We've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you've interfered with a security system.
This talk will tell the story of a series of Polish EMUs (Electric Multiple Unit) that all refused to move a few days after arriving at an “unauthorized” service company. We'll go over how a train control system actually works, how we reverse-engineered one and what sort of magical “security” systems we actually found inside of it.
Reality sometimes is stranger than the wildest CTF task. Reality sometimes is running `unlock.py` on a dozen trains.
The talk will be a mix of technical and non-technical aspects of analysis which should be understandable for anyone with a technical background. We’ll briefly explain how modern EMUs look like inside, how the Train Control & Monitoring System works, and how to analyze TriCore machine code.