thank DMCA), key once
someone extracts one from a commercial tool.)

But then I guess that's where the EFF's "right to repair your car
petition" comes into play:
https://www.eff.org/deeplinks/2015/04/automakers-say-you-dont-really-own-your-car

I like the concept, and I can see the logic of going after the auto
industry as low hanging fruit. (This is an easier to grasp concept to
sell to the public and politicians.) But it still feels inconsistent to
demand this kind of oneness for automotive electronics and not require
the same of other industries.

 -Tom

More information about the Hardwarehacking mailing list