logo
securityArticlesConferencesPresentations

Unleashing the Power of My 20+ Years Old Car

Conference:  BlackHat EU 2019

2019-12-05

Summary

The speaker discusses their project of bypassing the speed limiter on their 20-year-old car and connecting it to their custom infotainment system through reverse engineering and understanding the car's computer management system.
  • The speaker bought a 90's sports car in Japan and wanted to bypass the speed limiter and connect it to their custom infotainment system
  • They reverse-engineered the car's computer management system and communicated with the ECU through the xsm protocol
  • The speaker turned everything into code and looked for maps to understand the engine's management system
  • They discovered interesting things such as the use of read-only memory and the M flag that changes instruction decoding at runtime
  • The speaker managed to bypass the speed limiter by understanding how it works and cutting all fuel injection when the car reaches 180 km/h
  • The speaker emphasizes that this work was done for educational purposes and testing was done legally on racetracks and closed roads only
The speaker's car had a speed limiter that cut all fuel injection when the car reached 180 km/h, which was uncomfortable and slowed down the car. They wanted to get rid of it and understand how it works, so they could bypass it and use the full power of their car on racetracks and closed roads. They managed to do so by reverse-engineering the car's computer management system and understanding how the speed limiter works.

Abstract

When I came to Japan about a year and half ago, the first thing I did was buy a car. Coming from a ~70hp family car, I chose to go for something more powerful and bought a 90's sports car. I've been dailying it and tracking it since then (> 50 000km so far) and it has been a great car. However, regulations in Japan require manufacturers to add a speed limiter to their cars, preventing you from going over 180km/h (approximatively). In this talk, I will give a brief introduction on how I managed to bypass that limiter, how I could have done it, how I ended up doing it, and what I discovered along the way.Automotive engine computer management will be introduced, as well as a bit of hardware, software reverse engineering, and video demonstrations.This work was done for educational purposes. Testing has been done legally on racetracks and closed roads only.
Materials:
Slides
Tags:

Post a comment

Related work

Confessions of an Nespresso Money Mule: Free Stuff & Triangulation Fraud

Conference:  Defcon 27
Authors:
2019-08-01

Reverse Engineering the Tesla Battery Management System for Moar Powerrr!

Conference:  Defcon 28
Authors:
2020-08-01

Building Container Images In Kubernetes: It’s Been a Journey!

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Laurent Bernaille, Eric Mountain
2022-10-26

Reverse Engineering the Tesla Battery Management System to increase Power Available

Conference:  BlackHat USA 2020
Authors:
2020-08-05

Whoops, I Accidentally Helped Start the Offensive Intel Branch of a Foreign Intel Service

Conference:  BlackHat USA 2021
Authors:
2021-08-04

20:20 - The History and Future of OWASP

Conference:  OWASP 20th Anniversary Event
Authors: Mark Curphey
2021-09-24