Re: password protection PLEASE!!!!
Posted: Sun May 20, 2012 6:16 am
What a lot of people seem to be proposing is "security through obscurity", which is analogous to "the honest thief won't break into your car if the door is locked", in this situation. Yes, the comms can be disabled, obfuscated, or changed. However, this is a triviality for someone who is determined to figure it out. If a $10k build/tune/whatever is on the ECU, and I have it, and have a second, identical, ECU - I'm going to go ahead and copy it, regardless of what obscurity 'features' are in place - there's nothing anyone can do to stop it from happening. If you cut the serial lines - I'll fix it. If you remove the serial chip - I'll fix it. You can do all that, then pot the entire board, but I'll get through it in a few minutes. ...and it will only cost me $5 to do it. ("Intellectual Property" Legalities aside.) It's not even worth the effort to implement this method of 'security'.
However, if 'password' security is implemented, or some method to lock the microcontroller from reads/writes after the code/tune is written, then this will be MUCH more difficult for the end-user to read out the tune/etc. Of course, they won't be able to write it either, but - hey, for $10k, the TUNER will do all the writing to the ECU.
Now, all that said, I'm 100% against addition of any 'security mechanism' to the release code, as I'd rather see coding resources dedicated to fixing bugs, enhancing/adding useful features that can benefit the most people using MS. If someone wanted to fork a "secure line" code from the available code releases, then more power to them, and so be it - the power of having the source code available, and if they are making $10k on tunes, THEY can afford to code the security in...
However, if 'password' security is implemented, or some method to lock the microcontroller from reads/writes after the code/tune is written, then this will be MUCH more difficult for the end-user to read out the tune/etc. Of course, they won't be able to write it either, but - hey, for $10k, the TUNER will do all the writing to the ECU.
That is 100% incorrect. If the mechanism is a simple "everyone knows it, and it's coded in the code" password, then, yes, it would be available, as well as absolutely useless. If it's done correctly, then anyone can view the code, and confirm that security is done correctly, and take solace in knowing their expensive tune can rest well on the processor without prying eyes viewing it.Rob_B wrote:Edit: With MS being open source I would think it would be difficult to make a good protection that won't be cracked within a few weeks.
Now, all that said, I'm 100% against addition of any 'security mechanism' to the release code, as I'd rather see coding resources dedicated to fixing bugs, enhancing/adding useful features that can benefit the most people using MS. If someone wanted to fork a "secure line" code from the available code releases, then more power to them, and so be it - the power of having the source code available, and if they are making $10k on tunes, THEY can afford to code the security in...