Page 4 of 4

Re: password protection PLEASE!!!!

Posted: Sun May 20, 2012 6:16 am
by The Deviant
What a lot of people seem to be proposing is "security through obscurity", which is analogous to "the honest thief won't break into your car if the door is locked", in this situation. Yes, the comms can be disabled, obfuscated, or changed. However, this is a triviality for someone who is determined to figure it out. If a $10k build/tune/whatever is on the ECU, and I have it, and have a second, identical, ECU - I'm going to go ahead and copy it, regardless of what obscurity 'features' are in place - there's nothing anyone can do to stop it from happening. If you cut the serial lines - I'll fix it. If you remove the serial chip - I'll fix it. You can do all that, then pot the entire board, but I'll get through it in a few minutes. ...and it will only cost me $5 to do it. ("Intellectual Property" Legalities aside.) It's not even worth the effort to implement this method of 'security'.

However, if 'password' security is implemented, or some method to lock the microcontroller from reads/writes after the code/tune is written, then this will be MUCH more difficult for the end-user to read out the tune/etc. Of course, they won't be able to write it either, but - hey, for $10k, the TUNER will do all the writing to the ECU.
Rob_B wrote:Edit: With MS being open source I would think it would be difficult to make a good protection that won't be cracked within a few weeks.
That is 100% incorrect. If the mechanism is a simple "everyone knows it, and it's coded in the code" password, then, yes, it would be available, as well as absolutely useless. If it's done correctly, then anyone can view the code, and confirm that security is done correctly, and take solace in knowing their expensive tune can rest well on the processor without prying eyes viewing it.

Now, all that said, I'm 100% against addition of any 'security mechanism' to the release code, as I'd rather see coding resources dedicated to fixing bugs, enhancing/adding useful features that can benefit the most people using MS. If someone wanted to fork a "secure line" code from the available code releases, then more power to them, and so be it - the power of having the source code available, and if they are making $10k on tunes, THEY can afford to code the security in...

Re: password protection PLEASE!!!!

Posted: Sun May 20, 2012 7:37 am
by jasaircraft
transaxel wrote:
jasaircraft wrote:james what pins from U6 should with intercept to put a switch to enable and disable comms?
I have figured out my own solution to protect my MS Setup´s from copying. In place of U6 i´ve soldered a socket and replaced the RS232 Chip with an
Bluetooth Module. The Module can be configured with a specific PIN Code. So you can only connect if you know the PIN. It´s easy to go back to RS232
Connection - you must only put the Chip into the socket and disable BT. If the Case is sealed i find it´s a cheap and easy solution.
Cool, thanks! Do you have more detailed info about how you did it please? You can pm if you want.
Most of people here woundnt tell if U6 was missing, so just by removing it and placing a socket to access in the future is good.
I Agree doing a passwrd protection on the code would be best, but we work with what we can and what we have...,
Lastly we can put a small C4 5sec. Timed little surprise inside...hahahaha

Re: password protection PLEASE!!!!

Posted: Sun May 20, 2012 9:14 am
by PSIG
The open-source intent of MS aside - you're an idiot if you provide voluntary warranties for things you cannot control. I've been in the performance business for many years, and you learn a lot the hard way. One lesson is warranties. I'll give two examples:

A guy blows his street engine with signs of obvious det and pre-ignition finally takes it apart. He cones crying to me and threatens a lawyer. Dude - I'm the expert here and I know exactly what blew the engine. By analysis and fuel samples, it's obvious the wrong grade of fuel was used and I can have 100 other experts back me up. Not my problem and not my responsibility. I will not volunteer a warranty for something I cannot control nor be responsible for.

A guy blows his engine in the first race and comes to me all mad, also threatening to sue. Engine data shows he never over-revved or anything, and one of the bolts in the rods let go. Sorry. I give no warranty as I cannot be responsible for parts that I get no warranty with. That would be stupid. Failure analysis shows it was assembled correctly, and 5hit happens. Again, I have 100 other experts that will back me up as facts are facts. I will not volunteer myself to cover the mistakes of others with a warranty. That would be stupid. When you give Llemmon $4000 for a set of rods, do you get a warranty? No. Why do you suppose that is?

So, if you carry this over to MS, if you offer a warranty you are covering that transistor or capacitor or sensor manufacturer for their crappy part if it fails and blows the engine. Do you really want to do that? I don't. Professional customers understand this. My customers have paid huge money for my services because they know it's the best, and if things blow - that's racing. Their safest path is to use me with no guarantees. Reputation and knowledge is your most valuable protection. Learn failure analysis. Don't get your panties all in a bunch because some idiot is selling your tune to some other idiots. They have no legal standing and you wouldn't want them for customers anyway.

My customers own their tunes. They know it doesn't' matter, as that tune will only work with that engine and those parts in that specific car on the day tuning was finalized. They know it, and to sell it to others is their responsibility (morally and legally) for selling them useless or even dangerous trash. Not mine. If someone won't use you if you do not give a warranty to cover things you cannot control - you do NOT want them as a customer. Do your best work, make your money, don't volunteer to give warranties for things you cannot control, put the legal problems on their backs where it belongs, and be happy.
Image
David

Re: password protection PLEASE!!!!

Posted: Sun May 20, 2012 9:58 am
by fixmann
Hi
There is another solution that wount cost to much and is quite easy.
If you take a little (etc. Atmel attiny 8pin smd) microcontroller mount it on top of the cpu on the motherboard.
One path must be broken.
Then glue the top of the daughterboard with some nasty two component black glue (difficult to remove without damage something).

The purpose of the extra cpu would be to block the RX-line to the MS-cpu.
Tu unlock the daughtercard you just open a terminalprogram and enter the serialnumber.
If the wrong code is entered then the megasquirt must be powertoggled before the serial can be entered again (more difficult to hack the serialnumber).

Let say that the serial is 16 letter and digits, for most people this wount be easy to crack.


Fixmann

password protection PLEASE!!!!

Posted: Sun May 20, 2012 10:07 am
by subwoofer
The ECU still has to control elements external to it, and rely on external sensors. "Copying the tune" can easily be done by systematically stimulating the ECU and logging the result. Most ways of "protecting" the tune can be circumvented.

Besides that, I thought the power is in the head, the inlet system and the exhaust system more than in the tune?

Re: password protection PLEASE!!!!

Posted: Mon May 21, 2012 6:02 am
by tpsretard2
There is a simpler solution, do as i did
If there is a specific reason you have to have coms disabled, use an ecu that supports is and use the ms where that is not important.

Re: password protection PLEASE!!!!

Posted: Mon May 21, 2012 6:31 am
by jsmcortina
PSIG wrote: One lesson is warranties. I'll give two examples:
Thanks for sharing. I like you logic.

James

Re: password protection PLEASE!!!!

Posted: Mon May 21, 2012 3:51 pm
by jasaircraft
PASSWORD! PASSWORD! PASSWORD! PASSWORD! PASSWORD! :mrgreen:

Re: password protection PLEASE!!!!

Posted: Sun Jul 01, 2012 9:52 pm
by jasaircraft
tuner bumpa!

Re: password protection PLEASE!!!!

Posted: Mon Jul 02, 2012 12:13 am
by piledriver
Defeats the purpose of Megasquirt.
Let it be.

password protection PLEASE!!!!

Posted: Mon Jul 02, 2012 4:27 am
by muythaibxr
I am locking this thread. We know some people want this. If we decide to do it we will tell you.

Ken