Page 1 of 4 123 ... LastLast
Results 1 to 10 of 33

Thread: hmmmmmmmmmmmmmm.........bad news for L5P

  1. #1
    Lifetime Member GMC-2002-Dmax's Avatar
    Join Date
    Dec 2005
    Posts
    1,294

    Thumbs down hmmmmmmmmmmmmmm.........bad news for L5P

    http://www.duramaxforum.com/forum/20...ed-period.html

    Hope this is not true !!!!!

    L5P and after will never be tuned. Period.
    Folks this is my first post, so I thought I would come in with a bang. Lol.

    Background: I drove Ford trucks from High School in the mid 80's to a new 2011 F-350. Never owned a GM truck in my life. Had all the problems with the Navistar 6.0's and 6.4's then three radiators and 2 blown turbos on the 2011 6.7, done with FoMoCo......which resulted in a 2013 Ram 3500 and then a 2015 Ram 3500 in my driveway. Sold the 2015 Ram 3500 this spring and went the summer without a truck, mainly because I didn't want another Ram of the same generation as my previous two, and, the new 2017 Superduty's are RIDICULOUSLY priced with minimal discounts.....nice trucks though.

    So I'm driving by the local Chevy dealer last week, and sitting out front is a 2017 Regular Cab/LB loaded LTZ Duramax. Took it for a test drive and LOVED IT. Power for days, quiet, and it's been 25 years since I owned a regular cab truck.....a real man's truck as my Pop's always said. $58K MSRP, year-end clearance marked at $49K and I got them down to $45K....$13K off MSRP is not a bad deal + it fit's in my garage on the house instead of all the way out in the shop.

    So Friday I had it at the dealer to get the TSB 17-NA-171 ECM/TCM updates done, and while I'm waiting I run into the dealership IT manager who I know quite well since my company has provided IT support services for them off and on for years. Big dealership, multiple locations all over the state, so he oversees a lot. Being a 25-year veteran IT Engineer/Manager myself, we got into a detailed discussion on the back-end architecture/process of how the new Duramax ECM/TCM is programmed and updated. WOW.

    GM's Phase-1 overall process involves multi-factor authentication involving dealer employees/credentials and a Diffie-Hellman 2048 bit key exchange using a SHA-256 hash digest that is unique for each VIN ECM/TCM. The implementation is well thought out and done correctly, and put quite simply, there is no attack surface to exploit. GM's implementation of software key management coupled with unique features in hardware allow them to change any of this dynamically from model year to model year, or even production job to production job. The main concept to keep in mind is this is not a STATIC security implementation restricted by hardware limits where once cracked, always cracked (essential in developing an aftermarket solution). In the unlikely event of an exploit, GM can dynamically alter their system, and via On-Star (which uses the same system) issue OTA updates (whether you have an active subscription or not) or send update notices in the mail. Remember, this is simply a key exchange update process, something that every Wi-Fi hot spot does routinely.

    Based on years of personal experience, IMHO the aftermarket will not be tuning or modifying these trucks ever.

    Diffie-Hellman 2048/SHA-256 if implemented correctly as done by GM, is un-crackable......even by the NSA. Current estimates to crack Diffie-Hellman 1024 is 35,000,000 core years.....ie it would take 35 million cpu cores 1 year to crack a single key exchange.....and the key exchange is unique for each VIN#. Diffie-Hellman 2048bit???......forget about it, not going to happen.

    Furthermore, I mentioned Phase-1 above....which on the L5P does not encrypt the actual software on the ECM/TCM. Phase-2 roll-out in the next gen trucks (as well as Corvette and other vehicles) is full encryption of the key exchange and module software.

    From what I was told, Ford and Fiat/Chrysler are not far behind.

    I've had several trucks tuned over the years, and I hate the emissions crap on these new trucks as much as anyone, but, I'm afraid we are nearing the end of an era.

    At least they gave us 450HP and 900+ ft-lbs of torque stock......there are worse things!!
    www.mscservices.net


    Tuner of many, many Duramax and Cummins Diesels.


  2. #2
    Lifetime Member GMPX's Avatar
    Join Date
    Apr 2003
    Posts
    13,148

    Default

    Ahh, isn't this what I've been saying since this truck came out but now people are willing to accept it because someone else has posted it? I told you all that SHA-256 is uncrackable and L5P was a done deal and this is why we've wasted no R&D time on trying to do it.

    https://forum.efilive.com/showthread...l=1#post238145

    Full encryption comes when they do over the air updates (via WiFi like Tesla), that is when it needs to be totally secure which it will be.
    Sad to say, but....
    https://www.youtube.com/watch?v=6owI1uSsd40
    Last edited by GMPX; October 5th, 2017 at 08:46 AM.
    I no longer monitor the forum, please either post your question or create a support ticket.

  3. #3
    Lifetime Member GMC-2002-Dmax's Avatar
    Join Date
    Dec 2005
    Posts
    1,294

    Default

    Quote Originally Posted by GMPX View Post
    Ahh, isn't this what I've been saying since this truck came out but now people are willing to accept it because someone else has posted it? I told you all that SHA-256 is uncrackable and L5P was a done deal and this is why we've wasted no R&D time on trying to do it.

    https://forum.efilive.com/showthread...l=1#post238145

    Full encryption comes when they do over the air updates (via WiFi like Tesla), that is when it needs to be totally secure which it will be.
    Sad to say, but....
    https://www.youtube.com/watch?v=6owI1uSsd40
    I never doubted what you said..........that small glimmer of hope is now extinguished.
    www.mscservices.net


    Tuner of many, many Duramax and Cummins Diesels.


  4. #4
    Lifetime Member GMPX's Avatar
    Join Date
    Apr 2003
    Posts
    13,148

    Default

    Yeah it is sad isn't it that the tuning industry is slowly turning in to the typewriter industry, but I guess this is what happens when silly things like automated vehicles need to happen (apparently), it's just a step towards that.
    Still, it will make the LML a winner on the used truck market.

    Box foolers might be the only option but it depends how tight GM have their monitoring on such things (I'm guessing they are pretty smart on the current gen ECM's).
    I no longer monitor the forum, please either post your question or create a support ticket.

  5. #5
    Junior Member
    Join Date
    Jan 2017
    Posts
    24

    Default

    Quote Originally Posted by GMPX View Post
    Ahh, isn't this what I've been saying since this truck came out but now people are willing to accept it because someone else has posted it? I told you all that SHA-256 is uncrackable and L5P was a done deal and this is why we've wasted no R&D time on trying to do it.
    It's not worth a deeper look? After all, the other guys figured out T87As without cracking the case...

  6. #6
    Lifetime Member GMPX's Avatar
    Join Date
    Apr 2003
    Posts
    13,148

    Default

    Quote Originally Posted by sn00py View Post
    It's not worth a deeper look?
    No, will will not be investing any more time into this. Our efforts are being focused elsewhere.

    Quote Originally Posted by sn00py View Post
    After all, the other guys figured out T87As without cracking the case...
    The other guys should go in to bitcoin exploits if they can reverse engineer signing keys that strong, you can make millions in a few minutes if you can do that, makes you wonder hey
    Last edited by GMPX; October 5th, 2017 at 11:52 AM.
    I no longer monitor the forum, please either post your question or create a support ticket.

  7. #7
    Junior Member
    Join Date
    Jan 2017
    Posts
    24

    Default

    Quote Originally Posted by GMPX View Post

    The other guys should go in to bitcoin exploits if they can reverse engineer signing keys that strong, you can make millions in a few minutes if you can do that, makes you wonder hey
    Yes, then again, makes you wonder why they are able to with T87A, but not the E41... And bitcoins, as you say... It would seem all are the same problem on the surface...

  8. #8
    Joe (Moderator) joecar's Avatar
    Join Date
    Apr 2003
    Posts
    28,403

    Default

    They must know someone or a backdoor (I don't think they could crack the encryption).

  9. #9
    Lifetime Member Road's Avatar
    Join Date
    Feb 2015
    Posts
    336

    Default

    Quote Originally Posted by joecar View Post
    They must know someone or a backdoor (I don't think they could crack the encryption).
    True you will need to know someone. And that someone will need to cover their trail up. So someone could release tuning for them. GM could change the key tomorrow and you would be right back where you started or worse.... It's a risk vs reward thing....

  10. #10
    Junior Member
    Join Date
    Jan 2017
    Posts
    24

    Default

    This new segment signing technology they are using was patented (in 2014 if I recall?). Just Google "gm global technology operations llc" and you'll find your way to an index of their patents.

    One thing that is interesting is this patent explicitly describes the ability to allow third parties to generate properly signed images without revealing the "root key". Their signature mechanism actually uses two keys, the per-segment signature block contains a header, the SHA256 hash, then a public RSA key. After that comes the signature block generated using the "root key", then the signature block using the first public key.

    What this means is GM could give an external party a full RSA key, signed with their root key, and the external party could generate valid signatures. Or the external party could provide their own public key to GM, and they could keep the private part, well, private, meaning that GM could not sign images using the third party's key. It also means they can irrefutably identify the source of any calibration by examining the signature block used during flash.

    In any event, they've clearly thought about the scenario where external parties could be enabled to generate signed images. The big question is whether they will, and if they do, under what constraints? And at what cost? Someone in thread posted by the OP commented that this is about GM's wanting to get control over who is allowed to modify GM's ECUs in the same way Apple has control over who gets to write apps that are used on their iOS devices, I think that's a good analogy.

    So, perhaps aftermarket tuning will continue forward after all, but the premise under which it is done could be vastly different than it is today.

Page 1 of 4 123 ... LastLast

Similar Threads

  1. Good news!
    By mr.prick in forum Lounge
    Replies: 3
    Last Post: November 16th, 2009, 10:01 AM
  2. I have received a little bit of bad news.
    By esco35m in forum General (Petrol, Gas, Ethanol)
    Replies: 10
    Last Post: August 7th, 2007, 06:16 PM
  3. Good news so far
    By esco35m in forum General (Petrol, Gas, Ethanol)
    Replies: 1
    Last Post: July 1st, 2007, 12:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •