My adventures in gaining control of my car

[green1]

Ok, so I'm not content to let Tesla dictate what I can and can not do with my own property. They are not a regulatory body, and they also have no contract with me saying that they have control over my property.

Many people have told me to shut up and bow down to the Tesla overlords, and how dare I question anything they ever do. This thread is not for those people. If you are one of those people, do us all a favour, stop reading now, and go elsewhere. I don't want your replies, and I will not engage you in this thread.

This thread is for those who believe they should have the right to tinker with their cars, just like every single other car ever built.

Several people have got root access to their cars, but none so far have been willing to give back to the community and help others do the same. In any other enthusiast forum this would be unheard of, but it seems to be the norm around here. I intend to change this. I won't be posting enough detail for people with no knowledge of electronics or computers to hack their car, but I will be posting enough for anyone "skilled in the art" to follow in my footsteps.

I don't know if I'll succeed, but I will try, and I welcome anyone with helpful and constructive input to post their insights. I also welcome anyone with an interest in this, and an intermediate knowledge of electronics, linux, and computer networking to come along for the ride.

My next post in this thread will explain what I know so far, and where I will start. Then we'll go from there.

 

[Ashkenaz]

Why not skip the intro and show us what you got?

 

[green1]

In the last post I gave some background on what I'm doing and why. So now let's dive in.

First goal: Developer mode access
Why: This will allow tweaking certain settings that I firmly believe always should have been public in the first place.

How: well I only have part of this so far...

Step 1: physical access (pretty easy)
To start with I need to wire in physical access, Although Tesla techs connect to an ethernet port under the centre screen, that won't be an option for me as that's firewalled off unless Tesla gives you permission to use it. So my plan is to access the cable between the touch screen and the instrument cluster. This is an ethernet cable, with proprietary ends. There's great information on the physical side of it at su - tesla (they claim to be a how-to document, but it isn't as it only shows the physical side, the software side is pure hand waving)

Step 2: network access (this is the hard step)
I know that from the last step (physical access) you can force the car in to "factory mode" I'm currently uncertain on how exactly to do that. In information that was since redacted from the su-tesla.space site it says that he used a custom REST command to do it. I also have information from a slide show presented at a hacking conference that gives come specific codes for certain commands including power off, stopping the 12v system, requests for lights, and interestingly enough, factory mode. After getting physical access my next step will be to use a packet sniffer to see what format data is sent in and see if I can work with that to generate the appropriate request from my own computer on the network.

Step 3: software access (dead simple)
From all reports, this part is easy, once in factory mode, I should be able to simply press and hold the "T" at the top of the screen to get to developer mode.

Ok, that's it for now, the next challenge is finding the time to get through step 1 so I can start work on step 2.

 

[malcolm]

Okaaaay.

Just remember that Tesla don't have the monopoly on hubris.

 

[Jason S]

From what I recall, the root mode exploit was patched previous to 7.0.

But once you have root, you can ipsec the system to essentially firewall the whole thing. And change the passwords & access rights to existing logins.

Still seems like folly, but it'll be educational for you so have fun!

Oh, and when you want the latest autopilot you'll need to undo the whole thing so keep a copy of the old passwords file.

 

[TexasEV]

Tesla makes and sells cars for sustainable transportation. They're not intended as toys for hobbyists.

 

[theslimshadyist]

This right here will be the challenge.

Researchers Hacked a Model S, But Tesla's Already On It

 

[kort677]

Tesla makes and sells cars for sustainable transportation. They're not intended as toys for hobbyists.

while I don't share the OP's views and enthusiasm for hacking the car, it is his car and if he cares to tinker and mod it, it shouldn't be anyone's call but his own to do it.

 

[msnow]

while I don't share the OP's views and enthusiasm for hacking the car, it is his car and if he cares to tinker and mod it, it shouldn't be anyone's call but his own to do it.

Except the other people on the road.

 

[maratd]

Except the other people on the road.

I suppose you're against people working on their breaks and changing their oil too? I would think those are far more immediate hazards than rooting your car, which has zero impact on the vehicle other than giving you the ability to modify it, should you choose to.

 

[msnow]

I suppose you're against people working on their breaks and changing their oil too? I would think those are far more immediate hazards than rooting your car, which has zero impact on the vehicle other than giving you the ability to modify it, should you choose to.

Maybe your misspelling of the word "brakes" was a Freudian slip but I don't know how you can equate changing oil to disabling nags or modifying the logic of AP or any number of the thousands of settings that could impact safety. That's just ridiculous.

 

[maratd]

how you can equate changing oil to disabling nags or modifying the logic of AP or any number of the thousands of settings that could impact safety. That's just ridiculous.

Nobody in this thread is talking about modifying the car? They're talking about gaining access to it. Modifying the car and in what way is a different conversation.

And while you're changing the oil, you can cut something by accident, etc. Isn't that the insinuation? That you have all these computer illiterates who magically hack the car and then break something, making it dangerous? That's equally silly. You need a certain level of competence for both.

 

[S4WRXTTCS]

What really makes a Tesla so much more special than other cars on the road as it exists right now?

Why is it okay to modify/hack a Jeep, but not a Tesla?
Why is it okay to fully OWN a Jeep, but not a Tesla?

Is the Tesla autonomous? No
Is the Jeep autonomous? No

Does the Jeep and the Tesla both have driving aids that if messed with could impact safety? Yes.

Is it theoretically possible to remotely exploit a Jeep to run it off the road? Yes, it's been demonstratred
Is it theoretically possible to remotely exploit a Tesla to run it off the road? Possibly.

The difference is really a mindset on how people view the vehicle.

People view a Jeep from an old school perspective. Heck I'm so old school with my view of Jeep that I think all the new techno wiz bang crap a Jeep has is silly. What is all that crap even doing on a Jeep?

People view Tesla as a computer on the wheel, and the very thought of someone hacking it sends shivers through their spine.

We absolutely know why the few people that have root access haven't told anyone. They haven't told anyone because the Tesla is a connected car. The second you say anything you're in jeopardy of being put on a black list.

There also isn't really that much demand yet. It's my understanding ingineer sold his Tesla promising to give the buyer root access where he was hoping it was worth more because of that. To my knowledge he never really got that much more for it. As it stands now it doesn't give you a whole lot of control. Sure you can turn off nags, and can change color/representation pic of the toy car. But, lots of things are sectioned off where you don't have access. The coolest part is likely the ability to load a firmware version of your choosing.

There will be demand later though as people realize they have a worthless paper weight because of something really silly, but they don't have the funds to pay Tesla for an easy fix. To fix the Tesla you really have to have the ability to load firmware onto it. You also need to know how to diagnose things.

It also effects the resale value of the car because what good is a used car if you can't easily have it fixed.

What I want to see is for people to completely change the entire codebase to something else that opens. Where it's equivalent to the open router type stuff.

 

[msnow]

Nobody in this thread is talking about modifying the car? They're talking about gaining access to it. Modifying the car and in what way is a different conversation.

And while you're changing the oil, you can cut something by accident, etc. Isn't that the insinuation? That you have all these computer illiterates who magically hack the car and then break something, making it dangerous? That's equally silly. You need a certain level of competence for both.

You said "rooting your car, which has zero impact on the vehicle other than giving you the ability to modify it, should you choose to." Now you're saying "modifying the car is a different conversation..." but you made it part of this conversation and I'm saying that without proper knowledge of what you're doing that could be dangerous. I'd be okay with read only access if that's what you are really asking for.

 

[Jason S]

... snipping the strawman...

We absolutely know why the few people that have root access haven't told anyone. They haven't told anyone because the Tesla is a connected car. The second you say anything you're in jeopardy of being put on a black list.

...snipping further...

Actually somebody did root it and very publicly (twitter) revealed that files existed in the firmware for P100D cars. Much drama ensued, but he isn't blacklisted AFAIK. That person says he doesn't like the new forum software so isn't posting much here anymore, but it was on here. I'm pretty sure he is in the top 5 of people reporting bugs & exploits to Tesla as well.

 

[maratd]

You said "rooting your car, which has zero impact on the vehicle other than giving you the ability to modify it, should you choose to." Now you're saying "modifying the car is a different conversation..." but you made it part of this conversation

I don't think it's that difficult to grasp that rooting the car and modifying the car are two different topics. Yes, the purpose of rooting the car is to eventually modify it, but those are still different conversations.

And they're different conversations because maybe you just want to change the picture of your car, like some guy just recently did, which is just a matter of swapping out a PNG somewhere ... or maybe you want to disable the nags ... or maybe you want to enable video playing in the browser ... or maybe you want to go from 60D to 75D for free? Maybe you want to write your own AP software and try it out? All different conversations.

 

[PtG62901]

I'm not sure I feel much worse about his hacking a Tesla, then I feel about someone driving on the cell phone. He could crash in his own driveway, or his car will not start, worst case he kills a bicyclist. No different then someone texting. As long as he doesn't sue because he made a mistake, what should we care? If he can't crack Tesla's security, or he voids his warrantee, he owns it.

I think I agree with OP. If you are talking on the phone, texting or internet surfing in the car, imho you are a bigger threat to others then he is.

In the grand tradition of hacking products, hack on dude.

 

[Doug_G]

Moved one post to snippiness

 

[msnow]

Moved one post to snippiness

It wasn't my post but it didn't seem snippy at all to me *shrugs*

 

[ecarfan]

while I don't share the OP's views and enthusiasm for hacking the car, it is his car and if he cares to tinker and mod it, it shouldn't be anyone's call but his own to do it.

I can understand that point of view, while not agreeing with it. Cars use public roads and making code modifications in a firmware driven internet connected vehicle can potentially put other people at risk.

What really makes a Tesla so much more special than other cars on the road as it exists right now?

It is much more dependent on the firmware than other cars and it is connected to the Internet. It really is different.

What I want to see is for people to completely change the entire codebase to something else that opens. Where it's equivalent to the open router type stuff.

That would be a potential disaster in the making.