Bear with me here - I have a digital instrument cluster in my car from AliExpress.
It runs on a restricted linux system - in that the buyer (me) has no access to the file system other than an OTA folder and an SSH login with a very restricted command set and no access outside of a specified folder.
I have been sent about 3 or 4 updates over the last 7 months - I *think* they are encrypted using OpenSSL but not entirely sure. The first text is "Salted" when viewing with a hex editor. I forget the online file checker I used but that suggested it was encrypted via OpenSSL.
The update process is to put the file - named "gor.tar.bz2" - onto a USB stick, and the system will automatically extract the files and complete the update. Is there any type of script or something I could use - for example, named gor.tar.bz that would somehow execute and catch the password used to attempt to open it? Or perhaps some other command I could try to use to catch the password or full command the system is using to extract the files?
[link] [comments]
from hacking: security in practice https://ift.tt/xDsVU39
Comments
Post a Comment