password protection PLEASE!!!!

This is a forum for discussing the development and testing of alpha MS2/Extra code. Documentation
(Runs on MS2 and Microsquirt)

Moderators: jsmcortina, muythaibxr

Re: password protection PLEASE!!!!

Postby The Deviant » Sun May 20, 2012 6:16 am

What a lot of people seem to be proposing is "security through obscurity", which is analogous to "the honest thief won't break into your car if the door is locked", in this situation. Yes, the comms can be disabled, obfuscated, or changed. However, this is a triviality for someone who is determined to figure it out. If a $10k build/tune/whatever is on the ECU, and I have it, and have a second, identical, ECU - I'm going to go ahead and copy it, regardless of what obscurity 'features' are in place - there's nothing anyone can do to stop it from happening. If you cut the serial lines - I'll fix it. If you remove the serial chip - I'll fix it. You can do all that, then pot the entire board, but I'll get through it in a few minutes. ...and it will only cost me $5 to do it. ("Intellectual Property" Legalities aside.) It's not even worth the effort to implement this method of 'security'.

However, if 'password' security is implemented, or some method to lock the microcontroller from reads/writes after the code/tune is written, then this will be MUCH more difficult for the end-user to read out the tune/etc. Of course, they won't be able to write it either, but - hey, for $10k, the TUNER will do all the writing to the ECU.

Rob_B wrote:Edit: With MS being open source I would think it would be difficult to make a good protection that won't be cracked within a few weeks.

That is 100% incorrect. If the mechanism is a simple "everyone knows it, and it's coded in the code" password, then, yes, it would be available, as well as absolutely useless. If it's done correctly, then anyone can view the code, and confirm that security is done correctly, and take solace in knowing their expensive tune can rest well on the processor without prying eyes viewing it.

Now, all that said, I'm 100% against addition of any 'security mechanism' to the release code, as I'd rather see coding resources dedicated to fixing bugs, enhancing/adding useful features that can benefit the most people using MS. If someone wanted to fork a "secure line" code from the available code releases, then more power to them, and so be it - the power of having the source code available, and if they are making $10k on tunes, THEY can afford to code the security in...
James B.
1985 Merkur XR4Ti Rally Car
MS3 3.57+MS3X+RTCC+Knock
Ford Lima 2.3 Turbo/MSD LS2 COPs/DIYAT Hall Cam Sensor/Electromotive VR Crank Sensor
Nexus 7 Instrumentation with Shadowdash MS
User avatar
The Deviant
Helpful MS/Extra'er
Posts: 101
Joined: Thu Apr 14, 2011 8:41 am
Location: Jefferson County, Missouri, USA

Re: password protection PLEASE!!!!

Postby jasaircraft » Sun May 20, 2012 7:37 am

transaxel wrote:
jasaircraft wrote:james what pins from U6 should with intercept to put a switch to enable and disable comms?

I have figured out my own solution to protect my MS Setup´s from copying. In place of U6 i´ve soldered a socket and replaced the RS232 Chip with an
Bluetooth Module. The Module can be configured with a specific PIN Code. So you can only connect if you know the PIN. It´s easy to go back to RS232
Connection - you must only put the Chip into the socket and disable BT. If the Case is sealed i find it´s a cheap and easy solution.

Cool, thanks! Do you have more detailed info about how you did it please? You can pm if you want.
Most of people here woundnt tell if U6 was missing, so just by removing it and placing a socket to access in the future is good.
I Agree doing a passwrd protection on the code would be best, but we work with what we can and what we have...,
Lastly we can put a small C4 5sec. Timed little surprise inside...hahahaha
Master MS/Extra'er
Posts: 650
Joined: Mon Jul 07, 2008 5:45 pm

Re: password protection PLEASE!!!!

Postby PSIG » Sun May 20, 2012 9:14 am

The open-source intent of MS aside - you're an idiot if you provide voluntary warranties for things you cannot control. I've been in the performance business for many years, and you learn a lot the hard way. One lesson is warranties. I'll give two examples:

A guy blows his street engine with signs of obvious det and pre-ignition finally takes it apart. He cones crying to me and threatens a lawyer. Dude - I'm the expert here and I know exactly what blew the engine. By analysis and fuel samples, it's obvious the wrong grade of fuel was used and I can have 100 other experts back me up. Not my problem and not my responsibility. I will not volunteer a warranty for something I cannot control nor be responsible for.

A guy blows his engine in the first race and comes to me all mad, also threatening to sue. Engine data shows he never over-revved or anything, and one of the bolts in the rods let go. Sorry. I give no warranty as I cannot be responsible for parts that I get no warranty with. That would be stupid. Failure analysis shows it was assembled correctly, and 5hit happens. Again, I have 100 other experts that will back me up as facts are facts. I will not volunteer myself to cover the mistakes of others with a warranty. That would be stupid. When you give Llemmon $4000 for a set of rods, do you get a warranty? No. Why do you suppose that is?

So, if you carry this over to MS, if you offer a warranty you are covering that transistor or capacitor or sensor manufacturer for their crappy part if it fails and blows the engine. Do you really want to do that? I don't. Professional customers understand this. My customers have paid huge money for my services because they know it's the best, and if things blow - that's racing. Their safest path is to use me with no guarantees. Reputation and knowledge is your most valuable protection. Learn failure analysis. Don't get your panties all in a bunch because some idiot is selling your tune to some other idiots. They have no legal standing and you wouldn't want them for customers anyway.

My customers own their tunes. They know it doesn't' matter, as that tune will only work with that engine and those parts in that specific car on the day tuning was finalized. They know it, and to sell it to others is their responsibility (morally and legally) for selling them useless or even dangerous trash. Not mine. If someone won't use you if you do not give a warranty to cover things you cannot control - you do NOT want them as a customer. Do your best work, make your money, don't volunteer to give warranties for things you cannot control, put the legal problems on their backs where it belongs, and be happy.
-=≡ If it was easy, everyone would do it. ≡=-
User avatar
Super MS/Extra'er
Posts: 1142
Joined: Sat Jun 12, 2004 12:02 am
Location: Seattle, WA area

Re: password protection PLEASE!!!!

Postby fixmann » Sun May 20, 2012 9:58 am

There is another solution that wount cost to much and is quite easy.
If you take a little (etc. Atmel attiny 8pin smd) microcontroller mount it on top of the cpu on the motherboard.
One path must be broken.
Then glue the top of the daughterboard with some nasty two component black glue (difficult to remove without damage something).

The purpose of the extra cpu would be to block the RX-line to the MS-cpu.
Tu unlock the daughtercard you just open a terminalprogram and enter the serialnumber.
If the wrong code is entered then the megasquirt must be powertoggled before the serial can be entered again (more difficult to hack the serialnumber).

Let say that the serial is 16 letter and digits, for most people this wount be easy to crack.

Helpful MS/Extra'er
Posts: 135
Joined: Tue Jun 02, 2009 12:52 pm
Location: Norway

password protection PLEASE!!!!

Postby subwoofer » Sun May 20, 2012 10:07 am

The ECU still has to control elements external to it, and rely on external sensors. "Copying the tune" can easily be done by systematically stimulating the ECU and logging the result. Most ways of "protecting" the tune can be circumvented.

Besides that, I thought the power is in the head, the inlet system and the exhaust system more than in the tune?
1974 Jensen-Healey
1990 VW Caravelle Syncro - running MS3+X
2014 Ford Fiesta EcoBoost
Super MS/Extra'er
Posts: 874
Joined: Sat Apr 30, 2011 12:34 pm
Location: Sandefjord, Norway

Re: password protection PLEASE!!!!

Postby tpsretard2 » Mon May 21, 2012 6:02 am

There is a simpler solution, do as i did
If there is a specific reason you have to have coms disabled, use an ecu that supports is and use the ms where that is not important.
Master MS/Extra'er
Posts: 624
Joined: Thu Feb 14, 2008 4:59 am

Re: password protection PLEASE!!!!

Postby jsmcortina » Mon May 21, 2012 6:31 am

PSIG wrote: One lesson is warranties. I'll give two examples:

Thanks for sharing. I like you logic.

I can supply, repair or upgrade Megasquirts in UK.

My Success story: viewtopic.php?f=104&t=34277
MSEXTRA documentation at:
Site Admin
Posts: 33060
Joined: Mon May 03, 2004 1:34 am
Location: Birmingham, UK

Re: password protection PLEASE!!!!

Postby jasaircraft » Mon May 21, 2012 3:51 pm

Master MS/Extra'er
Posts: 650
Joined: Mon Jul 07, 2008 5:45 pm

Re: password protection PLEASE!!!!

Postby jasaircraft » Sun Jul 01, 2012 9:52 pm

tuner bumpa!
Master MS/Extra'er
Posts: 650
Joined: Mon Jul 07, 2008 5:45 pm

Re: password protection PLEASE!!!!

Postby piledriver » Mon Jul 02, 2012 12:13 am

Defeats the purpose of Megasquirt.
Let it be.
Always doing things the hard way, MS2 sequential w/ v1.01 mainboard, LS2 coils. 80 mile/day commuter status.
Super MS/Extra'er
Posts: 1604
Joined: Tue Oct 27, 2009 6:24 am
Location: Van Alstyne, Texas

password protection PLEASE!!!!

Postby muythaibxr » Mon Jul 02, 2012 4:27 am

I am locking this thread. We know some people want this. If we decide to do it we will tell you.

Megasquirt is not for use on pollution controlled vehicles. Any advice I give is for off road use only.

Site Admin
Posts: 8081
Joined: Thu Oct 14, 2004 12:48 pm


Return to MS2/Extra Development

Who is online

Users browsing this forum: No registered users and 0 guests