TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

My adventures in gaining control of my car

Discussion in 'Model S' started by green1, Aug 7, 2016.

  1. green1

    green1 Active Member

    Joined:
    Mar 25, 2014
    Messages:
    4,116
    Location:
    Calgary, Alberta, Canada
    Ok, so I'm not content to let Tesla dictate what I can and can not do with my own property. They are not a regulatory body, and they also have no contract with me saying that they have control over my property.

    Many people have told me to shut up and bow down to the Tesla overlords, and how dare I question anything they ever do. This thread is not for those people. If you are one of those people, do us all a favour, stop reading now, and go elsewhere. I don't want your replies, and I will not engage you in this thread.

    This thread is for those who believe they should have the right to tinker with their cars, just like every single other car ever built.

    Several people have got root access to their cars, but none so far have been willing to give back to the community and help others do the same. In any other enthusiast forum this would be unheard of, but it seems to be the norm around here. I intend to change this. I won't be posting enough detail for people with no knowledge of electronics or computers to hack their car, but I will be posting enough for anyone "skilled in the art" to follow in my footsteps.

    I don't know if I'll succeed, but I will try, and I welcome anyone with helpful and constructive input to post their insights. I also welcome anyone with an interest in this, and an intermediate knowledge of electronics, linux, and computer networking to come along for the ride.

    My next post in this thread will explain what I know so far, and where I will start. Then we'll go from there.
     
    • Dislike x 14
    • Like x 13
    • Love x 4
  2. Ashkenaz

    Ashkenaz Member

    Joined:
    May 25, 2016
    Messages:
    93
    Location:
    Ohio
    Why not skip the intro and show us what you got?
     
  3. green1

    green1 Active Member

    Joined:
    Mar 25, 2014
    Messages:
    4,116
    Location:
    Calgary, Alberta, Canada
    In the last post I gave some background on what I'm doing and why. So now let's dive in.

    First goal: Developer mode access
    Why: This will allow tweaking certain settings that I firmly believe always should have been public in the first place.

    How: well I only have part of this so far...

    Step 1: physical access (pretty easy)
    To start with I need to wire in physical access, Although Tesla techs connect to an ethernet port under the centre screen, that won't be an option for me as that's firewalled off unless Tesla gives you permission to use it. So my plan is to access the cable between the touch screen and the instrument cluster. This is an ethernet cable, with proprietary ends. There's great information on the physical side of it at su - tesla (they claim to be a how-to document, but it isn't as it only shows the physical side, the software side is pure hand waving)

    Step 2: network access (this is the hard step)
    I know that from the last step (physical access) you can force the car in to "factory mode" I'm currently uncertain on how exactly to do that. In information that was since redacted from the su-tesla.space site it says that he used a custom REST command to do it. I also have information from a slide show presented at a hacking conference that gives come specific codes for certain commands including power off, stopping the 12v system, requests for lights, and interestingly enough, factory mode. After getting physical access my next step will be to use a packet sniffer to see what format data is sent in and see if I can work with that to generate the appropriate request from my own computer on the network.

    Step 3: software access (dead simple)
    From all reports, this part is easy, once in factory mode, I should be able to simply press and hold the "T" at the top of the screen to get to developer mode.

    Ok, that's it for now, the next challenge is finding the time to get through step 1 so I can start work on step 2.
     
    • Like x 4
    • Dislike x 2
    • Love x 1
  4. malcolm

    malcolm Active Member

    Joined:
    Nov 12, 2006
    Messages:
    2,143
    Okaaaay.

    Just remember that Tesla don't have the monopoly on hubris.
     
    • Like x 5
    • Funny x 4
    • Dislike x 2
  5. Jason S

    Jason S Model S Sig Perf (P85)

    Joined:
    Apr 20, 2012
    Messages:
    1,350
    Location:
    Rocklin, CA
    From what I recall, the root mode exploit was patched previous to 7.0.

    But once you have root, you can ipsec the system to essentially firewall the whole thing. And change the passwords & access rights to existing logins.

    Still seems like folly, but it'll be educational for you so have fun!

    Oh, and when you want the latest autopilot you'll need to undo the whole thing so keep a copy of the old passwords file.
     
  6. TexasEV

    TexasEV Active Member

    Joined:
    Jun 5, 2013
    Messages:
    3,789
    Location:
    Austin, TX
    Tesla makes and sells cars for sustainable transportation. They're not intended as toys for hobbyists.
     
    • Dislike x 10
    • Like x 5
    • Funny x 1
  7. theslimshadyist

    theslimshadyist NashVegas!

    Joined:
    Jan 4, 2016
    Messages:
    667
    Location:
    Franklin, TN
  8. kort677

    kort677 Active Member

    Joined:
    Sep 17, 2015
    Messages:
    1,912
    Location:
    florida.
    while I don't share the OP's views and enthusiasm for hacking the car, it is his car and if he cares to tinker and mod it, it shouldn't be anyone's call but his own to do it.
     
    • Like x 10
    • Dislike x 1
    • Love x 1
  9. msnow

    msnow Active Member

    Joined:
    Jul 14, 2015
    Messages:
    4,267
    Location:
    SoCal
    Except the other people on the road.
     
    • Like x 6
    • Dislike x 5
  10. maratd

    maratd Member

    Joined:
    Feb 16, 2016
    Messages:
    33
    Location:
    Edgewater, NJ
    I suppose you're against people working on their breaks and changing their oil too? I would think those are far more immediate hazards than rooting your car, which has zero impact on the vehicle other than giving you the ability to modify it, should you choose to.
     
    • Like x 4
    • Dislike x 1
    • Love x 1
  11. msnow

    msnow Active Member

    Joined:
    Jul 14, 2015
    Messages:
    4,267
    Location:
    SoCal
    Maybe your misspelling of the word "brakes" was a Freudian slip but I don't know how you can equate changing oil to disabling nags or modifying the logic of AP or any number of the thousands of settings that could impact safety. That's just ridiculous.
     
    • Like x 6
    • Dislike x 4
  12. maratd

    maratd Member

    Joined:
    Feb 16, 2016
    Messages:
    33
    Location:
    Edgewater, NJ
    Nobody in this thread is talking about modifying the car? They're talking about gaining access to it. Modifying the car and in what way is a different conversation.

    And while you're changing the oil, you can cut something by accident, etc. Isn't that the insinuation? That you have all these computer illiterates who magically hack the car and then break something, making it dangerous? That's equally silly. You need a certain level of competence for both.
     
    • Like x 3
  13. S4WRXTTCS

    S4WRXTTCS Active Member

    Joined:
    May 3, 2015
    Messages:
    1,178
    Location:
    Snohomish, WA
    What really makes a Tesla so much more special than other cars on the road as it exists right now?

    Why is it okay to modify/hack a Jeep, but not a Tesla?
    Why is it okay to fully OWN a Jeep, but not a Tesla?

    Is the Tesla autonomous? No
    Is the Jeep autonomous? No

    Does the Jeep and the Tesla both have driving aids that if messed with could impact safety? Yes.

    Is it theoretically possible to remotely exploit a Jeep to run it off the road? Yes, it's been demonstratred
    Is it theoretically possible to remotely exploit a Tesla to run it off the road? Possibly.

    The difference is really a mindset on how people view the vehicle.

    People view a Jeep from an old school perspective. Heck I'm so old school with my view of Jeep that I think all the new techno wiz bang crap a Jeep has is silly. What is all that crap even doing on a Jeep?

    People view Tesla as a computer on the wheel, and the very thought of someone hacking it sends shivers through their spine.

    We absolutely know why the few people that have root access haven't told anyone. They haven't told anyone because the Tesla is a connected car. The second you say anything you're in jeopardy of being put on a black list.

    There also isn't really that much demand yet. It's my understanding ingineer sold his Tesla promising to give the buyer root access where he was hoping it was worth more because of that. To my knowledge he never really got that much more for it. As it stands now it doesn't give you a whole lot of control. Sure you can turn off nags, and can change color/representation pic of the toy car. But, lots of things are sectioned off where you don't have access. The coolest part is likely the ability to load a firmware version of your choosing.

    There will be demand later though as people realize they have a worthless paper weight because of something really silly, but they don't have the funds to pay Tesla for an easy fix. To fix the Tesla you really have to have the ability to load firmware onto it. You also need to know how to diagnose things.

    It also effects the resale value of the car because what good is a used car if you can't easily have it fixed.

    What I want to see is for people to completely change the entire codebase to something else that opens. Where it's equivalent to the open router type stuff.
     
    • Like x 3
    • Love x 2
    • Informative x 1
  14. msnow

    msnow Active Member

    Joined:
    Jul 14, 2015
    Messages:
    4,267
    Location:
    SoCal
    You said "rooting your car, which has zero impact on the vehicle other than giving you the ability to modify it, should you choose to." Now you're saying "modifying the car is a different conversation..." but you made it part of this conversation and I'm saying that without proper knowledge of what you're doing that could be dangerous. I'd be okay with read only access if that's what you are really asking for.
     
    • Helpful x 1
  15. Jason S

    Jason S Model S Sig Perf (P85)

    Joined:
    Apr 20, 2012
    Messages:
    1,350
    Location:
    Rocklin, CA
    Actually somebody did root it and very publicly (twitter) revealed that files existed in the firmware for P100D cars. Much drama ensued, but he isn't blacklisted AFAIK. That person says he doesn't like the new forum software so isn't posting much here anymore, but it was on here. I'm pretty sure he is in the top 5 of people reporting bugs & exploits to Tesla as well.
     
  16. maratd

    maratd Member

    Joined:
    Feb 16, 2016
    Messages:
    33
    Location:
    Edgewater, NJ
    I don't think it's that difficult to grasp that rooting the car and modifying the car are two different topics. Yes, the purpose of rooting the car is to eventually modify it, but those are still different conversations.

    And they're different conversations because maybe you just want to change the picture of your car, like some guy just recently did, which is just a matter of swapping out a PNG somewhere ... or maybe you want to disable the nags ... or maybe you want to enable video playing in the browser ... or maybe you want to go from 60D to 75D for free? Maybe you want to write your own AP software and try it out? All different conversations.
     
  17. PtG62901

    PtG62901 Member

    Joined:
    Jul 29, 2016
    Messages:
    319
    Location:
    Carbondale, IL
    I'm not sure I feel much worse about his hacking a Tesla, then I feel about someone driving on the cell phone. He could crash in his own driveway, or his car will not start, worst case he kills a bicyclist. No different then someone texting. As long as he doesn't sue because he made a mistake, what should we care? If he can't crack Tesla's security, or he voids his warrantee, he owns it.

    I think I agree with OP. If you are talking on the phone, texting or internet surfing in the car, imho you are a bigger threat to others then he is.

    In the grand tradition of hacking products, hack on dude.
     
    • Like x 1
  18. Doug_G

    Doug_G Lead Moderator

    Joined:
    Apr 2, 2010
    Messages:
    15,853
    Location:
    Ottawa, Canada
    • Dislike x 1
    • Funny x 1
  19. msnow

    msnow Active Member

    Joined:
    Jul 14, 2015
    Messages:
    4,267
    Location:
    SoCal
    It wasn't my post but it didn't seem snippy at all to me *shrugs*
     
    • Like x 1
  20. ecarfan

    ecarfan Well-Known Member

    Joined:
    Sep 21, 2013
    Messages:
    10,390
    Location:
    San Mateo, CA
    I can understand that point of view, while not agreeing with it. Cars use public roads and making code modifications in a firmware driven internet connected vehicle can potentially put other people at risk.
    It is much more dependent on the firmware than other cars and it is connected to the Internet. It really is different.
    That would be a potential disaster in the making.
     
    • Dislike x 3
    • Like x 2

Share This Page