C8 Wont be tunable any time soon

svtfocus2cobra

Opprimere, Velocitas, Violentia Operandi
Established Member
Joined
Sep 24, 2004
Messages
26,222
Location
Washington
Porsche and others has the same style of ECM. It's more just a style of management than a system that is more secure. You have one central brain and then a few dozen modules that spider web off of the main ECU. It's pretty organized once you get into it and start to understand it. It will probably help tuners in a lot of ways but there will be an added challenge of accounting for the other modules, but it can be done. It already has been done.
 

Zemedici

Well-Known Member
Established Member
Joined
Jan 7, 2013
Messages
21,223
Location
Atlanta, GA
I'm not worried about it. Said the same thing about the C7 ZR1. And last gen vipers.

@2011 gtcs you'd be surprised. It depends on possible gains. It absolutely costs that much to tune newer Merc / BMW / Audi vehicles.

However, gains are NUTS. All subjective. If you've got a net worth of 15mil, what's 2-3k, etc.

@03Sssnake usually like that when first unveiled, then they figure it out and credit amounts needed drops.
 

GT Premi

Well known member
Established Member
Joined
Mar 15, 2011
Messages
8,140
Location
NC
Porsche and others has the same style of ECM. It's more just a style of management than a system that is more secure. You have one central brain and then a few dozen modules that spider web off of the main ECU. It's pretty organized once you get into it and start to understand it. It will probably help tuners in a lot of ways but there will be an added challenge of accounting for the other modules, but it can be done. It already has been done.

The problem with Porsche and a few other German brands, you have to send the ECU off to be tuned. I want to get a tune for the Cayenne, but it's my wife's daily driver. No way I'm letting her drive one of my Shelbys unsupervised. She has zero awareness of low front ends and curbs. She's curbed and/or bent every set of wheels I've put on her cars. I'm still waiting for the day when the Cayenne comes home with the wheels scraped all to hell and her telling me she doesn't know what happened.
 

2011 gtcs

GT500 poster
Established Member
Premium Member
Joined
Mar 7, 2011
Messages
8,441
Location
Arizona
I'm not worried about it. Said the same thing about the C7 ZR1. And last gen vipers.

@2011 gtcs you'd be surprised. It depends on possible gains. It absolutely costs that much to tune newer Merc / BMW / Audi vehicles.

However, gains are NUTS. All subjective. If you've got a net worth of 15mil, what's 2-3k, etc.

@03Sssnake usually like that when first unveiled, then they figure it out and credit amounts needed drops.
I have no doubts they will unlock the ECU, I was just saying it will probably be expensive to tune them and it might take awhile.
 

svtfocus2cobra

Opprimere, Velocitas, Violentia Operandi
Established Member
Joined
Sep 24, 2004
Messages
26,222
Location
Washington
The problem with Porsche and a few other German brands, you have to send the ECU off to be tuned. I want to get a tune for the Cayenne, but it's my wife's daily driver. No way I'm letting her drive one of my Shelbys unsupervised. She has zero awareness of low front ends and curbs. She's curbed and/or bent every set of wheels I've put on her cars. I'm still waiting for the day when the Cayenne comes home with the wheels scraped all to hell and her telling me she doesn't know what happened.

From our experience, the Cayenne is a vehicle I would never touch or alter electrically, you dont even want to put a sound system in it. They are probably better now but I have a customer who has an 05 base model with the 3.2 and I have warrantied out three water cooled 190 amp alternators so far for him and he wants me to warranty for a 4th one but I cant find any outside of a $2k Porsche alternator anymore. It's his sound system that is screwing it up and we spent over a month mapping out the ECM to find electrical issues that were making the car go haywire and run like crap and not start. It's just a car that you dont want to tamper with in that regard, but I'm sure the tuners have that figured out with what they are doing.
 

SonicDTR

Wasn't me.
Established Member
Premium Member
Joined
Sep 23, 2007
Messages
5,244
Location
Midwest
Stand alone ECU and a built auto, easy peasy. Engine isn't *that* different from past generations that I've seen so far, so it should be pretty straight forward to control with a stand alone ECU.
 

Pribilof

Life's Better @ Elevation
Established Member
Joined
Oct 15, 2013
Messages
1,156
Location
Denver, CO
The same thing has been said for decades about every computer system every designed. They all get hacked eventually.

Do you think Microsoft wants Windows to be buggy and have zero day exploits? It's been being continually developed and improved since 1985. Do you think MS has better or worse computer engineers than GM? Do you think it's easier or more difficult to hack a system that you have physical access to every software and hardware component that comprises the system?

"Unhackable" just means "new stuff for nerds to break"
 

SirShaun

Well-Known Member
Established Member
Joined
Jun 9, 2014
Messages
1,392
Location
Virginia
Sounds like they made the ECU a certificate authority, and the modules are signed from it, at the most basic level. If at any point that trust chain differs, you got problems. GM could potentially have a root CA, with all the private keys of every one made. Revoke your cert, your car becomes unusable.

Depending on the hashing algorithm used and if adhering to modern standards, it could very well never be cracked, or at least not for a very very long time.

GM clearly has a method for recerting everything. Unlocking sounds like it will take a serious amount of unauthorized hands on time with whatever GM is planning to use in a replace module scenario to recert. I'm thinking some sort of authentication to a central keystore where the VIN is associated with a cert.

You get your own certs in place and a device to manage them, your car is unlocked, and you are to never return to the dealership again.

This is a double edged sword in reality. On one side it is good to see this amount of security being introduced as cars become self driving. On the other hand for enthusiasts and hobbyist, it sucks having a car you cannot modify.

Do you even own the car at that point?
I believe there was a recent legal case, which mandated that the software the car utilizes is intellectual property, and we as consumers can be denied access.

Next step is get sued for tampering with it. EPA cracking down is just the start, wait until auto manufacturers start going after major tuners.

The 3-4k for a tune is going to a standalone, bypassing the stock ECU altogether, because it couldn't be cracked. We now have this problem, plus the fact modules will no longer work. Not only now do we have to crack or bypass the ECU, we have to crack or bypass all the modules as well.
 
Last edited:

SonicDTR

Wasn't me.
Established Member
Premium Member
Joined
Sep 23, 2007
Messages
5,244
Location
Midwest
Sounds like they made the ECU a certificate authority, and the modules are signed from it, at the most basic level. If at any point that trust chain differs, you got problems. GM could potentially have a root CA, with all the private keys of every one made. Revoke your cert, your car becomes unusable.

Depending on the hashing algorithm used and if adhering to modern standards, it could very well never be cracked, or at least not for a very very long time.

GM clearly has a method for recerting everything. Unlocking sounds like it will take a serious amount of unauthorized hands on time with whatever GM is planning to use in a replace module scenario to recert. I'm thinking some sort of authentication to a central keystore where the VIN is associated with a cert.

You get your own certs in place and a device to manage them, your car is unlocked, and you are to never return to the dealership again.

This is a double edged sword in reality. On one side it is good to see this amount of security being introduced as cars become self driving. On the other hand for enthusiasts and hobbyist, it sucks having a car you cannot modify.

Do you even own the car at that point?
I believe there was a recent legal case, which mandated that the software the car utilizes is intellectual property, and we as consumers can be denied access.

Next step is get sued for tampering with it. EPA cracking down is just the start, wait until auto manufacturers start going after major tuners.

The 3-4k for a tune is going to a standalone, bypassing the stock ECU altogether, because it couldn't be cracked. We now have this problem, plus the fact modules will no longer work. Not only now do we have to crack or bypass the ECU, we have to crack or bypass all the modules as well.

Thats my line of work and essentially what I had in mind for how it worked as well. Also could be some version of TPM, which is similar, and appears to be in use in cars already. I had not looked into that until now. A quick search shows some interesting info, and mentions VW like others have referenced.

TPM Comes to Cars
TPM Enables Secure Over-the-air Software Updates for Vehicles: It’s Here | Trusted Computing Group
World’s first TPM for cybersecurity in the connected car - Infineon Technologies

I'm sure enough digging would turn up the relationship between GM and one of the solution providers, which would give us more insight into the actual methodology and potential to work around it. But the aftermarket is already working on it and far more versed in that arena than most people realize... ;)

*Edit to add* Found this research paper for anyone interested. Seems solid as far as I can tell. https://krex.k-state.edu/dspace/bitstream/handle/2097/39137/NareshKumarGiri2018.pdf?sequence=1
 
Last edited:

LostM

Well-Known Member
Established Member
Joined
Jun 5, 2013
Messages
813
Location
Delaware
I dont think most of you guys grasp what is involved.
Zr1 ecus are not cracked, they are getting swapped with known encryption modules.
How long before thats available to the c8?
And then, the 100+ modules controlling everything in the car, that verify ECU ..

The over air updates is just 1 piece

Maybe im wrong, but the tech guys on the gm forums are in agreement, your gonna need patience on this one
 

LostM

Well-Known Member
Established Member
Joined
Jun 5, 2013
Messages
813
Location
Delaware
Sounds like they made the ECU a certificate authority, and the modules are signed from it, at the most basic level. If at any point that trust chain differs, you got problems. GM could potentially have a root CA, with all the private keys of every one made. Revoke your cert, your car becomes unusable.

Depending on the hashing algorithm used and if adhering to modern standards, it could very well never be cracked, or at least not for a very very long time.

GM clearly has a method for recerting everything. Unlocking sounds like it will take a serious amount of unauthorized hands on time with whatever GM is planning to use in a replace module scenario to recert. I'm thinking some sort of authentication to a central keystore where the VIN is associated with a cert.

You get your own certs in place and a device to manage them, your car is unlocked, and you are to never return to the dealership again.

This is a double edged sword in reality. On one side it is good to see this amount of security being introduced as cars become self driving. On the other hand for enthusiasts and hobbyist, it sucks having a car you cannot modify.

Do you even own the car at that point?
I believe there was a recent legal case, which mandated that the software the car utilizes is intellectual property, and we as consumers can be denied access.

Next step is get sued for tampering with it. EPA cracking down is just the start, wait until auto manufacturers start going after major tuners.

The 3-4k for a tune is going to a standalone, bypassing the stock ECU altogether, because it couldn't be cracked. We now have this problem, plus the fact modules will no longer work. Not only now do we have to crack or bypass the ECU, we have to crack or bypass all the modules as well.

This guy gets it

I suppose the 5.3 van motor and twin nagasaki boyz think everything is a bit of speaker wire duct tape and casio calculator away from being tooned
 

snakecharmer

Well-Known Member
Established Member
Joined
Nov 18, 2000
Messages
2,133
Location
Apex, NC
There is no such thing as a computer that cannot be broken. Though it very well may be much much harder. Look for automakers continue to making it hard both because they are trying to cut down on warranty claims from modded cars, but also because they don't want to be accused by various government agencies of making it too easy to bypass emissions programming.
 

SirShaun

Well-Known Member
Established Member
Joined
Jun 9, 2014
Messages
1,392
Location
Virginia
You guys are underestimating the security this thing is shipping with. This isn't going to be as easy as taking advantage of a vulnerability, a matter of social engineering, or an API leak, which is what you see a lot of in the news. If this is done right, it's at least SHA-2 which can only be cracked via collision, which has never been done in the wild, that I am aware of.

Google cracked SHA-1 in 2017.
Google just cracked one of the building blocks of web encryption (but don’t worry)

At best you will have to go stand alone, rip out all the modules, and be left with a car that half functions as originally intended. I don't think anyone will make the investment to produce unlocked modules either, at least until enough cars demand them. The C8 alone isn't enough to buy into creating that. As fast as technology changes, I'm not sure it's even a sustainable business model.

As much as I hate to say it, this is needed, as we go into an age of self driving cars. Something needs to be in place to prevent stolen/unregistered unmanned vehicles being used as weapons lol.

You no longer need an operating system to run applications. It is becoming more and more possible to run applications on next to nothing for hardware. Making technology cheaper to integrate. Unrelated but Ford just wrote off a 181M investment in pivotol, which is based on kubernetes, a serverless solution.

Ford isn't fairing too hot in IT diversification, unlocked Mustangs forever.

https://jalopnik.com/ford-writes-off-entire-181-million-investment-in-softw-1836694162
 
Last edited:

Users who are viewing this thread



Top