-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
FlatSix911
Porsche 918 Hybrid
I'd rather the mods carve out the beer/piracy discussion--that was interesting, we already have several existing threads on the Linux licensing/distro/disclosure which.
JER
Member
In general, this is actually not true.
As has been discussed at some length here already, it is normally safe to assume original data cannot be reconstructed from a hash. This was an exception only because wk forgot that short secrets - ones a few characters long - need to be salted with another, longer secret before hashing can be considered obfuscation.
Had wk done the job correctly, the leak would be no more "foreseeable" than reconstructing an entire person from an image of their fingerprint.
Really, can we not chalk this up as an uncharacteristic mistake and give the guy a break?
gizmoboy
Member
Exactly how common do you think Linux admins are in the world? You don't consider the phrase I pulled out above to be highly technical? I do, but if your definition differs from mine, then I can certainly respect that. I suspect the vast majority of Tesla owners (let alone the world population) would think it is also. But again, that's just my opinion.
A lot of highly technical things seem simple to expert practitioners, but that's discounting the years and years of background and skills they've acquired to reach their current mastery.
Last edited:
JER
Member
I thought that was explicit: Your claim of "foreseeable consequence" is one specific point on which you are not giving wk fair treatment, for the reason I stated.
Your fair and charitable stance on the other points is (already) noted and welcome.
Yes, especially the beer one. I missed that, and it's getting late. I'll have to look for it later!
PS--
Please carve me out with the beer one so i can find it! :biggrin:
So much I'd like to say, yet it's pointless to do so.
I will point out that the Linux redistribution question isn't as cut and dried as it is made out to be. There's never a shortage of opportunist lawyers who would take advantage of a "poor Linux developer has no dinner because of a big bad corporation" story. Yet, the lawsuits threatened time and time again on this forum never seem to make it to a docket, and I don't see Tesla hosting Ubuntu distribution source code on an FTP server yet. Some code previously in the Linux kernel was written by me (although I thank God I no longer have to deal with the particular reason that code was in the kernel.)
As for the rest of it, well, my thanks to all who help to expand the knowledge on the beautiful machines that I drive every day. As I took my neighbor (a test pilot for Boeing) on a test drive this afternoon with his wife and daughter, I got to hear the giggles of pure bliss from a P90DL launch and realized just how much this technology is changing the world. Don't assume nefarious intent on the part of either Jason or Tesla, and you'll be a happier person all-around.
I will point out that the Linux redistribution question isn't as cut and dried as it is made out to be. There's never a shortage of opportunist lawyers who would take advantage of a "poor Linux developer has no dinner because of a big bad corporation" story. Yet, the lawsuits threatened time and time again on this forum never seem to make it to a docket, and I don't see Tesla hosting Ubuntu distribution source code on an FTP server yet. Some code previously in the Linux kernel was written by me (although I thank God I no longer have to deal with the particular reason that code was in the kernel.)
As for the rest of it, well, my thanks to all who help to expand the knowledge on the beautiful machines that I drive every day. As I took my neighbor (a test pilot for Boeing) on a test drive this afternoon with his wife and daughter, I got to hear the giggles of pure bliss from a P90DL launch and realized just how much this technology is changing the world. Don't assume nefarious intent on the part of either Jason or Tesla, and you'll be a happier person all-around.
Last edited:
satoshi
Electrical Engineer
Considering that the price point of a Tesla is so high, I would actually expect that the majority of owners are people with a skillset that enables them access to a high income. Usually, high-income positions require some basic level of computer skills.
For many people this translates to the ability to type and click on the pretty pictures that get them to where they want to go on the internet. You seem capable enough to use this website, and that's magnitudes more complex than the grep command.
In Linux, the grep command is as fundamental as learning how to use google. The only reason you don't know about it is not that you are lacking technical expertise, it is just a different OS that you have yet to explore. As I linked to a tutorial on how to use grep earlier, it would be my guess you and everyone on this forum could learn grep in five minutes max.
Command line is neat in that it has the appearance of being complicated/technical because it doesn't have fancy pictures (a GUI) which psychologically is a big deal for people and thus makes it look intimidating but really it's no big deal.
The Grep equivalent in windows would be known as "Search files and folders"...
If you're trying to tell me that using "Search files and folders" is beyond your level of comprehension on a windows machine, then you should be willing to accept the notion that an unsalted SHA256 hash is "good enough" to prevent the majority of people from figuring out the secret message.
whitex
Well-Known Member
Wait! Before you rest your case. You're right, *almost* all this is trivial stuff, but your refutal is incomplete. You forgot to show us how easy it is to get root shell access on a Model S (feel free to provide examples of 6 year olds getting root shell access on their parent's Model S). Or is it not that trivial? ;-)
Believe it or not, it's not all that difficult once you know how to do it. Finding a way in initially was difficult, but beyond that *shrugs*. One day I'm sure someone will release a way in one day, and it's not going to be much more complicated than 'grep'
whitex
Well-Known Member
"once you know how to do it" is the key here. Finding out how is the non-trivial part. Btw, are you saying you can get root shell access on any MS without disassembling the car to get access to internal ports (other than service ethernet) and without knowing the unlock code? If so, it sounds like an exploit to me. I understand by the way that once you're in, you can backdoor your own car (which would likely be the one of the first things I would do if I took the time to root my car).
Keep up the good work by the way, just next time, hash the dang png file instead of a 5 character string ;-)
satoshi
Electrical Engineer
Would love to show you that, but slight issue is as a college student I don't have the financial means to get a hold of a model S, (I don't care if it's salvage or a CPO, as long as 60% of the car is functional I am confident I could get it back to working order... and part of the process to do so would require getting root).
If you're expressing interest in making a donation, I'd be more than happy to setup another gofundme/kickstarter, but otherwise you're basically faulting me for being born too late because the only thing preventing me from contributing more is lack of access to necessary resources.
From what I recall from the deathcon presentation on the matter, there used to be an ethernet connection that made it incredibly easy to do so. However a patch lead to it becoming slightly more complicated, same idea, just different location.
Last edited:
Wow, I didn't have a chance to check in at all over the weekend. This would be a very boring place if it wasn't for wk.
whitex
Well-Known Member
In your post you were refuting that this requires "technical expertise to reverse-engineer", now you are saying it requires research funding. So what you're saying is that getting to this information doesn't require technical expertise because you can pay someone with technical expertise to do it instead? No argument there, you just forgot to mention the money part in your original argument. :wink:
PS> Defcon stuff has been patched - that Ethernet port is blocked using VLAN configuration and even before you needed to know enough to make your own custom connector and then take the car apart to get to the SD card to get the root password. So there was still technical expertise required (or a 6 year old with enough money to pay for it of course :tongue
.
I think you're misunderstanding the way the GPL license for Linux works. There is nothing that requires a hardware maker to install Linux and some of their own software and then have to give away the hardware. If anyone makes changes to the Linux operating system, then they have to give it away. I doubt Linux has been modified in Tesla's cars, though they have added some apps and of course provided their own custom built system to run it on.
I suggest you do some reading up on legal opinions about the GPL license. I don't think it says what you may think it says.
I just started reading this thread so I don't know the current status but isn't it very well documented that Tesla responds adversely to threats?
satoshi
Electrical Engineer
No. That is not what I said at all, you're twisting my words to serve your confirmation bias.
My post simply stated "I will be glad to prove it to you, I just need to get a model S so I can do so legally. Since you're the one challenging the refutation, I think it's only natural you take equal financial responsibility in the endeavor."
You won't do this though, because leaving the situation in a state of ambiguity makes your argument seem more plausible than it really is.
---
Alternatively, let's assume I am able to find a financial means to obtain a model S on my own merit (either by negotiation elsewhere, or luck)... I would have absolutely no interest in sharing any useful information with the community because of the lack of support. You want the milk, you need to buy the cow too.
Now, there's another issue even if you do provide financial support... terms of the bug bounty program limit how much information I can legally publish publicly anyway. Then also, winning an internet argument isn't really that important to top it off. I'm most motivated by what promotes the acceleration of sustainable transportation solutions (which coincidentally is Tesla's mission statement, but I've held this statement of purpose long before Tesla was founded), and if your internet argument was found to be an ethical conflict I would drop it and accept looking like a fool any day.
Last edited:
The vector is the hardest part. Being that the car is Linux, there are only a few ways wk057 was able to get root.
1. Prior unpatched Kernal or core service exploit.
2. Some bus is leaking data.
3. Sniffing and cracking the VPN via certificate spoofing.
The grep comment makes me think its in the protocol. Warm?
I've been messing with this myself.
1. Prior unpatched Kernal or core service exploit.
2. Some bus is leaking data.
3. Sniffing and cracking the VPN via certificate spoofing.
The grep comment makes me think its in the protocol. Warm?
I've been messing with this myself.
Similar threads
