Trillium

About PassGO

PassGO is an online capture-the-flag/wargame that realistically simulates hacking a car. Trillium Secure has made PassGO available online to educate cybersecurity enthusiasts and engineers about encryption vulnerabilities.

We challenge you to exploit five levels of encryption on a CAN bus and claim a unique identification code. The first three (3) levels of encryption represent what you may find in the automotive market today. Breaking through Levels 4 and 5 requires advanced knowledge of cryptographic and hacking techniques because they include Trillium Secure’s multi-layered cybersecurity technology. Best of luck to you!

Objective

Take a crack at decrypting the message displayed on the screen to find the unique identifier (UID). Each level has a time limit - you can guess what the UID is as many times as needed. When your time’s up, a new UID will be issued and you’ll have to start over. Use your time wisely since you’ll get only five attempts before getting booted off the PassGO Hacking Challenge.

Encrypted messages are displayed in HEX (the method in which messages are sent over CAN bus) and users are prompted to send back the decrypted UID in ASCII to advance to the next level.

If you’re skilled enough to complete a level, go ahead and send us your resume, the UIDs you harvested, and any code you developed to careers@trilliumsecure.com.

Levels / Rules

  1. Unencrypted (10 minutes)
  2. Weak Encryption Method (25 minutes)
  3. Intermediate Encryption Method (35 minutes)
  4. Difficult Encryption Method (45 minutes)
  5. Trillium Secure Patented DKLP Encryption (60 minutes)
  • Any kind of DoS activity (i.e., too many processes/file creation, or network access) is prohibited. None of the levels require direct access to a server. Moreover, a level will never involve the practice of Denial of Service.
  • Please report any bugs or system deficiencies.
  • Refrain from posting solutions or hints online.
  • Check back to this page regularly to see new updates about the PassGO Hacking Challenge.

SecureGO

SecureGO encrypts and authenticates your vehicles’ network communications. Its features include a rolling key management system, an ISO compliant authentication process, and customizable encryption functionality. SecureGO is optimized for ECUs that have strict performance and memory constraints, allowing it to be used in any vehicle.

SecureGO gives industry leaders a modular method of architecting in-vehicle security according to their unique use case. Trillium’s modular Software Development Kit gives OEMs the option of choosing their own cipher, the choice of including MAC channel hopping, and whether keys will be changed based on a specific or random interval for individual ECUs. SecureGO is part of Trillium’s subscription service that guarantees data generated by a vehicle is protected for its entire lifecycle.

Contact

Email PassGO@trilliumsecure.com for questions or bug reports. Thank you