NHTSA Recalls (Aug 3, 2021) - Remedy Available
Musicmovesme
Active Member
Musicmovesme
Active Member
thanks i would remove this but I don't see where I can do that. sorry for not seeing the earlier post
Ground Beef
Well-Known Member
- First Name
- Paul
- Joined
- May 20, 2021
- Threads
- 6
- Messages
- 56
- Reaction score
- 30
- Location
- Chicago, IL
- Car(s)
- 2014 Infiniti Q50S Hybrid
Go to nhtsa.gov to check your VIN. Mine falls under the recall.
puzzled
Well-Known Member
My car is going to be hibernated starting next month.. I hope she does not crash due to braking issues while parked until next May timing.
More info here on what NOT to do..
https://www.consumerreports.org/car...rs-and-suvs-for-a-braking-defect-a8624060720/
According to the automaker, under certain starting conditions the engine management software could damage the oil/vacuum pump supplying the vacuum that enables the brake assist (also called brake boost) function. Either of these conditions has an impact on the system:
More info here on what NOT to do..
https://www.consumerreports.org/car...rs-and-suvs-for-a-braking-defect-a8624060720/
According to the automaker, under certain starting conditions the engine management software could damage the oil/vacuum pump supplying the vacuum that enables the brake assist (also called brake boost) function. Either of these conditions has an impact on the system:
- Pressing the engine start/stop button two times in rapid succession.
- Depressing the brake pedal very briefly while pressing the engine start/stop button.
- Eating too much Tacohell.
AP1
Well-Known Member
This is purely encryption issue. Current code requires signature validation for any updates. If update is not signed by trusted key, it is rejected. In older ECU model there was a work around using so called boot rom mode, when you can take over boot process of ECU and inject new software code before old code starts. This boot rom mode is usually added for debug purpose or to recover from failed flash process. Bench unlock process uses that feature. It looks like in new ECU boot rom also checks signature of code before starting it. In the desktop/server computer world it is called "trusted boot". That blocks all ways to load unsigned code into ECU unless you have access to signing key that correspponds to one loaded into ECU at the factory. Even if someone hacks into running code to allow re-flashing without signatrure check, new code won't work since master key for boot rom can only be flashed once and cannot be replaced (this is another protection feature).
nibble
Well-Known Member
so in other word, if you can obtain "signing key" from Bosch (correct me if I wrong on ECU OEM), you can tune any '21 GR supra. given that individual ECU has its own "key", that's a massive effort to find one that is right key of car for manufacturer. although I'm sure they have that in their DB somewhere. I wonder how toyota dealerships will update the ECU.
given that scenario, I assume each dealership will use "special" update tool which will communicate /w toyota/bosch/bmw headquarter to obtain the "signing key" and then update ECU. otherwise, technician will log in and get that key.. either way, cracking it sounds more simple than cracking a master locks... I'm sure there are people a lot smarter than me working on this so I'm sure you are missing quite a bit of information.
also, if one can get that signing key for their ECU, they can tune it, it sounds like..
or... assuming that signing key is programmed into a ROM, if one can replace that ROM /w an open ROM/PROM like was done many years ago /w audi/vw, can be tuned like 2020.
zrk
Well-Known Member
- First Name
- Zack
- Joined
- Apr 20, 2021
- Threads
- 79
- Messages
- 8,415
- Reaction score
- 13,772
- Location
- Chicago, IL
- Car(s)
- 2021 Supra - Nocturnal Black
I use a (similar) version of this when I interview people at work (But I use HMAC signing).
The question is basically this: Generate a URL for a website that cannot be tampered with.
This is the reference solution that I give to my reports to use when they are interviewing the candidate.
Python:
import hashlib
from urllib.parse import urlparse, urlencode, parse_qsl, unquote
SECRET = "s3kr3t!"
# Generation:
url_to_sign = "https://example.com/[email protected]&auth_level=4"
def generate_signature(url):
hasher = hashlib.new('sha256')
hasher.update(SECRET.encode() + url.encode())
return hasher.hexdigest()
def sign_url(url):
return url + "&sig=" + generate_signature(url)
# Verification
def verify_signature(signed_url):
# parse the url
parsed = urlparse(signed_url)
params = dict(parse_qsl(parsed.query))
# get the signature
sig = params.pop('sig')
# generate a signature from provided url (remove signature)
param_str = unquote(urlencode(params))
_url = parsed.scheme + "://" + parsed.netloc + parsed.path + "?" + param_str
# verify against generate_signature
return generate_signature(_url) == sigKeep in mind, this algo is HMAC, not encryption, so it's slightly different. But the idea is that a URL that looks like https://example.com/authenticate?user_id=76267&signature=AbC1@3 requires knowledge of that secret in the code sample. If you don't know it, then you can't generate that signature, it also depends on the rest of the payload (in this case user_id=76267). This allows public information to be "signed." The signature field will be different for any user_id and is a function of string "user_id", the actual id (76267) and the secret. This means the secret changes for any given user_id.
In the ECU world the payload might be "a fuck ton of tuning parameters", a secret, and the VIN. Each combination generates a unique secret that needs to be passed along with the payload to match the signature that is generated the second time through the system, then verified.
I'm tired, and this is a terrible explanation, but if you can suffer through the code (it's not my fault python's standard library sucks for URI params), you can understand the gist.
Or ask me questions and I'll try to expand on it.
To directly answer your question, sorta. You need the signing key, and the algorithm to use with the signing key to generate the correct signature on each pass. OR you need a way around this whole mess since the former is likely impossible.
AP1
Well-Known Member
Key for new update is likely a part of code that is flashed. This is not a signing key, but verification key. They always come in pairs. Boot rom key is another layer of protection - code which was found in memory (if you find a way to install it somehow, like re-soldering memory chip on the circuit board) cannot run unless verified with anoher key. That one is programmed only once when ECU is manufactured. It can be done by OEM or added after initial flash. This key once loaded, cannot be updated at all. It is usually stored in processor chip itself, not in external memory chip. Thus you must have corresponding signing key from manufacturer of ECU. For some reason manufacturers like this stacked protection and add it even into devices in under $100 category, even when processor chip with that protection feature costs a dollar or two more (big deal at high volumes) than one without.
Grendel-13
Well-Known Member
I think the third condition may damage more than the brake assist.
OP
OP
gcmak
Well-Known Member
- Joined
- Mar 6, 2021
- Threads
- 13
- Messages
- 238
- Reaction score
- 259
- Location
- San Francisco
- Car(s)
- 2021 Supra
- Thread starter
- #103
With all the banter, I wanted to confirm with you that there's no actual fix available yet? I'm unlikely to cause this problem to happen, but when a risk is identified, I'd like to eliminate it.
Thanks!
zrk
Well-Known Member
- First Name
- Zack
- Joined
- Apr 20, 2021
- Threads
- 79
- Messages
- 8,415
- Reaction score
- 13,772
- Location
- Chicago, IL
- Car(s)
- 2021 Supra - Nocturnal Black
Correct. You should be notified in October, but keep checking the NHTSA website w/ your VIN.
Similar threads
- Sticky
- ryanwgregg
- 2025+ 4Runner Forum Topics -- via 4Runner6G
