alecxander
Member
Thanks, rooter, that looks fairly straightforward, could you help me do this remotely?
after this is done will the car accept that motor without giving any errors due to mismatching serial numbers etc.?
thanks!
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
after this is done will the car accept that motor without giving any errors due to mismatching serial numbers etc.?
thanks!
I don't do this for others. Get in touch with ce2078 or verygreen. One or both are likely to help you get root. Be prepared to compensate them for their time.
Maybe at some point I'll document another way by soldering, and go into detail on the filesystem mods, if I have enough time and there's enough interest.
Maybe at some point I'll document another way by soldering, and go into detail on the filesystem mods, if I have enough time and there's enough interest.
This made me giggle slightly.
Your customers pay you to gain unauthorized access, yet you state that you will block and report users that does the same to you. Kinda double standard isn't it?
Let's assume you report the users to the relevant authorities - what will you tell them "I have broken into their cars and installed a spy-app, but they did the same to me - PUNISH them". LOL You really are in a position where you cannot report them, due to the illegality of your own work.(And I still cannot see what NATO has to do with this, other than being a "scare-you" term here.)
You conveniently cut the quote right before the relevant bit. He is paid to access systems that his customers legally own. Folks who try to access his systems (which they obviously do not own) are doing so illegally.
You conveniently cut the quote so it does not reflect that a piece of spyware is installed in their cars.
I suppose an OpenVPN connection is made from the car to his server - I do not think people realize exactly _what_ they give access to by accepting a VPN connection from the car to his servers.
He can login via ssh _at any time_ and change _everything_, he can even block Teslas access, unlock the car and start it and drive away with it. Tesla will then not be able to track it, and there will be no signs of theft. Hell the GPS coordinates are in the logs and vitals data, so it is more than easy to know where the car is. Or he could simply brick the entire car or just one of the components - but I guess that is a way to create more work. :/
I simply do not understand why people accept this.
What does that have to do with people trying to access his systems?You conveniently cut the quote so it does not reflect that a piece of spyware is installed in their cars.
Regardless people accept it because there aren't any better alternatives. Just like people accept Tesla having that same control. I would really rather if Tesla couldn't ssh into my car whenever they feel like and do whatever they want, but there aren't any other good alternatives.
Its well documented how to root your phone, but yet millions of people don't "take back the power" over their device. There are a spectrum of solutions, ranging from completely doing it isolating yourself from any OTA power, to letting Tesla disable your *sugar* remotely because you got in an accident.
Why you're so hard up about it is confusing, people have a choice on how they want to proceed. I've been on a support network for almost 3 years with nothing but great results. I'm on the cusp of not knowing enough to do it myself but fully understanding the concepts behind how it works, and I'm not comfortable trying the various methods solo.
Work on your car how you wish and leave others to do what they wish.
I only got one Helpful and Informative on my prior posts with info never revealed before, so I guess either it's not understood or valued so much.
Those posts are the way to fix this problem of the eMMC chip 'wearing out' with age. In early years Tesla did extensive logging which writes to /var in this chip. This Hynix chip is not very good quality, and anyway chips not labeled 'endurance' or similar can't take too much writing.
The result is at some point, now affecting cars 2014 and older, the eMMC will wear out, the Tegra processor will not be able to boot, and your MCU screen will be black. This is inevitable, if one of these commercial rooters has not disabled logging. Most ppl have their MCU replaced and reprogrammed, but all that needs done is the chip replaced. I believe I'm the first to suss this out two years ago.
Myself, I replaced the 8GB Hynix with an industrial-grade SwissBit chip as I'd detailed before.
So doing the rework to remove and replace this chip is risky. And once the MCU is dead it is not very likely you'll be able to recover the /var partition, which is partition 3 on the chip. You might like to get a dump of the chip before it fails so here is a less risky way to do that.
MMC/SD is actually an interface standard which allows different manufacturers to make chips that are drop-in replacements. If you don't want to replace the chip for now and just dump it, you can solder fine wires onto the right pads on the back of the CID, connect those to the AllSocket's header pins, and read the eMMC that way.
This isn't one of those easy things to do. It's not for shoe salesmen. Worthwhile things are rarely easy. But if you've a steady hand and an accurate mind, you'll be fine.
Two caveats:
- This is very fine work and you should use a PCB microscope to do the work. If there's a Maker's Lab near you they may well have an electronics workstation with a scope like mine does. Alternatively you may get by with a pair of Coil high magnification glasses.
- You need a controllable 3 volt DC power supply. You need to keep the voltage supplied to the eMMC chip at or below 2.8v or else you'll wake up the Tegra which will cause all kinds of havoc.
So assuming you've made it this far, here's what my early effort looks like:
What are the connections? (credit: CE2078)
Connect these wires to the correct header pins on the AllSocket, tune the voltage, and plug it into your machine.
Next time: Modifying your image to get root and other convenient modifications.
Those posts are the way to fix this problem of the eMMC chip 'wearing out' with age. In early years Tesla did extensive logging which writes to /var in this chip. This Hynix chip is not very good quality, and anyway chips not labeled 'endurance' or similar can't take too much writing.
The result is at some point, now affecting cars 2014 and older, the eMMC will wear out, the Tegra processor will not be able to boot, and your MCU screen will be black. This is inevitable, if one of these commercial rooters has not disabled logging. Most ppl have their MCU replaced and reprogrammed, but all that needs done is the chip replaced. I believe I'm the first to suss this out two years ago.
Myself, I replaced the 8GB Hynix with an industrial-grade SwissBit chip as I'd detailed before.
So doing the rework to remove and replace this chip is risky. And once the MCU is dead it is not very likely you'll be able to recover the /var partition, which is partition 3 on the chip. You might like to get a dump of the chip before it fails so here is a less risky way to do that.
MMC/SD is actually an interface standard which allows different manufacturers to make chips that are drop-in replacements. If you don't want to replace the chip for now and just dump it, you can solder fine wires onto the right pads on the back of the CID, connect those to the AllSocket's header pins, and read the eMMC that way.
This isn't one of those easy things to do. It's not for shoe salesmen. Worthwhile things are rarely easy. But if you've a steady hand and an accurate mind, you'll be fine.
Two caveats:
- This is very fine work and you should use a PCB microscope to do the work. If there's a Maker's Lab near you they may well have an electronics workstation with a scope like mine does. Alternatively you may get by with a pair of Coil high magnification glasses.
- You need a controllable 3 volt DC power supply. You need to keep the voltage supplied to the eMMC chip at or below 2.8v or else you'll wake up the Tegra which will cause all kinds of havoc.
So assuming you've made it this far, here's what my early effort looks like:
What are the connections? (credit: CE2078)
Connect these wires to the correct header pins on the AllSocket, tune the voltage, and plug it into your machine.
Next time: Modifying your image to get root and other convenient modifications.
Last edited:
@rooter: Can we mitigate the /var wear by remounting a USB to /var? (yes I have root, USB in the armrest mounts to /dev/sda). The the weak will be on the USB stick, and it is also easier to remove the stick and analyse logs on a linux machine if needed? And moving files back and forth is much easier. Triggering the auto-remount should be straight forward once the USB connects.
You can get some unexpected results by doing so. /var is not only for logging. You will have to clone /var to stick, then mount, then handle situations like some processes still writing to original /var files. Sounds complicated. You will also loose one usb port.
I prefer to replace navigation sd card with let's say 64gb one and create additional partition for logs there. Then mount it on boot time.
I prefer to replace navigation sd card with let's say 64gb one and create additional partition for logs there. Then mount it on boot time.
Yes you should rsync --archive (to preserve ownership & rights), or better yet dd partition 3 to your USB or SD (/dev/mmcblk1) if you can get to the eMMC with the system shut down. (dd'ing /dev/mmcblk0p3 with the system running could produce unexpected results at the destination)
Then just modify fstab to mount the new /var location on boot. If you remove the USB though without remounting, the CID will crash and possibly leave the filesystem in a discombobulated state. Then you'll be using one of my solutions above to recover. (IF you have a Golden image)
You can buy extended-wear SD cards, so you could dd your mapping partition over to one, and then make your /var partition as well. FWIW I have Transcend High Endurance micro SD's in all my security cameras. Put in as large-a-one as you want, for more fun.
I've never been comfortable with turning off logging as a solution, as this means you are turning off -all- OS logging. (System logging is started at init with Upstart, and can be disabled this way) Sometimes you need the logs for troubleshooting or for forensic purposes.
My Tinker Board has wifi which associates with my home LAN (UniFi AP Pro) so I have full access to the car when at home. (Had to do the rubber-duckie antenna hack, and the Tinker has a freakishly unusual antenna port) Hated the TinkerOS (Armbian) so installed Fedora with LXQT.
I'll soon be installing WireGuard in the CID so it will establish a tunnel from whatever IP the LTE happens to get, into my home WireGuard server which is running in a virtual machine in my LAN. IMHO OpenVPN is so lame that I've never bothered to learn it. I had been using IPSec, but recently Linus was so impressed with Wireguard he's putting it into the kernel (~v4.20) so I've switched to that.
Maybe TB205gti, the issue is that you don't have a switch and nanocomputer installed. You probably know that the cable between the ICU and MCU is ethernet, and that it has HSD connectors. ('High-Speed, Differential' signalling) These connectors are -keyed- and the HSD connectors throughout the car are keyed -differently-, type A, B, C, etc.
BUT there's a 'skeleton' connector which will plug in to any of them, type Z. The best way to splice in a switch is to buy a Z-type HSD cable, male to female, ~1 meter on ebay, cut it, and crimp RJ45 connectors to the cut ends.
Amusingly though, if you use a quality shielded RJ45 connector like Ubiquiti's, the jacketed wires from the cable will not fit into the darned RJ45 slots. So I had to carefully shave jacketing off enough to slip them in, using a high quality wire stripper that was very sharp. I always first inject silicone grease into the RJ45 to make the connection gas- and water-tight. ('dielectric grease' - auto parts store)
Stick one HSD in the MCU, and the other into the ICU's HSD connector. Flange in your switch.
Then just modify fstab to mount the new /var location on boot. If you remove the USB though without remounting, the CID will crash and possibly leave the filesystem in a discombobulated state. Then you'll be using one of my solutions above to recover. (IF you have a Golden image)
You can buy extended-wear SD cards, so you could dd your mapping partition over to one, and then make your /var partition as well. FWIW I have Transcend High Endurance micro SD's in all my security cameras. Put in as large-a-one as you want, for more fun.
I've never been comfortable with turning off logging as a solution, as this means you are turning off -all- OS logging. (System logging is started at init with Upstart, and can be disabled this way) Sometimes you need the logs for troubleshooting or for forensic purposes.
My Tinker Board has wifi which associates with my home LAN (UniFi AP Pro) so I have full access to the car when at home. (Had to do the rubber-duckie antenna hack, and the Tinker has a freakishly unusual antenna port) Hated the TinkerOS (Armbian) so installed Fedora with LXQT.
I'll soon be installing WireGuard in the CID so it will establish a tunnel from whatever IP the LTE happens to get, into my home WireGuard server which is running in a virtual machine in my LAN. IMHO OpenVPN is so lame that I've never bothered to learn it. I had been using IPSec, but recently Linus was so impressed with Wireguard he's putting it into the kernel (~v4.20) so I've switched to that.
Maybe TB205gti, the issue is that you don't have a switch and nanocomputer installed. You probably know that the cable between the ICU and MCU is ethernet, and that it has HSD connectors. ('High-Speed, Differential' signalling) These connectors are -keyed- and the HSD connectors throughout the car are keyed -differently-, type A, B, C, etc.
BUT there's a 'skeleton' connector which will plug in to any of them, type Z. The best way to splice in a switch is to buy a Z-type HSD cable, male to female, ~1 meter on ebay, cut it, and crimp RJ45 connectors to the cut ends.
Amusingly though, if you use a quality shielded RJ45 connector like Ubiquiti's, the jacketed wires from the cable will not fit into the darned RJ45 slots. So I had to carefully shave jacketing off enough to slip them in, using a high quality wire stripper that was very sharp. I always first inject silicone grease into the RJ45 to make the connection gas- and water-tight. ('dielectric grease' - auto parts store)
Stick one HSD in the MCU, and the other into the ICU's HSD connector. Flange in your switch.
Last edited:
I don't, but I have full root and connected to my OVPN.
I made the fakra connector from a 2mm pinheader
So I was typing merrily along, having put in a good deal of effort and time on my software rooting article here, when KABLAM! The below.
Wow. Summary execution without trial. I had to change my IP to get back in, which plays all kinds of havoc with my websites, email, VPNs, etc.
Can someone PM me a place that's friendly to the more technically-minded folks?
Wow. Summary execution without trial. I had to change my IP to get back in, which plays all kinds of havoc with my websites, email, VPNs, etc.
Can someone PM me a place that's friendly to the more technically-minded folks?
Last edited:
