There are some that want as much of a direct (hard wired) connection as possible. BT, while great for most, can still add distortion.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
There are some that want as much of a direct (hard wired) connection as possible. BT, while great for most, can still add distortion.
The one of those errors that intrigues me is:
The question of which maps are currently installed and whether an update has been received has long been a bit of a mystery; here we seem to have the maps missing altogether. Possibly they have simply become corrupt, or one of the SD cards has fallen out of the unit? Or maybe maps are stored in some third piece of hardware separate from the two screens?
The question of which maps are currently installed and whether an update has been received has long been a bit of a mystery; here we seem to have the maps missing altogether. Possibly they have simply become corrupt, or one of the SD cards has fallen out of the unit? Or maybe maps are stored in some third piece of hardware separate from the two screens?
Cyclone
Cyclonic Member ((.oO))
Well, it could also mean something else. The turn by turn directions are generated by the Garmin database, even though on the 17" they will display on Google Maps images. This is why my phone's Google Maps can route me on new roads and the can show me driving on that road on the 17", but the directions freak out thinking I'm driving through fields and across intersections. So the alert could mean the 17" couldn't load up the Garmin database to try and be ready to generate nav directions, and thus, threw the error.
In non-tech package cars (when TP existed), the 17" could show you point A -> B, but you would not get turn-by-turn directions (from what I've been told).
Right. I think that LIN bus is behind another CAN connected device, though, and not LIN directly to the MCU. I could be wrong though.
Yeah, I think it would be pretty trivial to actually utilize the radio inputs to the MCU.... but getting to them would be the challenge that would probably make it not worth it for an aux port.
There are a couple of SD cards, but they don't contain anything too useful. (See below)
The maps are generally on a 16GB microSD card. For some reason this 16GB card is damaged on this unit. It's showing up as a 32MB card when I try to read it and I can't get it to really do anything. I have a dump of the maps from another unit that I may try to put on a new SD card, but honestly... I don't think this setup will be navigating anywhere.
There is a second SD card that has the "carkeys" VPN keys and such, like the folks at DEF CON mentioned, but that's about the limit of it's usefulness. I don't plan on accessing Tesla's VPN with these credentials, even if they are still valid, since I feel that would be crossing a line here.
There is a 64MB flash chip on each of the IC and MCU that I have a dump of from an earlier unit (a while back, over the summer) where the two displays were already badly damaged in a salvage. They contain the root file systems of the two units in an obfuscated and compressed manner. Last night I actually finally figured out the encoding method on them and dumped those file systems (more on that later)... but unfortunately the bulk of the data seems to be somewhere else that I haven't located yet. The fs dumps I made reference the /usr /var and /home directories, which appear to be mounted from some other storage.
There doesn't appear to be any removable memory besides the two SD cards.
Now that I've nailed down how this flash dump is encoded, I think a potential last resort attack vector could be to modify one of these root fs flash chips directly (and painfully), probably on the MCU since it has a private key to ssh into the IC, to insert some nasties (like some poison /root/.ssh/authorized_keys and maybe a few other methods of gaining access after it boots up). I have confirmed that the MCU's private ssh key from the older unit I have a flash dump from is not the same as the ssh key on my bench setup, so that's good from a security perspective. The passwords in the two shadow files didn't crack after an overnight run either, so Tesla must have fixed that issue mentioned at DEF CON independent of firmware updates since my bench setup firmware predates that firmware fix. I didn't expect them to match up with my unit's passwords anyway, was just an exercise in good fun.
Let's see.
I've identified a few useful CAN frames for controlling some status outputs on the IC. So far just the speedometer readout, the power gauge, and the range meter.
I've also figured out, thanks to a tidbit in one of the flash dumps, how to change the panels displayed on the left and right of the IC via ethernet and http. I haven't tested this yet, but it looks pretty simple. Here's the line from a "factory reset" script in the flash dump:
Code:
curl -s -m 10 "http://ic:4130/setWindows?left=3&right=4"Overall... making progress. Unfortunately I'm going to have to dial back my time on this project to tend to some other things, but should pick back up on it soon.
Gabzqc
Member
GasKilla
No Gas Know Peace
That's the point, I referring to devices that don't have Bluetooth like iPods, PONO player, and other portable audio players that don't have Bluetooth. Plus audiophiles prefer a direct analog connection as opposed to a wireless connection. I've seen it asked for in other threads and would certainly be "worth it" for plenty of people.
artsci
Sponsor
Right on all counts. Evidently the system only recognizes signals from the Tesla camera. The camera switch was designed to eliminate any possible signal disruption as the switching from rear to front Tesla cameras is made.
I think wk057's work is so important if I don't have spare camera I'm going to buy one and ship it to him.
Cyclone
Cyclonic Member ((.oO))
No post from wk for a couple hours. Did the Tesla Ninjas show up in some black Model Xs? (I wonder if they drove in using AutoPilot?) Should we send out the search parties?
green1
Active Member
This always felt bypassable, obviously the signal originates as something normal, you just need to find a way to inject your new signal before it's encoded in it's Tesla specific way. It's quite possible that means you need to do the insertion at the camera end instead of at the 17" screen, but I still suspect it can't be all that difficult to do with the right skillset.
I honestly didn't know anyone still used dedicated portable media devices anymore. I've used my "phone" for media for at least the last decade (Android and earlier phones with MP3 support). I'm not convinced a direct connection in this instance would have a perceptible quality difference anyway.
In any case, with the Model S, if perfect quality is what you're going for then what you need to be doing is putting FLAC files on a USB drive. No aux port setup can possible beat that since you're cutting out the middleman entirely.
Wow, that's incredibly generous! Thank you!
I'm reasonably confident that the camera signal isn't anything too impossible to emulate. It definitely is a more monumental task than swapping out the cam signals, but I don't think it is impossible. Just going to take some patience deciphering the comm protocol, which I can do without fear of damaging my MCU because... well, honestly if I break it I break it. Goes with the territory. I wouldn't do this reverse engineering on a live car since I wouldn't want to break something injecting randomness on the line in the debugging phases.
The external diagnostic port magic was actually revealed by the DEFCON folks. I don't see any way around it currently without the "carkeys" file and talking to Tesla's servers to get the auth token. Getting the carkeys file requires dismantling the MCU. It would be much easier to access that network by just tapping the MCU<->IC comm (like I'm working on doing).
I very well may whip up some adapters to do this with the right connectors and all if I can find a good source for these oddball connectors. It's not too difficult to access the rear of the IC, especially when compared to removing and disassembling the MCU.
No post from wk for a couple hours. Did the Tesla Ninjas show up in some black Model Xs? (I wonder if they drove in using AutoPilot?) Should we send out the search parties?
I actually had a busy non-Tesla hacking schedule today.
And it didn't involve black Model X's either. It's certainly possible, it's just going to take a bit of persistence and patience.
The camera signal wiring is definite digital, so as long as Tesla didn't waste a bunch of resources adding layers of encryption to a rearview camera... probably in good shape. Even if they did, eventually I'm getting into the MCU and I'll figure out what it is.
Andyw2100
Well-Known Member
The camera signal wiring is definite digital, so as long as Tesla didn't waste a bunch of resources adding layers of encryption to a rearview camera... probably in good shape. Even if they did, eventually I'm getting into the MCU and I'll figure out what it is.
When you do, I think that will be a hack that will potentially have some real application. For example, I know a lot of people (including artsci, I believe) are interested in the whole "bird's eye view camera system" thing, but far less so if it can't be displayed on the 17" display. I'm pretty sure artsci had a thread on this, and without going back to check, if memory serves, after he was provided some false hope, they never did get the system to work on the 17" display.
Tesla is likely to start offering something like this eventually, and unlikely to offer it as a reasonably priced retrofit. So I think there's a market there.
Edit: Curiosity got the best of me, so I went back and found the thread. artsci --did-- get the bird's eye system, and had wanted to get it working on the 17" display, but was not able to.
RYDEEN RDV360 degree Bird's Eye view plus Integrated 9500ci Display - Page 6
Last edited:
I love how much that the dashboard / IC freaks out that the car seems to be missing...but will still let you drive.
It reminds me of that Tesla that got sheared in half in LA a while back. Someone got a close-up photo of the car and the dashboard was still lit up, probably freaking out in the same way when it can't detect the drivetrain.
It reminds me of that Tesla that got sheared in half in LA a while back. Someone got a close-up photo of the car and the dashboard was still lit up, probably freaking out in the same way when it can't detect the drivetrain.
green1
Active Member
And that's a good thing, I'd hate to get stranded because some sensor glitch causes the vehicle to freak out and shut down, I'd much rather that it throws an error and lets me judge for myself if it's ok to drive home.
Yeah, I've confirmed that once the IC is up I can disconnect everything from it besides power and it will stay up. Pretty cool. The errors seem to be thrown from the MCU, though.
Definitely on my list.
In the meantime, I'm working on decoding some of the data that reaches the IC and I'm getting sidetracked a little.
For example..........
Code:
253.06 V @ -1213.6 A = -307.114 kW (54 MPH / 98.0% throttle) (Pack temp?: 54 F)
254.07 V @ -1216.2 A = -309.000 kW (54 MPH / 98.0% throttle) (Pack temp?: 54 F)
253.68 V @ -1220.5 A = -309.616 kW (54 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.68 V @ -1200.5 A = -305.743 kW (54 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.44 V @ -1213.9 A = -306.437 kW (54 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.80 V @ -1206.7 A = -307.467 kW (54 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.56 V @ -1200.9 A = -303.299 kW (54 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.42 V @ -1229.8 A = -310.426 kW (54 MPH / 98.0% throttle) (Pack temp?: 54 F)
255.29 V @ -1185.1 A = -302.544 kW (55 MPH / 98.0% throttle) (Pack temp?: 55 F)
253.29 V @ -1203.5 A = -304.835 kW (55 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.43 V @ -1227.3 A = -309.807 kW (55 MPH / 98.0% throttle) (Pack temp?: 55 F)
253.04 V @ -1215.5 A = -307.570 kW (55 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.69 V @ -1212.3 A = -306.336 kW (55 MPH / 98.0% throttle) (Pack temp?: 55 F)
251.70 V @ -1227.7 A = -309.012 kW (55 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.07 V @ -1211.4 A = -307.780 kW (55 MPH / 98.0% throttle) (Pack temp?: 55 F)
251.45 V @ -1223.4 A = -307.624 kW (55 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.43 V @ -1217.0 A = -309.641 kW (55 MPH / 98.0% throttle) (Pack temp?: 54 F)
253.43 V @ -1206.4 A = -305.738 kW (55 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.55 V @ -1199.4 A = -305.307 kW (56 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.68 V @ -1176.1 A = -299.529 kW (56 MPH / 98.0% throttle) (Pack temp?: 54 F)
252.94 V @ -1216.2 A = -307.626 kW (56 MPH / 98.0% throttle) (Pack temp?: 54 F)
253.82 V @ -1207.6 A = -306.513 kW (56 MPH / 98.0% throttle) (Pack temp?: 54 F)
252.32 V @ -1210.8 A = -305.509 kW (56 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.94 V @ -1194.9 A = -304.628 kW (56 MPH / 98.0% throttle) (Pack temp?: 54 F)
250.95 V @ -1213.8 A = -304.603 kW (56 MPH / 98.0% throttle) (Pack temp?: 55 F)
255.44 V @ -1211.0 A = -309.338 kW (56 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.56 V @ -1191.8 A = -301.001 kW (56 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.19 V @ -1234.0 A = -311.202 kW (56 MPH / 98.0% throttle) (Pack temp?: 55 F)
255.05 V @ -1193.0 A = -304.275 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
253.19 V @ -1208.6 A = -306.005 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
253.08 V @ -1220.6 A = -308.909 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.70 V @ -1210.2 A = -305.818 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.57 V @ -1191.8 A = -303.397 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
251.33 V @ -1211.1 A = -304.386 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
253.07 V @ -1231.6 A = -311.681 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.94 V @ -1205.2 A = -304.843 kW (57 MPH / 98.0% throttle) (Pack temp?: 54 F)
253.69 V @ -1203.6 A = -305.341 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
251.43 V @ -1218.5 A = -306.367 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.56 V @ -1232.2 A = -311.204 kW (57 MPH / 98.0% throttle) (Pack temp?: 54 F)
252.81 V @ -1212.3 A = -306.482 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
251.93 V @ -1222.2 A = -307.909 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
251.41 V @ -1225.4 A = -308.078 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.66 V @ -1220.1 A = -308.270 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.02 V @ -1210.9 A = -305.171 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
251.66 V @ -1216.6 A = -306.170 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
253.78 V @ -1209.8 A = -307.023 kW (57 MPH / 98.0% throttle) (Pack temp?: 54 F)
251.91 V @ -1213.5 A = -305.693 kW (57 MPH / 98.0% throttle) (Pack temp?: 55 F)
253.53 V @ -1209.1 A = -306.543 kW (57 MPH / 98.0% throttle) (Pack temp?: 54 F)
253.02 V @ -1200.1 A = -303.649 kW (58 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.14 V @ -1221.4 A = -307.964 kW (58 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.14 V @ -1187.9 A = -301.893 kW (58 MPH / 98.0% throttle) (Pack temp?: 54 F)
252.40 V @ -1195.5 A = -301.744 kW (58 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.77 V @ -1217.4 A = -307.722 kW (58 MPH / 98.0% throttle) (Pack temp?: 55 F)
253.89 V @ -1187.9 A = -301.596 kW (58 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.78 V @ -1206.8 A = -305.055 kW (58 MPH / 98.0% throttle) (Pack temp?: 55 F)
253.65 V @ -1207.9 A = -306.384 kW (58 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.91 V @ -1203.4 A = -304.352 kW (58 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.18 V @ -1202.5 A = -305.651 kW (58 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.05 V @ -1197.8 A = -301.905 kW (59 MPH / 98.0% throttle) (Pack temp?: 55 F)
254.42 V @ -1202.5 A = -305.940 kW (59 MPH / 98.0% throttle) (Pack temp?: 55 F)
252.80 V @ -1191.1 A = -301.110 kW (59 MPH / 97.6% throttle) (Pack temp?: 55 F)
254.06 V @ -1208.1 A = -306.930 kW (59 MPH / 97.2% throttle) (Pack temp?: 55 F)
253.19 V @ -1191.2 A = -301.600 kW (59 MPH / 96.0% throttle) (Pack temp?: 55 F)
252.05 V @ -1212.1 A = -305.510 kW (59 MPH / 94.9% throttle) (Pack temp?: 55 F)
256.16 V @ -1166.7 A = -298.862 kW (59 MPH / 93.3% throttle) (Pack temp?: 55 F)
252.92 V @ -1194.2 A = -302.037 kW (59 MPH / 90.9% throttle) (Pack temp?: 55 F)
254.28 V @ -1194.9 A = -303.839 kW (59 MPH / 88.2% throttle) (Pack temp?: 55 F)
254.28 V @ -1178.6 A = -299.694 kW (59 MPH / 84.7% throttle) (Pack temp?: 55 F)
252.28 V @ -1214.4 A = -306.369 kW (60 MPH / 80.0% throttle) (Pack temp?: 55 F)
256.41 V @ -1177.0 A = -301.795 kW (60 MPH / 74.1% throttle) (Pack temp?: 55 F)
260.78 V @ -1108.7 A = -289.127 kW (60 MPH / 67.4% throttle) (Pack temp?: 55 F)
263.28 V @ -1054.9 A = -277.734 kW (60 MPH / 60.8% throttle) (Pack temp?: 55 F)
264.27 V @ -1042.8 A = -275.581 kW (60 MPH / 54.9% throttle) (Pack temp?: 55 F)
266.90 V @ -1015.2 A = -270.957 kW (60 MPH / 49.4% throttle) (Pack temp?: 55 F)
272.53 V @ -943.3 A = -257.078 kW (60 MPH / 44.3% throttle) (Pack temp?: 55 F)
276.64 V @ -870.7 A = -240.870 kW (60 MPH / 40.8% throttle) (Pack temp?: 55 F)
278.13 V @ -841.1 A = -233.935 kW (60 MPH / 38.4% throttle) (Pack temp?: 55 F)
284.00 V @ -758.7 A = -215.471 kW (60 MPH / 36.1% throttle) (Pack temp?: 55 F)
289.53 V @ -680.1 A = -196.909 kW (61 MPH / 34.1% throttle) (Pack temp?: 55 F)
293.15 V @ -620.7 A = -181.958 kW (61 MPH / 31.8% throttle) (Pack temp?: 55 F)
297.28 V @ -563.3 A = -167.458 kW (61 MPH / 29.8% throttle) (Pack temp?: 55 F)
300.89 V @ -506.4 A = -152.371 kW (61 MPH / 28.2% throttle) (Pack temp?: 55 F)
303.25 V @ -470.4 A = -142.649 kW (61 MPH / 26.7% throttle) (Pack temp?: 55 F)
307.26 V @ -435.4 A = -133.781 kW (61 MPH / 25.1% throttle) (Pack temp?: 55 F)
310.39 V @ -384.3 A = -119.283 kW (61 MPH / 23.5% throttle) (Pack temp?: 55 F)
314.88 V @ -326.5 A = -102.808 kW (61 MPH / 22.0% throttle) (Pack temp?: 55 F)
317.51 V @ -281.8 A = -89.474 kW (61 MPH / 20.8% throttle) (Pack temp?: 55 F)
319.25 V @ -256.8 A = -81.983 kW (61 MPH / 19.2% throttle) (Pack temp?: 55 F)
321.64 V @ -220.7 A = -70.986 kW (61 MPH / 18.0% throttle) (Pack temp?: 55 F)
324.26 V @ -186.7 A = -60.539 kW (61 MPH / 17.2% throttle) (Pack temp?: 55 F)
326.26 V @ -162.6 A = -53.050 kW (61 MPH / 16.1% throttle) (Pack temp?: 55 F)
328.00 V @ -132.1 A = -43.329 kW (61 MPH / 14.9% throttle) (Pack temp?: 55 F)
329.88 V @ -107.8 A = -35.561 kW (61 MPH / 14.1% throttle) (Pack temp?: 55 F)
331.12 V @ -90.2 A = -29.867 kW (61 MPH / 13.3% throttle) (Pack temp?: 55 F)
333.38 V @ -73.7 A = -24.570 kW (61 MPH / 12.5% throttle) (Pack temp?: 55 F)
333.61 V @ -57.1 A = -19.049 kW (61 MPH / 11.8% throttle) (Pack temp?: 55 F)
336.00 V @ -36.0 A = -12.096 kW (61 MPH / 11.0% throttle) (Pack temp?: 55 F)
336.50 V @ -26.0 A = -8.749 kW (61 MPH / 10.6% throttle) (Pack temp?: 55 F)
337.63 V @ -14.1 A = -4.761 kW (61 MPH / 9.8% throttle) (Pack temp?: 55 F)
338.50 V @ -4.5 A = -1.523 kW (61 MPH / 9.0% throttle) (Pack temp?: 55 F)
338.36 V @ -0.2 A = -0.068 kW (61 MPH / 8.6% throttle) (Pack temp?: 55 F)
338.62 V @ -6.0 A = -2.032 kW (61 MPH / 8.2% throttle) (Pack temp?: 55 F)
339.12 V @ -2.7 A = -0.916 kW (61 MPH / 7.4% throttle) (Pack temp?: 55 F)
339.76 V @ 4.7 A = 1.597 kW (61 MPH / 7.1% throttle) (Pack temp?: 55 F)
340.77 V @ 12.3 A = 4.191 kW (61 MPH / 6.7% throttle) (Pack temp?: 55 F)
341.52 V @ 21.4 A = 7.309 kW (61 MPH / 6.3% throttle) (Pack temp?: 55 F)
342.74 V @ 38.5 A = 13.195 kW (61 MPH / 5.9% throttle) (Pack temp?: 55 F)
344.11 V @ 60.1 A = 20.681 kW (61 MPH / 5.5% throttle) (Pack temp?: 55 F)
344.99 V @ 72.6 A = 25.046 kW (61 MPH / 5.1% throttle) (Pack temp?: 55 F)
346.38 V @ 89.8 A = 31.105 kW (61 MPH / 4.7% throttle) (Pack temp?: 55 F)
347.25 V @ 100.1 A = 34.760 kW (61 MPH / 4.7% throttle) (Pack temp?: 55 F)
347.36 V @ 102.9 A = 35.743 kW (61 MPH / 4.3% throttle) (Pack temp?: 56 F)
348.48 V @ 111.6 A = 38.890 kW (61 MPH / 3.9% throttle) (Pack temp?: 55 F)
348.24 V @ 117.1 A = 40.779 kW (61 MPH / 3.9% throttle) (Pack temp?: 55 F)
348.76 V @ 122.0 A = 42.549 kW (61 MPH / 3.5% throttle) (Pack temp?: 55 F)
348.88 V @ 123.7 A = 43.156 kW (61 MPH / 3.5% throttle) (Pack temp?: 55 F)
349.50 V @ 124.9 A = 43.653 kW (61 MPH / 3.1% throttle) (Pack temp?: 55 F)
349.13 V @ 119.4 A = 41.686 kW (61 MPH / 3.1% throttle) (Pack temp?: 55 F)
349.24 V @ 113.9 A = 39.778 kW (61 MPH / 2.7% throttle) (Pack temp?: 55 F)
348.86 V @ 115.5 A = 40.293 kW (61 MPH / 2.7% throttle) (Pack temp?: 55 F)
349.25 V @ 118.3 A = 41.316 kW (61 MPH / 2.4% throttle) (Pack temp?: 55 F)
349.50 V @ 120.8 A = 42.220 kW (61 MPH / 2.4% throttle) (Pack temp?: 55 F)
349.64 V @ 122.2 A = 42.726 kW (61 MPH / 2.4% throttle) (Pack temp?: 55 F)
349.89 V @ 124.9 A = 43.701 kW (61 MPH / 2.0% throttle) (Pack temp?: 55 F)
350.14 V @ 125.0 A = 43.767 kW (61 MPH / 2.0% throttle) (Pack temp?: 55 F)
351.14 V @ 139.4 A = 48.949 kW (61 MPH / 2.0% throttle) (Pack temp?: 55 F)
351.14 V @ 143.5 A = 50.389 kW (61 MPH / 1.6% throttle) (Pack temp?: 55 F)
351.26 V @ 141.1 A = 49.563 kW (61 MPH / 1.6% throttle) (Pack temp?: 55 F)
351.26 V @ 142.5 A = 50.055 kW (61 MPH / 1.6% throttle) (Pack temp?: 55 F)
352.26 V @ 149.6 A = 52.698 kW (61 MPH / 1.6% throttle) (Pack temp?: 55 F)
352.00 V @ 157.8 A = 55.546 kW (61 MPH / 1.2% throttle) (Pack temp?: 56 F)
352.88 V @ 158.2 A = 55.826 kW (61 MPH / 1.2% throttle) (Pack temp?: 55 F)
353.02 V @ 164.3 A = 58.001 kW (61 MPH / 1.2% throttle) (Pack temp?: 55 F)
352.90 V @ 164.0 A = 57.876 kW (61 MPH / 1.2% throttle) (Pack temp?: 55 F)
353.28 V @ 163.1 A = 57.620 kW (61 MPH / 1.2% throttle) (Pack temp?: 55 F)
353.40 V @ 163.3 A = 57.710 kW (61 MPH / 0.8% throttle) (Pack temp?: 55 F)
353.66 V @ 167.5 A = 59.238 kW (61 MPH / 0.8% throttle) (Pack temp?: 56 F)
354.00 V @ 174.6 A = 61.808 kW (61 MPH / 0.8% throttle) (Pack temp?: 55 F)
354.00 V @ 173.0 A = 61.242 kW (61 MPH / 0.8% throttle) (Pack temp?: 55 F)
353.87 V @ 175.7 A = 62.175 kW (61 MPH / 0.8% throttle) (Pack temp?: 56 F)
354.38 V @ 177.7 A = 62.973 kW (61 MPH / 0.8% throttle) (Pack temp?: 55 F)
354.38 V @ 177.9 A = 63.044 kW (61 MPH / 0.8% throttle) (Pack temp?: 55 F)(more of that data here: http://skie.net/uploads/rollingto60.txt )
That was data recorded from the powertrain CAN bus from a soft ~20 to 60 launch at a pretty low SoC (~38%) in a P85D. I was able to fiddle with the various pieces of data and play it back to my bench setup to see what the IC did with the data, which let me nail down the variables. The "presto" moment was realizing I was looking at scaled battery voltage and current
I may get sidetracked and make a tech display that parses this data out in real time for performance monitoring in my car... 
