Who Are The Living Ghosts?

A living ghost is a 'disgusting' but perhaps accurate term applied to a person who has come to the UK to claim asylum and been unsuccessful http://www.church-poverty.org.uk/campaigns/li..

Once this happens, and if his/her appeal fails then there is an expectation that the individual will return voluntarily to his/her country of origin, and if this does not happen he or she will lose all access to public support i.e. no rights to accommodation, no rights to seek employment, no rights to claim government benefits, no rights to social care and the most basic rights to medical care.

In this situation, a person becomes virtually invisible hence the term 'Living Ghost'. Nobody really sees the living ghost except when crime is committed or when the housing shortage hits an all time high. This is the time when the living ghost is most noticed.

I have always found this to be particularly odd as the living ghost has no entitlement to housing and if he/she has no access to employment or benefits how is he/she meant to survive?

I have to say however, that the people I know in this situation have never been involved with the criminal justice system, in fact they are terrified of the police. In their countries, if you get arrested, you are usually out cold by the time you reach the patrol car or dead.

Now you might wonder how the hell a person in this situation actually manages to survive? How do they eat? Where do they sleep? Do they sleep? What happens if they become ill? and please don't forget that many people seeking asylum in the UK have often fled their own countries in fear for their lives, they may have been detained & tortured, raped or lost family members as a result of war, the list is endless.

It shouldn't be so difficult to survive though should it? I mean, they take our jobs (err sorry! no permission to work!) our houses (oops! no permission to access housing) Oh yes!! lets not forget our women because we really have no independent thought processes do we?

Taking into account the atrocities that some of these people have endured in their lives, is it not suprising that people do not return 'voluntarily'?

Now in many cases, the Home Office http://www.ukba.homeoffice.gov.uk/ do not deport people back home, why? because their countries are known to be unsafe, it's just their accounts of what happened that weren't believed.
So when this happens they are left destitute and are living on our streets, in our democratic country in the 21st century how disgusting is that?

Welcome To The United Kingdom!



Where's my vote?

Where's my vote?
People just want the right to choose their own government

Man holds a picture of his murdered friend

Man holds a picture of his murdered friend
Killed for speaking out against the corrupt Ahmadinejad regime
STOP EXECUTIONS IN IRAN!

According to the United Nations Convention Against Torture 1984, Article I, the term "torture" means any act by which severe pain or suffering, whether physical or mental, is intentionally inflicted on a person for such purposes as obtaining from him or a third person information or a confession, punishing him for an act he or a third person has committed or is suspected of having committed, or intimidating or coercing him or a third person, or for any reason based on discrimination of any kind, when such pain or suffering is inflicted by or at the instigation of or with the consent or acquiescence of a public official or other person acting in an official capacity. It does not include pain or suffering arising only from, inherent in or incidental to lawful sanctions.Iran is not signatory of Convention Against Torture but it doesn't give Iranian government any right to torture Iranians.

Surely Things Aren't Really That Bad Are They? Come on, What's for Tea?

Now before you sit down and eat, I'd like you to try a little exercise, anyone can join in and it will only take about 10 minutes maximum. It doesn't matter who you are, whether you are a council worker, a politician, the Prime Minister, homeless, destitute it really does not matter.
Just close your eyes for a moment and imagine this.......


You live in a beautiful country, lets say Iran to keep it simple. Things are hard but your country is amazing, beautiful buildings, warmth, the smell of home cooking and incense wafting by as you relax after a day's hard work. You have always struggled, never really fitted in because your father is Iranian and your Mother Kurdish but nevertheless that's part of life and there are mixed race people everywhere.
Suddenly you are jolted from your relaxation by banging on your door so you rush to see what the problem is.
It must have only taken a few seconds to reach the door but when you get there you see your elderly father being taken by military police handcuffed with a gun to his head.
You stare in horror and then being the eldest son you need to make sure your mum & sister are ok.
In your mum's room you see her crying on the bed and just as you are walking over to her your sister screams so you rush to her room but one soldier is still there so you can't do a thing except witness her rape and torture that seems to last a lifetime. Your mum knows whats happened and she is praying that she will die. Imagine that!
Imagine this is the 5th, 6th 7th or 8th time this has happened?
Your father, well you never saw him again after the first time, your sister could face execution for having sex before marriage and now who will marry her anyway?
Your Mother well she still wants to die but can't quite get there & you! are meant to protect them but you know the interrogators will be back for you because your're half Kurdish and you support independence for Kurdish people and they really don't like that.
Imagine that!! so you flee to protect your own life and also you feel that it may be easier on your family if you aren't there.
You don't know where you will end up when you smuggle yourself onto lorries, boats e.t.c or even if you will get to the other end alive but you do it....you are amazing imagine that!

This exercise wasn't made up, it was based upon real life history. A close friend of mine who I will call S experienced this and more on a regular basis. S is a man who was detained, raped and tortured systematically by the Iranian regime. Other examples include.......

Thousands face mass eviction from homes and market stalls in Zimbabwe
Up to 200 people from an informal settlement in the Harare suburb of Gunhill in Zimbabwe face being forcibly evicted without being given adequate notice or any consultation or due process. Thousands of vendors across Harare also face forcible removal from their market stalls. The majority of those to be affected are poor women whose principal source of livelihood is selling fruits, vegetables and other wares at market stalls like Mbare Musika and Mupedzanhamo in Harare.The Deputy Mayor of the Harare City Council stated in July 2009 that the city authorities are considering evicting people from "illegal settlements and market places to restore order." He claimed that the targeted people pose a health hazard and violate the city's by-laws.
www.hrw.org/ (Human Rights Watch 2009)


Iranian girl prisoners systematically raped before execution
The Iranian practice of raping girl prisoners before execution has been reported previously, but perhaps never with such clear documentation. "Progressives" who support this regime should keep it in mind. It is unlikely that there will be any investigation by the UN or a human rights group.

Ami Isseroff

'I wed Iranian girls before execution'
Jul. 19, 2009SABINA AMIDI, Special to The Jerusalem Post , THE JERUSALEM POST
In a shocking and unprecedented interview, directly exposing the inhumanity of Supreme Leader Ali Khamenei's religious regime in Iran, a serving member of the paramilitary Basiji militia has told this reporter of his role in suppressing opposition street protests in recent weeks.
He has also detailed aspects of his earlier service in the force, including his enforced participation in the rape of young Iranian girls prior to their execution.
He said he had been a highly regarded member of the force, and had so "impressed my superiors" that, at 18, "I was given the 'honor' to temporarily marry young girls before they were sentenced to death."
In the Islamic Republic it is illegal to execute a young woman, regardless of her crime, if she is a virgin, he explained. Therefore a "wedding" ceremony is conducted the night before the execution: The young girl is forced to have sexual intercourse with a prison guard - essentially raped by her "husband."
"I regret that, even though the marriages were legal," he said.
Why the regret, if the marriages were "legal?"
"Because," he went on, "I could tell that the girls were more afraid of their 'wedding' night than of the execution that awaited them in the morning. And they would always fight back, so we would have to put sleeping pills in their food. By morning the girls would have an empty expression; it seemed like they were ready or wanted to die.
"I remember hearing them cry and scream after [the rape] was over," he said. "I will never forget how this one girl clawed at her own face and neck with her finger nails afterwards. She had deep scratches all over her."

Still hungry?

Oh Mr. Brown! (Gordon) you are an exception enjoy your tea!

(THIS IS THE UNITED KINGDOM)

The United Kingdom is a Country of Democracy, Equality and Values the Protection of Human Rights.

So you have arrived in the United Kingdom tired, hungry, traumatised and dehydrated but nevertheless grateful to be in a country where you know you will not be executed..(there's a good start).

Despite your frail state however you manage with the help of an interpreter to complete a lengthy document stating your claim for asylum and why you were forced to flee your beautiful country with the wonderful history and the smell of home cooking e.t.c. for a country you know absolutely nothing about....You are amazing!

Asylum is given under the 1951 United Nations Convention Relating to the Status of Refugees http://www.asylumrights.org.uk/convention.htm.

To be recognised as a refugee, you must have left your country and be unable to go back because you have a well-founded fear of persecution because of your:
.race;
.religion;
.nationality;
.political opinion; or
.membership of a particular social group.

In 2007, 19 out of every 100 people who applied for asylum were recognised as refugees and given asylum.

Eventually you are offered accommodation with the support of NASS National Asylum Support Service (NASS) just until a decision is made about whether you will be granted leave to remain in the United Kingdom. You are also provided with vouchers so that you can eat.
www.asylumsupport.info/nass.htm

Things seem to be a little easier now and you can relax and recover from your ordeal in the knowledge that you will be safe but you can't look for a job to support yourself or access a house independently not yet! not until you become a British Citizen so you'll just have to hope for the best for now and wait until you get your UK leave to remain.

This means that it will be almost impossible to learn English Language at the moment because you don't really have the chance to mix in with British people as most of them congregate in places like 'Workplaces' or 'Housing Communities' all the places you can't go.

I guess you could go to social places like clubs or pubs but you don't have any money to do that and they don't accept vouchers sorry! but I guess you have freedom of choice don't you?




Beyond What is Visible

You were once a stranger to me but now I know you,
Not all of you, that could never be
Always a part of you that no one will ever see, not even me.

Once a stranger with beautiful brown eyes, the most beautiful eyes I have ever seen,
Eyes that felt nothing, no emotion nothing in between, this life and beyond.

We were once strangers but then we touched,
Not in the way some might think, not too much.
The touch we shared was deep and true,
Not physical but you did touch me and I did touch you.

You were once a stranger to me but now I know you,
Not all of you, that could never be.
Sometimes there's a moment when your eyes melt me,
So warm and compassionate, oh such a change in time, or is it?
Maybe I was blind.

We dont have words but thats fine,
I don't speak your language and you don't speak mine
But when you touched me I understood what you needed to say, it just needed time.




The Decision.........Dont worry!! Help is at hand. This is the United Kingdom.

So today is the day! the letter has arrived and with anticipation you open it.
You don't understand.............
You told the truth, explained why you had to flee your country, about the rape the torture why have they refused your application?
Why?
Quickly you must try and lodge an appeal against this decision.
The Home Office have stated that certain things are untrue or overstated but you know you told the truth.

You admit and acknowledge that when you lodged your claim, you were traumatised, tired, hungry and dehydrated and had travelled for thousands of miles in appalling conditions but you told the truth.
So you lodge your appeal and this fails too so what now?

Another letter arrives... you breath a sigh of relief as this could be to say that they made a mistake, they were wrong but no, its from NASS to say that in 28 days you must leave your home and return voluntarily to your country as you are now not permitted to remain in the UK. In 28 days time your vouchers will cease also.

So far you have managed alone with your memories of what happened to you and your family, tormented and unable to sleep you have paced the floor, even turned to alcohol which in your country is prohibited but you coped now its different. Who can you turn to? where can you get help when you don't even speak English?
Maybe the nurse in the hospital will understand as you wake up with both your wrists bandaged.

Relax! This is the United Kingdom there is always a way forward.

In the UK there is something called Section 4 support

Section 4 support

Applying for support

This page explains how you may qualify for short-term support if your application for asylum was unsuccessful, you are unable to return to the country you came from and would otherwise be homeless or without the money to buy food (we call this 'destitute').
If your asylum application has been rejected, you must return to your country of origin as soon as possible. However, you may be able to receive short-term support while you are waiting to return to your country. This is known as section 4 support because it is given under the terms of section 4 of the Immigration and Asylum Act 1999.
There are strict requirements you must meet in order to qualify for section 4 support. You must be destitute and satisfy one of the following requirements:
you are taking all reasonable steps to leave the United Kingdom or placing yourself in a position where you can do so;
you are unable to leave the United Kingdom because of a physical barrier to travel or for some other medical reason;
you are unable to leave the United Kingdom because the UK Border Agency believes there is no safe route available;
you have either applied for a judicial review of your asylum application in Scotland or applied for a judicial review of your asylum application in England, Wales or Northern Ireland and been given permission to proceed with it; or
accommodation is necessary to prevent a breach of your rights, within the meaning of the Human Rights Act 1998.

http://www.ukba.homeoffice.gov.uk/asylum/support/apply/section4/

So What is Section 4 all about?

Now Section 4 of The Asylum and Immigration Act 1999 is a magical piece of legislation put in place by the Home Office to help you so please trust them and do not listen to anyone who tells you otherwise.

Yes thats right! The Home Office were the people who looked at your asylum claim and refused it.

Lets take a closer look at Section 4 and what you must do to get it....

1- You must be willing to leave the UK and you must be putting yourself in a position to do so.

Oh but wait! you came to the UK fleeing for your life so this wont work.

2-You cannot leave the UK because you are unable to travel due to physical barriers.

Hmmm at the moment you are not registered as having these kinds of problems and even if you had, who would be aware of it? You have no access to anything and in any case you can't speak English.

3- you are unable to leave the United Kingdom because the UK Border Agency believes there is no safe route available;

Well your asylum claim was refused so the Home Office obviously believe it is safe.

4-
you have either applied for a judicial review of your asylum application in Scotland or applied for a judicial review of your asylum application in England, Wales or Northern Ireland and been given permission to proceed

Your asylum claim and appeal was refused (Not doing too well here)

5-
accommodation is necessary to prevent a breach of your rights, within the meaning of the Human Rights Act 1998.

Damn!! They just took your accommodation.

On a positive note, your local authority (The city where you live) know about this so they should help shouldn't they?
Let's hear what they have to say,and what they are planning to do about it..............

Home
About MCC Manchester
MCC Manchester News
News, events and activities in the life of the Metropolitan Community Church, Manchester (UK).
May 30, 2009
Support for refused asylum seekersPosted by Steve Gray under Social action Tags: , , , , Leave a Comment

Refused asylum seekers left destitute in the UK
Background information

No doubt you will have heard or read reports about how the UK is meant to be a “soft touch” for asylum seekers. Yet, in reality, the level of support provided to asylum seekers is far lower than that of income support and is usually withdrawn altogether if a claim is refused.

Many refused asylum seekers are, in fact, unable to return to their home countries due to the risks they would face because of, for example, armed conflicts, generalised violence and repressive regimes. As a result, many refused asylum seekers from countries where such problems are rife (including Zimbabwe, Iran, Iraq, Sudan, Afghanistan, Somalia, the Democratic Republic of Congo and Eritrea) are being forced into destitution, as they are not permitted to work here.

To make matters worse, it appears as though this could be part of a deliberate strategy on the part of the UK Government. Certainly, this is the view of the Joint Committee on Human Rights, which recently reviewed the treatment of asylum seekers in the UK and reached the following conclusion:

“We have been persuaded by the evidence that the Government has indeed been practising a deliberate policy of destitution of this highly vulnerable group.

We believe that the deliberate use of inhumane treatment is unacceptable. We have seen instances in all cases where the Government’s treatment of asylum seekers and refused asylum seekers falls below the requirements of the common law of humanity and of international human rights law”.
In light of this, we are calling on you to support the Still Human Still Here Campaign, which is fully endorsed by Amnesty International and many other reputable organisations (http://stillhumanstillhere.wordpress.com/).

The Still Human Still Here Campaign is dedicated to highlighting the plight of tens of thousands of refused asylum seekers who are destitute in the UK.

Supporters of the campaign believe that the denial of any means of subsistence to refused asylum seekers as a matter of government policy is both inhumane and ineffective.
Its supporters are calling on the Government to:
End the threat and use of destitution as a tool of Government policy against refused asylum seekers

Continue financial support and accommodation to refused asylum seekers as provided during the asylum process and grant permission to work until such a time as they have left the UK or have been granted leave to remain

Continue to provide full access to health care and education throughout the same period

What can I do?

We are asking you to write to your local MP in order to highlight the issue and ask for his or her support. Please feel free to use the model letter below (preferably adapting it, where possible) for this purpose. If you don’t know who your

MP is, you can find out at http://www.theyworkforyou.com/.

Then, all you need to do is send your letter (addressed to your own MP) to:
House of CommonsLondonSW1 0AA
If you receive a reply from your MP, please send a copy to The Human Rights Action Centre, 17-25 New Inn Yard, London, EC2A 3EA

Well, they have been persuaded so theres a good thing, but it looks like they are going to do absolutely nothing!



Please Don't Be The Next Living Ghost

The inspiration for this blog has been given to me by some truly amazing people who I have been fortunate to meet along life's journey. Unfortunately, although it would be an honour to use their full titles I am only able to identify them by initials.
Some of the mentioned people have fled their countries in fear of their lives, and some sadly did not make it.

I would like to take this opportunity to thank these people from the bottom of my heart for allowing me to be a part of their journey and for being courageous enough to come forward with their stories.

I hope that after visiting my blog you will share some of your own experiences and be proactive in writing letters and doing whatever it takes to make changes to the current asylum laws.

This can be done, it just takes time and determination and most of all a willingness to stand in unity.

S.M -A courageous and amazing man of Kurdish-Iranian origin. Having experienced torture & detention for political reasons he fled to the UK in fear for his life. This man has diagnosed Post Traumatic Stress Disorder and needs close monitoring due to five previous and serious suicide attempts. Initial asylum claim failed and now in the process of appeal. If returned to Iran he faces definite execution.
This man lives in Manchester England.

S.G.T- A courageous and amazing man of Kurdish Iranian origin, having fled his country for political reasons he still awaiting the outcome of his asylum claim to remain in the UK. A member of the PKK (Kurdish Independence Party) he will definitely face execution by hanging if returned.
This man lives in Manchester England.

S.H - A courageous and amazing Iranian man who fled Iran following his relationship with a girl of Jewish origin. The Basij police cut her throat in front of him and beat him so badly that he sustained a 7" scar on his head from a machete type blade (His father was one of Basij). In the UK he became a 'living ghost' and eventually returned to Iran as he could take no more pain and hopelessness from his destitute situation. He was subsequently executed by hanging, accused of espionage.

A.A -An amazing and couragious man who fled his home country of Iran because of political reasons. He is currently destitute on the streets of Manchester UK having failed his asylum application and appeal. He is now a living ghost.

F.A -Also a courageous and amazing man from Iran who was picked up and detained following a protest in the UK against the Ahmadinejad regime in his home country in which his family are stuck. This man faces deportation back to Iran where he is likely to be executed as an opposer of the Ahmadinejad government.
This man lives in Manchester England

A.R.Z -A courageous and amazing man from Afghanistan currently in the UK.
This man has his leave to remain in the United Kingdom but is so mentally affected by the atrocities and torture he endured in his country, he is unable to ever feel safe. He is dependent upon opium and living in Manchester England

M.M- A courageous and amazing young man of Iranian origin. Having fled his country because of sexuality reasons he came to the UK.
Homosexuality in Iran is punishable by the death penalty and his partner was hung at the age of just 23yrs.
This man failed in his application for asylum and in his appeal against the decision. He is now a living ghost in Manchester England.

M. An amazing and courageous young man from Eritrea who fled to the UK in fear for his life after all his family, mother, father, 2 brothers and his baby sister were slaughtered in front of his eyes by militia.
He escaped by hiding in a cupboard. He is awaiting the outcome of his appeal for asylum in the UK. He currently resides in accommodation provided by NASS due to his young age.

A.S An amazing and courageous man from Iran who has been deeply affected by the aftermath of the Iran Iraq war in which he served as a soldier. This man has serious mental health problems and the need for counselling but cannot access it having no access to support after his asylum claim and appeal were refused in the UK. Recently he stitched his own mouth and went on hunger strike just so someone would listen. He lives in Manchester.

MB, An amazing and Courageous Angolan man who was detained in Yarl's Wood with his 13-year-old son, was found hanged in a stairwell on the morning of his 35th birthday.
M's last words to his son were 'be brave, work hard, do well at school'

EN, An amazing and Courageous 26-year-old Zimbabwean man who was found drowned after his asylum claim and appeal to remain in the UK had failed.

HN-An amazing and Courageous man from Iran who was found with a gunshot wound two weeks after his asylum claim was refused.
H, was homosexual and fled Iran in March 2000 after being imprisoned for three months for his sexuality and sought sanctuary in the UK. He feared being executed if he was returned to Iran - where homosexuality is a 'crime' punishable by death.


Please Check out the following links and make a difference: Additionally, please contact me at:
morgana.1@hotmail.co.uk


http://stllhumanstillhere.wordpress.com/
http://www.church-poverty.org.uk/campaigns/li..
http://www.irr.org.uk/2005/september/ha000021.html
http://www.redcross.org.uk/.
http://www.torturecare.org.uk./
http://www.refugee-action.org.uk/manchester.
http://www.sareli.org.uk./
http://www.samaritans.org./
http://www.woodstreetmission.org.uk./

http://www.qva.org.uk/

http://www.immigrationboards.com


Saturday 20 January 2024

Hacking All The Cars - Part 1


A step by step lab based mini course on analyzing your car network


I wanted to learn about hacking cars. As usual I searched around the internet and didn't find any comprehensive resources on how to do this, just bits and pieces of the same info over and over which is frustrating. I am not a car hacking expert, I just like to hack stuff. This mini course will run in a fully simulated lab environment available from open garages, which means in 5 minutes from now you can follow along and hack cars without ever bricking your girlfriends car. Since you obviously wouldn't attack your own Lambo, totally use your girlfriends Prius. 

Below are the topics covered in this blog  series so you can decide if you want to read further: 

Whats covered in this car hacking mini course: 

Setting up Virtual Environments for testing
Sniffing CAN Traffic
Parsing CAN Traffic
Reverse Engineering CAN IDs 
Denial of service attacks
Replaying/Injecting Traffic
Coding your own CAN Socket Tools in python
Targeted attacks against your cars components
Transitioning this to attacking a real car with hardware

The first thing we are going to do before we get into any car hacking specifics such as "WTF is CAN?", is get your lab up and running. We are going to run a simple simulated CAN Bus network which controls various features of your simulated car. Its better to learn by doing then sit here and recite a bunch of car network lingo at you and hope you remember it.  

I also don't want you to buy a bunch of hardware and jack into your real car right away. Instead there are options that can get you started hacking cars RIGHT NOW by following along with this tutorial. This will also serve to take away the fear of hacking your actual car by understanding what your doing first. 


Video Playlist: 




Setting up your Lab: 

First things first, set yourself up with an Ubuntu VMware install, and load it up. Optionally you could use a Kali Iinux VM, however, that thing drives me nuts with copy paste issues and I think Kayak was giving me install problems. So support is on you if you would like to use Kali. However, I do know Kali will work fine with OpenGarages virtual car.. So feel free to use it for that if you have it handy and want to get started right away. 


Install PreReq Libraries: 

Once you load this up you are going to want to install CAN utilities and pre-requisite libraries. This is really easy to do with the following Apt-get commands:
sudo apt-get update
sudo apt-get install libsdl2-dev libsdl2-image-dev can-utils  

Then we are going to pull down the ICSimulator repo: 


Starting the simulator: 

Once this is done we can startup the simulator by changing directories to the downloaded repo and running the following 2 commands, which will setup a virtual CAN interface and a simulator GUI Cluster: 

Run the setup Script to get the vcan0 interface up: 
root@kali:~/ICSim# ./setup_vcan.sh 
root@kali:~/ICSim# ./icsim vcan0

On a new terminal tab we will open up our simulators controller with the following command,
root@kali:~/ICSim#./controls vcan0

Note: that the controller must be the in-focus GUI screen to send keyboard commands to the simulator. 






How to Use the Simulator: 

The simulator has a speedometer with Right and Left turn signals, doors etc.  Below are the list of commands to control the simulator when the Control panel is in focus. Give them each a try and note the changes to the simulator. 
Up and Down keys control the gauges clusters speedometer
Left and Right keys Control the Blinkers
Right Shift + X, A or B open doors 
Left Shift + X, A or be Close doors

Try a few of the above commands for example Right Shift +X and you will see the interface change like so, notice the open door graphic: 


Awesome, thanks to OpenGarages you now you have your very own car to hack

Notice in the setup commands above we used a VCan0 interface. Run Ifconfig and you will now see that you indeed have a new network interface that speaks to the CAN network over VCan0. 

ficti0n@ubuntu:~/Desktop/ICSim$ ifconfig vcan0
vcan0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          UP RUNNING NOARP  MTU:16  Metric:1
          RX packets:558904 errors:0 dropped:0 overruns:0 frame:0
          TX packets:558904 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:3663935 (3.6 MB)  TX bytes:3663935 (3.6 MB)


Car networks run on a variety of protocols most prevalent being CAN. You can think of a CAN Bus like an old school networking hub where everyone can see everyone elses traffic. This is true to some extent although you may not see all of the cars traffic if its not connected to that particular bus your plugged into. You can think of CAN traffic kind of like UDP in that its send and forget, the main difference being parts of the CAN bus network don't actually have addresses and everything runs off arbitration IDs and priorities. Thats enough background to get you doing rather then reading.

With a little knowledge out of the way lets check if we can see our CAN traffic from our virtual car via the CanDump utility, which you installed as part of CanUtils package above. Using the following command on the vcan0 interface our simulator uses you can view a stream of traffic: 

ficti0n@ubuntu:~/Desktop/ICSim$ candump vcan0



Above we can see a bunch of CAN frames, and if we perform actions on the vehicle we will see changes to data values in the CanDump output.  However this may happen very fast, and we may not be able to see if for example we unlocked our simulators door. This is because things are changing constantly in the cars IDLE state. One single value changing may not stand out enough for us to take notice or may scroll so fast we cant see it. 


Capture and Replay CAN Actions: 

One option would be to perform an action and replay it, we should see the actions happen again in the replay if the traffic for the action we recorded is on the same bus network our device is plugged into. There are loads of networks within a car and its not guaranteed our network tap for example an OBD2 port plugin is connected to the same network as door we opened.  Or the door may not be connected to the network at all depending on your car and its age or how its configured. 

Replaying dumps with CanPlayer: 
Another useful tool included with CanUtils package is CanPlayer for replaying traffic. If the functionality we are trying to capture is on the same Bus as the adaptor plugged into the car, or in this case our Virtual CAN interface, we can use CanDump to save traffic to a file. We then use CanPlayer to replay the traffic on the network. For example lets run CanDump and open a door and then replay the functionality with CanPlayer. 

Lab 1 Steps: 

  1. Run CanDump
  2. Right Shift + X to open a door
  3. Cancel CanDump (ctrl+c)
  4. Left Shift + X to close the door
  5. Run can player with the saved dump and it will replay the traffic and open the door

Recording the door opening:  (-l for logging) 
ficti0n@ubuntu:~/Desktop/ICSim$ candump -l vcan0

Replaying the CanDump file:  (use the file your can dump created) 
ficti0n@ubuntu:~/Desktop/ICSim$ canplayer -I candump-2018-04-06_154441.log 

Nice, so if all went well you should see that your door is now open again. If this did not happen when attacking a real car, just try to replay it again. CAN networks are not like TCP/IP, they are more like UDP in that you send out your request and its not expecting a response. So if it gets lost then it gets lost and you have to resend. Perhaps something with higher priority on the network was sending at the time of your replay and your traffic was overshadowed by it.   




Interacting with the Can Bus and Reversing Traffic: 

So thats cool, but what about actually understanding what is going on with this traffic, CanDump is not very useful for this, is scrolls by to quickly for us to learn much from.  Instead we can use CanSniffer with colorized output to show us the bytes within packets that change. Below is an example of CanSniffer Traffic: 

To startup can sniffer run the following: 
ficti0n@ubuntu:~/Desktop/ICSim$ cansniffer -c vcan0




You will see 3 fields, Time, ID  and Data. Its pretty easy to figure out what these are based on thier name. The most important part for our usage in this blog are the ID and the Data fields.  

The ID field is the frame ID which is loosely associated with the device on the network which is effected by the frame being sent. The ID to also determines the priority of the frame on the network.  The lower the number of the CAN-ID the higher priority it has on the network and more likely it will be handled first.  The data field is the data being sent to change some parameter like unlocking a door or updating output. You will notice that some of the bytes are highlighted RED. The values in red are the values that are changing during the idle state you are currently in. 


Determine which ID and Byte controls the throttle: 

So with the terminal sniffing window open put the simulator and the controller into the foreground, with the controller being the window you have clicked and selected.  Pay attention to the CanSniffer output while hitting the UP ARROW and look for a value that was white but is now Red and increasing in value as the throttle goes up.  This might take you a few minutes of paying attention to whats going on to see. 

The following 2 pictures show ID 244 in the IDLE state followed by pressing the up button to increase the speed. You will notice a byte has turned red and is increasing in value through a range of HEX values 0-F. It will continue to enumerate through values till it reaches its max speed. 





The byte in ID 244 which is changing is the value while the throttle is engaged, so 244 associated in some way with the increasing speed.   The throttle speed is a good value to start with as it keeps increasing its value when pressed making it easier to spot while viewing the CanSniffer output.  


Singling out Values with Filters: 

If you would like to single out the throttle value then click the terminal window and press -000000 followed by the Enter key which will clear out all of the values scrolling. Then press +244 followed by the Enter key which will add back the throttle ID. You can now click the controller again and increase the speed with your Up arrow button without all the noise clouding your view.  You will instead as shown below only have ID 244 in your output: 




To get back all of the IDs again click the terminal window and input +000000 followed by the Enter key.   Now you should see all of the output as before.  Essentially 000000 means include everything. But when you put a minus in front of it then it negates everything and clears your terminal window filtering out all values. 


Determine Blinker ID: 

Now lets figure out another ID for the blinkers. If you hit the left or right arrow with the controls window selected you will notice a whole new ID appears in the list, ID 188 shown in the picture below which is associated with the blinker. 




This ID was not listed before as it was not in use within the data output until you pressed the blinker control.  Lets single this value out by pressing -000000 followed by +188.  Just like in the throttle example your terminal should only show ID 188, initially it will show with 00 byte values. 

 As you press the left and the right blinker you will see the first Byte change from 00 to 01 or 02. If neither is pressed as in the screenshot above it will be 00. Its kind of hard to have the controller in focus and get a screenshot at the same time but the ID will remain visible as 00 until it times out and disappears from the list when not active. However with it filtered out as above you can get a better view of things and it wont disappear.  


Time for YOU to do some Protocol Reversing:

This lab will give you a good idea how to reverse all of the functionality of the car and associate each action with the proper ID and BYTE. This way you can create a map of intended functionality changes you wish to make.  Above we have done a few walk throughs with you on how to determine which byte and ID is associated with an action. Now its time to map everything out yourself with all the remaining functionality before moving on to attacking individual components.  


Lab Work Suggestion: 


  1. Take out a piece of paper and a pencil
  2. Try unlocking and locking doors and write down the ID which controls this action (remember your filters)
  3. Try unlocking each door and write down the BYTES needed for each door to open
  4. Try locking each doors and what Bytes change and what are their values, write them down
  5. Do the same thing for the blinkers left and right (Might be different then what I did above) 
  6. What ID is the speedometer using?  What byte changes the speed? 


Attacking Functionality Directly: 

With all of the functionality mapped out we can now try to target various devices in the network directly without interacting with the controllers GUI. Maybe we broke into the car via cellular OnStar connection  or the center console units BLE connection which was connected to the CAN network in some way.  
After an exploit we have direct access to the CAN network and we would like to perform actions. Or maybe you have installed a wireless device into an OBD2 port under the dashboard you have remote access to the automobile. 

Using the data from the CAN network reversing lab above we can call these actions directly with the proper CAN-ID and Byte.  Since we are remote to the target we can't just reach over and grab the steering wheel or hit the throttle we will instead send your CAN frame to make the change.
One way we can do this is via the CanSend utility. Lets take our information from our lab above and make the left turn signal flash with the following ID 188 for the turn signal by changing the first byte to 01 indicating the left signal is pressed. CanSend uses the format ID#Data. You will see this below when sending the turn signal via CanSend. 

ficti0n@ubuntu:~/Desktop/ICSim$ cansend vcan0 188#01000000 



You should have noticed that the left signal flashed. If not pay more attention and give it another try or make sure you used the correct ID and changed the correct byte.  So lets do the same thing with the throttle and try to set the speed to something with ID 244 that we determined was the throttle. 

ficti0n@ubuntu:~/Desktop/ICSim$ cansend vcan0 244#00000011F6 

My guess is that nothing happened because its so fast the needle is not going to jump to that value. So instead lets try repeating this over and over again with a bash loop which simply says that while True keep sending the throttle value of 11 which equates to about 30mph: 

ficti0n@ubuntu:~/Desktop/ICSim$ while true; do cansend vcan0 244#00000011F6;  done




Yes thats much better, you may notice the needle jumping back and forth a bit. The reason the needle is bouncing back and forth is because the normal CAN traffic is sent telling the car its actually set to 00 in between your frames saying its 30mph.  But it worked and you have now changed the speed the car sees and you have flashed the blinker without using the cars normal blinker controls. Pretty cool right? 


Monitor the CAN Bus and react to it: 

Another way to handle this issue is to monitor the CAN network and when it sees an ID sent it will automatically send the corresponding ID with a different value.. Lets give that a try to modify our speed output by monitoring for changes. Below we are simply running CanDump and parsing for ID 244 in the log output which is the throttle value that tells the car the speed. When a device in the car reports ID 244 and its value we will immediately resend our own value saying the speed is 30mph with the value 11.  See below command and try this out. 

ficti0n@ubuntu:~/Desktop/ICSim$ candump vcan0 | grep " 244 " | while read line; do cansend vcan0 244#00000011F6; done

With this running after a few seconds you will see the speed adjust to around 30MPH once it captures a legitimate CAN-ID 244 from the network traffic and sends its own value right after.  

Ok cool, so now while the above command is still running click the controller window and start holding down the Up arrow with the controller in focus.. After a few seconds or so when the speed gets above 30MPH you will see the needle fighting for the real higher value and adjusting back to 30MPH as your command keeps sending its on value as a replacement to the real speed. 

So thats one way of monitoring the network and reacting to what you see in a very crude manner.  Maybe someone stole your car and you want to monitor for an open door and if they try to open the door it immediately locks them in. 


Conclusion and whats next: 

I am not an expert car hacker but I hope you enjoyed this. Thats about as far as I want to go into this subject today, in the next blog we will get into how to code python to perform actions on the CAN network to manipulate things in a similar way.  With your own code you are not limited to the functionality of the tools you are provided and can do whatever you want. This is much more powerful then just using the CanUtils pre defined tools. Later on I will also get into the hardware side of things if you would like to try this on a real car where things are more complicated and things can go wrong. 

Read more


  1. Hackrf Tools
  2. Hacker Tools Windows
  3. Pentest Tools List
  4. Tools For Hacker
  5. Pentest Tools Website
  6. Kik Hack Tools
  7. How To Make Hacking Tools
  8. Hack Tools For Windows
  9. Pentest Tools Apk
  10. Hack Website Online Tool
  11. New Hacker Tools
  12. Hacker Tools Online
  13. Hacking Tools For Windows
  14. Pentest Automation Tools
  15. Hacking Tools For Windows Free Download
  16. Game Hacking
  17. Hackrf Tools
  18. How To Install Pentest Tools In Ubuntu
  19. Pentest Reporting Tools
  20. Hacker Tools 2019
  21. Pentest Recon Tools
  22. Hack Tools For Pc
  23. New Hacker Tools
  24. Hacking Tools Github
  25. Hack Tools For Pc
  26. Hacker Tools Apk Download
  27. Pentest Tools Kali Linux
  28. Android Hack Tools Github
  29. Easy Hack Tools
  30. Hacker Techniques Tools And Incident Handling
  31. Pentest Tools Open Source
  32. Hacking Tools For Windows 7
  33. Tools Used For Hacking
  34. World No 1 Hacker Software
  35. New Hacker Tools
  36. Hack App
  37. Hacking Tools For Kali Linux
  38. Pentest Tools Linux
  39. Hacking Tools
  40. Wifi Hacker Tools For Windows
  41. Nsa Hacker Tools
  42. Hacking Tools And Software
  43. Hacking Tools Name
  44. Hacking Tools Windows 10
  45. Hacking Tools Free Download
  46. Nsa Hacker Tools
  47. Hacking App
  48. Pentest Tools Linux
  49. Pentest Tools Find Subdomains
  50. Pentest Tools Website Vulnerability
  51. Hacking Apps
  52. Ethical Hacker Tools
  53. Hacker Techniques Tools And Incident Handling
  54. Pentest Tools Subdomain
  55. Pentest Reporting Tools
  56. Hacking Tools Software
  57. Top Pentest Tools
  58. Hacker Tools Mac
  59. What Is Hacking Tools
  60. Hacker Tools For Ios
  61. Pentest Recon Tools
  62. Hack Tools For Pc
  63. Termux Hacking Tools 2019
  64. Pentest Reporting Tools
  65. Hack Website Online Tool
  66. Hack Tools For Windows
  67. Physical Pentest Tools
  68. Hack Tools Github
  69. New Hack Tools
  70. Hacker Tools 2019
  71. Hacking Apps
  72. Hacking Tools Name
  73. Hack Tools For Ubuntu
  74. Hacking Tools Windows
  75. Hack Tools 2019
  76. Hacking Tools For Beginners
  77. Hack Rom Tools
  78. Hacking Tools Software
  79. Easy Hack Tools
  80. Tools Used For Hacking
  81. Nsa Hacker Tools
  82. Kik Hack Tools
  83. Hack Rom Tools
  84. How To Hack
  85. Pentest Tools Open Source
  86. Pentest Recon Tools

No comments:

Post a Comment