How do "vehicle specific" lockdown work on tuning kits?

[NeoPTLD]

These days, the parameters relevant to adjusting vehicle performance are controlled by the power train control module. The PCM contains the VIN.

Many off-the-shelf tuning kits contain a pre-programmed tuning maps for various vehicles. Once the handheld flashing device is hooked up to a vehicle, it download's the factory settings from the PCM along with the VIN, then uploads the "tune up".

The unit is then permanently locked to that VIN. Some allows restoring the backup and allow use on another vehicle.

I know that many routers have the ability to spoof MAC address so that you can use the cable modem that became locked to the computer it was originally setup with.

Is it possible to build something with spoofed VIN so the unit can be reset? How about downloading all the tuning maps?

 

[Iceking007]

Ofcouse anything CAN be done it's just 1's and 0's; how/why good luck try staying away from European cars especially BMW as their systems are generally more finikey and they like specific tools and programming that are often closely garded secrets and very expensive; my opinion is factory all the way but to each their own.

 

[AD5MB]

German cars require special DIN 1s and 0s.

 

[NeoPTLD]

Intentionally imposed limitation is a common marketing tactic. I'm not sure if people are doing it these days, but some years back, some video cards can be upgraded to higher end one by simply reflashing the firmware. The card had all the capabilities of the higher end, but it was crippled at the shipment stage for marketing reasons.

I don't believe PCM mapping is copyrightable, so if you could download all the pre tunes, there is money making potential to offer services.

 

[groberts101]

I've used tunercat in the past and now own a Jet Dynamic Spectrum tuner.

Wish I could tell you that there are known workarounds for these limitations.. but sadly there don't appear to be many software hackers for these devices and you need to buy more vin allowances to continue using these devices on additional vehicles. Some of the cheaper one's won't even let you do that though.

My DST came with 2 vin allowance's when I bought it and eventually moved to a 4 vin allowance so I felt a little gyp'd after having spent $500 on it. I can pay an additional $150 for another vin allowance anytime I choose to, but never feel the need since I keep it on the work van's anyways.

 

[Mark R]

I know that many routers have the ability to spoof MAC address so that you can use the cable modem that became locked to the computer it was originally setup with.

Is it possible to build something with spoofed VIN so the unit can be reset? How about downloading all the tuning maps?

Yes. It is likely a trivial matter to build a "middle-man" device that spoofs the VIN to the tuneup unit, but allows the new map to be uploaded. The reprogramming ports often use a fairly simple protocol, that is easily manipulated.

However, a lot depends on how the tuning device keeps a record of the vehicle (just VIN, VIN and manufacturer/model number of the ECU, etc.)

Personally, I wonder how much longer these tuning devices have got - the car manufacturers are slowly beginning to hire proper electronic security experts to assist in locking down their ECUs.

This did actually happen with printer cartridges, console memory cards. This stopped the cloners, because the security was pretty good. The security was only defeated when the cloners paid for the chips to be reverse engineered, and the schematic and security codes retrieved. (This type of reverse engineering can cost $millions).

 

[exdeath]

If it becomes uncrackable (which it wont), then people like me will just switch to plug and play after market stand alone EFI computers (FAST, BigStuff, Motec, etc).

 

[quakefiend420]

Yes. It is likely a trivial matter to build a "middle-man" device that spoofs the VIN to the tuneup unit, but allows the new map to be uploaded. The reprogramming ports often use a fairly simple protocol, that is easily manipulated.

However, a lot depends on how the tuning device keeps a record of the vehicle (just VIN, VIN and manufacturer/model number of the ECU, etc.)

Personally, I wonder how much longer these tuning devices have got - the car manufacturers are slowly beginning to hire proper electronic security experts to assist in locking down their ECUs.

This did actually happen with printer cartridges, console memory cards. This stopped the cloners, because the security was pretty good. The security was only defeated when the cloners paid for the chips to be reverse engineered, and the schematic and security codes retrieved. (This type of reverse engineering can cost $millions).

Any links that you could provide that I could use to research building some sort of interface to sniff the traffic that a device like this would likely be passing? Any thoughts on what sort of protocol would be used to communicate?

 

[Modelworks]

Any links that you could provide that I could use to research building some sort of interface to sniff the traffic that a device like this would likely be passing? Any thoughts on what sort of protocol would be used to communicate?

Cars use CAN for communications .
http://en.wikipedia.org/wiki/CAN_bus

You will need some chips that can do CAN , microchip has a bunch of their pic line that does CAN . Data on the CAN bus itself is rarely encrypted and easily monitored. You will need to attach to the CAN bus itself , not the interface ports that devices typically use to change the data.

 

[quakefiend420]

Cars use CAN for communications .
http://en.wikipedia.org/wiki/CAN_bus

You will need some chips that can do CAN , microchip has a bunch of their pic line that does CAN . Data on the CAN bus itself is rarely encrypted and easily monitored. You will need to attach to the CAN bus itself , not the interface ports that devices typically use to change the data.

Cool...this looks like it's going to be fun

 

[Modelworks]

Found this , has all the details for building a CAN reader for OBD using dspic chips.
https://sites.google.com/site/hobbydebraj/home/can-bus-based-obd-reader