http://www.duramaxforum.com/forum/2017-l5p-duramax-powertrain/933186-l5p-after-will-never-tuned-period.html

Hope this is not true !!!!!

L5P and after will never be tuned. Period.
Folks this is my first post, so I thought I would come in with a bang. Lol.

Background: I drove Ford trucks from High School in the mid 80's to a new 2011 F-350. Never owned a GM truck in my life. Had all the problems with the Navistar 6.0's and 6.4's then three radiators and 2 blown turbos on the 2011 6.7, done with FoMoCo......which resulted in a 2013 Ram 3500 and then a 2015 Ram 3500 in my driveway. Sold the 2015 Ram 3500 this spring and went the summer without a truck, mainly because I didn't want another Ram of the same generation as my previous two, and, the new 2017 Superduty's are RIDICULOUSLY priced with minimal discounts.....nice trucks though.

So I'm driving by the local Chevy dealer last week, and sitting out front is a 2017 Regular Cab/LB loaded LTZ Duramax. Took it for a test drive and LOVED IT. Power for days, quiet, and it's been 25 years since I owned a regular cab truck.....a real man's truck as my Pop's always said. $58K MSRP, year-end clearance marked at $49K and I got them down to $45K....$13K off MSRP is not a bad deal + it fit's in my garage on the house instead of all the way out in the shop.

So Friday I had it at the dealer to get the TSB 17-NA-171 ECM/TCM updates done, and while I'm waiting I run into the dealership IT manager who I know quite well since my company has provided IT support services for them off and on for years. Big dealership, multiple locations all over the state, so he oversees a lot. Being a 25-year veteran IT Engineer/Manager myself, we got into a detailed discussion on the back-end architecture/process of how the new Duramax ECM/TCM is programmed and updated. WOW.

GM's Phase-1 overall process involves multi-factor authentication involving dealer employees/credentials and a Diffie-Hellman 2048 bit key exchange using a SHA-256 hash digest that is unique for each VIN ECM/TCM. The implementation is well thought out and done correctly, and put quite simply, there is no attack surface to exploit. GM's implementation of software key management coupled with unique features in hardware allow them to change any of this dynamically from model year to model year, or even production job to production job. The main concept to keep in mind is this is not a STATIC security implementation restricted by hardware limits where once cracked, always cracked (essential in developing an aftermarket solution). In the unlikely event of an exploit, GM can dynamically alter their system, and via On-Star (which uses the same system) issue OTA updates (whether you have an active subscription or not) or send update notices in the mail. Remember, this is simply a key exchange update process, something that every Wi-Fi hot spot does routinely.

Based on years of personal experience, IMHO the aftermarket will not be tuning or modifying these trucks ever.

Diffie-Hellman 2048/SHA-256 if implemented correctly as done by GM, is un-crackable......even by the NSA. Current estimates to crack Diffie-Hellman 1024 is 35,000,000 core years.....ie it would take 35 million cpu cores 1 year to crack a single key exchange.....and the key exchange is unique for each VIN#. Diffie-Hellman 2048bit???......forget about it, not going to happen.

Furthermore, I mentioned Phase-1 above....which on the L5P does not encrypt the actual software on the ECM/TCM. Phase-2 roll-out in the next gen trucks (as well as Corvette and other vehicles) is full encryption of the key exchange and module software.

From what I was told, Ford and Fiat/Chrysler are not far behind.

I've had several trucks tuned over the years, and I hate the emissions crap on these new trucks as much as anyone, but, I'm afraid we are nearing the end of an era.

At least they gave us 450HP and 900+ ft-lbs of torque stock......there are worse things!!

Ahh, isn't this what I've been saying since this truck came out but now people are willing to accept it because someone else has posted it? I told you all that SHA-256 is uncrackable and L5P was a done deal and this is why we've wasted no R&D time on trying to do it.

https://forum.efilive.com/showthread.php?27554-2017-Duramax&p=238145&viewfull=1#post238145

Full encryption comes when they do over the air updates (via WiFi like Tesla), that is when it needs to be totally secure which it will be.
Sad to say, but....
https://www.youtube.com/watch?v=6owI1uSsd40

Ahh, isn't this what I've been saying since this truck came out but now people are willing to accept it because someone else has posted it? I told you all that SHA-256 is uncrackable and L5P was a done deal and this is why we've wasted no R&D time on trying to do it.

https://forum.efilive.com/showthread.php?27554-2017-Duramax&p=238145&viewfull=1#post238145

Full encryption comes when they do over the air updates (via WiFi like Tesla), that is when it needs to be totally secure which it will be.
Sad to say, but....
https://www.youtube.com/watch?v=6owI1uSsd40

I never doubted what you said..........that small glimmer of hope is now extinguished.

Yeah it is sad isn't it that the tuning industry is slowly turning in to the typewriter industry, but I guess this is what happens when silly things like automated vehicles need to happen (apparently), it's just a step towards that.
Still, it will make the LML a winner on the used truck market.

Box foolers might be the only option but it depends how tight GM have their monitoring on such things (I'm guessing they are pretty smart on the current gen ECM's).

Ahh, isn't this what I've been saying since this truck came out but now people are willing to accept it because someone else has posted it? I told you all that SHA-256 is uncrackable and L5P was a done deal and this is why we've wasted no R&D time on trying to do it.


It's not worth a deeper look? After all, the other guys figured out T87As without cracking the case...

It's not worth a deeper look?
No, will will not be investing any more time into this. Our efforts are being focused elsewhere.


After all, the other guys figured out T87As without cracking the case...
The other guys should go in to bitcoin exploits if they can reverse engineer signing keys that strong, you can make millions in a few minutes if you can do that, makes you wonder hey :sly:

The other guys should go in to bitcoin exploits if they can reverse engineer signing keys that strong, you can make millions in a few minutes if you can do that, makes you wonder hey :sly:

Yes, then again, makes you wonder why they are able to with T87A, but not the E41... And bitcoins, as you say... It would seem all are the same problem on the surface...

They must know someone or a backdoor (I don't think they could crack the encryption).

They must know someone or a backdoor (I don't think they could crack the encryption).
True you will need to know someone. And that someone will need to cover their trail up. So someone could release tuning for them. GM could change the key tomorrow and you would be right back where you started or worse.... It's a risk vs reward thing....

This new segment signing technology they are using was patented (in 2014 if I recall?). Just Google "gm global technology operations llc" and you'll find your way to an index of their patents.

One thing that is interesting is this patent explicitly describes the ability to allow third parties to generate properly signed images without revealing the "root key". Their signature mechanism actually uses two keys, the per-segment signature block contains a header, the SHA256 hash, then a public RSA key. After that comes the signature block generated using the "root key", then the signature block using the first public key.

What this means is GM could give an external party a full RSA key, signed with their root key, and the external party could generate valid signatures. Or the external party could provide their own public key to GM, and they could keep the private part, well, private, meaning that GM could not sign images using the third party's key. It also means they can irrefutably identify the source of any calibration by examining the signature block used during flash.

In any event, they've clearly thought about the scenario where external parties could be enabled to generate signed images. The big question is whether they will, and if they do, under what constraints? And at what cost? Someone in thread posted by the OP commented that this is about GM's wanting to get control over who is allowed to modify GM's ECUs in the same way Apple has control over who gets to write apps that are used on their iOS devices, I think that's a good analogy.

So, perhaps aftermarket tuning will continue forward after all, but the premise under which it is done could be vastly different than it is today.

This new segment signing technology they are using was patented (in 2014 if I recall?). Just Google "gm global technology operations llc" and you'll find your way to an index of their patents.

One thing that is interesting is this patent explicitly describes the ability to allow third parties to generate properly signed images without revealing the "root key". Their signature mechanism actually uses two keys, the per-segment signature block contains a header, the SHA256 hash, then a public RSA key. After that comes the signature block generated using the "root key", then the signature block using the first public key.

What this means is GM could give an external party a full RSA key, signed with their root key, and the external party could generate valid signatures. Or the external party could provide their own public key to GM, and they could keep the private part, well, private, meaning that GM could not sign images using the third party's key. It also means they can irrefutably identify the source of any calibration by examining the signature block used during flash.

In any event, they've clearly thought about the scenario where external parties could be enabled to generate signed images. The big question is whether they will, and if they do, under what constraints? And at what cost? Someone in thread posted by the OP commented that this is about GM's wanting to get control over who is allowed to modify GM's ECUs in the same way Apple has control over who gets to write apps that are used on their iOS devices, I think that's a good analogy.

So, perhaps aftermarket tuning will continue forward after all, but the premise under which it is done could be vastly different than it is today.

I Do not think GM is going to allow the aftermarket tuning community any way going forward to defeat anything in the ecm for on-road usage.

I also know the Big Car Makers have been trying for a long time to force everyone to a dealer for all parts. diagnosis and repair, as it supports the dealers and their overpriced parts and labor if the funnel everyone thru that expensive door with no other choice but to use the dealer.

I know Porsche makes dealer pay $18K or so a year just to access PORSCHE Databases for vehicle diagnosis and even a simple service reminder reset often times requires an expensive trip to the dealer.

Its all about squeezing everyone for every last dime and making it impossible to go anywhere or do anything unless you go the dealer and pay thru the nose.

I wish they would do that private key signing, I bet it would cost $$$$$$$ MILLIONS $$$$$$$

I could see not allowing access while under factory warranty, but after the warranty expires, there is no further need to protect the company's assets under the warranty. In fact I would think it would be found to be illegal, if challenged in court, to do so. Forcing the public to use the dealerships isn't that like unfair trade practice? Or one could not buy the newer products. Wife and I are going to do a restromod and pick the things we want.

Who has the money to sue GM or FORD or PORSCHE, maybe the Federal Government, but beyond some deep pocketed individual or company its going to be a battle if they all go that route

I Do not think GM is going to allow the aftermarket tuning community any way going forward to defeat anything in the ecm for on-road usage.


Yes, that's certainly "under what terms" that would apply. However, one could certainly see a scenario where they allow companies to develop calibrations to support their products that meet emissions standards, prevent potential warranty abuse and meet other criteria that GM can design themselves. At the end of the day, it seems they're just sick of having no control over what happens with their ECUs. Maybe part of this is related to the erosion of their power with the DMCA exemption ruling, who knows.

It is hard to fathom that they will offer no solution whatsoever for these companies building quality products and are actually trying to meet emission standards, but maybe that's exactly what's going to happen.

I could see not allowing access while under factory warranty, but after the warranty expires, there is no further need to protect the company's assets under the warranty. In fact I would think it would be found to be illegal, if challenged in court, to do so. Forcing the public to use the dealerships isn't that like unfair trade practice? Or one could not buy the newer products. Wife and I are going to do a restromod and pick the things we want.

There were some very interesting articles floating around a couple years back when the whole automotive ECU DMCA exemption thing was being considered. Articles against it were saying that John Deere and GM are taking the view that when you buy JD equipment or a GM vehicle, you were, in effect, leasing the right to use the vehicle as opposed to actually purchasing it, as all the intellectual property, including ECU code belongs to JD or GM. This isn't so different than how software licenses work, but it's scary to think of in the context of a vehicle you spent 10s or 100s of thousands of dollars on.

Here's the link to GM's patent on all this stuff if anybody is interested...

http://www.patentsencyclopedia.com/app/20160140056

At some point it will sink in to the wider audience that GM implemented this as good as could be done, there is no gap, there is no back door, they have some very smart people working in this department.
People out there saying 'yeah but everyone said that about the LML', well that may have been true initially based on similar Bosch hardware from Europe but there is two key differences here.

1 - The LML being based on Bosch EDC17 architecture means worst case it can still be accessed via the CPU JTAG ports (can't be done on E41).
2 - For some reason GM decided not to switch on the digital signature verifications on the LML ECM, they are there, they just aren't active on the cals (they are active and much stronger on E41).

Whilst their new system might allow them to give approved tuners the ability to create valid signatures it doesn't mean they have to do it and if they do at what cost and under what constraints / agreements?
I could see some instances where GM might be willing to work with certain companies for aftermarket tunes and have them approved and signed. But I can't see how that could ever work for software like EFILive where we have no control over what end users create, how could such a scenario get approval from GM to incorporate in to our software where every users can sign calibrations.

The rate electric vehicles are progressing now that all the big OEM's are deep in to development in 10 years it'll be a very different world anyway. I'm kind of surprised this hasn't happened earlier TBH. :ermm:

At some point it will sink in to the wider audience that GM implemented this as good as could be done, there is no gap, there is no back door, they have some very smart people working in this department.

Respectfully, Ross, there must be a back door, at least on the T87A, right? I think everybody here agrees that you aren't going in the "front door" to hack T87As if the same exploit could be used against bitcoins and other, more valuable pursuits.

Granted, GM has responded with a NEW T87A for 2018 vehicles, however. If there WAS a back door on the 2017 T87As, it may be gone, now... Maybe someone should ask the other guys if they support unlocking 2018 T87As. lol

Respectfully, Ross, there must be a back door, at least on the T87A, right?
Maybe there wa$ :hihi:
I was under the impression the TCM had to be sent to HPT first, I might be wrong.


Granted, GM has responded with a NEW T87A for 2018 vehicles, however. If there WAS a back door on the 2017 T87As, it may be gone, now
Yes that would be the true test to know if they responded by closing the back door. Any exploit would need to exist in the bootblock of the TCM which they would never update in the field via TIS but they would roll out in a new TCM update from the factory.

Who has the money to sue GM or FORD or PORSCHE, maybe the Federal Government, but beyond some deep pocketed individual or company its going to be a battle if they all go that route

I can't fathom exactly what your argument is going to be for a court case. New legislature or regulation will have to placed. Which would take time, and we don't exactly fill EPA's pockets.

I think the solution everyone will be happy with is to have all ECMs follow a more open system (that is still secure from OTA attacks).
Allow us to roll our own bootloader, and require compilers and low level documentation to be made available for a reasonable price (whether thats directly or indirectly, doesn't matter).
GM keeps their IP. We make our own. No more of this grey area bullshit.

This is all stupid wishful thinking though...

I can't fathom exactly what your argument is going to be for a court case. New legislature or regulation will have to placed. Which would take time, and we don't exactly fill EPA's pockets.

I think the solution everyone will be happy with is to have all ECMs follow a more open system (that is still secure from OTA attacks).
Allow us to roll our own bootloader, and require compilers and low level documentation to be made available for a reasonable price (whether thats directly or indirectly, doesn't matter).
GM keeps their IP. We make our own. No more of this grey area bullshit.

This is all stupid wishful thinking though...

There is also still a question as to what lengths this technology will be used. At present there's three controllers (that we here care about) that use it, and until the E88 popped up, I was moving forward with the assumption this was being deployed out of pressure from environmental regulators to prevent people from doing stuff like deletes for diesels. Also, most, if not all existing controller designs COULD have this signature verification stuff added to the boot loader, but as of present, none of the 2018 part numbers do (and yet they DO have new features to specifically support OTA update scenarios and other security updates like the new challenge/authenticate keys).

Maybe all of the new ECU designs will have it, though. Maybe in 2019 all of the existing ones will also have it. Maybe new ECU designs will have it, but only selectively enabled. Maybe GM will release aftermarket signing keys after the warranty period expires for a given vehicle. There is no doubt about one thing, and that's this technology gives GM full control over what we are allowed to do and not do.

Yes I thought it was a Diesel only roll-out too (those rolling coal video's coming back to bite everyone again). But as you said then the E88 made its appearance this year and blew that theory out the window.
History shows that GM run a controller for about 5 or 6 years max then it is replaced with a new design, so based on that...

E39 - 2010 (overdue to be replaced)
E78 - 2010 (overdue to be replaced)
E80 - 2014
E81 - 2016
E82 - 2016
E84 - 2016
E88 - 2017 (new security, used only on 1.5L Malibu)
E92 - 2013
E98 - 2015

I think they will either update the E92 to this new security (pretty easy for them to do) or it'll be replaced with another ECM.

I Do not think GM is going to allow the aftermarket tuning community any way going forward to defeat anything in the ecm for on-road usage.

I also know the Big Car Makers have been trying for a long time to force everyone to a dealer for all parts. diagnosis and repair, as it supports the dealers and their overpriced parts and labor if the funnel everyone thru that expensive door with no other choice but to use the dealer.

Except dealers are individually owned and operated franchises....................GM doesnt give two shits about dealers and if the dealers make money or not on anything except new car sales. Hell, just look at what GM pays the dealers for warranty repair rates/claims. :laugh:

Newsflash, dealers make all their money on selling cars. Not service and parts. Being required to provide service and parts is literally the bane of dealers' existances....just ask anyone who owns a major car dealer. They HATE service/parts, especially if its a warranty job.

So the whole conspiracy of "car mfg's wanting to strong-arm customers into ONLY having work done at dealers" is a crock. As long as the dealer sells as many new cars as possible, thats 100% all GM cares about.

Its cutthroat in the car industry, thats why most car salesmen are sleazeballs...if they dont sell as many new cars as possible, the dealer fires them....if the dealer doesnt sell as many new cars as possible, GM pulls their franchise.

Except dealers are individually owned and operated franchises....................GM doesnt give two shits about dealers and if the dealers make money or not on anything except new car sales. Hell, just look at what GM pays the dealers for warranty repair rates/claims. :laugh:

Newsflash, dealers make all their money on selling cars. Not service and parts. Being required to provide service and parts is literally the bane of dealers' existances....just ask anyone who owns a major car dealer. They HATE service/parts, especially if its a warranty job.

So the whole conspiracy of "car mfg's wanting to strong-arm customers into ONLY having work done at dealers" is a crock. As long as the dealer sells as many new cars as possible, thats 100% all GM cares about.

Its cutthroat in the car industry, thats why most car salesmen are sleazeballs...if they dont sell as many new cars as possible, the dealer fires them....if the dealer doesnt sell as many new cars as possible, GM pulls their franchise.

GM would still like to force everyone to use only genuine parts, most of all genuine parts are common at dealers, for 2x-10x what the aftermarket charges.

I know that GM prices new trucks at $72K+ and then dealers sell them for $12K off sticker...........the race to the bottom, because they love to make pennies on the truck and $1000's on the financing.........volume, quantity, they make their margin on the trade-in as well.

I know plenty of people in the business, I wish you could order it online, pay for it online and pick it up, cut everyone ight out of the deal, just have a delivery process for $250 or so, and a service center.........I know exactly what I want, can build it online, did that with my 2017 Macan GTS from Porsche, just emailed 10 dealers the "PORSCHE CODE" and picked the best priced one, it was sooooooo easy !!

Amazon for cars...........LOL

GM would still like to force everyone to use only genuine parts, most of all genuine parts are common at dealers, for 2x-10x what the aftermarket charges.

Huh??? GM honestly doesnt give a crap what parts you put on your vehicle! I promise you that. Once its out of warranty period, its not their problem....at all.

You break the door handle at 180k miles on your silverado, you really think GM cares if you replace it with a "genuine" one from the dealer, or a Dorman aftermarket one from Advance Auto?

Amazon is an authorized ac delco distributor, and www.partszoneonline.com (http://www.partszoneonline.com) will sell you any genuine part that you can get at the dealer, for half the cost. Not like GM is going to suddenly shut them down in some big conspiracy case to make you pay actual full dealer prices (who actually goes to the local dealer to buy parts anyway??).

GM parts are really NOT that expensive AT ALL if you shop around. With the rare exception here and there, Ive never found GM parts to be completely outrageously priced. You can get entire chassis wiring harnesses for under $300.

Price some porsche parts to fix your macan once its out of warranty if you think GM is such a "big bad meanie thats out to swindle the little customer". :)

I see things may be looking up for L5P tunes!

SC Research LLC claims they have cracked the E41 Duramax controller.

SC Research LLC claims they have cracked the E41 Duramax controller.

I'd be amazed if it was anywhere close to plug and play. Only ways to do that is to take GM's key (don't do that), and/or GM left the door open somewhere. Which, don't expect that to last.

If you scroll down on SC's Facebook page:

Posted back in October 2017 -
After working on the encryption that Mercedes and Chrysler uses for almost 10 years, since 2007, we have some preliminary results on a full break of it. More testing is required, but it is looking promising. This will allow the customer to reflash the ECU without sending it to one of the tuning companies for "ecu unlock".

The best part of these results is that the basic method can be applied to break the latest security that GM has introduced as well.



This all sounds very interesting :) I only hope that this means the new GM ECM's are not locked up for good.

My Understanding is not so much that it's uncrackable but more so that Gm has defined the software as proprietary to them claiming it as intellectual property and by cracking or hacking the code and modifying it you are essentially breaking the law.

Let's face it anything digital can be hacked.

My Understanding is not so much that it's uncrackable but more so that Gm has defined the software as proprietary to them claiming it as intellectual property and by cracking or hacking the code and modifying it you are essentially breaking the law.

Let's face it anything digital can be hacked.

A grey area for sure. It always has been. The issue with whatever approach they are using is clearly a flaw.

On the LMl what is stopping you is a childs play checksum, and a 2 byte password. Really hard to argue you are trying to keep people out if the password to root is nothing.

Going to close this one too for now, sorry guys.