A91 & Recent 2021 Impossible to Tune / ECU manufactured after 2020/6 is locked? [WARNING: NO POLITICS]

delita1 · May 25, 2021

Can't believe we're still waiting on the unlock. Especially with all the new M3's and M4's out there now unlockable as well. So ready to rip this piece of shit JB4 out and never look back.

Sparklingsupra · May 25, 2021

delita1 said:
Can't believe we're still waiting on the unlock. Especially with all the new M3's and M4's out there now unlockable as well. So ready to rip this piece of shit JB4 out and never look back.

For real I can’t believe this either looks like nobody is even trying to unlock the Supra ecu

Loco38SUP · May 25, 2021

delita1 said:
Can't believe we're still waiting on the unlock. Especially with all the new M3's and M4's out there now unlockable as well. So ready to rip this piece of shit JB4 out and never look back.

I thought all new released vehicles had the Bosch hardware lock. Did BMW revert back to a less encrypted ECU?

-RJM

Tsar · May 25, 2021

Loco38SUP said:
I thought all new released vehicles had the Bosch hardware lock. Did BMW revert back to a less encrypted ECU?

-RJM

Yea, I thought the same. Would be very odd if they did that.

Supbrah · May 25, 2021

delita1 said:
Can't believe we're still waiting on the unlock. Especially with all the new M3's and M4's out there now unlockable as well. So ready to rip this piece of shit JB4 out and never look back.

Last time I checked the BMW ECUs we’re still locked. There’s some click-bait out there that says the cars are tuned but they’re using JB4.

B58ftw · May 25, 2021

delita1 said:
Can't believe we're still waiting on the unlock. Especially with all the new M3's and M4's out there now unlockable as well. So ready to rip this piece of shit JB4 out and never look back.

Are you having problems with jb4 right now? Would you mind telling what they are? Because I’m thinking of getting it on my 21.

SUPRA90 · May 25, 2021

Any shops have luck with a standalone system like FAST/MOTEC?

Andrew4Supra · May 25, 2021

slobra300 said:
I have a 2021 and just did the JB+ and while its obviously not going to be anywhere near as good as a real tune or even JB4, I can tell you 100% for $200 it is a tremendous value. Definitely wakes up the car.

~ Now $239.

Andrew4Supra · May 25, 2021

Andrew4Supra said:
~ JB Plus is Now $239.

~ Wow ... Dave at Burger Tuning was very kind and adjusted the purchase price back to $199 for me with an immediate $40 credit after purchase. Prior glitches have been remedied.

That’s customer service and shipped the same day!!! Impressive! ???

delita1 · May 25, 2021

B58ftw said:
Are you having problems with jb4 right now? Would you mind telling what they are? Because I’m thinking of getting it on my 21.

I get a random CEL about once or twice a week, I clear it, and it's fine. I notice some weird down shifting jerkiness from 2nd to 1st. Overall yes the car still performs better than stock, but to me a JB4 is just a band-aid solution and we could be seeing much more impressive numbers with a real tune, not to mention I bought my car with the intention of putting a larger turbo in and other mods that can't be supported without a custom tune.

B58ftw · May 26, 2021

delita1 said:
I get a random CEL about once or twice a week, I clear it, and it's fine. I notice some weird down shifting jerkiness from 2nd to 1st. Overall yes the car still performs better than stock, but to me a JB4 is just a band-aid solution and we could be seeing much more impressive numbers with a real tune, not to mention I bought my car with the intention of putting a larger turbo in and other mods that can't be supported without a custom tune.

Thank you. I think I will enjoy the car stock for a while and make sure I don’t have any oil issues before modding it. It’s still pretty quick.

Mimosa · May 26, 2021

I'm slowly building my car from the suspensions to the drivetrain then finally to the engine/turbo. Hopefully by the time I reach the engine, there is something available. But if comes down to it, then I'm hoping Motec's solution is ready to go... But damn they are expensive.

B58ftw said:
Thank you. I think I will enjoy the car stock for a while and make sure I don’t have any oil issues before modding it. It’s still pretty quick.

That is the smartest thing to do.

max · May 26, 2021

Had a discussion about this with another IT colleague (works more on our security side) and although he did say that something could be "randomly" discovered, the likely hood of that happening without some type of "leak" from Bosch is HIGHLY unlikely. The level of encryption on that module is a minimum of 128 bit and would also require a "hash" (basically authentication code)from the ECU to enable access to the firmware.

We use something similar on our encrypted hard drives (laptops) and if an incorrect hash is used, the disk will effectively "brick" and all data will be basically lost. This method is used on higher level VPN's as well as VPN authentication tokens. Moral of the story is unless those details got leaked from Bosch.......you will keep waiting......the lack of effort from most tuners is not that they don't want to make money providing a tuning solution for the Supra, it's just that they know they are currently meeting their match.....not trying to be "debbie downer" here just hate seeing so many "hopefuls" on the forum......

max · May 26, 2021

....continued.... the gas pipeline incident that just happened recently is another example of this level of encryption. In this case, the "hackers" got into the network (probably using someone's console who had a password of "pa$$word".}...and used a similar process to encrypt the data at the refinery. I believe they finally paid the "ransom" (thus, ransom attack) and was sent the "hash" to de-crypt the data.....

The Supra's ECU doesn't have a "console" per-se with a password of 'pa$$word".....this happens MORE than you think.....

zrk · May 26, 2021

max said:
Had a discussion about this with another IT colleague (works more on our security side) and although he did say that something could be "randomly" discovered, the likely hood of that happening without some type of "leak" from Bosch is HIGHLY unlikely. The level of encryption on that module is a minimum of 128 bit and would also require a "hash" (basically authentication code)from the ECU to enable access to the firmware.

We use something similar on our encrypted hard drives (laptops) and if an incorrect hash is used, the disk will effectively "brick" and all data will be basically lost. This method is used on higher level VPN's as well as VPN authentication tokens. Moral of the story is unless those details got leaked from Bosch.......you will keep waiting......the lack of effort from most tuners is not that they don't want to make money providing a tuning solution for the Supra, it's just that they know they are currently meeting their match.....not trying to be "debbie downer" here just hate seeing so many "hopefuls" on the forum......

This is sort of right, but not exactly right. I'm a software engineer, I have been for 20 years. Hashing sort of works like this:

Given the expression `hashed = hash(value)`, you get a deterministic, but non-reversible value for `hashed`. A shitty hash algorithm (like md5) would produce the following:

The interesting thing there is that the md5 hash of `zrk` will _always_ be the same. Always. It will always be `4aw791....`. But, the interesting bit is that you can't go backward from a hash to get `zrk`. That's why hashes are considered one-way encryption (also note that MD5 is a 128-bit hash algo, but it's broken). The number of bits isn't as important as one might think, so saying it's a 128 bit or 256 bit hash isn't interesting unless the algorithm itself isn't broken.

Now - I'm going to simplify a LOT because ECUs run with an extremely limited amount of space, but what needs to happened (again, simplified) is that we have to figure out what the key that is hashed root value is. Because, most likely (as with other firmware - non-car that'd I'm intimately familiar with) -that key- is used to checksum the methods available of the ECU's CPU to validate permissions.

This is going to be similar to how Password Validation is done on websites, you never actually store a password, you store a one-way hash of it. If your password got leaked somewhere, a broken hash was used, blah blah blah.

ANYWAY, what's needed is the value of whatever that hash refers to, as some form of HMAC signing is probably used to validate all requests to reprogram the EPROMS on the CPU. This script is an interview question that I use occasionally when I'm interviewing candidates. (This verifies URL correctness/verifying email addresses, but the same HMAC signature concept can be used to lock ECUs.)

The "hash" we need is basically what's hard-coded in that script to `SECRET` constant, but we also need to be able to generate new ones as well.

So - yes, like HD-DVD key or the Windows XP serial key, we need a leak or someone who's really good at the oscilloscope and reverse-engineering the EPROMs (which is possible).

Sorry for watering this down so much, but dem's the basics.

Edit: Not to say you did a bad job explaining @max, but you're playing a bit of telephone with the concepts. I also did a terrible job explaining, but it's hard for sure. And to your friends point, he's talking about brute forcing every possible combination, 128 bits long of all the entire ASCII charset.

A91 & Recent 2021 Impossible to Tune / ECU manufactured after 2020/6 is locked? [WARNING: NO POLITICS]

delita1

Well-Known Member

Sparklingsupra

Member

Loco38SUP

Well-Known Member

Tsar

Well-Known Member

Supbrah

Well-Known Member

B58ftw

Member

SUPRA90

Well-Known Member

Andrew4Supra

Well-Known Member

Andrew4Supra

Well-Known Member

delita1

Well-Known Member

B58ftw

Member

Mimosa

Well-Known Member

max

Banned

max

Banned

zrk

Well-Known Member

Similar threads