🚗 خودروهای مدرن از همیشه کامپیوتری‌تر شدن. سیستم‌های infotainment و ناوبری، وای‌فای، آپدیت‌های خودکار نرم‌افزاری و بقیه قابلیت‌ها برای راحت‌تر کردن رانندگی طراحی شدن. اما از اون طرف، تکنولوژی خودروها هم‌پای فضای تهدید امنیتی امروز جلو نرفته و همین باعث شده میلیون‌ها خودرو در معرض آسیب‌پذیری قرار بگیرن.

🧠 این کتاب در ادامه‌ی The Shellcoder’s Handbook یک درک عمیق از سیستم‌های کامپیوتری و نرم‌افزارهای embedded داخل خودروهای مدرن بهت میده. اول میاد آسیب‌پذیری‌ها رو بررسی می‌کنه و ارتباطات روی CAN bus و بین سیستم‌ها و دستگاه‌ها رو دقیق توضیح میده.

🔌 بعد از اینکه ساختار شبکه ارتباطی خودرو رو فهمیدی، یاد می‌گیری چطور داده‌ها رو intercept کنی و هک‌های مشخصی انجام بدی؛ مثل ردیابی خودرو، باز کردن درها، ایجاد اختلال در موتور، flood کردن ارتباطات و موارد مشابه. تمرکز کتاب روی ابزارهای ارزون و open source مثل Metasploit، Wireshark، Kayak، can-utils و ChipWhisperer هست و بهت نشون میده چطور:

• برای خودرو threat model دقیق بسازی
• CAN bus رو reverse engineer کنی تا سیگنال‌های موتور رو fake کنی
• آسیب‌پذیری‌های سیستم‌های diagnostic و data-logging رو exploit کنی
• ECU و سایر firmwareها و سیستم‌های embedded رو هک کنی
• از طریق سیستم‌های infotainment و ارتباطات vehicle-to-vehicle اکسپلویت تزریق کنی
• تنظیمات کارخانه رو با تکنیک‌های performance tuning دور بزنی
• تست‌بنچ‌های فیزیکی و مجازی برای تست امن اکسپلویت‌ها بسازی

⚙️ اگر به امنیت automotive علاقه داری و کنجکاوی یک «کامپیوتر دو تُنی» رو از نزدیک بفهمی، این کتاب نقطه شروع خوبیه.

📚 فهرست مطالب

1. چرا باید به امنیت پایگاه داده اهمیت بدهیم؟
2. معماری Oracle
3. حمله به Oracle
4. Oracle: حرکت عمیق‌تر در شبکه
5. امن‌سازی Oracle
6. پایگاه داده IBM DB2 Universal Database
7. DB2: کشف، حمله و دفاع
8. حمله به DB2
9. امن‌سازی DB2
10. معماری Informix
11. Informix: کشف، حمله و دفاع
12. امن‌سازی Informix
13. معماری Sybase
14. Sybase: کشف، حمله و دفاع
15. Sybase: حرکت عمیق‌تر در شبکه
16. امن‌سازی Sybase
17. معماری MySQL
18. MySQL: کشف، حمله و دفاع
19. MySQL: حرکت عمیق‌تر در شبکه
20. امن‌سازی MySQL
21. معماری Microsoft SQL Server
22. SQL Server: بهره‌برداری، حمله و دفاع
23. امن‌سازی SQL Server
24. معماری PostgreSQL
25. PostgreSQL: کشف و حمله
26. امن‌سازی PostgreSQL

📝 نقد و بررسی‌ها

💬 «این کتاب یک راهنمای عملی برای reverse engineer کردن، exploit کردن و تغییر دادن سیستم‌های embedded هست؛ خودروها فقط یک مثال هستن. توضیحات خیلی قابل فهم ارائه شده و روی انجام کارها به شکل امن، قانونی و اخلاقی هم تأکید داره.»

— Hackaday

💬 «اسمیت یک مقدمه عملی و دقیق از سیستم‌های خودرو و ابزارهای تعامل با اون‌ها ارائه داده؛ چه برای استفاده‌های سالم و چه مخرب. یک مطالعه توصیه‌شده.»

— IEEE Cipher

💬 «این کتاب یک راهنمای خوب برای فهم امنیت خودروئه و برای هر کسی که می‌خواد این حوزه رو بهتر بشناسه مفیده.»

— SAE International

💬 «این نسخه توسعه پیدا کرده و ساختار بهتری گرفته و همه تغییرات جدید در سیستم‌های خودرو رو پوشش می‌ده.»

— Cory Doctorow, Boing Boing

💬 «کتاب یک مرور دقیق از سیستم‌های کنترل دیجیتال خودرو ارائه می‌ده و نشون می‌ده چطور این سیستم‌ها می‌تونن آسیب‌پذیر باشن.»

— Digital Trends

💬 «در حدود ۳۰۰ صفحه، ریسک‌های امنیتی زیادی بررسی شده و با رشد سیستم‌های autonomous این ریسک‌ها بیشتر هم می‌شن.»

— TechCrunch

💬 «اطلاعات عملی درباره شبکه‌ها و پروتکل‌های خودرو خیلی ارزشمنده.»

— LWN.net

💬 «کتاب به خوبی نشون می‌ده خودروهای متصل چطور کار می‌کنن و چه آسیب‌پذیری‌هایی دارن.»

— RSA Conference

💬 «برای کسی که می‌خواد بفهمه داخل خودرو از نظر نرم‌افزاری چه اتفاقی می‌افته، این کتاب خیلی مفیده.»

— InfoSecurity Magazine

💬 «حتی برای کسایی که مستقیماً وارد حوزه امنیت خودرو نمی‌شن هم دید خوبی از سیستم‌ها می‌ده.»

— The IT Nerd

💬 «این کتاب نشون می‌ده شفافیت و دانش عمومی چطور می‌تونه امنیت خودرو رو بهتر کنه.»

— Network Security Newsletter

💬 «کتاب درباره آسیب‌پذیری ECU و CAN bus و مسیرهای حمله به خودرو توضیح می‌ده.»

— Driving

💬 «برای علاقه‌مندان جدی خودرو این کتاب ارزش خوندن داره.»

— GearBrain

💬 «حتی اگر وارد penetration testing خودرو نشی، دید خوبی از سیستم‌هایی که باهاش رانندگی می‌کنی می‌ده.»

— USENIX ;login:

💬 «هم کاربردی و هم از نظر امنیتی هشداردهنده‌ست.»

— Automotive Design & Production

💬 «کتاب کمک می‌کنه بفهمیم چه ریسک‌هایی وجود داره و چطور باید باهاشون برخورد کرد.»

— Help Net Security

💬 «برای افراد فنی که با خودرو کار می‌کنن یک منبع جدیه.»

— The Auto Channel

💬 «مرور خوبی از سیستم‌های نرم‌افزاری خودروهای مدرن ارائه می‌ده.»

— CAN Newsletter

💬 «یکی از بهترین منابع برای یادگیری CAN bus هست.»

— Robots for Roboticists

💬 «یک منبع مفید برای متخصصان امنیت.»

— Mercury Blog

👨‍💻 درباره نویسنده

👨‍💻 Craig Smith مدیر Theia Labs هست؛ یک شرکت تحقیقاتی در حوزه امنیت که روی audit و ساخت prototypeهای سخت‌افزاری و نرم‌افزاری کار می‌کنه. او روی چندین پروژه خودروسازها کار کرده و تحقیقاتش رو به‌صورت عمومی منتشر کرده. همچنین از بنیان‌گذاران Hive13 hackerspace و OpenGarages.org هست و به‌صورت مرتب در کنفرانس‌هایی مثل RSA و DEF CON درباره car hacking صحبت می‌کنه.

Modern cars are more computerized than ever. Infotainment and navigation systems, Wi-Fi, automatic software updates, and other innovations aim to make driving more convenient. But vehicle technologies haven’t kept pace with today’s more hostile security environment, leaving millions vulnerable to attack.

The Car Hacker’s Handbook will give you a deeper understanding of the computer systems and embedded software in modern vehicles. It begins by examining vulnerabilities and providing detailed explanations of communications over the CAN bus and between devices and systems.

Then, once you have an understanding of a vehicle’s communication network, you’ll learn how to intercept data and perform specific hacks to track vehicles, unlock doors, glitch engines, flood communication, and more. With a focus on low-cost, open source hacking tools such as Metasploit, Wireshark, Kayak, can-utils, and ChipWhisperer, The Car Hacker’s Handbook will show you how to:

• Build an accurate threat model for your vehicle
• Reverse engineer the CAN bus to fake engine signals
• Exploit vulnerabilities in diagnostic and data-logging systems
• Hack the ECU and other firmware and embedded systems
• Feed exploits through infotainment and vehicle-to-vehicle communication systems
• Override factory settings with performance-tuning techniques
• Build physical and virtual test benches to try out exploits safely

If you’re curious about automotive security and have the urge to hack a two-ton computer, make The Car Hacker’s Handbook your first stop.

Table of Contents

Chapter 1: Why Care About Database Security?

Chapter 2: The Oracle Architecture

Chapter 3: Attacking Oracle

Chapter 4: Oracle: Moving Further into the Network

Chapter 5: Securing Oracle

Chapter 6: IBM DB2 Universal Database

Chapter 7: DB2: Discovery, Attack, and Defense

Chapter 8: Attacking DB2

Chapter 9: Securing DB2

Chapter 10: The Informix Architecture

Chapter 11: Informix: Discovery, Attack, and Defense

Chapter 12: Securing Informix

Chapter 13: Sybase Architecture

Chapter 14: Sybase: Discovery, Attack, and Defense

Chapter 15: Sybase: Moving Further into the Network

Chapter 16: Securing Sybase

Chapter 17: MySQL Architecture

Chapter 18: MySQL: Discovery, Attack, and Defense

Chapter 19: MySQL: Moving Further into the Network

Chapter 20: Securing MySQL

Chapter 21: Microsoft SQL Server Architecture

Chapter 22: SQL Server: Exploitation, Attack, and Defense

Chapter 23: Securing SQL Server

Chapter 24: The PostgreSQL Architecture

Chapter 25: PostgreSQL: Discovery and Attack

Chapter 26: Securing PostgreSQL

Review

“The Car Hacker's Handbook a guide on how to reverse engineer, exploit, and modify any kind of embedded system; cars are just the example. Craig presents this in a way that is eminently comprehensible and spends enough time reinforcing the idea of hacking a car safely, legally, and ethically. It’s a great read, an excellent introduction to fiddling with embedded bits, and truly owning the devices you’ve already purchased.”

—Hackaday

“Smith has done a marvelous job of providing a practical introduction to the world of vehicle systems and the tools used to interact with them for both benign and malicious purposes. Definitely a recommended read.”

—IEEE Cipher

“No matter where you stand on the vehicle cybersecurity issue—and perhaps like me you need to learn more about this subject—The Car Hacker's Handbook is an excellent guide and reference.”

—SAE International

“No Starch Press has taken on the task of turning The Car Hacker's Handbook into a beautifully produced, professional book, in a new edition that builds on the original, vastly expanding the material while simultaneously improving the organization and updating it to encompass the otherwise-bewildering array of new developments in car automation and hacking.”

—Cory Doctorow, Boing Boing

“The Car Hacker’s Handbook is a comprehensive guide to reverse-engineering and understanding the digital control systems in a modern vehicle. This book is a wake-up call to automakers, legislators, and regulators, announcing the fact that technology enthusiasts can and will continue to fiddle with their cars. The bar for automotive software quality just got raised.”

—Jeff Zurschmeide, Digital Trends

“At nearly 300 pages, The Car Hacker’s Handbook covers a lot of potential security risks, and as autonomous systems become more ubiquitous and sophisticated, there could be even more risks.”

—TechCrunch

“The Car Hacker's Handbook is well worth reading. The practical information on automotive networks and protocols is invaluable. All things considered, that is what one wants from a hacker's handbook.”

—Nathan Willis, LWN.net

“Craig Smith has written a fascinating book about how connected cars work, and how they can be hacked. For those that want to understand what goes on under the hood of the car from a software perspective, The Car Hacker's Handbook is a most worthwhile read.”

—Ben Rothke, RSA Conference

“If you have your own car and are interested in understanding the ins and outs of its networking and security, this is the reference book to use.”

—Jay Schulman, InfoSecurity Magazine

“If you are interested in what goes on behind the scenes when you drive your car, and how exploitable it is, this is a book worth reading.”

—The IT Nerd

“With people like author Craig Smith and books such as The Car Hacker's Handbook, open information and standards and shared knowledge are the ways to secure our safety on the road.”

—Network Security Newsletter

“The Car Hacker’s Handbook by Craig Smith not only details the multiplicity of hacks that have already been perpetrated on unsuspecting automobile ECUs but promises to be a 'Guide for the Penetration Tester' interested in 'attacking ECUs' and 'passive CAN bus fingerprinting.'”

—David Booth, Driving

“The Car Hacker's Handbook is not just a technical guide for car enthusiasts and those with an interest in cybersecurity. If you work on, or modify cars, this book could be your Bible.”

—Rick Limpert on WGST's The Sully Show

“The Car Hacker's Handbook by Craig Smith is an excellent resource that deserves a place next to your Chilton repair manuals. Rather than an afterthought, security is front and center with The Car Hacker's Handbook. Anyone interested in electronically breaking into cars, or ideally thwarting such intrusions, should consider cracking into Smith's book first.”

—GearBrain

“Protect yourself and your car with The Car Hacker's Handbook. This book can be a great reference tool or even a spring or summer read. Smith doesn't set out to be an alarmist, but this book really makes you think.”

—Examiner.com

“The Car Hacker’s Handbook has pages of programming and technical information for tinkerers (i.e., hackers). But it also provides a public service as the first work of its kind to analyze computer-based systems that make them vulnerable to attack and exploitation. If your company has a fleet, you might want to check it out.”

—Strategic Finance

“If you are a serious car nut who regularly tinkers around, love problem-solving codes, or are concerned about security, pick up this guide and give the tricks inside a try. It could have a significant impact on your security.”

—The News Wheel

“The Car Hacker's Handbook invites digging deep within and getting your hands “dirty” digitally. Chock full of information and diagrams. For those with a yen for hacking a two-ton computer, drive on over to a bookstore and wrap your hands around this.”

—LA Home & Technology Examiner

“A great resource if you’re trying to hone your automotive skills or if you have an interest in the networks and security of cars.”

— Makezine.com

“Even if you aren't interested in becoming a car penetration tester, but you do want to know more about the collection of computers you routinely drive, you would do well to buy and read this book.”

—;login: the Magazine of USENIX

“The Car Hacker's Handbook is, on the one hand, an important work that can be highly useful to those who want to find the ways and mean to protect vehicles from cyber-attack, and, on the other, scary as hell for the rest of us.”

—Automotive Design & Production

“Smith is set on providing knowledge that will help users improve their car’s security and performance. The ultimate goal is to shed light on the inner workings of modern cars, discover potential security weaknesses and urge automakers to fix them, discover intentional choices that shouldn’t have been made (e.g. Volkswagen emissions scandal), and to know what you are driving.”

—Help Net Security

“A car hacker's bible. Smith cites the importance of having individuals as well as auto makers continually check and test their vehicles. He also cites the importance of public awareness that can pressure both manufacturers and safety agencies into developing safeguards and standards designed to keep ahead of the threat. And these really are only the early steps in a very long haul issue.”

—The Auto Channel

“A detailed overview of the computer systems and embedded software ubiquitous in today’s new cars. The author describes the numerous entry points where a hack can occur. Starting with CAN, the infotainment system, the engine control unit (ECU), and more.”

—CAN Newsletter

“As cars become more connected and contain more software than ever, their vulnerabilities are being publicly exposed, often to the great embarrassment of automakers. Craig Smith’s excellent, detailed book lifts the lid on all the major threat vectors in the vehicle, with great technical depth. For anyone interested in security and the modern vehicle, or whose job depends on these areas, there is simply no better book out there!”

—Andrew Brown, Strategy Analytics, Executive Director of Enterprise and IoT Research

“The Car Hacker's Handbook is useful, insightful, and brimming with pragmatic advice. Highly recommended to those in the automotive and security industries.”

—Prof. Christof Ebert, Vector Consulting Services

“Easily the best book I have ever found for learning about how to use a CAN bus. I would recommend this book for engineers working with embedded systems, even if they do not work with cars. I give this book 5 out of 5.”

—Robots for Roboticists

“A useful resource for cybersecurity experts.”

—Mercury Blog

About the Author

Craig Smith runs Theia Labs, a research firm that focuses on security auditing and building hardware and software prototypes. He has worked for several auto manufacturers and provided them with his public research. He is also a founder of the Hive13 hackerspace and OpenGarages.org. Craig is a frequent speaker on car hacking and has run workshops at RSA, DEF CON, and other major security conferences