A91 & Recent 2021 Impossible to Tune / ECU manufactured after 2020/6 is locked? [WARNING: NO POLITICS]

Loco38SUP · May 26, 2021

Oh snap, its like the movie Hackers up in here. ?

All good discussions fellas.

-RJM

Raidernation · May 26, 2021

So in short we need someone from Bosch to leak the code, infect the Bosch corporation with a virus that forces them to provide the keys or hope someone stumbles into the pa$$word? Until then the ecus are locked? Sorry guys I can only speak English and that’s a struggle at times.

zrk · May 26, 2021

Raidernation said:
So in short we need someone from Bosch to leak the code, infect the Bosch corporation with a virus that forces them to provide the keys or hope someone stumbles into the pa$$word? Until then the ecus are locked? Sorry guys I can only speak English and that’s a struggle at times.

it wouldn’t hurt, but there are other ways. Access to the source, de-compilation, brute force (1000s of time left easier than mining a Bitcoin, for example, which is nearly the same process).

Raidernation · May 26, 2021

zrk said:
it wouldn’t hurt, but there are other ways. Access to the source, de-compilation, brute force (1000s of time left easier than mining a Bitcoin, for example, which is nearly the same process).

Class action lawsuit sounds easier.

XtremeMaC · May 26, 2021

How about the hardware crack approach like they did on Playstations years ago.
We physically have access to the pcb. Swap some stuff out. I'm sure Bosch already thought of similar things but maybe ?
it'll be illegal for someone to sell their services to apply the hack but information can be shared. Darn security engineers.

dethred · May 26, 2021

Instead of trying to break the encryption, would it be easier to overwrite the eprom chips with the unencrypted 2020 code and then the only issue would be the immobilizer, right? I would imagine finding a workaround for that would be easier than breaking encrypted code. Obviously some tweaks to the calibration between the two motors would be necessary.

zrk · May 27, 2021

XtremeMaC said:
How about the hardware crack approach like they did on Playstations years ago.
We physically have access to the pcb. Swap some stuff out. I'm sure Bosch already thought of similar things but maybe ?
it'll be illegal for someone to sell their services to apply the hack but information can be shared. Darn security engineers.

dethred said:
Instead of trying to break the encryption, would it be easier to overwrite the eprom chips with the unencrypted 2020 code and then the only issue would be the immobilizer, right? I would imagine finding a workaround for that would be easier than breaking encrypted code. Obviously some tweaks to the calibration between the two motors would be necessary.

These are similar thoughts, and something I'd love to explore. You'd need access to a few ECUs some locked, some unlocked, and no worry of damaging anything ($$$). I'd love to give this a shot,, but I don't have access to any unlocked ECUs. I'm pretty good with soldering small components, but I just don't have the time or resources for this. Someone does, and it would be a great solution.

Lendo · May 27, 2021

Raidernation said:
Class action lawsuit sounds easier.

Have you contacted the ACLU yet?

XtremeMaC · May 27, 2021

Need to add this to RPM act or start a petition

max · May 27, 2021

zrk said:
So - yes, like HD-DVD key or the Windows XP serial key, we need a leak or someone who's really good at the oscilloscope and reverse-engineering the EPROMs (which is possible).

Sorry for watering this down so much, but dem's the basics.

Edit: Not to say you did a bad job explaining @max, but you're playing a bit of telephone with the concepts. I also did a terrible job explaining, but it's hard for sure. And to your friends point, he's talking about brute forcing every possible combination, 128 bits long of all the entire ASCII charset.

Yeah, good luck with the brute force..........anyway,

Hey, I am a network admin by "trade" so my explanation is nowhere near as "technically proficient" as yours.....My level of encryption knowledge applies to switches and routers on our network so I concede to you as an engineer. :headbang:

I was just attempting to give a basic idea as to what tuners are up against with regards to trying to unlock these ECU's. As a fellow Supra owner, if getting the ECU unlocked will put smiles on a lot of folk's faces, then I am all for it.....me personally, am leaving mine stock as it is a BAD-ASS vehicle as is......I just wish the D@MN "scatpacks" would stop pulling up on my bumper when trying to enjoy my Supra!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.....it's only got 200 miles on the clock and want it broken in properly....

Thanks fellow techie.....

max · May 27, 2021

Loco38SUP said:
Oh snap, its like the movie Hackers up in here. ?

LUV THE QUOTE MAN!!!!!!!

@zrk , also nocturnal.......know this will get met with resistance but with the stock wheels, I think this is the best color. it makes the wheels "pop"......

zrk · May 27, 2021

max said:
LUV THE QUOTE MAN!!!!!!!

@zrk , also nocturnal.......know this will get met with resistance but with the stock wheels, I think this is the best color. it makes the wheels "pop"......

Really? I'm planning on powder coating them in a satin black, but there is a certain je ne sais quoi about the chrome poppin.

max · May 27, 2021

zrk said:
Really? I'm planning on powder coating them in a satin black, but there is a certain je ne sais quoi about the chrome poppin.

Exactly...

underdonk · May 29, 2021

zrk said:
Sorry for watering this down so much, but dem's the basics.

IMO as someone in the field:

For applications of technology like this, it's never about breaking the encryption (which should be mathematically sound as long as standards-based algorithms are used), but rather either someone's implementation of it (library that handles the encryption) or an operations-related issue (weak key), or the boot process of the device itself (usually to point to a different version of the code that runs on it). I wouldn't hold my breath for a leak of the key, class action lawsuits, etc. Best chance is someone finding a vulnerability in the bootstrap and exploiting it to recover the cleartext key or to point it to a different image of the operating system with its own programming. This just takes time - it's a complex process and there likely aren't a lot of people working on it, compared to say "jail breaking" the newest phone from Apple.

XtremeMaC · May 29, 2021

somewhat related or not, I'm looking for a new job and damn all automotive companies are looking for all sorts of infrastructure and product Cybersecurity experts and all sorts of software dev for whatever you can think of, infotainment, electrification, validation of these, controls, etc. etc.. Basically revamping whole IT, mobility, etc... If you possess these just apply and make big bucks. They're remote as well. Have 2-3 of these jobs, who cares. In the midst of my computer science education I switched to mechanical to go for automotive and damn was that a mistake. My Matlab, VBA, Dot.Net (VB, Ado, etc.), SQL, mostly forgotten C++ experience is getting me nowhere near these.

So, in other words, world has gone crazy with security, so, the vulnerabilities you speak of, may be hard to find and exploit.. and yeah scarcity of people working to exploit them... have better paying things to do..

A91 & Recent 2021 Impossible to Tune / ECU manufactured after 2020/6 is locked? [WARNING: NO POLITICS]

Loco38SUP

Well-Known Member

Raidernation

Well-Known Member

zrk

Well-Known Member

Raidernation

Well-Known Member

XtremeMaC

Well-Known Member

dethred

Well-Known Member

zrk

Well-Known Member

Lendo

Well-Known Member

XtremeMaC

Well-Known Member

max

Banned

max

Banned

zrk

Well-Known Member

max

Banned

underdonk

Well-Known Member

XtremeMaC

Well-Known Member

Similar threads