In 2022 we found vulnerabilities in dormakaba Saflok hotel locks. Reading one RFID card enables us to forge a pair of cards that open any door in that hotel! Dormakaba is currently working with its customers to fix the 3 million affected locks. wired.com/story/saflok-h…

New blog post is out! Extracting the SecOC keys used for securing the CAN Bus on the 2021+ RAV4 Prime. icanhack.nl/blog/secoc-key…

Research started all the way in 2022, but took many evenings of reverse engineering to get code execution.

PoC: github.com/I-CAN-hack/sec…

I'm releasing the 'automotive' rust crate! It has a fully async CAN adapter and UDS client. This allows building fast scanners or communicating with multiple ECUs in parallel. Both SocketCAN (Linux) and panda (Linux, MacOS, Windows) are supported.

github.com/I-CAN-hack/aut…

This February I'll be teaching a four day course on Car Hacking. There will be over 20 different hands-on exercises with real ECUs!

Check out some experiences from previous participants: icanhack.nl/training/#expe…

Did you know Willem Melching isn't just doing an awesome course on car hacking with Ringzer0? He's also doing a #BOOTSTRAP24 workshop on Automative firmware reversing! Learn how to analyze automotive firmware with one of the greatest minds in the space! buff.ly/3uU5F2E

Had blast giving my 'Practical Car Hacking' training with participants from Deloitte and RDW! Three days filled with hands-on hacking on real vehicle hardware.

If you're interested in attending one of my trainings or organize one, check out my website icanhack.nl.

Second day of the training! Today we will be covering more diagnostic protocols and hardware hacking. Lots of actual vehicle hardware to practice on.

New Blog Post!

How to Build Your First Hardware Hacking Lab:

voidstarsec.com/hw-hacking-lab…

Happy Friday!

Breaking the Gecko's Secure Boot
Firmware updates can fix vulns but who fixes the vulns in the update service?
In our new blog post Sami Babigeon and Forgette Benoît show why updating IoT firmware securely is hard, even when using state-of-the-art features.
blog.quarkslab.com/breaking-secur…

We (Greg Hogan, Robbe Derks and me) managed to score 1st place in the Car Hacking Village CTF and we earned our second DEF CON Black Badge! The last two hours of the CTF were very intense as the other teams almost caught up 😅. #DEFCON31

On my way to DEF CON! Looking forward to the Car Hacking Village CTF 🚗. Can you spot all the tools I packed?

Exploited a command injection in a DJI RM500 Smart Controller. Full exploit fits in image below. More details in the blog post: icanhack.nl/blog/dji-rm500…

Having some fun with a Sonos One Gen2 and a PCILeech. Thanks to Synacktiv and blasty for all the great info! synacktiv.com/en/publication… youtube.com/watch?v=Wqcbp9…