back

Breaking "DRM" in Polish trains

Reverse engineering a train to analyze a suspicious malfunction

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:01:45
Language
English
Abstract
We've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you've interfered with a security system.

This talk will tell the story of a series of Polish EMUs (Electric Multiple Unit) that all refused to move a few days after arriving at an “unauthorized” service company. We'll go over how a train control system actually works, how we reverse-engineered one and what sort of magical “security” systems we actually found inside of it.

Reality sometimes is stranger than the wildest CTF task. Reality sometimes is running `unlock.py` on a dozen trains.

The talk will be a mix of technical and non-technical aspects of analysis which should be understandable for anyone with a technical background. We’ll briefly explain how modern EMUs look like inside, how the Train Control & Monitoring System works, and how to analyze TriCore machine code.

Talk ID
12142
Event:
37c3
Day
1
Room
Saal 1
Start
11 p.m.
Duration
01:00:00
Track
Hardware & Making
Type of
lecture
Speaker
Redford
q3k
MrTick
Other Artists
Talk Slug & media link
37c3-12142-breaking_drm_in_polish_trains
0.0% Checking done0.0%
0.0% Syncing done0.0%
100.0% Transcribing done100.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!