I have access to a 128 node GPU cluster for the next few days. Suspect it is overkill for a 5 character access code in lower case but happy to give it a go.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
I have access to a 128 node GPU cluster for the next few days. Suspect it is overkill for a 5 character access code in lower case but happy to give it a go.
Johan
Ex got M3 in the divorce, waiting for EU Model Y!
When your car is in Factory mode you can switch between Diagnostic mode and Developer mode and normal mode by rebooting the big screen. That is when you reboot (by clicking "Exit Developer/Diagnostic mode and restart) you get in to normal mode on the big screen but the instrument display still shows "Factory mode". Then hold the "T" and you'll get in to Developer or Diagnostic mode (whichever one you weren't in last time). Doesn't ask for access code. If you, however, disable factory mode in either Developer or Diagnostic mode menus (both modes have this option) and click "Exit and restart" you can't get back in by holding "T" without the code (and likely VPN access).
I don't know about you, but I don't have time to sit around spinning resources to crack Tesla's 4096-bit private key that they can just change within a day of finding out it's compromised. Most useless hack ever, IMO. And if I had physical access to get the car's private key (which isn't helpful anyway, read up on SSL/TLS) I would also have physical access to do my root method.
"Sleazy"? haha, it is my car. I know you think you don't own your software and that Tesla isn't breaching GPL, but all I can say is that's unfortunate.
And wk be advised that the car only has the public key for VPN. Read up on SSL/TLS. (As old as the software is it's likely SSL)
Given the hostile atmosphere, I won't help anymore, as happened with the BMS electronics thread. Bite the hand that feeds you...
And wk be advised that the car only has the public key for VPN. Read up on SSL/TLS. (As old as the software is it's likely SSL)
Given the hostile atmosphere, I won't help anymore, as happened with the BMS electronics thread. Bite the hand that feeds you...
You're advising me? I have root on the CID and IC and you're telling me what the car has? lol.
The car has a VIN-specific private key and certificate as well as a public key for Tesla's side *and* a static encryption key for the OpenVPN connection itself.
Code:
# SSL/TLS params
cert car.crt
key car.key
ca ca.crt
tls-auth ta.key 1I stand by my previous post. The VPN is a waste of time as a attack vector. But feel free to give it a whirl. Here's Tesla's self-signed public cert:
Code:
root@cid:/var/etc# cat openvpn/ca.crt
-----BEGIN CERTIFICATE-----
MIIFrzCCA5egAwIBAgIIHbkujSy2+VkwDQYJKoZIhvcNAQELBQAwZTEWMBQGA1UE
AwwNVGVzbGEgUm9vdCBDQTEVMBMGA1UECgwMVGVzbGEgTW90b3JzMRIwEAYDVQQH
DAlQYWxvIEFsdG8xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMB4X
DTEyMDUwOTA0NTMyMVoXDTQyMDUwMjA0NTMyMVowZTEWMBQGA1UEAwwNVGVzbGEg
Um9vdCBDQTEVMBMGA1UECgwMVGVzbGEgTW90b3JzMRIwEAYDVQQHDAlQYWxvIEFs
dG8xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEAkwV5xbIcuX5jGqVfeBMbaw38IqXjAk2++aLh
ckKGF55LqaDvBYtQRChGnfm6BxmviK9miW4wBpIotXVKSRXsjC3+B5ry2yLHRURX
ZqylIcPlqi/mu+D2GYCChMw2sS/wewKWtFIQWbh6+3gE949eDF+1fkV4QJ5SOHtY
KkyuTcZZoi27OVUSSBIVMW8Sj3Od1b4KcIddB3mgegIPXjT8aHkbvRk5uJLD1Dal
xKO+dKhlMCCxhOjM14OEuKEyTZAapXnSk9WpIapTE4QDsTJqv3lNpGaeX9bk13g2
aQ/2IMt90e3dH9GW5dxC3bCRSPDTCOrwmfjsjs5D9UHRn3p0hcSJpdJzdxhc2bek
oIdA14i8r8d9zT9HjKLE31KkUVZC6Be6Q1+oxM5yJhAnoz7lof6iGzGRcDM69OFj
npGtXM44X6tTmelERi9HT/ZCw+HAKgZcf2DrGeZUNHNRBvh0H0a0x7M8qRb1ne4R
1GroDAwikZ3CFxcIXVnxWM4uKiCGJbYmlCskLvZqRQNR3+OOo9EAUIDTrZywEoAq
fO3m69fo7VcOoeUySlnY+oGTh9zPkNAOjPn0FpqVduhyJ3VUkWSj1fKJkk6wlJ8d
HUfYfNNLTalAXHy/q6epCfbC/0GIxYl67dzXt0A7ll6HUGgxZgvINcvQEY9zkLN4
I04/WC0CAwEAAaNjMGEwHQYDVR0OBBYEFKr93ogqNH9qIHIsbTCmhB2ysWEnMA8G
A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUqv3eiCo0f2ogcixtMKaEHbKxYScw
DgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAqhOoOe/elulH7+fey
gtR9hfZUEa/Akhxt2uNzGvQlXraymRfLtBR7+9UayAm4s66O3qsaBTeRd1d7S16n
C1CZsEJnev/PzaT9xHUb1l5Pc5gLdfht9CfAMyktXDjAjf3RY7thmzXDmylCBqNb
v7YVEoUZEbtaKBytlLBCjV4x5RrkPcXEStOLXy4daWlkNGzp5uaf11BTs/WV9mUj
UNLWZJvuw6zsyP4H4VmW6MpsKYGiWSD4MbgWe8Kl2HJzi6odVSmMz4RJnMq26xYw
iu94ItFi4pZSVmeQfDKEMpdf6m6H0kWMdTmB3xFdC77E2BjZkoGzmCRBjJMPOz6A
kjC1lRAezv0uw7noygXJDHtG03unzYrGQjnlXfgt0uFdGDhUeoeJJ7NaY51gLpxs
TZnh1QZ/pjALkR3ntqi69qta6cWSnr+dfVhD/KA3nkYmzojfRCYp6DdBGmr4rynk
D7GSvFhaV+EENk7403NgWhYAg8Jadgzh1nnfbM31H6BbXPbjyrAUU+TlQJfgR/2O
gbugnnJZP3hSkj7hrgpGmcHY8qnANsPTYtnDPlHHcMaFcvu0hKscT5TXafQD0D+x
QpzeqCe9FANCaEsHP2lbrbolAz7nETDKl0710R9j44lT44Ee19i7PHhn6yTBFRiL
mZYEHDOai0F820i45FxdFhkJDQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFsTCCA5mgAwIBAgIIUzc8Fomq3m4wDQYJKoZIhvcNAQELBQAwZTEWMBQGA1UE
AwwNVGVzbGEgUm9vdCBDQTEVMBMGA1UECgwMVGVzbGEgTW90b3JzMRIwEAYDVQQH
DAlQYWxvIEFsdG8xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMB4X
DTEyMDUwOTA0NTg0OVoXDTMyMDUwNDA0NTg0OVowZzEYMBYGA1UEAwwPVGVzbGEg
UG9saWN5IENBMRUwEwYDVQQKDAxUZXNsYSBNb3RvcnMxEjAQBgNVBAcMCVBhbG8g
QWx0bzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMwggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQCLeoOPKMNIP/WAFdVuCbXgC/shO64K+WkR
SyVkOdQtoGaXn68MOqG+lrGsJlF9Vq8fKtus8fou+a8QyUIDAuqpkgkb1f3wMuUx
Z+mkY6U1pO8RtRFopfinfBI2RvBaLYeJ8gipBJlbmClZKSnVZKtyxcr8VXbvmxb3
4HCsrkDqVZ5riGPXwJiMj8cLZN7WwlVbz86E2iukA1L7kJyYvkvmX2/JbTluGusM
eWA94nOLprcVgP85t7gHxE9B/sH4jw/LFITZR9S+mJCKB806Zm70vLP9+MStDsLv
dwkQUlUGoJAz+JRs3G9jPGBeUyYpcbTL71x+7TKZBN6NNQxymhp8gWYJE1rdf8ga
cQrsbYaD640Tk5lhpjCzmR68CQ9AcSB2sVC6KofiGs6r5S/seKAo20oUttuOT242
I5CP18YO9AcbKWzJjqDMccIfwj6W3p4QOr0sT0x3t/aOgt2FvwPDk0WemHpw4Bld
4NiTZN1mN4Qz6gORaHjOM/SwH0ZADv7L/CbYztus2Qkt+KBbxi9KkIMCkjkLOWLY
8TwMy7M9O0ayZXINjVu6xznnZ4rAX7SCswXdgyj27vipO5S+11WSay8kzgTG/whU
wFjbmbRElTyBOUCG323OlwUuoijErwkiRE+vgatwLcf+FpYnAsqxzs4oaYYvFjTg
iTpI6AoJBwIDAQABo2MwYTAdBgNVHQ4EFgQU3Xo3BAiqJOiu0DGmBpkoIsdbCvkw
DwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSq/d6IKjR/aiByLG0wpoQdsrFh
JzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAIGXh113k0ffRVKe
iszrsqbFMgSI8FUSIN+LwScvmUyJxF7AG42whnichm/xodBcNWWG1anLOa15lb2i
CREsXC66ivE9JK+htCaP1G5gVI4Xjnu3TUEAR/FKQY55+RpsBvXx2MMdiWlm+TD+
tfJNmySQ22NqH85BmgARl1JAZhpEgZl3xJK4viPXsNqSz8Cd20PX6TqwM0A3ePzF
ollNqhM00ZzReNLxfvWQpflA+EOsAFRG5lkDiOgCmOp6ZiJijpaHznRwWgh+FGBy
zfnbROiMcRnmG6HX0gxOHqruxRwLNah+v5p0pDxzzPjJiAW8ITagttL8euvFDjnp
CGbMN9xDPg9vBXnt7jD6sTXNUSCECk4foQXaXbFu3jtCads0ZM+WnKOlBgVPzaYm
4GiwzxJA6Qbx+SAEV7khjtiEr/YDAWgbzWOPzmj2j9axGtWdV5ESHLM4bkMoeEE5
4vwpZ4A1e9CILQ02wmByniY2XVLC31ali8J3nL4BIhy9p+ClOuPAnOGblOWJBozl
LKrzEEIquj9aH4N/I9pPMvJZiMBfzMjx5XjzdQnA4PKd+Zk0Bqlqa96WroB6UbFn
qJz6sbQMrXzIBAD5avesA37IINVACe+wWGuCf3rv+6NKIYSSrunAFADmfuXfSO2p
7Hp+bG5/1HcqaZmlfZ4a8UXq91J1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFtDCCA5ygAwIBAgIIQ3iL0o3I0igwDQYJKoZIhvcNAQELBQAwZzEYMBYGA1UE
AwwPVGVzbGEgUG9saWN5IENBMRUwEwYDVQQKDAxUZXNsYSBNb3RvcnMxEjAQBgNV
BAcMCVBhbG8gQWx0bzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMw
HhcNMTIwNTA5MDUyOTI2WhcNMjUwNTA2MDUyOTI2WjBoMRkwFwYDVQQDDBBUZXNs
YSBJc3N1aW5nIENBMRUwEwYDVQQKDAxUZXNsYSBNb3RvcnMxEjAQBgNVBAcMCVBh
bG8gQWx0bzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVMwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCGquJG4fCQxVgqGPKwSjLv651HU9jE
lOPn9MhTIAfkqiz+9KczOZTspWMTLfO96QP8ySaCEfp/UtZzM4Ho/WYsrnFKvMW5
jue3Agu2BF3q+uak0lYumucf4WYE6xZC7AFfc6PBwhIOyFVImpy7xWG3owCWIAY2
tpLgvBv/145BuB+zecx0NMvKPe3NoXnUJwUBx5nSJFOvWsnGwdgIcvePgNXUyGi3
M+jjnwU5yX0lR/rfsjz7oOHzYioKlfblt2zVeQtK+ffsLdD1vbiyqWeOE9QJG1QU
JaWrUHQdT2406wx4GzyGdtWEpJ6+KhBZhBkoKQoM6KNXLuhZgaRr39cdpTqwc8z1
8Sqe/TNLPDNl9GKTJmf4swtMc/ZsyXexB2NbRMv3xQEaEhtyBzPCcmx3ckDodIGP
TzQSyx8MY8ArWgeQZujRMFn6NxnbdpNEOpDO123CEVmdCkTxTWHzEtzJ2Q3Ebvmy
NX8KPj0dx0N7BsbFUKTml92iikTpkrm+lxZT2nwqYc0n6QgfRJRJBKhmK09yyHrP
O5NaBNO5Qk2AJuPbLN6AL0xEkzRXtmUuJa8sWoJBeDgzEaZc4c2Hp4ybu5bXA0Ej
X3wVLb2QXB5u56F7JstdT5T2h1XYkK/cY9YUbosJNDmqc6Xs81ZhnKaK8du8DEcP
K619MR7dwqKyVwIDAQABo2MwYTAdBgNVHQ4EFgQUL5YP4PCuAQEivVYO+t5qta01
VRQwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTdejcECKok6K7QMaYGmSgi
x1sK+TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAFOgaM+mK8Db
08HQnlqdt3OSiL5JdZA9wpSgYLqKfapnOaDoPt3itP3H9bd6jZsW+qQGy1Axu7MU
rFI5f28JA9KlQ/U82WGrD9bONpaDxiJr5xJ8uuEs5kQ2dbCqCKCi5q9LcEB/7MpD
cRcrp41Lgu31u9Dsv5dHL2kWrP018P42BSAY0DowjJjWPIh2XdNUBmDXSbb0tB/1
1HVns8rhZSQ6SAlOJSrhwR7P35vlU3wtzAriKSNpSzqqJQ+Tt25bWg79puC2UcWA
O9aEwMwdjtP/izQYeHDuhtsAXKw0v+Ju9zga8NTVR2TBj0Rhz3kW7nC728uckuC9
o//hRNXq10qkr7BwGAzqx46eTHvZ4UTXQBMPwi1mwkWtOH3Ruw8yB5ZgODrJ4fb4
MsXt1PQ5EFOzRLg5AvH1iDN+LVvEjDaBSteIMyKN6QOpMJBKvsKdZU78VAm4R5Qz
qP1LNrMjlVS1xZMzSZjlKCFjrfJEQ3c0DyvrPfhkX4d5Evr5hgZvYprEDqOL8kaN
zIFDStlqAA9E6y0nyQY4UdDHBEVp+Og24EaiR0IGoeKVrycrsI68Fm4g9jJR8kjb
ocnJ02Y9pdz7pk7Q2E7Cp5ylpx1DLeVSZn42gOZYOeXNKz22nbI7zWMeAmXdmaHd
qj0w0x5ciXj43TiHh6iF0wY/nTlb+4zy
-----END CERTIFICATE-----In a few million years let me know how you make out.
Last edited:
Muzzman1
Active Member
@wk drops the mic.
I've been in the tech and IT industry for 30yrs, I've done my fair share of tinkering. Never have I ever met a single person with these kind of skills.
<----Mind Blown
I've been in the tech and IT industry for 30yrs, I've done my fair share of tinkering. Never have I ever met a single person with these kind of skills.
<----Mind Blown
HankLloydRight
No Roads
Gotta have *some* fun.
Thanks.Nerd fight! Nerd Fight!!
Considering he edited away his initial post (already quoted....) I think the refs are going to have to call this one...
Cyclone
Cyclonic Member ((.oO))
Well, at least we know that Tesla will update the connection parameters prior to May 1, 2042
And hey, at least they used sha256 in 2012!!!
And hey, at least they used sha256 in 2012!!!
Interesting, I'd assumed "parrot" was the Bluetooth phone stuff ? (http://www.parrotautomotive.com/media/uploads/produits/fc-6000/one-pager-fc6000+.pdf)
whitex
Well-Known Member
I respectfully and strongly disagree. What you are forgetting is that these are connected devices and that hacking them can have significant consequences. If you knew there was a vulnerability that anyone from the internet can take over your car (or simply plant malicious software that will do bad things), would you like the car manufacturer to patch it or leave it open for you to fix yourself? If your car wakes up at 4am and floors it into your living room, will you claim Tesla's fault, or admit that you should have found this vulnerability yourself and therefore take full responsibility? What if your battery deteriorates so you get only 20% of original range but Tesla says "there is evidence your car was hacked, therefore the battery was possibly operating outside of the safe range, so you're on your own" - would you agree with that?
Patching security vulnerabilities in connected devices that can be turned into weapons should be mandated by law. Worst case scenarios include zombie cars that drive around hunting pedestrians. Sounds like science fiction? Current AP hardware was designed for the car to drive without a driver, malicious software simply ignores the "on private property" part and changes "avoid pedestrians" into "target pedestrians". It doesn't have to be bug free or working on most cars, even if 10% of all Teslas manage to kill someone while the other ones crash into things because the software wasn't perfect, that is still a lot of damage. Software defined cars are computers on wheels, the difference is the damage that can be done if they are compromised. Would you trust a public Linux distribution connected to the internet to control a heart pacer in your heart that has test modes that can kill you by inducing a heart attack? You get full source code to the Linux OS of course, so you feel confident you will never be hacked?
Bottom line is that yes, there should be a way for you to tinker with your own car, however the old mindset of "as long as it's mounted on a chasis of a street legal car, then it's street legal" needs to be changed to "as long you pass all the safety test a car manufacturer needs to pass" they you are street legal. Those tests should include security analysis of your car, at your expense of course.
Lastly, you are able to disable all patching today if you desire. Simply open up your dash and erase all the car keys, so that the car will never be able to connect to Tesla VPN for an update. You void your warranty, but you said you were good with that in exchange for software control. And yes, your warranty should go out the window the second you get any software control, as now you can operate the component outside of recommended (warrantied) conditions and there is no way for you to prove you didn't. Heck, by not patching you may be straining a component (say Tesla finds there is software bug that kills the battery cells, by refusing the patch you willingly are damaging the battery).
green1
Active Member
@Whitex
I am very glad that most people do not see things that way. If they did there would be no right to repair any item you owned, and in fact ownership itself would become worthless.
People worked hard to fight that exact oppression from large companies years ago, only now is it starting to creep back in. With vigilance I believe we can keep our rights intact, and I'm happy to know that the majority of people in this world agree. "Software"is nothing special. Neither is "connected"
I am very glad that most people do not see things that way. If they did there would be no right to repair any item you owned, and in fact ownership itself would become worthless.
People worked hard to fight that exact oppression from large companies years ago, only now is it starting to creep back in. With vigilance I believe we can keep our rights intact, and I'm happy to know that the majority of people in this world agree. "Software"is nothing special. Neither is "connected"
Andyw2100
Well-Known Member
bonnie
I play a nice person on twitter.
Right to Repair when it comes to software is a different issue. I'd love to have a pure black and white opinion on this one, but I don't. As a consumer, I want to be able to do what I want. But as a business owner, I have a right to basic brand protection - if an accident occurs, should the burden of proof be on the manufacturer to show it was hacked? Kind of makes them look like a jerk to even ask the question. Headlines don't get corrected. Or what about the time taken up on customer service calls or warranty claims, only to discover it's been hacked? Should the consumer be required to compensate the manufacturer for not having disclosed that in advance? Should insurance companies still cover you if you can't show your modifications didn't impact any safety features? If a person is killed, should the manufacturer bear any responsibility for knowing people were making mods, but did nothing about it?
Not saying anyone here is right or wrong. I AM saying it's far more complicated than I'd like it to be. I'm still trying to figure out where I sit on this issue. A manufacturer has the right to protect the company brand, an individual owns what they own. (Of course, many purchase of some artwork doesn't include the right to reproduce. Purchased movies are only for personal use, not movie theaters. So we don't always have the right to do whatever we want with what we own.)
