Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 33

Thread: hmmmmmmmmmmmmmm.........bad news for L5P

  1. #11
    Lifetime Member GMC-2002-Dmax's Avatar
    Join Date
    Dec 2005
    Posts
    1,294

    Default

    Quote Originally Posted by sn00py View Post
    This new segment signing technology they are using was patented (in 2014 if I recall?). Just Google "gm global technology operations llc" and you'll find your way to an index of their patents.

    One thing that is interesting is this patent explicitly describes the ability to allow third parties to generate properly signed images without revealing the "root key". Their signature mechanism actually uses two keys, the per-segment signature block contains a header, the SHA256 hash, then a public RSA key. After that comes the signature block generated using the "root key", then the signature block using the first public key.

    What this means is GM could give an external party a full RSA key, signed with their root key, and the external party could generate valid signatures. Or the external party could provide their own public key to GM, and they could keep the private part, well, private, meaning that GM could not sign images using the third party's key. It also means they can irrefutably identify the source of any calibration by examining the signature block used during flash.

    In any event, they've clearly thought about the scenario where external parties could be enabled to generate signed images. The big question is whether they will, and if they do, under what constraints? And at what cost? Someone in thread posted by the OP commented that this is about GM's wanting to get control over who is allowed to modify GM's ECUs in the same way Apple has control over who gets to write apps that are used on their iOS devices, I think that's a good analogy.

    So, perhaps aftermarket tuning will continue forward after all, but the premise under which it is done could be vastly different than it is today.
    I Do not think GM is going to allow the aftermarket tuning community any way going forward to defeat anything in the ecm for on-road usage.

    I also know the Big Car Makers have been trying for a long time to force everyone to a dealer for all parts. diagnosis and repair, as it supports the dealers and their overpriced parts and labor if the funnel everyone thru that expensive door with no other choice but to use the dealer.

    I know Porsche makes dealer pay $18K or so a year just to access PORSCHE Databases for vehicle diagnosis and even a simple service reminder reset often times requires an expensive trip to the dealer.

    Its all about squeezing everyone for every last dime and making it impossible to go anywhere or do anything unless you go the dealer and pay thru the nose.

    I wish they would do that private key signing, I bet it would cost $$$$$$$ MILLIONS $$$$$$$
    www.mscservices.net


    Tuner of many, many Duramax and Cummins Diesels.


  2. #12
    Lifetime Member Chevy366's Avatar
    Join Date
    Oct 2006
    Posts
    1,603

    Default

    I could see not allowing access while under factory warranty, but after the warranty expires, there is no further need to protect the company's assets under the warranty. In fact I would think it would be found to be illegal, if challenged in court, to do so. Forcing the public to use the dealerships isn't that like unfair trade practice? Or one could not buy the newer products. Wife and I are going to do a restromod and pick the things we want.
    2005 1500 HD , Custom OS3 SD tune .
    2006 Trailblazer
    Dinosaurs and Plants gave their lives so that we may drive , long live fossil fuel .

  3. #13
    Lifetime Member GMC-2002-Dmax's Avatar
    Join Date
    Dec 2005
    Posts
    1,294

    Default

    Who has the money to sue GM or FORD or PORSCHE, maybe the Federal Government, but beyond some deep pocketed individual or company its going to be a battle if they all go that route
    www.mscservices.net


    Tuner of many, many Duramax and Cummins Diesels.


  4. #14
    Junior Member
    Join Date
    Jan 2017
    Posts
    24

    Default

    Quote Originally Posted by GMC-2002-Dmax View Post
    I Do not think GM is going to allow the aftermarket tuning community any way going forward to defeat anything in the ecm for on-road usage.
    Yes, that's certainly "under what terms" that would apply. However, one could certainly see a scenario where they allow companies to develop calibrations to support their products that meet emissions standards, prevent potential warranty abuse and meet other criteria that GM can design themselves. At the end of the day, it seems they're just sick of having no control over what happens with their ECUs. Maybe part of this is related to the erosion of their power with the DMCA exemption ruling, who knows.

    It is hard to fathom that they will offer no solution whatsoever for these companies building quality products and are actually trying to meet emission standards, but maybe that's exactly what's going to happen.

  5. #15
    Junior Member
    Join Date
    Jan 2017
    Posts
    24

    Default

    Quote Originally Posted by Chevy366 View Post
    I could see not allowing access while under factory warranty, but after the warranty expires, there is no further need to protect the company's assets under the warranty. In fact I would think it would be found to be illegal, if challenged in court, to do so. Forcing the public to use the dealerships isn't that like unfair trade practice? Or one could not buy the newer products. Wife and I are going to do a restromod and pick the things we want.
    There were some very interesting articles floating around a couple years back when the whole automotive ECU DMCA exemption thing was being considered. Articles against it were saying that John Deere and GM are taking the view that when you buy JD equipment or a GM vehicle, you were, in effect, leasing the right to use the vehicle as opposed to actually purchasing it, as all the intellectual property, including ECU code belongs to JD or GM. This isn't so different than how software licenses work, but it's scary to think of in the context of a vehicle you spent 10s or 100s of thousands of dollars on.

  6. #16
    Junior Member
    Join Date
    Jan 2017
    Posts
    24

    Default

    Here's the link to GM's patent on all this stuff if anybody is interested...

    http://www.patentsencyclopedia.com/app/20160140056

  7. #17
    Lifetime Member GMPX's Avatar
    Join Date
    Apr 2003
    Posts
    13,148

    Default

    At some point it will sink in to the wider audience that GM implemented this as good as could be done, there is no gap, there is no back door, they have some very smart people working in this department.
    People out there saying 'yeah but everyone said that about the LML', well that may have been true initially based on similar Bosch hardware from Europe but there is two key differences here.

    1 - The LML being based on Bosch EDC17 architecture means worst case it can still be accessed via the CPU JTAG ports (can't be done on E41).
    2 - For some reason GM decided not to switch on the digital signature verifications on the LML ECM, they are there, they just aren't active on the cals (they are active and much stronger on E41).

    Whilst their new system might allow them to give approved tuners the ability to create valid signatures it doesn't mean they have to do it and if they do at what cost and under what constraints / agreements?
    I could see some instances where GM might be willing to work with certain companies for aftermarket tunes and have them approved and signed. But I can't see how that could ever work for software like EFILive where we have no control over what end users create, how could such a scenario get approval from GM to incorporate in to our software where every users can sign calibrations.

    The rate electric vehicles are progressing now that all the big OEM's are deep in to development in 10 years it'll be a very different world anyway. I'm kind of surprised this hasn't happened earlier TBH.
    I no longer monitor the forum, please either post your question or create a support ticket.

  8. #18
    Junior Member
    Join Date
    Jan 2017
    Posts
    24

    Default

    Quote Originally Posted by GMPX View Post
    At some point it will sink in to the wider audience that GM implemented this as good as could be done, there is no gap, there is no back door, they have some very smart people working in this department.
    Respectfully, Ross, there must be a back door, at least on the T87A, right? I think everybody here agrees that you aren't going in the "front door" to hack T87As if the same exploit could be used against bitcoins and other, more valuable pursuits.

    Granted, GM has responded with a NEW T87A for 2018 vehicles, however. If there WAS a back door on the 2017 T87As, it may be gone, now... Maybe someone should ask the other guys if they support unlocking 2018 T87As. lol

  9. #19
    Lifetime Member GMPX's Avatar
    Join Date
    Apr 2003
    Posts
    13,148

    Default

    Quote Originally Posted by sn00py View Post
    Respectfully, Ross, there must be a back door, at least on the T87A, right?
    Maybe there wa$
    I was under the impression the TCM had to be sent to HPT first, I might be wrong.

    Quote Originally Posted by sn00py View Post
    Granted, GM has responded with a NEW T87A for 2018 vehicles, however. If there WAS a back door on the 2017 T87As, it may be gone, now
    Yes that would be the true test to know if they responded by closing the back door. Any exploit would need to exist in the bootblock of the TCM which they would never update in the field via TIS but they would roll out in a new TCM update from the factory.
    I no longer monitor the forum, please either post your question or create a support ticket.

  10. #20
    Senior Member
    Join Date
    Dec 2015
    Posts
    126

    Default

    Quote Originally Posted by GMC-2002-Dmax View Post
    Who has the money to sue GM or FORD or PORSCHE, maybe the Federal Government, but beyond some deep pocketed individual or company its going to be a battle if they all go that route
    I can't fathom exactly what your argument is going to be for a court case. New legislature or regulation will have to placed. Which would take time, and we don't exactly fill EPA's pockets.

    I think the solution everyone will be happy with is to have all ECMs follow a more open system (that is still secure from OTA attacks).
    Allow us to roll our own bootloader, and require compilers and low level documentation to be made available for a reasonable price (whether thats directly or indirectly, doesn't matter).
    GM keeps their IP. We make our own. No more of this grey area bullshit.

    This is all stupid wishful thinking though...

Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Good news!
    By mr.prick in forum Lounge
    Replies: 3
    Last Post: November 16th, 2009, 10:01 AM
  2. I have received a little bit of bad news.
    By esco35m in forum General (Petrol, Gas, Ethanol)
    Replies: 10
    Last Post: August 7th, 2007, 06:16 PM
  3. Good news so far
    By esco35m in forum General (Petrol, Gas, Ethanol)
    Replies: 1
    Last Post: July 1st, 2007, 12:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •