islandbayy
Active Member
Quite possibly, the firmware update updates the batteries BMS firmware directly, and it has a code built into it for no downgrades.
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Wiki Sudden Loss Of Range With 2019.16.x Software
- Thread starter Dutchmeeuw
- Start date
glhs272
Unnamed plug faced villian
I was asking the folks at electrified garage if rooting would allow us to walk back the firmware to "pre-capped" condition. They provide a rooting service. Their answer is no. Once you have installed the firmware, there is no un-do.
The way I see it, for those of us who are already on 2019.xxx, the best we can hope for is a future update to lift or soften these caps... or new batteries.... or the insurance company claiming the car as a total loss...because some individual in frustration decided to pour gasoline over the car and light the match...
It doesn't really make sense though. Once you have ROOT access you can literally do whatever you want to do. That's the definition of having ROOT access.
glhs272
Unnamed plug faced villian
That's not how I understand it...
Root access gives you complete admin privileges to your car. Access to menus and functions normally restricted to the end user. Ability to change the configuration file on the car. It does not give you access to software. You would need some kind of "Tesla Toolbox" type software to reprogram the modules on the car and root does not provide that...
That doesn't preclude the true hacker from developing a program that can force changes/updates to the modules on the car. Just that root in of itself doesn't give you that. But you would need root to even think of deploying software other than what Tesla already has as updates. I recall Jason Hughes finding a way to replace the firmware on a drive unit for instance, tricking it to thinking it was a performance drive unit. I suspect that's not a trivial process for doing across all the modules on the car.
Last edited:
Another possibility is the car changes its configuration and the limitation isn't in the battery. Someone here earlier had a capped car's battery replaced and the replacement was capped too, until Tesla went in and uncapped it. To me that says the cap enforcer doesn't live in the battery.
I would love to see the "trigger" criteria that the code is looking for to cause the capping. I think we all need to know this information because the capping was implemented as a direct response to parked car fires and I haven't parked indoors for 6 months. Was my battery flagged because it may catch fire?
At a bare minimum knowing what the software is looking for when it caps someone's car might help everyone else avoid being capped. Tesla won't even tell us how to avoid being "volunteered" for this artificially limited test group, but the info is in our car's software somewhere.
A firmware update does more than just update the MCU, there are something like a dozen Body Control Muffins for different parts of the car that get updated as well.
islandbayy
Active Member
He had a rear drive unit car, P85. To get more power to it, he tricked the car into thinking it was a Dual Motor car, thus sending enough power for two drive units into the single performance rear-drive unit. Brilliant!
islandbayy
Active Member
Unfortunately, My Body Control Muffins assisted in weight gain.
And on top of that each individual module could enforce code-signing and anti-rollback features.
When firmware gets updated, unless it's a major release, you typically do not update the entire SW image, you just patch (change) parts of the software image you want to update--this makes that process faster and limits the wear and tear on the memory. TeslaOS version X is really made up of a collection of individual modules. When you download and install software version X.1 your are really only replacing specific modules or changing config data (i.e. VPN keys or a new regen limit). An update to version X.2 may make changes to other modules. Reverting back to X.1 does not undo the changes made by X.2, instead, you would need a patch that specifically undoes the changes made by X.2. In our case, if X.2 changed made a change to the BMS, re-applying X.1 would not undo those changes, you would need a patch to specifically undo the BMS changes.
Root access is helpful in that it gives you the privileges to apply software patches, but developing the patches is no small task if you don't have access to the source code. I have seen folks change existing config parameters and the like in the firmware (like Jason was able to load in the color code for yellow for his wife's car) or unlock features already there but I have not seen anyone successfully change logic/flow/execution of the code itself.
Beyond this non-inconsequential hurdle, each code module is signed with a cryptographic key. That means if a software module is not signed properly, the system will not load/run it, so, even if you could hack the BMS module, and you could force an install with your root privileges, the system will still not accept the new code without the right signing. BTW, in general, this is a very good thing as it stops hackers from loading malicious code into your car.
DJRas
Member
I remember seeing a post from Jason somewhere that he was able to reverse the capping on a pack through root access by writing an invalid bit of data into the BMS and forcing the BMS to reformat the data and rebuild the battery to initial state.
I don't know if that stuck or caused another failure later.
JRP3
Hyperactive Member
It's possible I'm confusing it with other BMS's I've read up on but that's how I thought he explained it.
Rooting is like factory reset. When you factory reset a device, like a phone or a router, you go back to a status when the original firmware was burn in.
There is no way to skin back layer by layer, go back to a specific release , unless you have and install image copies of all releases up to the release you dont want.
There is no way to skin back layer by layer, go back to a specific release , unless you have and install image copies of all releases up to the release you dont want.
lightningltd
Member
Looks like another battery bit the dust:
Maximum battery charge level reduced
What do we have to do to make the list?
Maximum battery charge level reduced
What do we have to do to make the list?
Looks like another battery bit the dust:
Maximum battery charge level reduced
What do we have to do to make the list?
Yeah, I think that is up to 9 owners reporting failed batteries with that firmware. Wonder what the fleetwide rate is. Most of them seem to be Classic owners.
Ferrycraigs
Member
To apply a little bit of perspective, the global sales of Classic MS between 2014 and Q1 2016 (I think the Facelift came in Q2) is just short of 100,000. So whilst 9 cars is not a reliable number, even if it were increased tenfold, I don’t think significant, statistically.
Similar threads
