Cyclone
Cyclonic Member ((.oO))
That said... with a WiFi antenna in the mirror.... why the heck is WiFi reception so bad!? lol
Just because there is an antenna in the mirror housing doesn't mean someone plugged it into the wifi module! lol
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
That said... with a WiFi antenna in the mirror.... why the heck is WiFi reception so bad!? lol
Besides that, I'd also like to point out that Tesla could obviate all our decoding efforts with one firmware release. They could add some encryption, or even just scramble the CAN frames every software release so that we'd have to spend a lot of time re-mapping them.
This is unlike any CAN project I've ever attempted, so unless you have an unsupported (read: no updates) car, then you could find all our efforts wasted once they decide to make it hard for us. Not trying to say we shouldn't do it, but be warned.
All they'd have to do is encrypt some of the critical frames. Even something relatively simple that a low-power microcontroller can handle, such as DES.
Module swaps always require a firmware update anyway, so as long as the bootloader and flashing process are consistent, then swapping modules isn't going to cause any issues. Swap the module, then update the firmware.
In other news, I won a nice bounty from Tesla's bug bounty program for reporting and detailing an exploit I mentioned briefly earlier in this thread regarding the WiFi module.
I... In other news, I won a nice bounty from Tesla's bug bounty program for reporting and detailing an exploit I mentioned briefly earlier in this thread regarding the WiFi module.
They could use a rolling key based on a hash of a time value and something unique, such as the VIN. If the key rolled like this, real-time cracking would be much harder. Incidentally, some Pay TV systems use Tripe-DES with a rolling key generated by a seeded PRNG.DES is the obvious choice because it can be used in block mode with 64 bit blocks (perfect! there are 64 bits in a message!) But, it's also LONG since been cracked wide open and canbus traffic tends to have low entropy. It'd take all of a few hours for a modern PC to find the encryption key used. Better algorithms like AES use 128 bit blocks and that would just complicate things too much.
Also, the big issue - a given input block yields a specific output block. CAN tends to have lots of duplicate frames so counter durations and such can easily be found. Also, lots of CAN frames tend to have plenty of zeros - especially on start up. If you know something about the plain text it becomes trivial to reverse the key by brute force. No, they wouldn't bother with encryption because it wouldn't really solve anything. There are some cases where I could see encryption being used - firmware updates for instance. But, encrypting everything seems kind of pointless to me.
Besides that, I'd also like to point out that Tesla could obviate all our decoding efforts with one firmware release. They could add some encryption, or even just scramble the CAN frames every software release so that we'd have to spend a lot of time re-mapping them.
All of that trouble to keep people from seeing pack, motor, etc. data fly across the CAN bus. Hardly seems worth the trouble.
Was the bounty enough to buy the 90 battery pack for your home?
Congrats to you and well done Tesla, especially knowing what you are doing and recognizing the value of your work, unofficial or otherwise.
All of that trouble to keep people from seeing pack, motor, etc. data fly across the CAN bus. Hardly seems worth the trouble.
If they didn't have any issue with us seeing this data, why would they not simply create a second PIN for the diagnostic screens that enables a read-only view? Something like that should take a few minutes to program I would think.
Not a lot of people can understand that data. Would it not potentially open the door to regular owners thinking they had problems when they don't. I agree with transparency but I think I can understand why they don't.
I agree. But I think Tesla is very sensitive to negative PR they could get from this. I think a lot of what we diagnose as "incompetent communication" they internally view as "avoiding possible problems".Even my 2002 BMW M5 has a "check control" mode that takes several steps to enable (using parts of the unique VIN), but once enabled, I can read all sorts of sensor data -- voltages, pressures, tank levels, counters, etc. It was phenomenally helpful to debug a fuel tank pump problem in my car (it has two gas tanks, L+R, and when one gets low, it's supposed to pump gas into the other tank.. I was running out of fuel with 1/2 a tank!). I can even start a full "lights and gauges" test that lights up everything like christmas.
Tesla shouldn't be 15 years behind on this stuff.
I agree. But I think Tesla is very sensitive to negative PR they could get from this. I think a lot of what we diagnose as "incompetent communication" they internally view as "avoiding possible problems".
Not a lot of people can understand that data. Would it not potentially open the door to regular owners thinking they had problems when they don't. I agree with transparency but I think I can understand why they don't.
Say that to a Gen 1 or Gen 2 Prius owner. You'll get a big laugh."Gas tanks are better than batteries because they don't go out of balance."
"Gas tanks are better than batteries because they don't go out of balance."
Potentially dangerous information.
So, I'll note that the image up thread of the IC of a partly dismantled P85D is um... my P85D. hehe.