Booting from a floppy doesnt work... I tried this a while back. It doesn't seem to read boot info from any USB device. I tried a bunch of things. Floppy, CD, DVD, Bluray, USB HDD, USB Flash, USB to SATA adapter, etc. Nothing happens with any of them. My boot code was just a 90 second delay, then a reboot. So, I should have been able to tell if it was working.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Successful connection on the Model S internal Ethernet network
- Thread starter nlc
- Start date
-
- Tags
- Model S User Interface
While this is not for the Model S, many BMW i3 owners are "coding" their cars to change some features and capabilities:
Coding Tutorial for the BMW i3 Electric Car
Coding Tutorial for the BMW i3 Electric Car
chickensevil
Active Member
Thanks for this information! I wasn't sure if it was new info or not. So I am glad you already had thought of these things. Carry on!
Johan
Ex got M3 in the divorce, waiting for EU Model Y!
Love the floppy video.
I'm likely late the party, but what happens if you plug in one of these?
Amazon.com: USB to RJ45 10/100Mbps Ethernet Adapter: Computers Accessories
I'm likely late the party, but what happens if you plug in one of these?
Amazon.com: USB to RJ45 10/100Mbps Ethernet Adapter: Computers Accessories
what about holding ctrl, alt, or tapping delete, f2, etc while doing a hard reboot of the car systems via usb keyboard?
I'm thinking the USB controller isn't initialized until the OS is booted (and driver is loaded by said OS) so trying a USB device to intercept the boot sequence is going to get nowhere.
Although, I'm intrigued by the SD cards in the thing. I've said the #1 thing I want to do is get an image of the OS.
I wonder if a lot of the "tweaks" they can do via pc software is stuff that Tesla lets you do right in the GUI on the touchscreen...
chickensevil
Active Member
Does it really fully ever reboot though? I mean the main computers never REALLY turn off, they just go into deeper and deeper hibernation states right? So it might be impossible to intercept the reboot process if you aren't actually catching the beginning parts.
What you see as a reboot could be the OS itself restarting but it might not be the underlying hypervisor (or whatever they are using) that you see do the reboot.
I could be wrong but it just seems like the car is controlled by something that is always running because of a couple observations.
1) if your battery ever fully and totally dies and the car actually fully shuts down you can't turn it on unless you take it back to Tesla (has happened to a couple people)
2) when you reboot either or both screens while the car is in motion you still have full control over the vehicle. Everything works minus audio and the video screens (like your blinkers still work you just don't hear the audio for them)
I realize from the way the car is set up there is basically 60 some separate processors in the car and what we have gleemed from the CAN the two screens are just two of those systems. But it could be that either they are not the mastermind behind the system or we are locked out of things from a loader that controls the system before you get into the main OS.
Just a thought, could be wrong. I just picture this like how they setup game consoles where there is one or two things that load before you ever load the main OS and interrupting those processes are nigh impossible from the bootup sequence.
I think the best path forward is finding an exploit in either the browser (so you can visit a malicious page to take over the system... I would be very terrified if someone found an exploit if this nature and would actually hope it to be reported immediately for all of our safety) or in the software that plays your music (give it a "bad" music file that then takes over the system). Those are likely to be the best forms of exploitation.
Johan
Ex got M3 in the divorce, waiting for EU Model Y!
Chicken: I think the reason the browser is so rudimentary is just that: the fancier it gets the more open it becomes to exploitation.
chickensevil
Active Member
Is it really rudimentary? Seems to me like they just went in and stripped out any feature that would enable video. The browser is otherwise HTML5 compliant... which means it has at least been keeping up with the latest coding standards, right?
Even MS Paint which has not really changed since like Windows 95 has tons of flaws in its code. Paint used to be the program of choice to use to demonstrate fuzzing during Hack Cons... that is, until MS begged them to stop using it because people kept finding tons of flaws in it. I would think that if you could get your hands on the program itself that you could fuzz it until you bruteforced a buffer overflow of some sort and found yourself a decent exploit. I think the key is getting your hands on the linux version of their browser.
I would think the best path would be getting your hands on a scrap console so you could fire it up and pull off the code from it's internal storage. Then you could proceed to RE the code to find a way to get admin rights and modify the code. Unfortunately that is a rather pricy prospect.
Johan
Ex got M3 in the divorce, waiting for EU Model Y!
Perhaps not rudimentary, but at least it's obvious they have more or less written it from scratch and it's not as refined and responsive as I would have expected if they had taken for example Mozilla or Chrome and ported it to their OS.
I agree it would be most interesting to get a hold of the source code for the browser as well as the whole OS. Likely it would be enough to physically get your hands on the harddrive/SSD/SD cards that are behind/within the console/center screen. Perhaps one that is smashed up would be sold quite cheaply (the storage media can probably survive more than the screen it self).
HankLloydRight
No Roads
Concerning the browser, in my own Tesla web app (LogMySc.com), I'm using jQuery to hide/show a div.. that part works, but the screen won't scroll down when the hidden div opens. No problem, I can use javascript for that too (scroll the page down). The page does scroll down when I tell it to scroll, but the screen does not update itself when the scroll happens. So it's now inconsistent -- what's displayed on the screen is the top part of the page, but what's actually there (but hidden) is the bottom part of the page, and the touchscreen will respond to what it thinks it's showing (the bottom), but to the user, only the top shows. That is, until the user tries to scroll the page manually, then the bottom "snaps" into view, as it should have done initially (when the div is unhidden). This is really basic stuff. I've tried three different methods to scroll the page down when the div opens, but I cant' get it to work to refresh the screen viewport (i.e. not reload the entire page).
W.Petefish
Active Member
ccdisce
EBISU like
You may be able to add a 4 port enet sw in series with the enet signal to one of the 3 ecu to give you 2 extra enet ports that cannot be turned off.
Similar threads
