Close

    • Chevrolet C7 ZR1 LT5 E99 ECU VIN specific encryption keeping tuners out?

      This is an odd move from GM who usually is very tuner and enthusiast friendly. It seems the ZR1's LT5 ECU is proving extremely difficult to bypass, crack, or otherwise get into. This is something we are used to seeing from German manufacturers but not Americans.


      Now tuners eventually tend to get in especially when it is domestic cars we are talking about. GM has the keys of course and 'someone' could leak them. Brute force does not look like an option at least according to tuner Weapon X:

      Quote Originally Posted by Weapon X
      The LT5 E99 PCM is insane with the VIN specific encryption. It is rumored that "someone is in"; however, unless they had help from the backdoor at GM, I will believe it when I see it. GM released this technology on the 2017 trucks and they have yet to be cracked. Now HP Tuners did just get into the 2018 Dodges and they provide a cable, so we shall see what they come up with. I think we just need to start a GoFund me page and toss it up on the black web for the first person to crack it gets the kitty; however, the coding is also VIN specific, so unless there is a key to follow per VIN, each car would be specific.

      “GM’s Phase-1 overall process involves multi-factor authentication involving dealer employees and credentials and a Diffie-Hellman 2048-bit key exchange using a SHA-256 hash digest that is unique for each VIN ECM and TCM,” he said. “The main concept to keep in mind is that is not a STATIC security implementation […] Diffie-Hellman 2048/SHA-256, if implemented correctly, is un-crackable, even by the NSA.” Turbowizard illustrated his point further: “Current estimates to crack Diffie-Hellman 1024 is 35,000,000 core years, [such that] it would take 35 million CPU cores 1 year to crack a single key exchange, and the key exchange is unique for each VIN. Diffie-Hellman 2048? Forget about it, not going to happen.”Turbowizard capped off his argument, saying, “I’ve had several trucks tuned over the years, and I hate the emissions crap on these new trucks as much as anyone, but I’m afraid we are nearing the end of an era.”Both ominous and saddening, turbowizard’s post garnered loads of attention. Fellow users were quick to label turbowizard a troll, or proclaim that the solution was already there in the form of aftermarket ECMs.“None of the factory instrument cluster, HVAC, audio, BCM, power windows, etc…..NONE of it will work because it has security dependencies on the factory ECM,” said turbowizard. “Every module that communicates with the ECM/TCM uses 2048-bit Diffie-Hellman key exchange with a SHA-256 has…..and aftermarket ECM’s will not have any of that…..useless for a daily or street-driven truck.”
      It seems OEM's may eventually be successful in locking us out. If they do, who do they think their core market is when it comes to these types of vehicles? OEM's who are friendliest to enthusiasts will get the business.

      This is just another nail in the tuning coffin. Pretty soon OEM's will just change whatever software features they want without even notifying you as the cars become connected to the internet. Ask Tesla owners about that.

      This article was originally published in forum thread: Chevrolet C7 ZR1 LT5 E99 ECU VIN specific encryption keeping tuners out? started by Sticky View original post
      Comments 13 Comments
      1. BlackJetE90OC's Avatar
        BlackJetE90OC -
        It was a matter of time before US brands started encrypting ecu's more securely, like the German brands.
      1. Sticky's Avatar
        Sticky -
        Click here to enlarge Originally Posted by BlackJetE90OC Click here to enlarge
        It was a matter of time before US brands started encrypting ecu's more securely, like the German brands.
        Sure but it's counterproductive toward the market.

        If this keeps up nobody is going to be able to tune anything.
      1. subaru335i's Avatar
        subaru335i -
        Hey I posted this here!
      1. subaru335i's Avatar
        subaru335i -
        Click here to enlarge Originally Posted by BlackJetE90OC Click here to enlarge
        It was a matter of time before US brands started encrypting ecu's more securely, like the German brands.
        This is actually worse than what the Germans have done now. The germans have had their calibration files and OS encrypted but this is saying that all communication between all modules are all encrypted now too and not just that they are VIN specific encryption.
        Not where once you crack one you cracked them all like the previous German stuff.
      1. Sticky's Avatar
        Sticky -
        Click here to enlarge Originally Posted by subaru335i Click here to enlarge
        This is actually worse than what the Germans have done now. The germans have had their calibration files and OS encrypted but this is saying that all communication between all modules are all encrypted now too and not just that they are VIN specific encryption.
        Not where once you crack one you cracked them all like the previous German stuff.
        Yep which means you can't plug in a standalone.
      1. Steve B. CBR's Avatar
        Steve B. CBR -
        No, but you can piggyback off the standard ecu.
      1. Sticky's Avatar
        Sticky -
        Click here to enlarge Originally Posted by Steve B. CBR Click here to enlarge
        No, but you can piggyback off the standard ecu.
        To use them in tandem wouldn't you need the factory ECU unlocked?
      1. Steve B. CBR's Avatar
        Steve B. CBR -
        No. So, the piggyback module just makes it changes after the ecu. Everything functions like normal and the ecu never sees the fueling changes.
      1. Sticky's Avatar
        Sticky -
        Click here to enlarge Originally Posted by Steve B. CBR Click here to enlarge
        No. So, the piggyback module just makes it changes after the ecu. Everything functions like normal and the ecu never sees the fueling changes.
        Oh ok, you're talking about a piggyback. I was thinking of a tandem setup with a standalone.

        Kind of sad if the state of things on the ZR1 comes down to this.
      1. 93siro's Avatar
        93siro -
        If i was the manufacturer, i would have done the same too. People mess with the product, blow it and come back with a warranty claim.

        however i do think they don’t care much about tuning, they are more concerned about stealing their programmings by lesser manufacturers such as the Chinese or other unauthorized people.
      1. subaru335i's Avatar
        subaru335i -
        Click here to enlarge Originally Posted by Steve B. CBR Click here to enlarge
        No. So, the piggyback module just makes it changes after the ecu. Everything functions like normal and the ecu never sees the fueling changes.
        Not necessarily. I would be surprised if a piggyback as we know it will work. Normally piggybacks bias the analog signals going to and from the ECU in this case all of the modules and presumably the sensors are sending encrypted communications so there is unlikely a way to bias those signals or even read them without unlocking the ecu in some form.

        Everything nowadays is on CAN and they are all separate modules with their own controllers, its much more complex than an N54.
      1. subaru335i's Avatar
        subaru335i -
        Click here to enlarge Originally Posted by 93siro Click here to enlarge
        If i was the manufacturer, i would have done the same too. People mess with the product, blow it and come back with a warranty claim.

        however i do think they don’t care much about tuning, they are more concerned about stealing their programmings by lesser manufacturers such as the Chinese or other unauthorized people.
        Yeah IP protection for their transmission and engine calibration but probably mostly encouraged to encrypt all this $#@! by the governments to protect the emissions stuff.
      1. Sticky2's Avatar
        Sticky2 -
        Click here to enlarge Originally Posted by 93siro Click here to enlarge
        If i was the manufacturer, i would have done the same too. People mess with the product, blow it and come back with a warranty claim.

        however i do think they don’t care much about tuning, they are more concerned about stealing their programmings by lesser manufacturers such as the Chinese or other unauthorized people.
        Why can't I sign a waiver foregoing my warranty?