As a security researcher in the automotive industry, I needed to validate the secure boot feature of the target ECU. The main MCU of the target ECU is based on TriCore architecture, developed by Infineon. In this blog post, I’ll explain how I successfully validated the secure boot features of the target ECU.

In August, I participated in the DEFCON31 Car Hacking Village (CHV) as a member of my company team and finished fourth. While preparing for the competition, I noticed that the team that won the CHV once, Blockharbor Security, was running a CTF. I solved a few challenges to prepare for the DEFCON CHV, and among them, the custom firmware challenge was the best one, as it explained UDS (ISO-14229) in a good manner. It also had the highest points, so I would like to write a writeup and share it. And also, I would like to thank the Blockharbor team for running an awesome CTF

In the previous post, we learned what is SOME/IP protocol and how the SOME/IP header is structured and how payload serialization works. We also talk about that the SOME/IP-SD protocol is used to obtain the information that goes into the SOME/IP header. From now on, let’s take a look at what the SOME/IP-SD protocol is and how to make use of SOME/IP-SD protocol to fuzz SOME/IP protocol.

In 2022, as part of the BMW Private Bug Bounty program, I reported several security vulnerabilities in applications using the SOME/IP protocol in the head units of BMW vehicle called MGU22. As a result, I was honored to be included in the BMW Recognition of Security Exports by the BMW automotive group. In this article, I’ll introduce you to the SOME/IP protocol and share how I fuzzed SOME/IP applications to find vulnerabilities.

Several months ago, I had the opportunity to examine the Toolbox, a web-based diagnostic interface for Tesla vehicles. During that time, I was using an older firmware version, which enabled me to discover a few bugs that had already been patched. I also found an unpatched bug that still works in the latest version of the firmware, which I’ll detail below.