No announcement yet.

Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing

  • Filter
  • Time
  • Show
Clear All
new posts

  • Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing

    Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing

    Jonghyuk Song, Redteam Leader, Autocrypt
    Soohwan Oh, Blueteam Engineer, Autocrypt
    Woongjo choi, Blueteam Leader, Autocrypt

    Presentation Title: Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing
    Length of presentation: 20 minutes

    Car hacking is a tricky subject to hackers because it requires lots of money and hardware knowledge to research with a real car. An alternative way would be to research with an ECU but it also difficult to know how to setup the equipment. Moreover, in order to communicate with Automotive Ethernet services running on the ECU, you need additional devices such as media converters and Ethernet adapters supporting Virtual LAN(VLAN).
    Even if you succeed in building the hardware environment, you can't communicate with the ECU over SOME/IP protocol of Automotive Ethernet if you don't know the network configuration, such as VLAN ID, service IDs and IP/port mapped to each service.

    This talk describes how to do fuzzing on the SOME/IP services step by step.
    First, we demonstrate how to buy an ECU, how to power and wire it.
    Second, we explain network configurations to communicate between ECU and PC.
    Third, we describe how to find out the information required to perform SOME/IP fuzzing and how to implement SOME/IP Fuzzer.
    We have conducted the fuzzing with the BMW ECUs purchased by official BMW sales channels, not used products.

    We hope this talk will make more people to try car hacking and will not go through the trials and errors that we have experienced.


    Jonghyuk Song is lead for Autocrypt’s Red Team. His current tasks are security testing for automotive including fuzzing, penetration testing, and vulnerability scanning.
    He researches security issues in not only in-vehicle systems, but also V2G and V2X systems. Jonghyuk received his Ph.D. in Computer Science and Engineering at POSTECH, South Korea in 2015. He has worked in Samsung Research as an offensive security researcher, where his work included finding security issues in smartphones, smart home appliances and network routers.

    Soohwan Oh is an automotive engineer and security tester at Autocrypt blue team.
    He is mainly working on fuzzing test and issue analysis on the in-vehicle networks, such as CAN/CAN-FD, UDSonCAN and Automotive Ethernet.
    Also, he has designed the requirements of automotive security test solutions.

    Woongjo Choi is in charge of team leader of blue team and also vehicle security test engineer at Autocrypt. Also, he designed automotive security test solution and conducted the fuzzing test.Experienced in various fields : Vehicle security, Mobile phone, Application Processor, Ultrasound system, etc.

    1) “SOME/IP Protocol Specification”, AUTOSAR,
    2) “SOME/IP Service Discovery Protocol Specification”, AUTOSAR,
    3) “Ori: A Greybox Fuzzer for SOME/IP Protocols in Automotive Ethernet”, “Yuekang Li; Hongxu Chen; Cen Zhang; Siyang Xiong; Chaoyi Liu; Yi Wang”,
    Last edited by number6; July 3, 2022, 16:49.

  • #2
    Hello, this is a amazing topic. I would like to ask where can I view the video or speech documents of this topic. Thank you


    • number6
      number6 commented
      Editing a comment
      Many main-track speakers were available live in-person or over streaming as they were happening, but are not available as recordings yet.
      Usually, main track speaker talks are made available a few month after DEF CON is over to those that didn't see them in-person or streaming when they were live.There is a commercial company that has made videos available for a fee before they are released by DEF CON to the public if you are in a rush and want to pay them to get videos faster.

  • #3
    Thank you very much for your reply.