|
|
 |
03-24-2012, 01:20 AM
|
#1
|
|
Platinum Member
Join Date: Nov 2001
Posts: 2,481
|
How do "vehicle specific" lockdown work on tuning kits?
These days, the parameters relevant to adjusting vehicle performance are controlled by the power train control module. The PCM contains the VIN.
Many off-the-shelf tuning kits contain a pre-programmed tuning maps for various vehicles. Once the handheld flashing device is hooked up to a vehicle, it download's the factory settings from the PCM along with the VIN, then uploads the "tune up".
The unit is then permanently locked to that VIN. Some allows restoring the backup and allow use on another vehicle.
I know that many routers have the ability to spoof MAC address so that you can use the cable modem that became locked to the computer it was originally setup with.
Is it possible to build something with spoofed VIN so the unit can be reset? How about downloading all the tuning maps?
|
|
|
|
03-24-2012, 02:41 AM
|
#2
|
|
Junior Member
Join Date: Mar 2012
Posts: 13
|
Ofcouse anything CAN be done it's just 1's and 0's; how/why good luck try staying away from European cars especially BMW as their systems are generally more finikey and they like specific tools and programming that are often closely garded secrets and very expensive; my opinion is factory all the way but to each their own.
Last edited by Iceking007; 03-24-2012 at 02:41 AM.
Reason: typo
|
|
|
|
|
03-24-2012, 11:53 AM
|
#3
|
|
Member
Join Date: Nov 2011
Posts: 55
|
German cars require special DIN 1s and 0s.
|
|
|
|
|
03-24-2012, 03:52 PM
|
#4
|
|
Platinum Member
Join Date: Nov 2001
Posts: 2,481
|
Intentionally imposed limitation is a common marketing tactic. I'm not sure if people are doing it these days, but some years back, some video cards can be upgraded to higher end one by simply reflashing the firmware. The card had all the capabilities of the higher end, but it was crippled at the shipment stage for marketing reasons.
I don't believe PCM mapping is copyrightable, so if you could download all the pre tunes, there is money making potential to offer services.
|
|
|
|
|
03-25-2012, 12:13 PM
|
#5
|
|
Golden Member
Join Date: Mar 2011
Posts: 1,390
|
I've used tunercat in the past and now own a Jet Dynamic Spectrum tuner.
Wish I could tell you that there are known workarounds for these limitations.. but sadly there don't appear to be many software hackers for these devices and you need to buy more vin allowances to continue using these devices on additional vehicles. Some of the cheaper one's won't even let you do that though.
My DST came with 2 vin allowance's when I bought it and eventually moved to a 4 vin allowance so I felt a little gyp'd after having spent $500 on it. I can pay an additional $150 for another vin allowance anytime I choose to, but never feel the need since I keep it on the work van's anyways.
|
|
|
|
|
03-28-2012, 03:26 PM
|
#6
|
|
Diamond Member
Join Date: Oct 1999
Posts: 7,594
|
Quote:
Originally Posted by NeoPTLD
I know that many routers have the ability to spoof MAC address so that you can use the cable modem that became locked to the computer it was originally setup with.
Is it possible to build something with spoofed VIN so the unit can be reset? How about downloading all the tuning maps?
|
Yes. It is likely a trivial matter to build a "middle-man" device that spoofs the VIN to the tuneup unit, but allows the new map to be uploaded. The reprogramming ports often use a fairly simple protocol, that is easily manipulated.
However, a lot depends on how the tuning device keeps a record of the vehicle (just VIN, VIN and manufacturer/model number of the ECU, etc.)
Personally, I wonder how much longer these tuning devices have got - the car manufacturers are slowly beginning to hire proper electronic security experts to assist in locking down their ECUs.
This did actually happen with printer cartridges, console memory cards. This stopped the cloners, because the security was pretty good. The security was only defeated when the cloners paid for the chips to be reverse engineered, and the schematic and security codes retrieved. (This type of reverse engineering can cost $millions).
|
|
|
|
|
03-28-2012, 05:22 PM
|
#7
|
|
Lifer
Join Date: Jan 2004
Posts: 10,714
|
If it becomes uncrackable (which it wont), then people like me will just switch to plug and play after market stand alone EFI computers (FAST, BigStuff, Motec, etc).
|
|
|
|
|
04-10-2012, 11:49 PM
|
#8
|
|
Lifer
Join Date: Aug 2004
Posts: 14,617
|
Quote:
Originally Posted by Mark R
Yes. It is likely a trivial matter to build a "middle-man" device that spoofs the VIN to the tuneup unit, but allows the new map to be uploaded. The reprogramming ports often use a fairly simple protocol, that is easily manipulated.
However, a lot depends on how the tuning device keeps a record of the vehicle (just VIN, VIN and manufacturer/model number of the ECU, etc.)
Personally, I wonder how much longer these tuning devices have got - the car manufacturers are slowly beginning to hire proper electronic security experts to assist in locking down their ECUs.
This did actually happen with printer cartridges, console memory cards. This stopped the cloners, because the security was pretty good. The security was only defeated when the cloners paid for the chips to be reverse engineered, and the schematic and security codes retrieved. (This type of reverse engineering can cost $millions).
|
Any links that you could provide that I could use to research building some sort of interface to sniff the traffic that a device like this would likely be passing? Any thoughts on what sort of protocol would be used to communicate?
__________________
On a long enough timeline, the survival rate for everyone drops to zero...
Official Member of the ATOT Night Crew | Heat
Please smoke elsewhere for a month.
AnandTech Moderator
|
|
|
|
|
04-11-2012, 06:22 AM
|
#9
|
|
Lifer
Join Date: Feb 2007
Location: North Carolina
Posts: 16,237
|
Quote:
Originally Posted by quakefiend420
Any links that you could provide that I could use to research building some sort of interface to sniff the traffic that a device like this would likely be passing? Any thoughts on what sort of protocol would be used to communicate?
|
Cars use CAN for communications .
http://en.wikipedia.org/wiki/CAN_bus
You will need some chips that can do CAN , microchip has a bunch of their pic line that does CAN . Data on the CAN bus itself is rarely encrypted and easily monitored. You will need to attach to the CAN bus itself , not the interface ports that devices typically use to change the data.
|
|
|
|
|
04-12-2012, 11:47 PM
|
#10
|
|
Lifer
Join Date: Aug 2004
Posts: 14,617
|
Quote:
Originally Posted by Modelworks
Cars use CAN for communications .
http://en.wikipedia.org/wiki/CAN_bus
You will need some chips that can do CAN , microchip has a bunch of their pic line that does CAN . Data on the CAN bus itself is rarely encrypted and easily monitored. You will need to attach to the CAN bus itself , not the interface ports that devices typically use to change the data. |
Cool...this looks like it's going to be fun 
__________________
On a long enough timeline, the survival rate for everyone drops to zero...
Official Member of the ATOT Night Crew | Heat
Please smoke elsewhere for a month.
AnandTech Moderator
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 08:03 PM.
|
