Pages: 1 2 [3] 4 5
Author Topic: Bosch MG1 Ecu for VAG  (Read 46760 times)
SB_GLI
Hero Member
*****

Karma: +116/-10
Offline Offline

Posts: 1022


« Reply #30 on: July 31, 2019, 06:42:40 PM »

I don't know what world you've been living in, but standalone ECU's haven't been feasible in anything but dedicated drag racing / sports cars, that has been manufactured in the past 10 years due to lack of integration.
There are very few exceptions (such as Syvecs on certain cars for example), but in the vast majority it is that way.

Hell, most ECU's can't even drive a 2.0 EA888 Gen3. There's only a couple on the market that can manage everything.
And this is before we get to the CAN integration.

If you just drop the "I dont know what world you've been living in" your post turns from asshole into informative...  just saying brah... luv yah.
Logged
d3irb
Full Member
***

Karma: +134/-1
Offline Offline

Posts: 195


« Reply #31 on: July 31, 2019, 09:15:10 PM »

I don't know what world you've been living in, but standalone ECU's haven't been feasible in anything but dedicated drag racing / sports cars, that has been manufactured in the past 10 years due to lack of integration.
There are very few exceptions (such as Syvecs on certain cars for example), but in the vast majority it is that way.

Hell, most ECU's can't even drive a 2.0 EA888 Gen3. There's only a couple on the market that can manage everything.
And this is before we get to the CAN integration.

You literally proved your own point...

There are "a couple" standalones (including Syvecs, which does support the CAN integration) that can drive an engine with relatively available, reasonable, and successful tuning on the stock ECU. If these companies can compete and make it worth their time to produce standalone ECUs for markets with competing stock ECUs, imagine if the stock ECUs weren't flashable!

Anyway, taking it back to the original topic of this thread, MG1 is a small step towards the "smartphone" level of security and a bypass was discovered with relative ease. All the hand-wringing about "early release" is warranted but smacks of the same situation in the iPhone jailbreaking community where people are shamed for "burning exploits." One way or another the software will be taken apart and even if it eventually isn't (again, the surface area for ECUs is much smaller than iPhones although the competence level is also 10000x lower), we have backup options.
Logged
prj
Hero Member
*****

Karma: +1072/-480
Offline Offline

Posts: 6035


« Reply #32 on: August 01, 2019, 12:10:23 AM »

There are "a couple" standalones (including Syvecs, which does support the CAN integration) that can drive an engine with relatively available, reasonable, and successful tuning on the stock ECU. If these companies can compete and make it worth their time to produce standalone ECUs for markets with competing stock ECUs, imagine if the stock ECUs weren't flashable!
Syvecs does these ECU's for very expensive cars at prices, which are 6000+ EUR before tuning.
This is viable only for the very top-end. Because every platform and every car is different, this will never ever be viable on your every day car.
Also, there are no viable standalone options for Diesels, which are over 50% in europe, and which account also for over 60% of the tuning market.

You are talking theory, but it is apparent from the way you are talking about this (hell, comparing iphones to a dedicated microcontroller), is that you have zero clue what you're on about.
You probably don't even know what CBOOT, SBOOT and ASW are.
Logged

PM's will not be answered, so don't even try.
Log your car properly - WinOLS database - Tools/patches
IamwhoIam
Hero Member
*****

Karma: +52/-114
Offline Offline

Posts: 1070


« Reply #33 on: August 01, 2019, 02:25:51 AM »

Nevermind the fact that every car I've heard about running on Syvecs was totally undriveable. I've been in a twin turbo Huracan running Syvecs and part throttle was dog shit, never mind their "torque calculations" that were totally wrong and made clutches slip even at 0.5 bar boost. Plus a few Porsches "running" their "plug n play" that drive like total crap at anything other than WOT.
Logged

I have no logs because I have a boost gauge (makes things easier)
gman86
Hero Member
*****

Karma: +45/-128
Offline Offline

Posts: 705


« Reply #34 on: August 01, 2019, 04:14:25 AM »

Do you really think it was "cracked"? They left a special backdoor for whatever and "wrong" person got knowledge from it. And maybe these backdoors will never ever be there after this "fiasco". I think the personal security will be improved, not the technical...

Don't talk shit. For as long as they offer a re writable flash, there will always be someone able to "crack". It goes back to the old saying of "if man can make it, man can break it". The only way to make an ECU truly un-flashable is to install the software on an OTP ROM and treat the ECUs as disposable.
Logged
Geremia
Jr. Member
**

Karma: +11/-10
Offline Offline

Posts: 27


« Reply #35 on: August 01, 2019, 10:46:50 AM »

It's not about a backdoor leaved open, it's about the main door bosch uses to test/debrick/reflash ecus (TSW). For the ones that thinks about poor security for a "secondary/notused door", this hack is about exploiting at least 2 (not one) bugs to bypass 2 (not one) rsa signatures (don't ask details, i've not and i don't care at all about the mg1).
bosch had improved in security, now using a new (and signature forgering proof) RSA lib (probably bought from someone else), but as usual (and this is valid for all devices implementing rsa) the bugs are in the way they use that lib.
They will fix these bugs, sure, in...2/3/4 years maybe? How long did it take to close the checksum trick in SB?
Furthermore, at such time, actual indian cheap developers will be already fired, the new kids will be too lazy to understand what the prev team did, so they will add their shit over old shit, inserting fresh new bugs (as happened in edc17).
Security is improving, technology is getting more feature-rich and more complicated, but new coders are less smart than before, that's the hope.
Logged
Blazius
Hero Member
*****

Karma: +89/-40
Offline Offline

Posts: 1282



« Reply #36 on: August 01, 2019, 11:17:59 AM »

Security is improving, technology is getting more feature-rich and more complicated, but new coders are less smart than before, that's the hope.

If they wish that - good luck. More people are getting into tech because of the world. In 1980's and etc it wasnt that accessible also , there were other things going , wars , communism etc. not everybody had the chance.

Point is with years and tech more people are getting into it not vice versa.
Logged
k0mpresd
Hero Member
*****

Karma: +146/-54
Offline Offline

Posts: 1655


« Reply #37 on: August 01, 2019, 11:20:46 AM »

It's not about a backdoor leaved open, it's about the main door bosch uses to test/debrick/reflash ecus (TSW). For the ones that thinks about poor security for a "secondary/notused door", this hack is about exploiting at least 2 (not one) bugs to bypass 2 (not one) rsa signatures (don't ask details, i've not and i don't care at all about the mg1).
bosch had improved in security, now using a new (and signature forgering proof) RSA lib (probably bought from someone else), but as usual (and this is valid for all devices implementing rsa) the bugs are in the way they use that lib.
They will fix these bugs, sure, in...2/3/4 years maybe? How long did it take to close the checksum trick in SB?
Furthermore, at such time, actual indian cheap developers will be already fired, the new kids will be too lazy to understand what the prev team did, so they will add their shit over old shit, inserting fresh new bugs (as happened in edc17).
Security is improving, technology is getting more feature-rich and more complicated, but new coders are less smart than before, that's the hope.

perfect example here (and people died because of it): https://www.bloomberg.com/news/articles/2019-06-28/boeing-s-737-max-software-outsourced-to-9-an-hour-engineers
Logged
nyet
Administrator
Hero Member
*****

Karma: +607/-168
Offline Offline

Posts: 12268


WWW
« Reply #38 on: August 01, 2019, 12:43:49 PM »


The criticism of the engineers is ridiculously misplaced.
Logged

ME7.1 tuning guide
ECUx Plot
ME7Sum checksum
Trim heatmap tool

Please do not ask me for tunes. I'm here to help people make their own.

Do not PM me technical questions! Please, ask all questions on the forums! Doing so will ensure the next person with the same issue gets the opportunity to learn from your ex
d3irb
Full Member
***

Karma: +134/-1
Offline Offline

Posts: 195


« Reply #39 on: August 01, 2019, 02:06:43 PM »

It's not about a backdoor leaved open, it's about the main door bosch uses to test/debrick/reflash ecus (TSW). For the ones that thinks about poor security for a "secondary/notused door", this hack is about exploiting at least 2 (not one) bugs to bypass 2 (not one) rsa signatures (don't ask details, i've not and i don't care at all about the mg1).
bosch had improved in security, now using a new (and signature forgering proof) RSA lib (probably bought from someone else), but as usual (and this is valid for all devices implementing rsa) the bugs are in the way they use that lib.
They will fix these bugs, sure, in...2/3/4 years maybe? How long did it take to close the checksum trick in SB?
Furthermore, at such time, actual indian cheap developers will be already fired, the new kids will be too lazy to understand what the prev team did, so they will add their shit over old shit, inserting fresh new bugs (as happened in edc17).
Security is improving, technology is getting more feature-rich and more complicated, but new coders are less smart than before, that's the hope.

Hey look at that - my exact thesis, they moved towards real cryptography but were unable to write bug-free software!

Also, the assertion made in this thread that trust rooting and early-stage boot verification is dramatically different on a "microcontroller" like TriCore and an SoC like what you'd find in an iPhone or game console is ridiculous, the problem space is almost identical. Yes, I know what CBOOT, SBOOT, and ASW are - you can even find my code that pulls CBOOT ASW_1 ASW_2 ASW_3 and calibration from an SGO... on this very forum. And yes, the surface area on an ECU is much smaller, but the fundamentals remain the same.

I have years of experience in reverse engineering SoC boot security and the ECU world is, by and large, years behind the state of art in the industry, where engineers still produce trivial logic bugs and memory safety implementation issues consistently (not to mention sidechannel/timing leak and fault injection issues that are rarely even considered).
Logged
amd is the best
Sr. Member
****

Karma: +11/-5
Offline Offline

Posts: 269



« Reply #40 on: August 01, 2019, 03:33:46 PM »

Nevermind the fact that every car I've heard about running on Syvecs was totally undriveable. I've been in a twin turbo Huracan running Syvecs and part throttle was dog shit, never mind their "torque calculations" that were totally wrong and made clutches slip even at 0.5 bar boost. Plus a few Porsches "running" their "plug n play" that drive like total crap at anything other than WOT.

I'd like to invite you to drive one of the RS3's I've tuned on Syvecs. My guess is you wouldn't know it wasn't a stock ECU.
Logged

2012 Golf TDI
2001 Audi A4 2.8 30v Supercharged
1991 Audi 200 20v
gman86
Hero Member
*****

Karma: +45/-128
Offline Offline

Posts: 705


« Reply #41 on: August 01, 2019, 04:01:17 PM »

I'd like to invite you to drive one of the RS3's I've tuned on Syvecs. My guess is you wouldn't know it wasn't a stock ECU.

Morning, Nick  Grin
Logged
gremlin
Hero Member
*****

Karma: +196/-9
Offline Offline

Posts: 653


« Reply #42 on: August 07, 2019, 09:55:04 AM »

the train picks up speed....  Wink
https://www.magicmotorsport.com/flex-ver-3-9-0-0-mdg1-release/
Logged
dragon187
Full Member
***

Karma: +13/-15
Offline Offline

Posts: 106


« Reply #43 on: August 07, 2019, 11:31:53 AM »

Later I can post damos for this ecu.
2.0tfsi
3.0tfsi
 Grin
Logged
ktm733
Hero Member
*****

Karma: +18/-8
Offline Offline

Posts: 660



« Reply #44 on: August 07, 2019, 10:57:49 PM »

Mag pro finally released mg1!!!
Logged
Pages: 1 2 [3] 4 5
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Page created in 0.03 seconds with 17 queries. (Pretty URLs adds 0.001s, 0q)