A Rust simulation of a vehicle ECU bootloader that cryptographically authenticates firmware before execution — defending against physical, network, and downgrade attacks.
Modern vehicles run 100+ ECUs with millions of lines of firmware. A single unsigned update path is a critical attack surface.
Malicious firmware loaded via OBD-II / USB diagnostic port during servicing or theft.
Man-in-the-middle attack corrupts or replaces a genuine firmware image in transit.
Attacker re-flashes an older signed image that contains known, exploitable vulnerabilities.
Host-side signer packages firmware; device-side bootloader verifies before any code runs.
Parsed byte-by-byte. All multi-byte fields are little-endian.
| Offset | Field | Size | Description |
|---|---|---|---|
| 0x00 | MAGIC_WORD | 4 B | 0x53 0x42 0x4F 0x54 "SBOT" — fast-fail guard |
| 0x04 | VERSION | 4 B | uint32 monotonic. Anti-rollback counter. |
| 0x08 | PAYLOAD_SIZE | 4 B | uint32 byte length of payload. |
| 0x0C | SIGNATURE | 64 B | Ed25519 signature over SHA-256(payload). |
| 0x4C | PAYLOAD | var | Executable firmware binary. |
Set VERSION and hover a field to decode it.
Every choice is motivated by embedded constraints: small code size, fast verification, side-channel resistance.
EdDSA over Curve25519. Constant-time signing & verification. 64-byte signatures.
Payload hash. Any single-bit flip changes the 32-byte digest entirely.
Memory-safe header parsing. No buffer overflows by construction.
ZIP-215 point validation. Returns Result, never panics.
Edit the payload — even one character change completely rewrites the hash. This is what makes signature forgery impossible.
Step through exactly what the secure_bootloader executes. Choose a scenario to see how each attack is stopped.
Live simulated telemetry — what an OEM security operations center would monitor across a fleet.
Run each attack live and observe the bootloader's response.
Custom firmware via OBD-II diagnostic port
MitM corrupts payload in transit
Re-flash older signed image (CVEs)
| Threat | Vector | Detection Point | Mitigation | Status |
|---|---|---|---|---|
| Malicious USB Flash | Physical port | Ed25519 signature check | No OEM private key → can't forge signature | ✓ BLOCKED |
| OTA Tampering | Network / MitM | SHA-256 hash mismatch | Any 1-bit change invalidates signature | ✓ BLOCKED |
| Version Downgrade | Replay signed image | VERSION vs stored counter | Monotonic counter rejects older versions | ✓ BLOCKED |
All integration tests run via cargo test --workspace. Click to replay each test in the terminal.
| # | Test Name | Scenario | Expected | Result |
|---|---|---|---|---|
| 1 | golden_path | Valid binary, correct key, version ≥ stored | EXIT 0 | — |
| 2 | tamper | One bit flipped in payload at 0x4C | EXIT 1 / FATAL | — |
| 3 | key_mismatch | Signed with Key A, verified with Key B | EXIT 1 / FATAL | — |
| 4 | downgrade | stored_version=2, image VERSION=1 | EXIT 1 / FATAL | — |
A complete end-to-end automotive secure boot chain — from signing at build time to verification at boot time — with interactive simulations, live telemetry, and full test coverage.