Thứ Ba, 3 tháng 1, 2017

My adventures in gaining control of my car part 1

  • Aug 7, 2016
    green1
    Ok, so I'm not content to let Tesla dictate what I can and can not do with my own property. They are not a regulatory body, and they also have no contract with me saying that they have control over my property.

    Many people have told me to shut up and bow down to the Tesla overlords, and how dare I question anything they ever do. This thread is not for those people. If you are one of those people, do us all a favour, stop reading now, and go elsewhere. I don't want your replies, and I will not engage you in this thread.

    This thread is for those who believe they should have the right to tinker with their cars, just like every single other car ever built.

    Several people have got root access to their cars, but none so far have been willing to give back to the community and help others do the same. In any other enthusiast forum this would be unheard of, but it seems to be the norm around here. I intend to change this. I won't be posting enough detail for people with no knowledge of electronics or computers to hack their car, but I will be posting enough for anyone "skilled in the art" to follow in my footsteps.

    I don't know if I'll succeed, but I will try, and I welcome anyone with helpful and constructive input to post their insights. I also welcome anyone with an interest in this, and an intermediate knowledge of electronics, linux, and computer networking to come along for the ride.

    My next post in this thread will explain what I know so far, and where I will start. Then we'll go from there.
  • Aug 7, 2016
    Ashkenaz
    Why not skip the intro and show us what you got?
  • Aug 7, 2016
    green1
    In the last post I gave some background on what I'm doing and why. So now let's dive in.

    First goal: Developer mode access
    Why: This will allow tweaking certain settings that I firmly believe always should have been public in the first place.

    How: well I only have part of this so far...

    Step 1: physical access (pretty easy)
    To start with I need to wire in physical access, Although Tesla techs connect to an ethernet port under the centre screen, that won't be an option for me as that's firewalled off unless Tesla gives you permission to use it. So my plan is to access the cable between the touch screen and the instrument cluster. This is an ethernet cable, with proprietary ends. There's great information on the physical side of it at su - tesla (they claim to be a how-to document, but it isn't as it only shows the physical side, the software side is pure hand waving)

    Step 2: network access (this is the hard step)
    I know that from the last step (physical access) you can force the car in to "factory mode" I'm currently uncertain on how exactly to do that. In information that was since redacted from the su-tesla.space site it says that he used a custom REST command to do it. I also have information from a slide show presented at a hacking conference that gives come specific codes for certain commands including power off, stopping the 12v system, requests for lights, and interestingly enough, factory mode. After getting physical access my next step will be to use a packet sniffer to see what format data is sent in and see if I can work with that to generate the appropriate request from my own computer on the network.

    Step 3: software access (dead simple)
    From all reports, this part is easy, once in factory mode, I should be able to simply press and hold the "T" at the top of the screen to get to developer mode.

    Ok, that's it for now, the next challenge is finding the time to get through step 1 so I can start work on step 2.
  • Aug 7, 2016
    malcolm
    Okaaaay.

    Just remember that Tesla don't have the monopoly on hubris.
  • Aug 7, 2016
    Jason S
    From what I recall, the root mode exploit was patched previous to 7.0.

    But once you have root, you can ipsec the system to essentially firewall the whole thing. And change the passwords & access rights to existing logins.

    Still seems like folly, but it'll be educational for you so have fun!

    Oh, and when you want the latest autopilot you'll need to undo the whole thing so keep a copy of the old passwords file.
  • Aug 7, 2016
    TexasEV
    Tesla makes and sells cars for sustainable transportation. They're not intended as toys for hobbyists.
  • Aug 7, 2016
    theslimshadyist
  • Aug 7, 2016
    kort677
    while I don't share the OP's views and enthusiasm for hacking the car, it is his car and if he cares to tinker and mod it, it shouldn't be anyone's call but his own to do it.
  • Aug 7, 2016
    msnow
    Except the other people on the road.
  • Aug 7, 2016
    maratd
    I suppose you're against people working on their breaks and changing their oil too? I would think those are far more immediate hazards than rooting your car, which has zero impact on the vehicle other than giving you the ability to modify it, should you choose to.
  • Aug 7, 2016
    msnow
    Maybe your misspelling of the word "brakes" was a Freudian slip but I don't know how you can equate changing oil to disabling nags or modifying the logic of AP or any number of the thousands of settings that could impact safety. That's just ridiculous.
  • Aug 7, 2016
    maratd
    Nobody in this thread is talking about modifying the car? They're talking about gaining access to it. Modifying the car and in what way is a different conversation.

    And while you're changing the oil, you can cut something by accident, etc. Isn't that the insinuation? That you have all these computer illiterates who magically hack the car and then break something, making it dangerous? That's equally silly. You need a certain level of competence for both.
  • Aug 7, 2016
    S4WRXTTCS
    What really makes a Tesla so much more special than other cars on the road as it exists right now?

    Why is it okay to modify/hack a Jeep, but not a Tesla?
    Why is it okay to fully OWN a Jeep, but not a Tesla?

    Is the Tesla autonomous? No
    Is the Jeep autonomous? No

    Does the Jeep and the Tesla both have driving aids that if messed with could impact safety? Yes.

    Is it theoretically possible to remotely exploit a Jeep to run it off the road? Yes, it's been demonstratred
    Is it theoretically possible to remotely exploit a Tesla to run it off the road? Possibly.

    The difference is really a mindset on how people view the vehicle.

    People view a Jeep from an old school perspective. Heck I'm so old school with my view of Jeep that I think all the new techno wiz bang crap a Jeep has is silly. What is all that crap even doing on a Jeep?

    People view Tesla as a computer on the wheel, and the very thought of someone hacking it sends shivers through their spine.

    We absolutely know why the few people that have root access haven't told anyone. They haven't told anyone because the Tesla is a connected car. The second you say anything you're in jeopardy of being put on a black list.

    There also isn't really that much demand yet. It's my understanding ingineer sold his Tesla promising to give the buyer root access where he was hoping it was worth more because of that. To my knowledge he never really got that much more for it. As it stands now it doesn't give you a whole lot of control. Sure you can turn off nags, and can change color/representation pic of the toy car. But, lots of things are sectioned off where you don't have access. The coolest part is likely the ability to load a firmware version of your choosing.

    There will be demand later though as people realize they have a worthless paper weight because of something really silly, but they don't have the funds to pay Tesla for an easy fix. To fix the Tesla you really have to have the ability to load firmware onto it. You also need to know how to diagnose things.

    It also effects the resale value of the car because what good is a used car if you can't easily have it fixed.

    What I want to see is for people to completely change the entire codebase to something else that opens. Where it's equivalent to the open router type stuff.
  • Aug 7, 2016
    msnow
    You said "rooting your car, which has zero impact on the vehicle other than giving you the ability to modify it, should you choose to." Now you're saying "modifying the car is a different conversation..." but you made it part of this conversation and I'm saying that without proper knowledge of what you're doing that could be dangerous. I'd be okay with read only access if that's what you are really asking for.
  • Aug 7, 2016
    Jason S
    Actually somebody did root it and very publicly (twitter) revealed that files existed in the firmware for P100D cars. Much drama ensued, but he isn't blacklisted AFAIK. That person says he doesn't like the new forum software so isn't posting much here anymore, but it was on here. I'm pretty sure he is in the top 5 of people reporting bugs & exploits to Tesla as well.
  • Aug 7, 2016
    maratd
    I don't think it's that difficult to grasp that rooting the car and modifying the car are two different topics. Yes, the purpose of rooting the car is to eventually modify it, but those are still different conversations.

    And they're different conversations because maybe you just want to change the picture of your car, like some guy just recently did, which is just a matter of swapping out a PNG somewhere ... or maybe you want to disable the nags ... or maybe you want to enable video playing in the browser ... or maybe you want to go from 60D to 75D for free? Maybe you want to write your own AP software and try it out? All different conversations.
  • Aug 7, 2016
    PtG62901
    I'm not sure I feel much worse about his hacking a Tesla, then I feel about someone driving on the cell phone. He could crash in his own driveway, or his car will not start, worst case he kills a bicyclist. No different then someone texting. As long as he doesn't sue because he made a mistake, what should we care? If he can't crack Tesla's security, or he voids his warrantee, he owns it.

    I think I agree with OP. If you are talking on the phone, texting or internet surfing in the car, imho you are a bigger threat to others then he is.

    In the grand tradition of hacking products, hack on dude.
  • Aug 7, 2016
    Doug_G
  • Aug 7, 2016
    msnow
    It wasn't my post but it didn't seem snippy at all to me *shrugs*
  • Aug 7, 2016
    ecarfan
    I can understand that point of view, while not agreeing with it. Cars use public roads and making code modifications in a firmware driven internet connected vehicle can potentially put other people at risk.
    It is much more dependent on the firmware than other cars and it is connected to the Internet. It really is different.
    That would be a potential disaster in the making.
  • Aug 7, 2016
    ABCCBA
    Thank you @msnow.
  • Aug 7, 2016
    S4WRXTTCS
    What I meant was they haven't told anyone how do it. At least in three cases they've publicly released information they've gleamed or proof of their exploit.

    At least in one case the individual can't publish anything because Tesla has a bug bounty, and through the bug bounty they encourage people to find exploits. Of course to cash in bug bounty they aren't allowed to say anything.
  • Aug 7, 2016
    S4WRXTTCS
    In the end the question is whether it's worth the trade off?

    Losing the right to repair is a HUGE compromise to make. It means that for the entire life of the vehicle your forced to go through the manufacture for everything. You can't change out the infotainment system to something else. You can't upgrade any of the electric motors to anything else. You can't use someone else's battery pack. You can't buy some part off craigslist to fix your car because that part might have a different firmware version on it. Keep in mind these are just examples of what someone might run into.

    The biggest problem right now when it comes to security on internet connected cars isn't from enthusiast. It's from manufactures that have piss poor security. Like was demonstrated with the Jeep exploit when the researchers ran it off the road.

    I'm not at all worried about enthusiast. The internet connected part of the car is supposed to be well segmented off from any critical safety feature. In the Tesla as far as I can tell it is.
  • Aug 7, 2016
    S4WRXTTCS
    But, not as big of one if Sony made your car. Can you imagine not being able to use your car on christmas morning because of a bunch of hackers were mad at Sony. I can't even imagine how bad the Tesla would be if it had Sony playstation level security.
  • Aug 7, 2016
    ecarfan
    I don't know how "right to repair" came into the discussion that is occurring in this thread.

    The OP wants to be able to refuse, indefinitely if he wishes, any firmware updates that Tesla pushes to the fleet. He also wants to be able to hack his car and make whatever code modifications to the firmware he wants to.

    My position is that modern firmware-driven internet-connected cars like Tesla have become far too complex for owners to be allowed access to. Public safety overrides the owners desire to make any modifications he wants to.

    The OP obviously does not agree with my position. That is his prerogative. I hope Tesla never provides anyone outside of Tesla the information and documentation that would allow anyone to access and modify the cars firmware, at any level. Cars are not smartphones. Larger issues are involved. We have moved past the time when car "enthusiasts" could readily make modifications to drivetrains, suspensions, and other parts of their vehicles. To anyone who claims that they have the expertise to make fundamental modifications to a Tesla without compromising the safety and controls of the vehicle, I say that you are either the one in a million customer with the skills to actually do that safely, or you are fooling yourself, and I don't want you anywhere near the roads I use.
  • Aug 7, 2016
    Doug_G
    It was a personal attack, which is against the terms of service.
  • Aug 7, 2016
    S4WRXTTCS
    The right to repair goes hand in hand with any discussion regarding whether someone can own their own property.

    My position as it seems to be the case with everything related to Tesla is people are making it out to be a much bigger deal than it really is. It's really not that different than other modern cars. It's not even the only one that gets updated OTA. Although it does seem to be the only one that can do it without getting bricked. :p

    I know the ultimate goal for Tesla is to remove car ownership. With fully autonomous cars there really won't be much point in owning a car, and so the entire issue becomes rather mute. Plus with autonomous cars your position becomes way more valid. We don't really want rogue cars on the road way that won't abide by car-car communication protocols that become established.

    We're just not there yet, and we don't need to be so protective.

    All that is going on now is history is repeating itself. It's funny you mentioned cell phones since Apple did the same fear mongering as a justification for their walled garden. What did the walled garden really allow for? For them to make billions on stuff other people made. Heck they might make a few billion on Pokemon alone.
  • Aug 7, 2016
    ohmman
    Apple's argument would be that they built the highway, you pay to drive on it.

    Similar to this - Simon Property Group, the ones who own most major US malls, will charge resident businesses a portion of their profits. That's right, they will put a reasonable number to your monthly profits, and if your business exceeds that, they take a percentage. Your books are open. This probably varies by location, but it was eye-opening to me. Their argument is that they built the house, they drive the traffic, and your business benefits from their infrastructure. While you pay rent already, that's only good to your "reasonable profit" number. The rest.. well, that's all because of Simon.

    So anyway, it's not a unique proposition.
  • Aug 7, 2016
    GoTslaGo
    My wife confirmed that Simon Property Group's business practice is not unique or recent. Her family owned a small business in a small strip mall and had a similar rental proposition. Option 1, pay (reasonable) rent and percentage of profits. Option 2, pay exorbitant rent. This is in the 80s.
  • Aug 8, 2016
    S4WRXTTCS
    It's certainly not unique a unique proposition, but in terms of a profit generating machine it seemed so much more efficient than any other example I was aware of. Not a whole lot of overhead on that one. :)

    But, anyways I mentioned it because of the parallels when it came to overblown fears. It's also something that we as consumers have to be a bit weary of. Is it really sustainable to have a car that can't be repaired by anyone, but Tesla? Do we really want to support a cell phone style throw away mentality with a car?

    This entire issue extends well beyond Tesla so it should be interesting to see how it all plays out on all fronts. From automobiles to tractors.
  • Aug 8, 2016
    p-f-g
    Well, good try but apparently people can't read. Maybe you should let this moral thread going on and try to start a new one with just the technical facts...

    Courage!
  • Aug 8, 2016
    S4WRXTTCS
    There is a technical thread already. It's the hack the Model S thread started by WK057. It's probably the best thread on these forums.
  • Aug 8, 2016
    CuriousG
    The only reason I can think of for rooting would be to unlock better performance for refreshed 60D,70D, 75D and nose cone 70D. Tesla handicaps those models in performance through software.
  • Aug 8, 2016
    neroden
    Tesla is legally obliged to provide said information, since Tesla is using GPL-licensed software in their cars. Alternatively, they can pay the fines for criminal copyright infringment. They are quite likely to take the secont option at this point, given that the infringment is wilful, for-profit, and has been ongoing for three years now. The Linux copyright holders would be well within their rights to refer the case to the FBI by now, though as far as I know they haven't done so (out of politeness, I presume).
  • Aug 8, 2016
    davidc18
    Go For It! and good luck.
  • Aug 8, 2016
    S4WRXTTCS
    I'm not sure you can unlock any of the Software limited features with only root access. Tesla has known for quite awhile that some people have managed to get root access. I don't think they've bothered fixing it because of the limit of what you can do, and that it requires physical access to get to.

    It is of particular interest to the OP because having root access would allow him to turn off the road-type/speed-limit based restriction that was added to 7.1. He predicted during the release that it would function poorly, and he was correct. The other thing it would allow him to do is to turn off nags.

    For me personally I don't have much interest. I'm supportive of the right to hack, and the right to repair but I'm not particularly interested in bothering with it. I'll cheer them on and then go back to implementing object detection neural networks. Hey, everyone should have some kind of hobby. I'm not a multimillionaire so I can't exactly take a chance on bricking my car with any hacking efforts.

    If I had root access I'd use it to turn on/off the LCD and LCD backlight when I wanted to. Sure I can use a dark website, but I want the center console screen off sometimes. Where I can just touch it to turn it back on.
  • Aug 8, 2016
    tomas
    Wow, a lot of effort, time, and risk for such trivial returns... Some people have a LOT of time on their hands. I've seen more ambitious project threads like this started than finished. Will be interesting to see f it goes anywhere.

    PS turn off LCD already exists. Is access to setting that inconvenient????
  • Aug 8, 2016
    kort677
    it's his time and it isn't your call on how he expends his efforts, time and risk.
  • Aug 8, 2016
    Doug_G
    This is NOT a widely-held interpretation of GPL.

    You can write user space applications with no requirement to release the source code, because you are not extending Linux, you are writing code that runs on the operating system. Just like running Firefix on Windows doesn't make it part of Windows. It is no different whether you are running a desktop application or an embedded application.

    For an explanation of these issues see Using GPL software in embedded applications | ZDNet
  • Aug 8, 2016
    ecarfan
    I disagree. Stated that way it sounds like Tesla intend to at some point stop selling cars to individuals and for Tesla to always own all the vehicles they produce. I don't believe that is even close to accurate. For the foreseeable future (meaning this century) individuals will want to own cars for their personal use only. What Elon said in SMP Part Deux is that when fully autonomous driving is a reality and legally allowed on public roads, car owners will have the option of hiring out their cars for others to use when the owner is not using them.
    Doug, thank you for posting that point of view. I am not an expert in that field, but your position makes sense to me. After 4 years of Model S production it seems clear that no one has challenged how Tesla is using Linux in their cars, and no one is likely to. Someone might, but I think they will lose that case.
  • Aug 8, 2016
    MP3Mike
    Really? What performance is that? I thought the reason they couldn't perform as well is that they have fewer cells/less voltage and can't perform at the same level as a 85D/90D.
  • Aug 8, 2016
    PtG62901
    The ultimate goal of Tesla is to reverse global warming and save humanity. Space X is to colonize other planets, so if we destroy the Earth, humanity continues. That is why I'm buying a Model S, I don't need one, but I do want to support the foremost company that is trying to save the world, and has a reasonable shot at doing it.
  • Aug 8, 2016
    maratd
    Because Tesla broke OPs car and he wants to repair it. The backend services stopped working on his version of the firmware and the solution Tesla provided was to upgrade the firmware, which he doesn't want to do.

    So he wants to repair the firmware to work again and yes, that's a valid "right to repair" issue.

    It's actually very unprofessional on Tesla's end. The backend services should be versioned and tied to specific firmware revisions. An older firmware should never stop functioning properly.
  • Aug 8, 2016
    maratd
    Yup, this is 100% correct, but there is a caveat.

    Those who have rooted the car confirmed that the car is running on a fairly old version of the Linux kernel. The only reason to do that is if they patched the kernel. If they did that, they have to release the modifications. Those modifications would only be interesting to competitors and to those looking for exploits in the kernel. All the interesting stuff would be in the user space, as you said.
  • Aug 8, 2016
    bkp_duke
    Tesla didn't break it, Google did through a change in their API and how the maps work. Tesla, however, only will fix it through the firmware update.
  • Aug 8, 2016
    ohmman
    Certainly not the only reason. A possible reason, but far from the only one.
  • Aug 8, 2016
    Odebek
    GPL allows for commercial use. The only requirement is that any changes you would make to the open-source software you are using would have to be released as open-source as well. If they wrote an application that runs on Ubuntu, that is not the same thing as modifying Ubuntu. In the same way I don't give any license to Microsoft when I write an application that runs on windows... No one would develop software that ran on linux if what you said was the case...
  • Aug 8, 2016
    Odebek
    Because the entire system is validated, they can't deploy patches to low level components (like the kernel) without revalidating the entire system, which would be very costly. This is a more likely reason for the older version of the kernel.
  • Aug 8, 2016
    PtG62901
    I spent a lot of my life working on OS development, and you wouldn't believe how old the tech in most cars is. A newish peripheral is the GPS unit in may cars, and we know how many years behind the GPS units at Costco they are. At a minimum, the big 3 works on 3 year old tech, and often 5 years old, or more. It is sure that Tesla isn't working on this years Linux.
  • Aug 8, 2016
    apacheguy
    One thing I don't understand is how root exploits are able to survive firmware upgrades. Can someone explain this? For instance, I can jailbreak my iPhone but I won't be able to OTA upgrade it. I seems like Tesla could easily replace the password file and reset the permissions with each update to lock out the user.
  • Aug 8, 2016
    maratd
    Ok and what stopped Tesla from releasing a minor version update to the older firmware fixing the issue?

    Can you imagine something critical breaking in Windows 7 and Microsoft responded to users by telling them to install Windows 10?

    Yeah, you can pretty much kiss painless OTA updates goodbye. You would need to capture the update and update things piecemeal to make sure you don't get locked out. Anyway, it would be a huge pain. IMHO, only worth it if you enjoy this sort of thing.
  • Aug 8, 2016
    jaguar36
    Isn't that exactly what MS does when the support period ends for an OS? The only difference here is that Tesla's support period is much shorter.
  • Aug 8, 2016
    MP3Mike
    Not quite the same thing. There are a number of times that Microsoft has fixed something in Windows 7 that either breaks, or removes, a different feature in Windows 7. Which I see as exactly the same thing that is happening here. Something is broken, not necessarily that Tesla has control over, the Google API for example, and they have fixed it in the most recent version. I see no need for them to fix the same thing in an old version creating another branch for them to maintain.

    I wouldn't be surprised if he ends up getting forced to upgrade as part of a warranty issue. A door handle will fail, or maybe the DU will need replaced, and Tesla's procedures require upgrading the firmware to the current version. Is it possible to fix either of those issues without a firmware upgrade, probably, but I think Tesla has said an upgrade is the only way they do it. (I'm pretty sure that we saw someone that wanted to stay on 6.x get upgraded because of this.)
  • Aug 8, 2016
    maratd
    Microsoft clearly communicates when that is scheduled to happen. It is a minimum of 5 years. Even after that period, they put out emergency fixes to keep the OS functional and secure.

    https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

    If Tesla wants to create an end-of-life schedule for versions and clearly communicates that, then it's perfectly fine. You can plan for that. But if you don't publish something like that, the expectation is that software will continue to work as expected for the life of the car.
  • Aug 8, 2016
    jzhan
    All I want to say is: DMCA.
    Nowadays, farmers can't even alter modern John Deere tractors. Large automakers have resorted to say that ownership of the car is separate from owning the code that runs the car. Owning the car gives the owner lifetime license to use the code that's in the car, which means the owner cannot alter or copy the code in the car. OP can technically get into a lot of trouble if he really finds a way in and releases the information to the public, if Tesla chooses to pursuit.
    TL;DR: Technically owning the hardware is separate from owning the software that comes with the hardware. Be careful with making any of the information public.
  • Aug 8, 2016
    green1
    Well, exactly as I knew would happen, nobody was capable of even reading my first post in this thread. To the person who helpfully suggested I start another thread with only the technical bits, and leave this one for all the complaining and whining, I would, but I know from experience that the new "technical" thread would quickly be over-run exactly the same way.

    The ONLY possible way to make a thread on how to tweak your car without all the haters over-running it is with the help of a moderator or admin, and I don't expect that to happen.

    Now, on to my progress update:

    Today I did what I previously outlined in "step 1":
    I disassembled the dash enough to get at the ethernet connector behind the instrument cluster, and from there I extended jacks down to a more easily accessible location. I now have the ability at any time to connect a computer to either the instrument cluster or centre stack without disassembling the dash again. I didn't time myself doing it, and I was doing some other work while I was out there, but it took less time than I expected, I'd say maybe just over an hour to do enough disassembly, hook up all my new wiring, and re-assemble everything.

    I also hooked up my computer and did some quick snooping, there's tons of traffic on the network (as I expected from previous threads) and I've proven "step 1" to be a complete success.

    I also did a bit more research, and am getting close to ready to try the next step which is to send the appropriate data on the network to gain access to factory/developer mode. I'll admit that this is the step that's most outside of my comfort zone, I have a fair amount of IT experience, but "hacking" has never been my forte (despite what my high school principal had to say....)

    Stay tuned (and I apologize to those who are actually interested in following the technical parts of this thread that they'll have to wade through all the garbage, there's really nothing I can do about it)
  • Aug 8, 2016
    nico180
    i am really interested in all technical bits. please continue your talk @green1
  • Aug 8, 2016
    ABCCBA
    @green1 please share all the bits and bytes you can. I would love to know how much of the operating system is able to be modified. There are so many things I would like to change about how my Model S operates. And then, when the Model 3 comes out, I hope a lot of this will transfer to it to peak its performance to the max.
  • Aug 8, 2016
    Odebek
    We were actually hating on @maratd, but I (for one) am rooting you on.

    I think hacking it yourself is a brilliant solution, and can't wait till the next episode ::Getting a large diet coke, some popcorn and getting comfy on the couch in preparation::
  • Aug 8, 2016
    msnow
    The one person we know who could answer that question ain't talking about it.
  • Aug 8, 2016
    S4WRXTTCS
    What setting is this? I've never seen such a setting. My desire isn't to turn down the brightness (as I have it set where I want it), but to turn off/on the LCD on demand.

    But, the point I was making is some of us want specific things that aren't offered by the minimal UI interface design. Like I know some people want to turn off TACC slowing down for corners. Some Model X owners want to disable the automatic door opening on clicking the unlock on the remote.

    For what I want I'm pretty sure Tesla will eventually implement it so there is no need for me to really bother with it. But, I can certainly understand the desire and I wish the OP luck.
  • Aug 8, 2016
    tomas
    @green1 carry on. I'm sure you have never taken a thread OT or away from the intent of the OP:cool: you have been on this forum long enough to know that your post asking for no flak would attract flak!!!
  • Aug 8, 2016
    tomas
    Try screen cleaning mode
  • Aug 8, 2016
    S4WRXTTCS
    Yeah, I should have stated that differently because it's not the intention as much as the reality of where things are headed. Tesla knows this and they've positioned themselves as an Energy company. Especially with the planned merger with SolarCity. I didn't see that many people take the whole hiring out their cars very seriously. That really won't make sense when there will be fleet companies that have that market covered.

    In that future the fleet companies (like Uber) will have a lot of clout in pushing the manufacture (Tesla, or otherwise) for control of the cars they purchase.

    But, we're a long ways away from that. In the mean time we as individual consumers need to push for control of the cars we buy.
  • Aug 8, 2016
    roblab
    Yeah, like when I owned my Prius I wanted control of the CVT. And the radio didn't play 8 track tapes. And the brake lights didn't go on when I took my foot off the gas. And Toyota didn't give a care, either.
  • Aug 8, 2016
    S4WRXTTCS
    I'm going to feel really stupid if this does what I want.

    But, until I test it my understanding/memory of this mode is it simply locks the touch screen and doesn't turn off the screen. I already use a blank website to show a dark image.

    If it's not completely off/dark it's not really what I want.
  • Aug 8, 2016
    tomas
    It turns it off.
  • Aug 8, 2016
    S4WRXTTCS
  • Aug 8, 2016
    jeffro01
    The lengths people will go to when they feel "wronged" by something, someone, some-anything...

    Every owner out there is potentially affected by a thread like this, every single one of us. That's why Jason, and others, haven't been willing to release their exploits and actively work with Tesla to address them. This isn't your hobby computer you're attempting to hack, it's an object that people depend on to transport them safely from point A to point B. If you want to be so cavalier with such things please keep in mind that you're not the only person potentially affected by it.

    I'll keep the rest of my thoughts to myself on this one but safe to say, I vehemently disagree with what you are doing.

    Jeff
  • Aug 8, 2016
    msnow
  • Aug 8, 2016
    Doug_G
    No, the reason is that new kernel versions break driver interfaces, especially if you are using third party provided drivers (e.g. Nvidia). As a result most companies doing embedded systems freeze on a particular kernel version for a product and never change it.
  • Aug 8, 2016
    S4WRXTTCS
    It doesn't because it doesn't turn off the LCD backlight or the LCD. This mode also leaves a UI interface on the screen to give the user a way to exit this mode.

    What I want is a way to turn off the LCD completely (total blackness) where all I have to do is touch the LCD to turn it back on. To be honest the Center console screen doesn't really give me much information anyways unless I'm specifically looking for it (like waze, or what song is playing, etc).

    At night I'd rather have it off the majority of the time.
  • Aug 8, 2016
    S4WRXTTCS
    To me it all boils down to whether it's a remote exploit.

    If I found a remote exploit I would feel OBLIGATED to let Tesla know, and I wouldn't release any information until they had ample time to fix it.

    If I found a non-remote exploit I wouldn't share it with anyone (including Tesla) out of fear that Tesla would take it away, and I would lose whatever I was using it for. I'm not concerned about non-remote exploits because of how the Tesla computers/electronics are implemented.

    Regardless of the type of exploit, Tesla has a bug bounty to help encourage people to tell them about it first. This is what Jason took advantage of. Tesla paid him for what he found. If he revealed any information he would break the agreement.
  • Aug 8, 2016
    msnow
    You're right except for the "never" comment. Most have a longish upgrade path for bugs and security vulnerabilities among other things. Banks running embedded OS's on ATM's, for example, operate like that.
  • Aug 8, 2016
    S4WRXTTCS
    Umm.. Jason himself likes what the OP is doing. So I don't think you can use him as an example. :p

    In fact as far as I know the 2-3 people (or so) with root access are largely on the side of the right to own, and the right to repair. Am I mistaken?

    What I find even more funny is we have these 2-3 people to thank for saving us from wasting a huge amount of time on talking about theories that aren't valid (like every time people say an update changed AP behavior). Or solving the mystery regarding updates suddenly appearing when you're near a service center.

    So why are we going after someone else that wants to allow more people to the same kind of access that allowed those 2-3 people to know what they know?

    I can understand things that are very real dangers, but a lot of this just smells like fear mongering.
  • Aug 8, 2016
    msnow
    Why is that ironic? Both Jason and Green1 have always agreed on this.
  • Aug 8, 2016
    S4WRXTTCS
    I meant that I felt it was odd that he would bring up Jason as an example when Jason himself liked what Green1 was doing.
  • Aug 8, 2016
    msnow
    Oh okay I understand now.
  • Aug 8, 2016
    CuriousG
    While it wouldn't be the same performance, it would be better performance.

    Pack Swap on 70D to 90kWh HP?

    Keep in mind this was with a true 70 pack, the refreshed Teslas have 75 pack even if they are software limited 60.
  • Aug 8, 2016
    JohnSnowNW
    Have you tried black construction paper and velcro? I mean this seriously. Just using the velcro stickies and some sort of black material that you can remove when you want to use the screen?
  • Aug 8, 2016
    green1
    There's more than one who can answer that one, as there are several people with root (not just one)

    But it is in fact easy to answer, the answer is "it depends", yes, Tesla certainly can replace password files and replace permissions, however that doesn't mean they have to. Also if you have root, you can equally tell the system not to apply those parts of an update (assuming you know how) or have the system automatically re-do your changes afterwards.
    Additionally, the rooting process can often be repeated on the new firmware if the specific exploit used was not patched. And this here leads to the controversy...

    Many people who have rooted the car don't want anyone talking about how to do it for fear that Tesla will learn their exploit and patch it in the next release, effectively locking them out. This is contrary to Elon's stated position on the matter, but actions speak louder than words, and Tesla's past actions indicate they would likely do exactly this.

    That said, I personally believe that hacking should be done for the greater good, and not just for personal gain. I could have followed the example of all the others before me and not talked about it, and just tried to do it, but that, to me, feels a bit selfish. I'd rather give back to the community and help others who feel as frustrated as me to do something about it.

    I'm taking a big risk by talking about it, and I'm sure I'm not making many friends here (between the "you should never do anything Tesla didn't ordain" crowd, Tesla themselves, and the community of already rooted users, a lot of people won't be happy)

    That said, as I mentioned right at the start, this will not be a "how-to" guide for the novice user. But I do hope that I can provide enough information to let others who have a bit of knowledge in the right areas figure it out for themselves. (Assuming of course that *I* can figure it out for myself, and that is far from a guarantee) My hope is that this is considered an adequate compromise by the community and Tesla as it will not lead to a flood of people who don't know what they're doing rooting their cars, while still allowing the occasional techie to do so.

    I've had several people reach out to me privately since I started this thread. I have assured all of them that I will not post anything they tell me privately in public without their express consent, even if I disagree with their reluctance to share information publicly. That said, those that are ahead of me on the process have so far shared nothing with me, only asked for mutual cooperation in the future and that I stop posting details publicly. While I am open to mutual cooperation (even if it means I can't share that information publicly) The lack of useful information at this stage of my journey does not encourage a wish to provide information back to them in the future.

    Anyway, rant over, and hopefully tomorrow I'll be able to find a bit of time to continue my journey.
  • Aug 8, 2016
    S4WRXTTCS
    If I was really desperate I'd hook up a power switch to the backlight power. But, this is all getting beside the point. The main point was there was a lot of customization that an owner might want to do.
  • Aug 8, 2016
    S4WRXTTCS
    Things that don't impact the safety element of the car at all.
  • Aug 8, 2016
    msnow
    When you say "this is not Elon's stated position" what statement are you referring to? The only comments I recall on this topic was a) he had nothing to do with what happened to Jason and b) words to the effect that he respected hackers.
  • Aug 8, 2016
    green1
    I'm paraphrasing, but he said that hacking for good was a positive thing.

    If it's positive, then it shouldn't be actively blocked.
  • Aug 8, 2016
    msnow
    Yeah, I don't think he said it exactly like that maybe more like he thought hackers were geniuses but he was definately complimenting him as you say. But I wouldn't take that to mean he thinks it's okay to hack these cars. He pays serious money to try and prevent that but likely focus is on remote attacks.
  • Aug 8, 2016
    green1
    Remote attacks are a real security threat and should be stopped. There is no situation in which you would want a remotely exploitable vulnerability left un-patched.

    Any "attack" that requires gaining physical access, taking apart half the dashboard, and doing custom wiring before you can even start, is not. Stopping this form of "attack" will not prevent a single malicious hacker as with the same level of access there is much worse that you can do with far less effort. Working to stop this level of "hack" is purely working against the company's paying customers. In the long run it never pays to treat your customers as criminals.
  • Aug 8, 2016
    ohmman
    Clearly you've never met rogue hacker valets.
  • Aug 8, 2016
    green1
    I'm suspecting you jest, however on the chance that you are serious, if they have that much access to the car, they can steal it, they can cut the brake lines, they can drain the coolant, they can short the battery, they can burn the car to the ground, they can loosen the lug nuts, they can do all sorts of things depending on what result they want. going as far as is required for this exploit is so far past unlikely in comparison to any of that stuff that it really isn't worth considering. The only people likely to actually do this are those who own the car, and have a high level of technical knowledge already. Fighting them is both a) a losing battle as "possession is 9/10ths" and b) likely to alienate more customers than it attracts.
  • Aug 8, 2016
    msnow
    I think we just have to agree to disagree on that. I believe there's a lot of liability issues if people that don't know what they're doing make changes that could impact safety.
  • Aug 8, 2016
    ohmman
    You're correct. My job in these threads is to take all sides seriously, and to lighten things up a bit. I'm rarely successful, as you've just proven. But I can sleep knowing I tried my meager best.
  • Aug 8, 2016
    green1
    I said I wouldn't engage in this sort of thing in this thread, so this will be my last post on this.

    We allow people to rotate their own tires, replace their own brakes, re-do their power steering, and for that matter, replace ANY (and even in some cases EVERY) part on their vehicles, we do zero quality control on any of that work, and allow these vehicles on public roadways without a second thought. There are millions of cars on the road that have had work done by people who don't necessarily know what they're doing, and all of those things could (and in fact DO) affect safety. Nobody on here has even once suggested that we should stop allowing people to do this.

    Meanwhile, Tesla has built their car so well, that even with root access to the centre stack, you still can't actually cause the car to do anything more dangerous than shut down the screens and accelerator at speed, this would have to be actively malicious (not passively incompetent) and would still leave the driver with full control of brakes and steering to bring the vehicle to a safe stop.

    This means that the worst possible safety case of rooting the Tesla centre stack is far safer than a single botched brake job. Yet people are rallying against the former, while refusing to denounce the latter despite estimates that approximately 10% of collisions are caused by improper maintenance, and so far there have been zero collisions or safety incidents of any form attributed to hacking a Tesla. For that matter, even in vehicles with known, remotely exploitable vulnerabilities like Jeeps, there have still been no injuries or deaths reported from hacking.

    Maybe people just don't understand software and are scared of it, but there's nothing special about software, vs hardware, they're just 2 different ways of accomplishing the same thing.

    Again, I said I won't engage with people in this thread who want me to stop my attempts, I only replied originally to clarify a point I had made and which was being questioned. I will not reply further to this part of the discussion in this thread.
  • Aug 9, 2016
    cronosx
    Or.. you could use the onboard system as a medium to gain access to other, like the cellphone and fetch data from it or similar ( maybe on your car you have access to your e-mail? no? and in your e-mail there isn't your entire life.. no.. of course not .. ) and you can of course try to make him crash hard on something and auto-delete your hacking so no-one can know you did it ( just bang him with some sound he can't disable or something in the middle of a hard curve, changing the speed he thing he is going ) and this is only the beginning..
    If killing people without getting caught or being suspected is a thing "ok" for you, then no.. of course.. only remote is a problem..

    My point is: there is a really valid reason for not allowing someone the ability to thinker in the software and close all the door you can or at least make it really hard and time-consuming to do ( so you can't do in 1h while in a parking lot ). this isn't a cellphone, this is a car, there risk is too high
  • Aug 9, 2016
    Brunton
    By whose criteria does it function poorly? Yours? Certainly not by mine. I think it functions very well indeed, notwithstanding the fact that I wish it limited to ten instead of five MPH over the limit when encountering highway speedlimits (55 and up).

    This seems like a very contrived argument, to say the least. The case could more easily be made that the OP broke his own car by not accepting the Tesla updates that are designed to keep the car functioning safely and properly, in no small part by ensuring it remains compatible with the already-mentioned changes to outside interfaces.

    Putting forth such an arrogant, condescending tone as this in your posts (including the one that started this thread) essentially guarantees that you'll get all sorts of flak. I'm a bit surprised that you're not getting more personal attacks than you are - perhaps enough to trigger the moderators to lock the thread completely. I hope that doesn't happen, though - I'm getting a bit of a kick out of this! Good luck with your endeavor, and please don't ever be on any road anywhere near me.

    Now here's another perspective on this whole "hack the car" thing:

    Breaking into the car's OS and changing ANYTHING will likely put the person who does that into one hell of a bad liability position if they ever get into a wreck. Any halfway decent attorney would be able to make the argument that, by changing anything in the software of such a highly integrated platform, the person who made the change may have caused the software to malfunction in some way that caused the crash, or made the crash possible. They don't have to PROVE the malfunction; they just have to convince a jury that it's possible (and juries, as we all know, are not chosen for their problem solving skills or technical acumen). Insurance companies may use that same sort of argument to refuse to pay (we also all know that insurance companies never do that). And finally, if Tesla knows of a hack and does not try to block it, they may be held negligently culpable for just letting it be done. So from a liability perspective, Tesla may be forced to try to intervene against someone hacking their car.

    Far fetched? Sure. But take a look at what killed general aviation in the 1970's before you claim that too loudly.
  • Aug 9, 2016
    jaguar36
    Seems to me this is exactly what's going on here. I'm sure if the internet had existed back when cars first became popular all sorts of folks who go off on home mechanics working on their cars.

    Very few people understand the software architecture on this, or any other car and that makes them scared. Nobody would claim that by changing your windshield wipers or putting a sticker on the back of your car you could make it less safe, but that's exactly what folks here seem to be claiming about changing the software on the car.
  • Aug 9, 2016
    Doug_G
    I used the qualifier "most", which would cover exceptions like that. Most embedded products never have their kernels updated after release. Obviously security concerns for bank ATMs is an exception.
  • Aug 9, 2016
    cronosx
    Are you sure YOU know enought of the software architecture to make that statement?
    I'm a software architect so i know something of this, and i think you know enought to not being afraid, but you don't know enought to be scared of the consequences of manipulating a software like this.
    I'm scared every time i push a software upgrade to a web site, and i made the software and i know every damn code line.. so you see.. you don't know enought if you aren't scared.

    Just think of someone who just wanted the alert message to be different end he break it under some circustance ( like when the autopilot disengage so he doesn't have a clue of it ).. but .. hey, he wanted only it to be more clear to read so it's ok..
  • Aug 9, 2016
    apacheguy
    To be fair folks have been modifying and tinkering with their cars for decades. IMO, this is nothing new.
  • Aug 9, 2016
    Ashkenaz
    Did you really say "drain the coolant" in post 89?

    Seriously, computers have been in cars for years, I'd dare to say the percentage of cars "hacked" might be only a small amount more on this platform than conventional ICE due to tech nature of consumer.
  • Aug 9, 2016
    msnow
    Understood but there's over a hundred years of experience, knowledge and documentation working on those cars. Tinkering in the sense of "hmmm i wonder what will happen if I change this AP value to something else" concerns me as a driver on the road with my wife and kids in the car. I'll admit that when it comes to letting people play with technology that impacts my family I am pretty risk averse.
  • Aug 9, 2016
    cronosx
    yes.. but usually it's easier to understand what an HW tinkering is going to end than a software tinkering.. but you have a good point.
    The fact is.. i would hate to see "the autopilot crashed me!" after someone thinkered and broke something
  • Aug 9, 2016
    diamond.g
    I would be curious to see if the OP can determine if Tesla feels the AP System isn't a critical safety system and left it exposed to tinkering.
  • Aug 9, 2016
    kort677
    a hundred years of computers in cars? really??
    people are going to try to improve and innovate regardless of any sort of policies from a manufacturer.
  • Aug 9, 2016
    kort677
    AP does not crash anyone's car if the driver is properly monitoring the operation of the car, IE: maintaining the ability to take control in an instant.
  • Aug 9, 2016
    mmccord
    With the existing software, sure. Not necessarily the case after you've modified the software. :)

    I'm all for rooting the cars and tinkering though. Godspeed!
  • Aug 9, 2016
    msnow
    No, not really. I didn't say hundred years of *computers* in cars. Computers haven't been around that long. Read carefully next time. There's over a hundred years of experience and knowledge with tickering with ICE cars but not Tesla's.
  • Aug 9, 2016
    msnow
    Here's another example of not understanding what was said. The poster was talking about the risk of someone who doesn't know what they're doing modifying the software.
  • Aug 9, 2016
    J1mbo
    Years ago, back in the in the ICE world, if you "chipped" a car's ECU, i.e. to improve performance or otherwise change the characteristics of the car, it was totally legal, but it was also notifiable to the insurance company.

    If chipping was detected during a service, it voided the warranty of all affected systems (rules were manufacturer specific). ECUs have tamper indicators built in, for example, a write-only "flash counter" which updates every time the ECU is updated. If the flash counter varied between services then this was evidence of tampering. Most providers of upgraded ECU software/hardware were aware of this and worked around it. In some cases this meant physically changing a chip in the ECU and remembering to change it back before a service. Hence the name "chipping".

    Insurance assessors would look for tampering in certain types of claim and if it was detected after an accident, the driver would be classed as uninsured.

    I would expect the same principle to apply to people who root their cars.

    As for the OP, I can't see this as going anywhere. The car has been subjected to pen tests by some very experienced professionals over the years, and the OP admits that hacking isn't a strong point. Of course, running 7.0 on older hardware is an advantage but as Tesla had already introduced 2-factor authentication after the first public hack, the easy path of simply plugging an ethernet cable into the CAN won't give you root any more.

    If you want to capture and decode the CAN traffic, there's a great thread on here. Search is your friend...
  • Aug 9, 2016
    kort677
    other than the method of propulsion there really isn't very much that is magical about the tesla, the AP system is only one of the first of many similar systems that will be found on cars. without people pushing boundaries, boundaries would never get pushed. stop being such a negative ludditte.
  • Aug 9, 2016
    tomas
    Hmmm. Is this Snippiness really necessary?
  • Aug 9, 2016
    apacheguy
    Rest assured they did not. It is an embedded system that is firewalled behind the gateway. Rooting a Tesla does not expose AP to exploits.
  • Aug 9, 2016
    apacheguy
    @green1 - Can you please post the Ethernet connector pinout? Also, where did you purchase the connector and pins?
  • Aug 9, 2016
    green1
    connector pinout is easily available with a google search "tesla ethernet pinout" (look at the image results)
    I did not purchase any special connectors, I hacked and slashed....
  • Aug 9, 2016
    green1
    Ok, goal 1 is now complete. I managed to obtain Developer Mode by sending a specific JSON formatted REST command. If you want the exact command, and how to send it, remember what I said at the start, this won't be a how-to. However, for those with the knowledge level to do this sort of thing, the information can be found by combining two sources. First you need to either sniff some network traffic yourself, or find captures already posted online. Look specifically for JSON formatted HTTP requests on the LAN, these will be generated by many forms of user input that needs to be sent from one computer to another. Now obviously the packet that tells the system to go in to developer mode isn't something you're going to see in there (unless somehow you're sniffing traffic while a service tech is working on your car which seems unlikely) However if you watch the defcon talk on hacking a Tesla you may find something interesting that can be of use (they sort of gloss over it as they didn't take this approach) Beyond that, you need the Ethernet pinout discussed in my last post, and the IP addresses of each device, which I believe were also in the defcon talk, but if not, they're in several other locations as well.

    Although I managed to figure out the general bits, I did not manage to get this working by myself completely, I did have a bit of help with JSON formatting from another member on here. I won't post his name without his permission, but I'm sure he's watching and I appreciate his help.

    So my next step (after the celebratory piece of cake that I'm enjoying right now) is to explore developer mode before deciding what to do next. Then most likely, a whole lot more research....
  • Aug 9, 2016
    msnow
    Screenshot please...
  • Aug 9, 2016
    green1
    Ye of little faith:
    Factory Mode.jpg
  • Aug 9, 2016
    supratachophobia
    Which is why infotainment (center screen), should have an official SDk, and driving dynamics (cluster screen) should still be locked down hard. I can't help but think if we actual had an SDK, how much of this rooting would be left by the wayside. To think any of us, save for a select few, have the skill to improve where an entire team of Tesla engineers have spent six years working on battery tweaks, motor tweaks, autopilot learning, etc. is arrogant to the point of potentially life threatening.
  • Aug 10, 2016
    msnow
    Excellent. What, if anything, can you do in Factory Mode?
  • Aug 10, 2016
    tomas
    I think this is the nub of the matter. Modding power profile no different from decades of chipping (along with warranty voiding as pointed out). Modifying media player no different than swapping in a new blaupunkt. Modifying UI display no different than adding an aftermarket tach.

    However, modifying AP is something new. I'm with the camp that says "bad idea". None of us have broad knowledge of design, which is difficult to learn by hack, and therefor cannot predict dependencies and unintended consequences of a tweak. Nor do we have alpha test team or track.
  • Aug 10, 2016
    scaesare
    Factory mode. Sweet.

    This is personal property. Folks should be able to di whatever they want with it.

    There's risk for people screwing it up, of course. Just as people who work on their own brakes can screw that up too.

    There's a ton of useful stuff that this may enable. I look forward to more.
    • Người đăng: vào lúc

    Không có nhận xét nào:

    Đăng nhận xét

    Đăng ký: Đăng Nhận xét (Atom)