You've just provoked me enough to use my first post and reply to you
YES, it's possible to pull off the firmware without having any kind of root, even on the latest 2018 cars with v9.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
You've just provoked me enough to use my first post and reply to you
YES, it's possible to pull off the firmware without having any kind of root, even on the latest 2018 cars with v9.
Ok. Now that you've pulled the firmware off without root, what do you do with it? Make changes and ask Tesla to kindly flash the car with your changes?
I think the point is that you can then deploy that firmware to an unsupported Tesla, again without root access.
I simply disagreed with you in a calm discussion about @desoukya's car. I'm sorry that you take that as an insult.The guy above I called arrogant first claimed that I am wrong about car @desoukya is working on now, then when I fixed it he PM-ed me with a question about how did I do that. If you are a professional painter you would never wonder around forums asking random people how to paint walls, right? Especially after insulting them with false statements and advices how to do their job.
Sorry I don't have enough free time to answer bs above and even read it through (related to the one particular person with a lot of quotations). Too busy with helping people to fix their teslas
I've ignored TMC for quite a while and now I regret I opened it.
I PM'd you, because believe it or not, some people in the service area are sometimes willing to share an experience on two.
Since I don't think the statement in question is true, I thought okay, maybe I'll learn something.
I didn't give you advices on how to do your job either. None of my posts were addressed to you.
Greetings!
You folks all pretty much know me and my mountain of projects by now. Well, I've added one more to that ever growing list.
Behold! A Model S 17" MCU and IC running on the bench.
View attachment 161614
And a short video of the minor success and tinkering I've done getting these guys running on the bench:
Tesla Model S Hacking - Running the MCU and IC on the Bench - YouTube
Nothing too exciting just yet, but this is step one for sure.
I sent the video and some pics to a friend earlier and his response was: "I think you might want to go in for service. The car appears to be missing." lol
At this time I've gotten a few things accomplished:
- Figured out the power and ground wires that run the 17", IC, and built in audio amp.
- Figured out the connections between the IC and the MCU.
- There is a CAN pair, an ethernet connection (via that 4-pin connector), and a wake-up signal line
- Wired up a speaker to the center channel.
- The alert noise the car makes can be heard. Music plays via bluetooth. No radio since I don't have the radio module.
- This is a premium audio MCU and actually has line-level outputs for the audio channels as well as amplified outputs... not sure the purpose of the latter in the premium audio setup.
- Figured out how to "press the brake pedal" (or at least tell the IC that's what happened)
So far it's a short list, but I plan on expanding it greatly. Since I have this unit on the bench from a salvage vehicle I have no warranty fears and basically nothing to prevent me from tinkering. If I break it... oh well, I'm not down a vehicle.
Some goals:
- Figure out the rear view camera stuff
- An awesome but pretty unobtrusive hack would be to be able to display whatever we want in the Camera "app".
- I'm envisioning an HDMI aux input port...
- Gain access to the system software
- It's been done, and this unit is on 6.1 still. So, should be possible but I'm not sure. I'm pretty capable. If there is a way in, I'll find it.
- From here, any number of things is possible, and that list is pretty long.
- Hardware mod to take over the display
- A mod to the IC and/or the MCU could potentially allow utilization of the screens by a secondary processor. This could make it so a custom piece of hardware could overlay data on the screens, intercept touch commands if desired, etc, so that the interface can be modified in all sorts of cool ways. The best part about this would be that the hack wouldn't require breaking into the software running on the units, and thus wouldn't mess up any existing functionality or any warranty related things aside from the MCU/IC modifications.
- Find a way to gather and decode technical data about the vehicle
- I have tons of CAN logs from working Model S vehicles. Using my bench setup I could potentially start safely decoding what these commands mean.
- For example, I can playback some of the log to the bench setup and see if there is any result. Like, let's say I have a hunch that a certain packet is telling the battery SoC. Well, I can play that to the bench CAN bus and see if if updates the SoC display.
- Hack enough to potentially use these units in an EV conversion project
- Probably ambitious... but have you seen my other projects?
Lot's to be done. One of the things I'll need to be able to do is convince this setup to "start" the car. Currently it won't "start" when I "press" the brake pedal since there are a lot of things it can't communicate with. I'm hoping that I can fake it out by playing back portions of CAN logs from actual vehicles and maybe eventually get the IC to the "on" screen. Keep in mind that literally the only things I have hooked up currently are the MCU and IC. No other modules that would sit on the CAN buses. So everything it is displaying about the car (battery SoC, mileage, door positions, etc) is saved and displayed since it is the last thing it saw while it was connected and powered in the actual salvage vehicle.
Essentially one of my main goals with this is to find a way to add functionality to the units one way or another that can be utilized in a working car without causing any major concerns. Additionally I want to get a better understanding of everything that the car does (specifically on the CAN bus and the ethernet connections) to potentially be able to use that info for non-Tesla based diagnostic info and such. For example, I would really love to know what my pack voltage was at any given time, or the numeric power usage value.
Should be fun, and I welcome any insight anyone might have into how to go about some of the goals I've got planned, or otherwise. Additionally, if anyone is really interested in tinkering and is able to get here physically with whatever they'd want to use to tinker, I'm all for that. I really want this car to be less of a black box than it is today.
Can you show us the wiring connection ?Greetings!
You folks all pretty much know me and my mountain of projects by now. Well, I've added one more to that ever growing list.
Behold! A Model S 17" MCU and IC running on the bench.
View attachment 161614
And a short video of the minor success and tinkering I've done getting these guys running on the bench:
Tesla Model S Hacking - Running the MCU and IC on the Bench - YouTube
Nothing too exciting just yet, but this is step one for sure.
I sent the video and some pics to a friend earlier and his response was: "I think you might want to go in for service. The car appears to be missing." lol
At this time I've gotten a few things accomplished:
- Figured out the power and ground wires that run the 17", IC, and built in audio amp.
- Figured out the connections between the IC and the MCU.
- There is a CAN pair, an ethernet connection (via that 4-pin connector), and a wake-up signal line
- Wired up a speaker to the center channel.
- The alert noise the car makes can be heard. Music plays via bluetooth. No radio since I don't have the radio module.
- This is a premium audio MCU and actually has line-level outputs for the audio channels as well as amplified outputs... not sure the purpose of the latter in the premium audio setup.
- Figured out how to "press the brake pedal" (or at least tell the IC that's what happened)
So far it's a short list, but I plan on expanding it greatly. Since I have this unit on the bench from a salvage vehicle I have no warranty fears and basically nothing to prevent me from tinkering. If I break it... oh well, I'm not down a vehicle.
Some goals:
- Figure out the rear view camera stuff
- An awesome but pretty unobtrusive hack would be to be able to display whatever we want in the Camera "app".
- I'm envisioning an HDMI aux input port...
- Gain access to the system software
- It's been done, and this unit is on 6.1 still. So, should be possible but I'm not sure. I'm pretty capable. If there is a way in, I'll find it.
- From here, any number of things is possible, and that list is pretty long.
- Hardware mod to take over the display
- A mod to the IC and/or the MCU could potentially allow utilization of the screens by a secondary processor. This could make it so a custom piece of hardware could overlay data on the screens, intercept touch commands if desired, etc, so that the interface can be modified in all sorts of cool ways. The best part about this would be that the hack wouldn't require breaking into the software running on the units, and thus wouldn't mess up any existing functionality or any warranty related things aside from the MCU/IC modifications.
- Find a way to gather and decode technical data about the vehicle
- I have tons of CAN logs from working Model S vehicles. Using my bench setup I could potentially start safely decoding what these commands mean.
- For example, I can playback some of the log to the bench setup and see if there is any result. Like, let's say I have a hunch that a certain packet is telling the battery SoC. Well, I can play that to the bench CAN bus and see if if updates the SoC display.
- Hack enough to potentially use these units in an EV conversion project
- Probably ambitious... but have you seen my other projects?
Lot's to be done. One of the things I'll need to be able to do is convince this setup to "start" the car. Currently it won't "start" when I "press" the brake pedal since there are a lot of things it can't communicate with. I'm hoping that I can fake it out by playing back portions of CAN logs from actual vehicles and maybe eventually get the IC to the "on" screen. Keep in mind that literally the only things I have hooked up currently are the MCU and IC. No other modules that would sit on the CAN buses. So everything it is displaying about the car (battery SoC, mileage, door positions, etc) is saved and displayed since it is the last thing it saw while it was connected and powered in the actual salvage vehicle.
Essentially one of my main goals with this is to find a way to add functionality to the units one way or another that can be utilized in a working car without causing any major concerns. Additionally I want to get a better understanding of everything that the car does (specifically on the CAN bus and the ethernet connections) to potentially be able to use that info for non-Tesla based diagnostic info and such. For example, I would really love to know what my pack voltage was at any given time, or the numeric power usage value.
Should be fun, and I welcome any insight anyone might have into how to go about some of the goals I've got planned, or otherwise. Additionally, if anyone is really interested in tinkering and is able to get here physically with whatever they'd want to use to tinker, I'm all for that. I really want this car to be less of a black box than it is today.
Thanks
You've just provoked me enough to use my first post and reply to you
YES, it's possible to pull off the firmware without having any kind of root, even on the latest 2018 cars with v9.
Just saying something, doesn't necessarily make it true.
If you don't know how, don't say anything.
If you do, share, or it is not true.
The instructions for deploying firmware to a car without root access has been posted on this site. I think it was @verygreen that posted them.
I think deploying firmware without root is not the mystery at hand. That is known.
It's obtaining firmware (or a valid download link to get that firmware) off of a car, without root, that is what I have yet to see proven. I'm not talking about obtaining a firmware signature, but the actual firmware itself. Is that obtainable without root?
It's obtaining firmware (or a valid download link to get that firmware) off of a car, without root, that is what I have yet to see proven. I'm not talking about obtaining a firmware signature, but the actual firmware itself. Is that obtainable without root?
f205v
Member
Just curious: are firmware individually signed so that they can only be installed in the specific car they have been signed for? Or is a firmware the same for all cars?
Also, given a specific release (say 2018.42.2) is there a single firmware for every possible car/configuration, or are there variants for specific configs?
TIA
Also, given a specific release (say 2018.42.2) is there a single firmware for every possible car/configuration, or are there variants for specific configs?
TIA
f205v
Member
Does this mean I could decompile and fix the media player myself?
and there are only 3 configs at that:
1. Model 3 (all variants)
2. Model S/X MCU1
3. Model S/X MCU2
Powering the MCU:
Pin 9/10 on the bottom center are GND and pins 7/8 on the bottom left connector
are power.
Just saying something, doesn't necessarily make it true.
If you don't know how, don't say anything.
If you do, share, or it is not true.
lol, MP3Mike disagrees with sharing info.
I guess this is revenge for me busting him for this above. {cackle}
I guess this is revenge for me busting him for this above. {cackle}
