Someone was asking about when we would see aftermarket "Tuners" hoping up the Model S. Here is how I responded.
You capture a full car software update including inverter firmware update. Reverse the firmware update or otherwise hack it so that you can bypass Tesla's firmware validation process*. Disassemble the inverter firmware and locate the torque demand mapping table. This is where the inverter takes the throttle pedal input (the potentiometers on the throttle pedal go directly to the inverter and not through any other device thus the inverter is managing pedal integrity - validating that all three pedal potentiometers agree - and directly developing driver torque demand input) and maps it to power applied to the motor. You then modify that table to provide more power to the motor like you would increasing allowable boost at an operating point in an ICE boost control table. Now that you have the throttle pedal system requesting more torque, you will need to identify fail safes and safeties within the inverter firmware that limit maximum torque. These are simply known as torque limits in the biz. Anyway, you need to find and defeat all of these limits that might intervene to limit maximum motor power.
Simple really provided you have the time and energy to do it. The number of people outside the Electronic Control Module manufacturers that truly understand ICE ECUs is small. The number of people outside Tesla that understand the MS' inverter firmware is like still near zero
* Automotive ECU firmware updates are more and more being protected by file signing. The manufacturer performs a cryptographic checksum on the new or updated firmware region. Bosch uses RipeMD160 on a lot of their stuff. This checksum is then encrypted in an RSA message using a private key.
The encrypted message is sent after the firmware update to the ECU. The ECU then checksums the region of interest then decrypts the RSA message using the public key and, if the comparison does not match, refuses to allow the new code to run. Change just one bit in the firmware update and it will not take.
You capture a full car software update including inverter firmware update. Reverse the firmware update or otherwise hack it so that you can bypass Tesla's firmware validation process*. Disassemble the inverter firmware and locate the torque demand mapping table. This is where the inverter takes the throttle pedal input (the potentiometers on the throttle pedal go directly to the inverter and not through any other device thus the inverter is managing pedal integrity - validating that all three pedal potentiometers agree - and directly developing driver torque demand input) and maps it to power applied to the motor. You then modify that table to provide more power to the motor like you would increasing allowable boost at an operating point in an ICE boost control table. Now that you have the throttle pedal system requesting more torque, you will need to identify fail safes and safeties within the inverter firmware that limit maximum torque. These are simply known as torque limits in the biz. Anyway, you need to find and defeat all of these limits that might intervene to limit maximum motor power.
Simple really provided you have the time and energy to do it. The number of people outside the Electronic Control Module manufacturers that truly understand ICE ECUs is small. The number of people outside Tesla that understand the MS' inverter firmware is like still near zero
* Automotive ECU firmware updates are more and more being protected by file signing. The manufacturer performs a cryptographic checksum on the new or updated firmware region. Bosch uses RipeMD160 on a lot of their stuff. This checksum is then encrypted in an RSA message using a private key.
The encrypted message is sent after the firmware update to the ECU. The ECU then checksums the region of interest then decrypts the RSA message using the public key and, if the comparison does not match, refuses to allow the new code to run. Change just one bit in the firmware update and it will not take.