Abstract
Forensic Fundamentals of Electronic Control Units
An Automotive Electronic Control Units (ECU) becomes, once installed in a vehicle, essentially a black box.
Certain aftermarket endeavours, such as retrieving crash data for insurance purposes, providing access for independent repair shops, forensic analysis of mileage correction bugs used by aftermarket tools, or reprogramming the ECU to a blank slate in order to give it a new life on the second-hand market, are impossible without authenticated access to the ECU.
In this workshop, we delve into the secret waters of ECU reverse engineering.
Firstly, we look into firmware retrieval methodology.
Therefore we introduce various frequently occuring hardware interfaces and their respective communication protocols with the ECU.
Next, we touch upon two easily accessible hardware fault-injection techniques (voltage - and electromagnetic fault injection) which can assist in accessing the ECUs internal workings.
Secondly, we apply these techniques to real-world targets in order to access their firmware.
Analysing existing diagnostic tools and MCU debuggers, we show practical ways to ease the forensic process.
We discuss which algorithms to target and how to locate them in what initially seems like a cluttered binary desert.
