|
Das Volk posted:Considering this car is going into Death Valley for its first major trip, it could get interesting. I would like recommendations on places to see in the southwest - we're going to be following the old route 66 for a bit, do the extraterrestrial highway, and Zion/Bryce. Points of interest or favorite parks out there would be great to know about. Make sure you do it on Friday the 13th.
|
#
¿
May 5, 2015 00:53
|
|
|
|
| # ¿ May 10, 2024 04:20 |
|
|
That's a jumper wire for an auxiliary port somewhere in the instrument panel harness, manufactured by Fiat, it fits 2013 through 2015 Vipers. I'd tell you more but my wiring diagram source doesn't cover cars that new. Since it doesn't appear to have a connector on the far end, I'm guessing it's not an ESC or ABS disable cable, probably a plugin power port pigtail for hard wiring a radar detector? 
|
|
#
¿
May 8, 2015 02:54
|
|
|
I for one would be interested in any Fiat/Chrysler/Jeep/Dodge/Ram/SRT electrical systems stuff you can share. Whether it is Viper specific or not. Please oh please oh please cover the ancient CCD and PCI buses, or tell me what SAE spec I have to buy for a message format/ID chart, or whose fingers I have to break 
|
|
#
¿
Jul 5, 2015 04:49
|
|
|
Or disconnect the antenna and connect a 50 ohm dummy load with the appropriate RF connector to the port instead. Still not a guarantee, I know people who have had SAR show up (and scare the poo poo out of their wife) when they bumped the test button on their ELT with the antenna disconnected and the plane parked inside a corrugated sheetmetal hangar, but it certainly reduces the chances. I'm really not a fan of the whole idea, for all the reasons Z3n gave. In fact he put it far more succinctly than I did in another thread.
|
|
#
¿
Jul 22, 2015 00:30
|
|
|
TBH it's probably the same active sharkfin antenna they designed for the 1997 Concorde or something.
|
|
#
¿
Jul 22, 2015 01:19
|
|
|
^ is again right. The worst part is that when (not if) they push to lock all that stuff down, guess what? Hackers will still have access to it, but you won't and legit researchers won't be reporting bugs because they would get sued. As usual, you can't keep people who do not obey the law from doing something that is physically possible. People in favor of regulating behavior and controlling ownership have never and will never understand this until bitten by it, so, well, the future is going to suck, I hope it causes a fiasco sooner rather than later so we can just scrap the whole idea before wasting too much time on it. Good thing IDA Pro is easy to use and embedded systems engineers typically leave the footprint for the jtag port right there, so if I care enough I will still have access, gently caress all the rest of you, you are on your own 
|
|
#
¿
Jul 22, 2015 08:08
|
|
|
GentlemanofLeisure posted:Wouldn't it be easy enough for them to put the infotainment stuff on it's own network within the car? They can still have a second network that can access the CANBUS to give you real-time driving data on gauges like the new Viper and I think the Hellcat have. That would solve the issue, wouldn't it? I was speaking to a guy who claimed to be an FCA engineer last night and he said they did and that this is nonsense and isn't as bad as the Wired article says it is. I don't know who to believe but they released a patch so I lean toward believing the article. As for "having a second network that can access the CAN bus"... you have some pretty critical misunderstandings here. The CAN bus IS the network, and making a second one, while a good start (and one he claimed they use, which is why he says it's not as bad as the article claims), does nothing to keep a hacked infotainment system from simply transmitting malicious commands on that one instead, if it's wired to both and isn't carefully set up to be physically incapable of doing so. Nor does it prevent a determined intelligent hacker from finding a vulnerability in the next piece of hardware over (say, the BCM or ECU/PCM) that has access to both buses, subverting it somehow (I'd be very surprised if that's impossible) and using that to make the jump to the more important network. Adding a wireless link into a safety critical system is just something that has to be approached very carefully, which is what Z3n has been saying all along. Meanwhile, car companies want to release their latest and greatest new car with an all new infotainment system next year, and they want it to interface with the drivetrain so it can work more seamlessly together, so they get some off the shelf RTOS software package, put it on their hardware platform, slap it on the CAN bus and listen for the data they want, without ever really considering the repercussions of what could happen if someone hacks it and changes the firmware so it can send commands it isn't supposed to to a bus it's only supposed to listen on. As we keep saying, automotive embedded systems security is probably about where we were in the early 90s with the internet and desktop computers. Remember all those buffer overrun vulnerabilities, authentication failures, etc? Yeah, those who do not learn from history are bound to repeat it. Welcome back to infosec circa 1993.
|
|
#
¿
Jul 22, 2015 17:29
|
|
|
Wow, thanks for that, that completely disproves what the alleged FCA engineer I was talking to said. He may have been talking about a different vehicle, I guess... I'm going to go with trusting the article for now. LIN bus is another fun one. It is significantly simpler and smaller, all transactions (read and write from anything to the master) are arbitrated by the master node, there is only one master node and up to (iirc) 15 or 31 slave nodes. It's more used for things like wiper motor controllers, seat position controllers, etc that don't need much in the way of smarts. Actually, a perfect example is the wiper motors in a new-gen Focus. There are two of them for the front instead of just one, with none of the traditional linkages. The left wiper motor has a LIN bus interface and the two wiper motors are slaved together via a synch wire that they use to communicate and synchronize their motion. The motors are each smart enough to stop if they see an overload condition, return to home automatically, and wipe speeds and swept angle can be configured at production time. I looked into using them but they're too heavy for our application. Here's the press release: http://www.bosch-presse.de/presseforum/details.htm?txtID=4979&locale=en And the datasheet, which includes the LIN bus commands needed to run the motor, with a tantalizingly large number of empty/reserved data fields that I suspect contain the configuration commands: http://www.bosch-motorsport.com/media/catalog_resources/Wiper_Direct_Actuator_WDA_Datasheet_51_en_2785939211pdf.pdf I'm really quite tempted to swap a set onto the 5 ton because the vacuum powered wipers SUCK.
|
|
#
¿
Jul 22, 2015 19:46
|
|
|
wolrah posted:Some of these things are simple to implement if someone bothers to rub a few brain cells together. One-way data links for example. Almost any type of network connection that supports broadcast traffic (or is always effectively broadcast as is the case in a lot of bus-type networks) can be made one-way by simply not hooking up the transmitter on the insecure end (or the receiver on the secure end, depending on which is easier). Ethernet, K-Bus, CAN, the principle works the same on all of them. You don't need rocket scientists, just an awareness of the problems and a bit of caution. A lot of good ideas in here... the address partitioning is interesting but probably easier said than done, BTW. Especially since companies like to keep their messageIDs/addresses the same as long as possible so their codebase can mature and not get hosed up by someone changing everything willy nilly, and there are also a lot of third party / contracted-out control units involved. For example Bosch, KSS, ATe, and Teves do probably 95% of the ABS/ETC/ESC hydraulic systems on the planet between them, and companies like OpenSynergy are known for doing infotainment unit OSes - including some really nifty hypervisor based setups I've looked into using. A lot of those are going to be using a semi standardized set of messageIDs that the company already chose. Gluing it all together is enough of a mess without trying to change every messageID to make them fit your partitioning scheme, especially when if you build your bridge unit intelligently and make the firmware read-only and fairly easily validated, it's really not too hard to keep high priority/safety critical commands from going one way while allowing everything the other way. Shouldn't even really need that powerful of a microcontroller, quite honestly. It's just that as Z3n (and I) have said a few times in the 3-4 threads this is being discussed in (at last count ) - this is all thrown together far quicker than we can catch up security wise. It's a Hydra of security holes, for every one that someone manages to find and patch, another ten or 100 are introduced.
|
|
#
¿
Jul 22, 2015 22:35
|
|
|
Safety Dance posted:Yes it is and yes it does. Powershift is right. This is using a nuke to solve a problem that a hammer will do perfectly fine for. There's no reason to make poo poo so you have to install crypto keys and "learn" each device to the network you're putting them on here. Hell, we all (rightly so) mock companies who do that, like Cat Interceptor's mate's commo fuel pump adventure and LR/BMW's obscenely complicated "must install and use factory scantool to learn each device to the network" nonsense. That's how you end up with a vehicle that throws a fit the second one network wire corrodes or one bit gets corrupted and nothing matches anymore and it goes into what LR aficionados term "gently caress You mode". Unless you enjoy paying four figures for stuff that works perfectly fine without spending that much, and in fact we complain about spending 3 figures on as it is. We're talking about 8 bit micros with (in my case, on some of the control modules I design) as little as 16k of code storage and 1k of RAM, not something you can drop an SSL library on and laugh. e: it might be time to make a "car electrical engineer nerd blather thread" instead of derailing this one and the terrible car poo poo thread, I guess. I have been meaning to do a big effortpost about how to do a quality job wiring a vehicle, too, but haven't gotten around to it yet. kastein fucked around with this message at 20:27 on Jul 23, 2015 |
|
#
¿
Jul 23, 2015 20:24
|
|
|
|
| # ¿ May 10, 2024 04:20 |
|
|
movax posted:LIN and CAN in the traditional German fashion are designed to go together -- take your driver door, the idea is to throw in one CAN module (pricier, more complex) that has local LIN links to other functions in the door (window motors, switches, mirror control, etc.). It looks really pretty in a system level diagram -- you have complex nodes, and then simpler nodes scattered around the vehicle for the low-bandwidth, sensor/actuator stuff that the complex node controls / filters/ processes and sends out to the rest of the bus. yeah, I have to say that is pretty neat. I have a pile of ATA6631s and ATmega64M1s set up exactly that way right now, actually.
|
|
#
¿
Jul 25, 2015 04:46
|
|