Pages: 1 [2] 3 4 5
Author Topic: Bosch MG1 Ecu for VAG  (Read 40203 times)
199X
Full Member
***

Karma: +8/-0
Offline Offline

Posts: 61


« Reply #15 on: July 31, 2019, 12:09:21 AM »

so after spending some time on mg1, lol.
should have stuck to simos if they want to make it difficult for tuners.

The main firewall was probably meant to be the protocols needed to flash/methods to overcome the infosec measures.
Logged
SB_GLI
Hero Member
*****

Karma: +115/-10
Offline Offline

Posts: 1022


« Reply #16 on: July 31, 2019, 07:34:40 AM »

Good news for tuners!
Logged
cherry
Full Member
***

Karma: +23/-2
Offline Offline

Posts: 245


« Reply #17 on: July 31, 2019, 09:44:54 AM »

In fact no good news that these ecu are readable now because soon newer ecu will be locked again for read/write, and then maybe forever. In my opinion the release was too early. The manufactorers paid for hard security and will force Bosch to enable it again. Maybe there will even be a recall, who knows...
Logged
SB_GLI
Hero Member
*****

Karma: +115/-10
Offline Offline

Posts: 1022


« Reply #18 on: July 31, 2019, 11:03:29 AM »

In fact no good news that these ecu are readable now because soon newer ecu will be locked again for read/write, and then maybe forever. In my opinion the release was too early. The manufactorers paid for hard security and will force Bosch to enable it again. Maybe there will even be a recall, who knows...

And then those will be cracked...
Logged
IamwhoIam
Hero Member
*****

Karma: +43/-99
Offline Offline

Posts: 1030


« Reply #19 on: July 31, 2019, 11:24:25 AM »

In fact no good news that these ecu are readable now because soon newer ecu will be locked again for read/write, and then maybe forever. In my opinion the release was too early. The manufactorers paid for hard security and will force Bosch to enable it again. Maybe there will even be a recall, who knows...

You're right, I can already see VAG BMW MB and god knows who else went with MDG1 as being "uncrackable" taking Bosch to court and asking them for their money back after this fiasco.
Logged

I have no logs because I have a boost gauge (makes things easier)
cherry
Full Member
***

Karma: +23/-2
Offline Offline

Posts: 245


« Reply #20 on: July 31, 2019, 11:46:51 AM »

And then those will be cracked...

Do you really think it was "cracked"? They left a special backdoor for whatever and "wrong" person got knowledge from it. And maybe these backdoors will never ever be there after this "fiasco". I think the personal security will be improved, not the technical...
Logged
cherry
Full Member
***

Karma: +23/-2
Offline Offline

Posts: 245


« Reply #21 on: July 31, 2019, 11:50:23 AM »

Btw i did a quick look to MG1CS111 Audi A1 / Polo GTI file with OPF, looks not more complicated than MED17. I think this is what k0mpresd mean...
Logged
gt-innovation
Sr. Member
****

Karma: +60/-89
Offline Offline

Posts: 442


« Reply #22 on: July 31, 2019, 11:53:41 AM »

There are several different areas in computer science that things are said to be un-crackable but once in a while someone finds something that will help...

That is why actually most of us are paying those companies to do such things... I believe the fight at some point will be taken to them.
 
Logged
k0mpresd
Hero Member
*****

Karma: +146/-54
Offline Offline

Posts: 1655


« Reply #23 on: July 31, 2019, 12:14:59 PM »

Btw i did a quick look to MG1CS111 Audi A1 / Polo GTI file with OPF, looks not more complicated than MED17. I think this is what k0mpresd mean...

yes, that is what i mean.
Logged
IamwhoIam
Hero Member
*****

Karma: +43/-99
Offline Offline

Posts: 1030


« Reply #24 on: July 31, 2019, 12:20:16 PM »

Do you really think it was "cracked"? They left a special backdoor for whatever and "wrong" person got knowledge from it. And maybe these backdoors will never ever be there after this "fiasco". I think the personal security will be improved, not the technical...

By the sound of it and to my knowledge, this wasn't a backdoor left "open"...
Logged

I have no logs because I have a boost gauge (makes things easier)
d3irb
Full Member
***

Karma: +131/-1
Online Online

Posts: 185


« Reply #25 on: July 31, 2019, 01:55:08 PM »

Think about it this way: this is the exact same problem space as iPhone updates / security (consumer owns and has full access to hardware but you want to keep them from running unapproved code or modifying the system). Apple employ some of the premier security engineers and researchers in the world to build the security for iPhones and they are invariably jailbroken at some point. ECU manufacturers do not exactly seem to employ the greatest software engineers and most of their solutions are cobbled together off the shelf anyway as software is not their product. The surface area is smaller because ECUs don't do a lot of dangerous stuff like parsing arbitrary data from the Internet, but the level of effort applied is equally smaller.

So far we have mostly seen and exploited boot security schemes that are conceptually broken: fixed key/IV systems that only need to be dumped once, security-by-obscurity non cryptographic systems like checksum routines and seed/key which only need to be understood to be bypassed, or mis-implemented cryptography systems like RSA signatures using a key embedded in the software itself. Once someone manages to build a real trusted boot solution we will move on to discovering implementation vulnerabilities in the software itself which can be used to inject code, of which I'm sure there are many. The "state of the art" is so far behind the rest of the industry that it's unlikely we'll see an "uncrackable" ECU soon.

Logged
Blazius
Hero Member
*****

Karma: +89/-40
Offline Offline

Posts: 1277



« Reply #26 on: July 31, 2019, 02:22:37 PM »

IMO , even then if there is a "uncrackable" ecu in the future ( which probably will never happen due to reasons) , tuners will always find a modify things. No matter what in the end its still basic electricity, current, resistance, pulses etc, and if you do things correctly you can always fool the car within boundaries, it has been done for years and will be done.

And if electricity is the way to go( after we figure out non polluting batteries or power) , then there you go, even easier.
Logged
d3irb
Full Member
***

Karma: +131/-1
Online Online

Posts: 185


« Reply #27 on: July 31, 2019, 02:27:05 PM »

I mean sure, the solution there is just a standalone ECU, running an engine isn't _that_ complicated at the end of the day.
Logged
prj
Hero Member
*****

Karma: +903/-420
Online Online

Posts: 5787


« Reply #28 on: July 31, 2019, 04:02:09 PM »

I mean sure, the solution there is just a standalone ECU, running an engine isn't _that_ complicated at the end of the day.
I don't know what world you've been living in, but standalone ECU's haven't been feasible in anything but dedicated drag racing / sports cars, that has been manufactured in the past 10 years due to lack of integration.
There are very few exceptions (such as Syvecs on certain cars for example), but in the vast majority it is that way.

Hell, most ECU's can't even drive a 2.0 EA888 Gen3. There's only a couple on the market that can manage everything.
And this is before we get to the CAN integration.
Logged

PM's will not be answered, so don't even try.
Log your car properly.
cherry
Full Member
***

Karma: +23/-2
Offline Offline

Posts: 245


« Reply #29 on: July 31, 2019, 04:36:11 PM »

I just mean such early release was not good for the business in future. Maybe in future guys search "older" mdg1 ecu which can still be done...  Wink
Logged
Pages: 1 [2] 3 4 5
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.024 seconds with 17 queries. (Pretty URLs adds 0s, 0q)