-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Ingenext Boost Modules [aftermarket]
- Thread starter JPELKA
- Start date
Ok, the NotATesla app says US only:
It also says only certain model years for the Model 3.
Same page it says available in the UK and others here have it. Just triple checked with them.
Attachments
Asymmetric key encryption, also known as public-key cryptography, uses two different keys – a public key to encrypt and a private key to decrypt. Asymmetric encryption offers better security by verifying data source and non-repudiation (the author cannot dispute its authorship). However, it slows down the transmission process, network speed and machine performance. A popular example of asymmetric encryption is RSA Source: Data Encryption: How It Works & Methods Used
Private key.. aka magic key since it unlocks everything ... Since we are dealing with a communications channel, one end encrypts then sends the data and the other decrypts the sent encrypted data. The trick is getting a copy of that encrypted stream so you can look at it. You can tap the stream by a proxy or you can get it before or after encryption at the end points which is a real PIA.
In the automotive industry, the PKI process would begin with individual component production. This includes a wide range of items such as engine control computers, safety systems, media players within the vehicle, and more. Each of these components would be injected with a private key and digitally signed by a trusted root CA, allowing them to be verified as authentic and trusted components. Once the entire vehicle is produced, it can be digitally assigned to its owner using the same techniques. Because the vehicle would only trust operators signed under that root CA, the process would permanently or, in the case of rentals, temporarily bind the car to the owner. Source: Exploring Data Security in the Automotive Industry
Let the nightmare begin - they have the keys and the only access..
Vehicle manufacturers’ currently proposed data access model for ‘third parties’, the so-called ‘Extended
Vehicle’ (ExVe) impedes Independent Service Providers’ (ISPs) ability to offer such services. All data from the
vehicle is routed through the VM backend server which becomes the only source of data for ISPs. Through
the proprietary design of their in-vehicle telematics systems, VMs become the self-appointed gatekeepers of
access to the vehicle, its data and functions. The approach gives them full control to arbitrarily decide how,
when and to whom access will be granted; furthermore, the set of available data is limited and often pre-
processed, thus preventing the development of new, technically advanced and competitive services by third
parties. This ‘control by technical design’ deprives consumers of their genuine ‘right to choose’ and limits the
ability of market players to innovate Source : https://www.etrma.org/wp-content/uploads/2021/03/S-OTP-Paper.pdf
Private key.. aka magic key since it unlocks everything ... Since we are dealing with a communications channel, one end encrypts then sends the data and the other decrypts the sent encrypted data. The trick is getting a copy of that encrypted stream so you can look at it. You can tap the stream by a proxy or you can get it before or after encryption at the end points which is a real PIA.
In the automotive industry, the PKI process would begin with individual component production. This includes a wide range of items such as engine control computers, safety systems, media players within the vehicle, and more. Each of these components would be injected with a private key and digitally signed by a trusted root CA, allowing them to be verified as authentic and trusted components. Once the entire vehicle is produced, it can be digitally assigned to its owner using the same techniques. Because the vehicle would only trust operators signed under that root CA, the process would permanently or, in the case of rentals, temporarily bind the car to the owner. Source: Exploring Data Security in the Automotive Industry
Let the nightmare begin - they have the keys and the only access..
Vehicle manufacturers’ currently proposed data access model for ‘third parties’, the so-called ‘Extended
Vehicle’ (ExVe) impedes Independent Service Providers’ (ISPs) ability to offer such services. All data from the
vehicle is routed through the VM backend server which becomes the only source of data for ISPs. Through
the proprietary design of their in-vehicle telematics systems, VMs become the self-appointed gatekeepers of
access to the vehicle, its data and functions. The approach gives them full control to arbitrarily decide how,
when and to whom access will be granted; furthermore, the set of available data is limited and often pre-
processed, thus preventing the development of new, technically advanced and competitive services by third
parties. This ‘control by technical design’ deprives consumers of their genuine ‘right to choose’ and limits the
ability of market players to innovate Source : https://www.etrma.org/wp-content/uploads/2021/03/S-OTP-Paper.pdf
We already talked about this. The ethernet has the advantage of having 100MB/s bandwidth vs 1Mb/s. I was wrong in that standard CAN is 8 bytes max for the data field in a frame. In addition, not all traffic is encrypted over the internal ethernet; this may be by limitations in existing hardware as encryption was rolled out in 2019 IIRC, though I haven't found a write up explaining which devices are putting out unencrypted traffic.
It's more naïve to assume all devices are capable of encryption than not. There may be limitations in architecture and compute that make it impossible for encryption to be deployed, let alone done fast enough for RT communication. Differences of milliseconds will drastically affect the entire performance of the car and would require rewriting much more than the communication layer.
Knightshade
Well-Known Member
FYI for the last couple years there's actually been some gigabit ethernet on board (in 3/Y at least, and I'd expect in refresh S/X but not sure)- at least the AP computer and Infotainment link is gig.
akveluru
Member
Anyone try installing 2022.24.5 with the ingenext module?
This seems to be the version for AP 2.5 cars without the Tesla Vision merge.
This seems to be the version for AP 2.5 cars without the Tesla Vision merge.
akveluru
Member
I assume the safe updates applies to all of them, but I'm using the ghost + Nice Try.
The idea that they have not enough power to encrypt 100x smaller traffic is just wrong. They have enough.
There are countless super lightweight algorithms of symmetric encryption, considering that they all can exchange the key over signed and encrypted LAN.
CAN bus is not realtime by any means and processor time for encryption is nothing compared to the time devices standing in slow queues, waiting for their turn to send the message.
Are you really so sure about that? With data being sent of wheel speed/position, suspension position sensors, accelerometers along body locations, and the rest of the sensor suite on the CAN bus, it seems fairly likely there are critical RT operations being performed by the modules. The brake position and steering wheel position, for example, are both being updated via CAN for the ABS and traction control system respectively.
Either way, modules aren't taking turns and any lower priority messages simply get dropped. There isn't any queue for high-priority modules.
PauliePucks
3rd Party Accessory Junkie
I have both power frunk and trunk from evoffer. No issues at all with my boost sr. I also have a 9” Linux display and seat massager which work without issue.
This is one of the best detailed articles that is current about can bus and can bus 2 plus automotive ethernet.
dewesoft.com
What Is Can Bus (Controller Area Network)
Introduction into CAN bus (Controller Automation Network), CAN FD, OBD II and how it compares to other standard vehicle data bus networks.
dewesoft.com
It's a multiplex serial bus. It's not realtime by design. And it can't function without the queue. I don't need wiki references, I worked enough with it. Encryption delay is negligible and to make all those hacks permanently fail you don't even need to encrypt everything. So it's just a matter of attention.
It's realtime by convenience; every controller operates with it and performs critical operations over the bus. You also keep saying queue as if that is a thing within the spec. It's timing based on priority and arbitration with transmission delay. If a lower priority node sees a transmission it just waits until the next. Any small disruption to the order can compound to a lot of missed frames and disruption over the network for lower-priority nodes.
But I don't really need to rely on my understanding of the protocol as there are many sources citing CAN as realtime (even if we both agree serial multiplex is not the best implementation for that purpose!!).
Lets take VCfront for example, with a 120 MHz clockspeed max. Now that's monstrously fast for an embedded device but considering all the operations it handles (everything forward of the firewall and HV equipment), that leaves very few cycles for general computation. There is an encryption engine that connected to the memory protection unit but that appears to only be used for hardening the memory. So any encryption algorithm would have to use the general instruction set, and would need to be tailored to each module (assuming that everything on the CAN isn't using the same monster chip).
Maybe you can speak to programming an embedded device; I certainly can't. But my understanding is that it contains no fluff and coding an arbitrary encryption algo would be difficult, hence the use of engines and peripheral chips. Couple that with the minor overhead to bandwidth, it makes implementing encryption with the current hardware extremely difficult, if not practically impossible. CAN encryption is a pointless endeavor, like teaching a horse how to pilot a plane; it's a difficult, pointless addition to something that already works.
In any case, we already agreed that detection and defeat of a CAN module is arbitrarily easy. The whole encryption debacle is theoretical nonsense.
akveluru
Member
Thanks. Glad to hear they both work. Planning to do the same!
