Hacker May Have Discovered Plans For A Tesla P100D (jalopnik.com) 85
One computer wiz claims to have hacked into Tesla's firmware and discovered a reference to a juicier battery. Self-proclaimed white hat hacker, Jason Hughes, says he discovered a secret in Tesla's firmware 7.1, but he didn't want to tell the world outright what he discovered, so he made Tesla Motors Club forum-members work for it by obfuscating the secret with a hash. TheSHA256 hash, a one-way function, would either require forum members to guess and check to decrypt this code, or to look it up in a hash directory. Forum member LuckyLuke decrypted Hughes' hash and discovered its meaning: P100D. P100D is the nickname given to Tesla's upcoming 100-kWh battery pack that would give the Model S a range of 300 miles or more. In response to a fellow forum-member decrypting his secret code, Hughes responded on Twitter. On the forum, Hughes had some additional information to mention, saying: There have been references to the P100D in firmwares as early as 2 months ago. They finally added the badges to 2.13.77. I mucked it up a bit by adding a crappy background (it's a PNG with transparency in the firmware)... There are quite a few things that are in the firmware that I'm not prepared to share publicly. Just like the P100D has been in there for months with my lips mostly sealed. I don't want to spoil all of Tesla's surprises.
Good Grief (Score:4, Insightful)
He's being awfully "cagey" about it considering he gave most of it away anything. Sounds like an attention seeker.
Re: (Score:1)
How I read this story (written from author's perspective):
HEY GUYS, GUESS WHAT??
I can predict the future. But I'm so cool I'm not gonna tell you how I did it or what I found. Anyway here's a sha256sum: "e81de80d870d171ede549b4d212bcfe88c58dd0fdcc4f243a0426a48078cfe25" crack it and you'll learn something amazing about the future!
Re: (Score:3)
most likely he'll turn out to be some marketing scumbag trying to dress up a rather ordinary press release with some bullshit about "hacking" and sup3r-s3kr3t codez!!! that need to be decrypted.
two questions (Score:3, Insightful)
1. Are you actually white hat if you're spilling secrets that aren't yours to tell?
2. What the heck is a P100D? Couldn't that be squeezed somewhere in the paragraph?
Re:two questions (Score:4, Funny)
Based on the title I duduce it is a battery.
I guess 100 must be the weight of it in stone. Why the weight of it? Beats the fuck out of me, seems like a stupid designation; but, with no other reference, not even what the name of other batteries is, I just have to make assumptions.
What we do know is its a battery and its "juicier" what we don't know is if its apple or orange. Knowing tesla, they probably went with grape right?
Re: two questions (Score:2)
I guess 100 must be the weight of it in stone
i wonder if this'll be the one that's available with the "Totally Fucking Insane Speed" option...
Re: (Score:3)
It's going to be called "plaid"
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:3)
I guess 100 must be the weight of it in stone.
Why guess, it's in the article & summary? It's in line with the way that Tesla does model numbers.
The base is a number. The number is the kWh of the battery. So a "70" is a 70 kWh battery, '85' is 85kWh, 90, etc...
If it's a performance model, a "P" is prepended. so a P85 would be a Performance edition with an 85kWh battery.
Then there's the drive train. If it's all wheel drive, a "D" is appended. So a 70D is a 70kWh battery connected to a 4 wheel drive chassis.
Today, the options are - 70, 70D, 90D,
Re: (Score:2)
Whoooooooooosh...
Re:two questions (Score:5, Insightful)
1. Are you actually white hat if you're spilling secrets that aren't yours to tell?
He looked at the firmware that was installed in a car the he (I presume) owned, and published his findings. If you want to keep something like this a secret don't distribute this "secret" in a firmware update that every single Tesla owner receives.
Re: (Score:2)
Okay, that makes more sense. Firmware already released to a car is essentially public. I guess I missed that, and was thinking it was private data.
Re: (Score:2)
Dunno... that old "DRM" thing might make it illegal to do so much as run
%strings tesla_firmware.exe
Re: two questions (Score:2)
...if you're spilling secrets that aren't yours to tell?
I'd love to hear WTF that even means.
Re:two questions (Score:4, Informative)
There currently are 3 models of Tesla.
P70 with a 70kWh battery and P90 with a 90kWh battery, and P90D with dual motors.
Re: (Score:1)
So you are saying we have no clue what a 100D is?
Re: (Score:2)
There is no P70 or P90. The "P" series are the performance cars. There is only a P90D. There is a S70 and S90 and S90D, however.
I drive a P85 which is no longer made, the performance version of the 85KWh model.
Re: (Score:2)
More over, the old 85kWh battery was rated for 300 miles range so a 100kWh battery will be rated higher than that. Realistic driving range will likely be around 300 miles at motorway speeds.
The D is for dual motors, which is the highest performance version.
Re:two questions (Score:4, Informative)
Cheers!
Re: (Score:2)
Thanks. You're new here; I should give you some slack. But I've been a copy editor, so I can't give anyone slack. Paradox? Regardless, that's an informative edit, and helps quite a bit. Nice to see the new folks listening.
Re: (Score:2)
It's a hundred D-batteries. Duh!
Re: (Score:2)
It's a hundred D-batteries. Duh!
Well, that covers the 100D, but you left the P out. Given your sig, I don't think I want to know what that stands for.
Published software should have been free software. (Score:2)
Re: (Score:2)
"The published software should have been published as free software in the first place."
That's a wonderful fantasy world you live in. What color is the sky?
Sneaky Musk! (Score:5, Interesting)
Seems the guys' Tesla automagically downgraded its firmware after the discovery was made public. Musk's answer is priceless. [twitter.com]
"Hacker LucklyLuke" (Score:1)
"We don’t know how he did it, but forum member LuckyLuke decrypted Hughes’ hash and discovered its meaning: P100D."
https://crackstation.net/
Re: (Score:2)
i think it should be illegal to publish info obtained illegally but that's just me.
Is it illegal to reverse-engineer a firmware downloaded via WiFi?
Re: (Score:2)
Given the DMCA, quite probably.
Re: (Score:2)
Re: (Score:2)
Courts have consistently rules that reverse engineering is legal & protected.
Re: (Score:2)
It's not illegal to hack into a device that you own, idiot.
Re: (Score:2)
The 5-letter sequence "P100D" is not copyrightable.
How do you decrypt a hash? (Score:2)
Aren't they -- by design -- one-way?
Re: (Score:1)
Typically you just brute-force them. SHA256 is a special case because, just like MD5, is effectively broken [schneier.com]: you can decrypt them with significantly less operations than the brute force approach would require.
Re: (Score:1)
Good job confusing SHA1 with SHA256....
SHA256 is still quite secure, SHA1 is not.
Re: (Score:2)
Gah, never mind :( The article i linked lists a practical attack on SHA-1 (aka SHA160), not SHA-2. Still, it is basically the same algorithm with a larger key so it is a matter of time until someone breaks it too.
Re:How do you decrypt a hash? (Score:4, Interesting)
You have to specify the subtype of SHA-2.
SHA-1 has only 80 bits of effective security when its weakness is exploited. That's still up to 1.2 trillion trillion computational combinations.
SHA-256 raises that to 128 bits, which is 281 trillion times more computational work.
the SHA-512 subtype of SHA-2 raises that to 256 bits, which is 96 thousand trillion trillion trillion trillion times more computational work than SHA-1.
You could put all the energy in the universe to work on "breaking" SHA-2 SHA-512 and I'm pretty sure you wouldn't get it done before the heat death of the universe. Sure, it's "only" a matter of degree, but the degree is so staggeringly large as to defy the imagination. We're not looking at either just a few years of tech advance, or just a few years of supercomputer time per crack here.
P.S. - it is criminally, brain-dead stupid to use anything less than SHA-2 SHA-512 for anything new. It's not only trillions of trillions of times more secure than SHA-2 SHA-256, but it's actually FASTER to calculate, and only takes about twice as much time to calculate as the completely obsolete, broken MD5. It just makes me cry to see people still using MD5 and SHA-1 for file checksums when there is just no excuse for doing so.
Re: (Score:2)
There are lots of reasons for not doing so. Lack of support for SHA-2 is one of them. Given the myriads of different OSes and platforms I have run filechecks on, MD5 is always available, and usually SHA-1. Only on recent Linux machines do I have sha256sum and sha512sum, but that doesn't do me much good if someone is using an old Solaris machine and only has access to MD5.
Also, I am not transferring files over the public Internet, so MD5/SHA1 is reasonably fine on a private internal only network. I would agr
Re: How do you decrypt a hash? (Score:2)
That is not decrypting though. Encryption and hashing are different things. Hashing functions are many to one whereas encryption functions are one-to-one. So, due to the pigeon hole principle, there will be multiple inputs that correspond to any hash. They just found the most likely input. This means you cannot decrypt a hash. The same is not true for encryption which is why the cipher can be decrypted. So to repeat: You can discover a correct input by brute forcing hashes, but that isn't decryption since
Re: (Score:2)
Agreed, but "decrypting" is the common term used for breaking hashes - you only need one input generating the hash value you're after.
It is also interesting how most hash algorithms are built around block cipher primitives.
Re: (Score:2)
No it is not, and for this particular attack (preimage) neither MD5 nor any of the SHA are broken.
What you linked is a unpractical collision attack on SHA-1 (not SHA256). Collision attacks are much weaker. And no actual collision have been published on the standard SHA-1 (but we may be close) and AFAIK, the full SHA256 is still completely safe.
Not a secret (Score:2)
Tesla's Range won't be suitable (Score:5, Funny)
Dammit I won't consider an electric car until it can do at least 100 miles one one charge!
What? Oh okay.
Dammit I won't consider an electric car until it can do at least 200 miles one one charge!
What? Really? 200miles? Already. No I definitely did not say 100 miles previously. Okay.
Dammit I won't consider an electric car until it can do at least 300 miles on one charge! AND I reserve my right to change my view with every new breakthrough in the electric car market!
Re: (Score:2)
I never drive more than 10miles but I won't ever buy a car that can't fly me to the moon if I ever so desire! It's just not acceptable.
Re: (Score:2)
You're supposed to leave the Tesla at the supercharger plugged in and go get a bite to eat or use the restrooms. That's why they put the superchargers near eateries and bathrooms instead of a barren stretch of the highway.
And, of course, you're also supposed to charge up at home so you always leave the house with a 90% (~235 mile on the 85kwh battery) charge.
Re: (Score:1)
In June 2009 Tesla was approved to receive US$465 million in interest-bearing loans from the United States Department of Energy. The funding, part of the US$8 billion Advanced Technology Vehicles Manufacturing Loan Program, supports engineering and production of the Model S sedan, as well as the development of commercial powertrain technology.[49] The low-interest loans are not related to the "bailout" funds that GM and Chrysler received, nor are they related to the 2009 economic stimulus package. The loan program was created in 2007 during the George W. Bush administration.[50] Tesla repaid the loan in May 2013. Tesla was the first car company to have fully repaid the government, while Ford, Nissan and Fisker had not.
So, Tesla took a loan from the government and paid it back. Whereas Ford, Nissan and Fisker took loans and have not paid them back yet. And GM and Chrysler took bailout packages and did not fully repay them. Oh, how evil of Tesla to pay back when others didn't !!!
Re: (Score:2)
"Doesn't matter if they pay it back or not" - You must work on Wall St.
The wrong approach. (Score:1)
I have no idea why they are making electric cars. What they need to do is make an electric van and an electric truck.
When a new fuel source comes out you target industry first rather than domestic, it happened with petrol and diesel. Commercial has the money to buy your vans and trucks rather than a select group of rich people, they have the resources to make a demand for charging stations at fixed points around the locations they need usually large population centers.
After they have laid down the infras
Re: (Score:3)
I have no idea why they are making electric cars. What they need to do is make an electric van and an electric truck.
Agreed. Also, Serena Williams should stop wasting her time playing tennis. What she really needs to do is take up golf, she'd be much more successful at that. I know this because I am an expert on these things.
Drum roll... (Score:2)
Found in battery firmware!... Tesla's new battery will be called
>>> NSAKEY [wikipedia.org] <<<
1980 called... (Score:2)
"One computer wiz claims..."
Wait - I thought we stopped using that term back in the 80's.
Can we stop calling everyone who searches for strings in a ROM a "computer wiz"? Please?
Trolling much (Score:1)
"I don't want to give away the secret outright, I'd rather make a stupid game, where people have to work for it, and troll about how there is much more where that came from"
Just another troll, ban him, sue him, and fry his ass.