-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
I did disable Tesla's normal remote SSH access, just in case, with a banner that tells them to call me for access. lol. I also put a little note at the top of the script I hooked into some startup spots:
Code:# Dear Tesla, # As the legal owner of this vehicle, which includes the device this script is running on # you are NOT permitted to modify or remove my scripts/modifications/access/etc without my # express permission. Feel free to contact me at XXX-XXX-XXXX if you have any questions. # Best regards
OpenSSH I'm guessing? Hrm. CVE-2016-0777 / CVE-2016-0778? :wink:
Not that I'm suggesting anything, mind you. :smile:
I've actually seen these about that high. Snippet from the parser I'm making.......... and plan to GPL... shh.
Code:--- BMS_maxRegenPower: 98.47 kW --- BMS_packPower: 78.365 kW --- DI_regenLight: 1 --- DI_regenPowerMax: 96 kW
This was right after a 0 to 1
I've only focused on reading data. I haven't focused on controlling anything.
Your secret is safe with us.
Any idea what your dash was displaying when you saw those numbers? I've never seen anything beyond 60....
Dash displayed is capped at 60 kW, no? I would rather know what the API was spitting out.
Your secret is safe with us.
Any idea what your dash was displaying when you saw those numbers? I've never seen anything beyond 60....
Dash display isn't capped at 60, but it's not linear, so beyond 60 the change is very small. Edit: Plus in v7.x in an autopilot car the power graph on the dash is completely useless anyway.
Again guys, please note that "BMS_maxRegenPower" and "DI_regenPowerMax" is the LIMIT, not what you are regenerating. This means the DI will not go above 96kW, but it may not ever hit this limit due to the regen setting.
- - - Updated - - -
Those of you CAN logging, try finding the value that changes when you select low regen vs. standard on the PT CAN bus. Then we may have some way to increase regen!
- - - Updated - - -
Those of you CAN logging, try finding the value that changes when you select low regen vs. standard on the PT CAN bus. Then we may have some way to increase regen!
Would probably require some funky hardware to do in a real car that intercepts and manipulates CAN messages to/from the drive unit in real time. Either that or less-than-trivial software hack somewhere. Likely not worth it for +20kW of regen...
Cyclone
Cyclonic Member ((.oO))
I already have the funky hardware. I developed it during my Prius hacking days. I call it a "Deceiver"; it's a microcontroller with 2 CAN interfaces that passes most traffic through but can be easily programmed to alter frames. I also use it whenever I want to study a CAN system with many nodes. You insert it between a target device and the main bus and then it can tell you which frames are TX and which are RX.
- - - Updated - - -
Also keep in mind that the 96kW limit we saw may be due to a cold pack. I suspect a warm pack can handle much more. Obviously when at a SpC, some cars can handle a full 135kW at least for a short while.
Andyw2100
Well-Known Member
Loving this thread!
So now all I need to know is how to switch back on the dual chargers which shipped with my car as delivered and signed for.. There is nowhere in any EULA did it say Tesla were allowed to subsequently remotely disable them.
I clearly have the hardware in the car, it worked for 2 weeks after all. It really isn't my fault they cocked up in their pricing/specs for UK cars and then felt the need to make the car worse than when delivered.
(BTW I'm not THAT bothered by the functionality in the slightest, it's the principal of the thing I find wrong. It really brings home the fact for 99.99% of us the cars really don't belong to us )
So now all I need to know is how to switch back on the dual chargers which shipped with my car as delivered and signed for.. There is nowhere in any EULA did it say Tesla were allowed to subsequently remotely disable them.
I clearly have the hardware in the car, it worked for 2 weeks after all. It really isn't my fault they cocked up in their pricing/specs for UK cars and then felt the need to make the car worse than when delivered.
(BTW I'm not THAT bothered by the functionality in the slightest, it's the principal of the thing I find wrong. It really brings home the fact for 99.99% of us the cars really don't belong to us
)
TheBlackKnight
Member
Yup, I've got pass-through capable hardware too. In fact, I actually even published a canbus example program that works on Arduino Due compatible boards like the EVTV canbus hardware: due_can/examples at master · collin80/due_can · GitHub
So, the capability is there. But, it could also be possible to trigger based on the messages sent from the real source, modify them, and send as a new frame with a higher "counter" byte such that the car thinks that you're the legit source now. Thereafter it is possible that the real source of the frames will be ignored since it no longer is transmitting the proper sequence number (instead being one behind).
But, I hadn't thought of your second example: to split the bus with the listener device and then you know which frames the target device is sending. That's a good idea - kudos.
Very nice.
You seem to have a bit of a head start here. As for the cold pack thing, I think it was more high SoC than cold. My pack was 90F at the time at about 85% SoC and reported 96kW. I'm sure it would be higher with a lower SoC, but I haven't captured that data yet. The supercharger usually dips below 100kW at around 40% in my experience. To date I've seen no evidence that any car has supercharged at 135kW...
Also, I'm not sure I'd be brave enough to put a third party device between my drive unit and the rest of the CAN bus.... but that's me. lol
Loving this thread!
So now all I need to know is how to switch back on the dual chargers which shipped with my car as delivered and signed for.. There is nowhere in any EULA did it say Tesla were allowed to subsequently remotely disable them.
I clearly have the hardware in the car, it worked for 2 weeks after all. It really isn't my fault they cocked up in their pricing/specs for UK cars and then felt the need to make the car worse than when delivered.
(BTW I'm not THAT bothered by the functionality in the slightest, it's the principal of the thing I find wrong. It really brings home the fact for 99.99% of us the cars really don't belong to us
That's pretty interesting. Without knowing the details around the situation I don't know how I'd handle that. Your car physically shipped with two chargers, but Tesla remotely disabled one? That's pretty messed up. I'd have raised hell.
All of that said... with root I could re-enabled it. Just like I could change a 40 to a 60, enable autopilot on cars that don't have it enabled, etc. Will I do any of that? No, I will not.
TheBlackKnight
Member
Is there any reason one could not figure out which message the BMS sends for this and modify it? Then the limit could be whatever you want. It is true, EVTV knows the proper things to send to cause the regen to be anything from 0 to 100% regen (up to the limit set) so, yeah. its there on the canbus.
Everything I noted so far in that list of messages I've figured out the CAN messages and encoding for. So I guess yeah, you could intercept and modify it, set regen higher, and blow up your battery... but not sure why you would do that. The BMS certainly has a sane reason for the power limits it reports. Definitely the last thing I'd want to mess with.
I wonder if the BMS contactors will click off if the regen current limit exceeds the limit.
Is the displayed limit what the drive unit will max out as, or what the battery is capable of? I presume there's a small difference between the two - don't want a measurement error causing contactor abort.
Is the displayed limit what the drive unit will max out as, or what the battery is capable of? I presume there's a small difference between the two - don't want a measurement error causing contactor abort.
Since the pedal is wired directly to the DI in a Model S, there's little risk. Also, I suspect that if the DI doesn't hear from certain peripherals (such as BMS), it drops out pretty fast, so I'm not worried.
Yeah, if Tesla wants to only enable certain features by software and make them optional cost, that's fine. Even a "trial" period with the feature is ok. It's when they go in an actively disable something you paid for, such as supercharging, that I'd have issue with them. I too will not assist anyone in defrauding Tesla.
The BMS expects the DI to follow the max limit. If it doesn't, even if you don't have a catastrophic contactor open event, you definitely instantly void your battery warranty. As long as you don't alter the max limits and only the regen amount, it would be hard for Tesla to complain. I'm sure there's plenty of room to increase regen without exceeding BMS limits. Is adding regen past the max limit worth possibly shortening the life of your pack?
TheBlackKnight
Member
I suppose at this point I should mention two things: I don't have a whole Tesla and my only interest is in hacking as many of the Tesla parts as possible and using them in other vehicles. So, no, it probably isn't a good idea to do this in your Tesla but there might not be any reason I couldn't use a different battery pack than a Tesla has and send BMS signals that cause the motor controller to do harder regen than the BMS in a Tesla pack would be comfortable with. So, my interest was in whether such a thing is possible outside of a Model S. It seems that the answer is yes which is helpful information to know.
But, yeah, it seems that the Tesla never really asks for as much regen as the BMS says it will allow so there is headroom to hack a running Tesla by upping the value for max regen % without actually doing anything that the BMS says you can't do.
Oh I'd love to increase my regen. There are many times when I still have to apply the brakes.
AC? I've never seen over 118 kW DC at a SpC.
Even if someone did do this, it would be entirely pointless. You'd have to disconnect the car from the outside world and never bring it in for service. I'm sure Tesla has a mechanism for verifying enabled features on cars.
Last edited:
