Nice work! Did you try out what the three "SELFPARK" Options do? Especially the difference between "restricted" and "allow" is interesting.
"Restricted" sets a "private property only" flag. That's about the only thing interesting. The other two are self explanatory.
Now you have informed Tesla of your discovery of an exploit that has allowed you to enable dev mode are they happy to leave you running a real car with it on?
Or is this a fleeting glimpse that you will lose come next upgrade?
You can bet that the next firmware update is going to lock down the possibility of the changes being made by Wk. They freak out when customers access the "behind the password" screens.
*shrugs* Hadn't really discussed that with them, but I don't intend on losing access. It is my car after all. I also didn't need to re-hack my car when the 7.1 update came in. My little wk057-tesla-rootkit survives the updater and the way it works, currently. I'm sure they could patch against this though, if they wanted. Guess we'll see how it goes. At least I have the ability to look through the staged update files before installing now. And I suppose I could always attempt to re-root if for whatever reason my rootkit hooks are removed. I did disable Tesla's normal remote SSH access, just in case, with a banner that tells them to call me for access. lol. I also put a little note at the top of the script I hooked into some startup spots:
Code:
# Dear Tesla,
# As the legal owner of this vehicle, which includes the device this script is running on
# you are NOT permitted to modify or remove my scripts/modifications/access/etc without my
# express permission. Feel free to contact me at XXX-XXX-XXXX if you have any questions.
# Best regards
The filesystems with all of the executables and such don't persist changes across a reboot, so I have to store my scripts on one of the persistent filesystems and use some minor trickery to hook in on startup and re-add my hacks. This is a good thing, overall, since it means rebooting the 17" screen basically brings it to a known state as far as most of the filesystem goes.
Overall, I don't foresee it being a problem for anyone in the near future.
Is it safe to say that your access to those screens within the car is because, due to having physical access, you've been able to obtain root, and with root access, have able to bypass the security code without needing to ask Tesla for a code?
ie. this requires a physical hack for the first level, and then a software hack to get to those screens.
I needed to take the dash apart to get to the ethernet connection between the CID and IC, which I consider pretty extensive physical access. Then it's software. No asking Tesla for anything this way. I'm still hunting for a way in that doesn't require dismantling the dash, though...
Thought you said you wouldn't be rooting the CID on a live car. Changed your mind? :wink:
I did change my mind, actually, after discussing it briefly with a contact at Tesla. Also, I had an exploit idea that I couldn't test on my bench, but didn't want to test blindly on my car without being able to see what was going on.
With 7.1? I noticed a difference in behavior after upgrading. Before, turning range mode on would clearly engage the front motor as you could hear it whine when range mode was on. After the upgrade, I heard a slightly different whine from the front motor, regardless of range mode setting. This is at speeds below 45 mph.
Hm. I haven't tested this at below 45 MPH. I'll have to do that.
OK, on to catching up on emails and PMs.