whitex
Well-Known Member
eMMC standard does support password lock (CMD42), which would prevent anyone reading the chip using a reader unless you have the password. Tesla could implement this, making is much harder to root and clone emmc (you might be able to still read it if you allow the MCU to unlock the device, then somehow switch the emmc bus to your reader without resetting the emmc chip, but that adds a whole new level of difficulty over just placing the emmc in the reader). That was the very first thing I was thinking Tesla did in response to the story about personal information leaks (nothing motivates Tesla's rapid and stealth code deployments like media attention), deploy an update which would create a random password, store in the non-emmc storage, and lock the emmc chip so that password is required to read or write it. But I'm sure they would roll the version for it, so in this case, with the old firmware, it's unlikely to be the case. It's more likely the chip is damaged, or some other issue with the EasyJTAG setup (bad pin contact on the socket, incompatible firmware or configuration, etc).I hope they are not implementing encryption. 2019.40 is pretty old, we've recovered plenty from that version. Never been prompted for a password for any MCU1 chip yet.
Encryption usually does not result in additional writes as flash is already written in large enough blocks Also, unless they encrypt (or evenAlso encrypting most older chips would probably kill them with all the additional writes.
just authenticate via password) at the interface layer (i.e. secure the eMMC communications), you would still be able to read the chip and clone it. The other types of encryption are: chip level (all sectors, you cannot even see partitions, but can dd the whole chip), file system or partition level (you see partitions cannot mount or list them), or file level (you can see the file, but it's full of "garbage").
If Tesla were to implement password lock, it would make it harder to read chips from used devices, but even harder or impossible to clone them (even if you extract the image, the new chip would have to be programmed with the same password which you don't know - you'd have to go hunting for that password in the other flash chips in the MCU - a whole new level of reverse engineering). Password lock would not add any wear to the emmc chip either.
Last edited: