GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nowsecure → cybertruckchallenge19

nowsecure / cybertruckchallenge19

Licence: Apache-2.0 License
Android security workshop material taught during the CyberTruck Challenge 2019 (Detroit USA).

Programming Languages

java
68154 projects - #9 most used programming language
javascript
184084 projects - #8 most used programming language
CMake
9771 projects
C++
36643 projects - #6 most used programming language
shell
77523 projects

Labels

androidcarsecuritymobile

Projects that are alternatives of or similar to cybertruckchallenge19

NodeMCU-BlackBox
ESP8266 based CAN-Bus Diagnostic Tool
Stars: ✭ 28 (-65%)
Mutual labels:  car
OpenRemoteStart
An open source remote implementation for the Fortin EVO-One remote starter
Stars: ✭ 24 (-70%)
Mutual labels:  car
RejsaCAN-ESP32
ESP32 board with CAN interface, runs on 12V power (with auto shutdown)
Stars: ✭ 88 (+10%)
Mutual labels:  car
autodo
A flexible, intuitive ToDo list app for keeping track of your cars' maintenance needs.
Stars: ✭ 47 (-41.25%)
Mutual labels:  car
ecutools
IoT Automotive Tuning, Diagnostics & Analytics
Stars: ✭ 144 (+80%)
Mutual labels:  car
epp
上海车牌 辅助 拍牌 软件
Stars: ✭ 34 (-57.5%)
Mutual labels:  car
car-logos-dataset
Collection of 374 car logos images with few variations of sizes and JSON file for better usability.
Stars: ✭ 47 (-41.25%)
Mutual labels:  car
WeConnect-mqtt
MQTT Client that publishes data from Volkswagen WeConnect
Stars: ✭ 14 (-82.5%)
Mutual labels:  car
ELMduino
Arduino OBD-II Bluetooth Scanner Interface Library for Car Hacking Projects
Stars: ✭ 274 (+242.5%)
Mutual labels:  car
uracer-kotd
A GLES2 top-down racer, built on top of libgdx and Box2D.
Stars: ✭ 95 (+18.75%)
Mutual labels:  car
carmechanic
Car Mechanic Simulator mechanics in Unity
Stars: ✭ 39 (-51.25%)
Mutual labels:  car
ha-car wash
Car Wash Binary Sensor for Home Assistant
Stars: ✭ 67 (-16.25%)
Mutual labels:  car
mbapipy
MercedesME platform as a Custom Component for Home Assistant.
Stars: ✭ 25 (-68.75%)
Mutual labels:  car
MacchinaM2-J2534-Rust
Cross platform J2534 API for Macchinas M2 UTD module
Stars: ✭ 17 (-78.75%)
Mutual labels:  car
Nissboard
🚗 Nissan Consult/OBDII Realtime Dashboard
Stars: ✭ 20 (-75%)
Mutual labels:  car
DonkeyDrift
Open-source self-driving car based on DonkeyCar and programmable chassis
Stars: ✭ 15 (-81.25%)
Mutual labels:  car
corona-archiver
Python script to help pack and unpack Corona/Solar2D archive .car file
Stars: ✭ 23 (-71.25%)
Mutual labels:  car
self-driving-car-nd
Udacity's Self-Driving Car Nanodegree project files and notes.
Stars: ✭ 50 (-37.5%)
Mutual labels:  car
carFinderFlutter
A car finder in big parking lots app. Made with 💗 and Flutter
Stars: ✭ 19 (-76.25%)
Mutual labels:  car
RecPlate-lib
基于BP神经网络的车牌识别系统
Stars: ✭ 41 (-48.75%)
Mutual labels:  car
View All Similar Projects ➔

CyberTruckChallenge19

Android security workshop taught at the CyberTruck Challenge 2019 (Detroit USA). Further info at https://www.cybertruckchallenge.org

Description

A new mobile remote keyless system "CyberTruck" has been implemented by one of the most well-known car security companies "NowSecure Mobile Vehicles". The car security company has ensured that the system is entirely uncrackable and therefore attackers will not be able to recover secrets within the mobile application.

If you are an experienced Android reverser, then enable the tamperproof button to harden the application before unlocking your cars. Your goal will consist on recovering up to 6 secrets in the application.

Material

The content is provided in folders such as:

  • slides: Presentation during the Android workshop (1h)
  • apk: Final Android crackme APK which can unlock up to 3 vehicles.
  • src: Source code of the crackme
  • notes: Additional notes, troubleshooting, and so on
  • solutions: Possible solutions to the crackme (x86 and Aarch64)
  • student: JS code provided as template to write your Frida hooks
  • img:: Screenshots of the crackme running on the Android emulator

Mobile CTF: Android Crackme

It is required to have an Android device either emulated or physical. During the workshop we employed an AVD Google Pixel 2XL running Android 9.0 that it can be obtained for free with Android Studio. Additionally, the tamperproof check needs to have the Frida server binary placed in /data/local/tmp/frida-server.

logo

Challenge1 to unlock car1. "DES key: Completely Keyless. Completely safe"

  • 50pts: There is a secret used to create a DES key. Can you tell me which one?

  • 100pts: There is a token generated at runtime to unlock the carid=1. Can you get it? (flag must be submitted in hexa all lowercase)

Challenge2 to unlock car2: "AES key: Your Cell Mobile Is Your Key"

  • 50pts: This challenge has been obfuscated with ProGuard, therefore you will not recover the AES key.

  • 100pts: There is a token generated at runtime to unlock the carid=2. Can you get it? (flag must be submitted in hexa all lowercase)

Challenge3 to unlock car3. "Mr Truck: Unlock me Baby!"

  • 50pts: There is an interesting string in the native code. Can you catch it?

  • 100pts: Get the secret generated at runtime to unlock the carid=3. Security by obscurity is not a great design. Use real crypto! (hint: check the length when submitting the secret!)

Contact

Eduardo Novella [email protected]

Public Write-ups

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].