Many of us have seen the big yellow "boot" on the wheel of a parked car, marking like a scarlet letter some poor sap who hasn't paid his parking tickets. Since 2005 many US municipalities have switched from a manual boot to the PayLock SmartBoot. With just a phone call and a credit card you can pay your fines and extortionate fees and fill the county coffers -- and in return they'll give you the secret code to type in and unlock the electronic vehicle immobilizer. But what if there were another way to remove the boot, quicker than a phone call and a credit card payment? Join me in a thorough reverse engineering of the PayLock SmartBoot as we disassemble one, recover and analyze the firmware from the embedded controller, and find the secrets to thoroughly pwn the device. This talk will reveal a backdoor that can be used to disarm every SmartBoot in over 50 municipalities.