Inside a Traffic Light Controller's Firmware
The Econolite ASC/3 is a black-box device that manages traffic and pedestrian cross-walk lights. Having been given a unit and instructions to make it programmable from Matlab, I did what any self-respecting engineer would do. Namely, I disassembled its firmware, identified its checksumming algorithm, and mapped the relevant bytes of its file format. A bit of XML magic later, and I had a library for reading, writing, and signing configurations.
This brief talk will discuss my adventure. It will not discuss forcing a green light or similar tomfoolery.
Travis Goodspeed
Travis Goodspeed works at the Extreme Measurement Communications Center of the DOE's Oak Ridge National Laboratory. He has spoken at ToorCon 9 and the Texas Instruments Developer's Conference regarding stack overflow exploits for the MSP430-based Wireless Sensor Networks. Having demonstrated that such attacks are possible, his present research is aimed at porting defense techniques, such as ASLR and code-auditing, to this platform.
|
