Surebob
Well-Known Member
- First Name
- Greg
- Joined
- Mar 23, 2022
- Threads
- 2
- Messages
- 47
- Reaction score
- 53
- Location
- Los Angeles
- Car(s)
- 2021 GR Supra A90
- Thread starter
- #16
I don't think there's any community progress that anyone is willing to share unfortunately. You're asking the right question on whether ECUs have been opened though.
Leaked/pirated diagnostic/development software still seems the most likely to me, mainly because hardware hacking has a potential failure rate and I don't think we've heard of Femto breaking anything ever?
From conversations with them it sounds like they could give you a full unlock for any tuning platform, if those companies would share their code. So they've got something which can sign the full writeable area of the ECU.
The only other thing I can think is potentially they've found a way to exploit widely available software like ISTA to sign arbitrary stuff - and are reflashing the ECU with that after sticking it into their own vehicle temporarily. But if this were the case I would have expected more people to have figured it out by now. I'd also be surprised if ISTA or any other tool had the private keys - more likely there are presigned binaries for ECU updates.
Then again I've no idea what anyone's doing so maybe nobody's looked!
What does surprise me is that they haven't developed a remote service. They have their own software, so they're capable of building something that could proxy the comms from the ECU or a scantool, from a shop over to a machine on their site with whatever tooling they need to use.
you are not likely to brick anything with a little bit of voltage glitching ormaybe they found a JTAG interface? Your assumption that they have software because they can load custom bootloaders is likely correct, but as far as I know they can unlock your original DME only partially and to get a full unlock you need a clone. If they can only do that to clones then that still leaves the possibility of hardware hacking on the table, in this case they would only need to do a data dump, and rewrite to an unlockable DME, they wouldnt need write access to the locked DME, while typing all this i realize they do have "some" form of write access on the locked DME as they offer that partial unlock.
Sponsored