Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Open Source Social Networks Software Twitter News Technology

Hacker May Have Discovered Plans For A Tesla P100D (jalopnik.com) 85

One computer wiz claims to have hacked into Tesla's firmware and discovered a reference to a juicier battery. Self-proclaimed white hat hacker, Jason Hughes, says he discovered a secret in Tesla's firmware 7.1, but he didn't want to tell the world outright what he discovered, so he made Tesla Motors Club forum-members work for it by obfuscating the secret with a hash. TheSHA256 hash, a one-way function, would either require forum members to guess and check to decrypt this code, or to look it up in a hash directory. Forum member LuckyLuke decrypted Hughes' hash and discovered its meaning: P100D. P100D is the nickname given to Tesla's upcoming 100-kWh battery pack that would give the Model S a range of 300 miles or more. In response to a fellow forum-member decrypting his secret code, Hughes responded on Twitter. On the forum, Hughes had some additional information to mention, saying: There have been references to the P100D in firmwares as early as 2 months ago. They finally added the badges to 2.13.77. I mucked it up a bit by adding a crappy background (it's a PNG with transparency in the firmware)... There are quite a few things that are in the firmware that I'm not prepared to share publicly. Just like the P100D has been in there for months with my lips mostly sealed. I don't want to spoil all of Tesla's surprises.
This discussion has been archived. No new comments can be posted.

Hacker May Have Discovered Plans For A Tesla P100D

Comments Filter:
  • Good Grief (Score:4, Insightful)

    by Frosty Piss ( 770223 ) * on Monday March 07, 2016 @05:27PM (#51655715)

    He's being awfully "cagey" about it considering he gave most of it away anything. Sounds like an attention seeker.

    • How I read this story (written from author's perspective):

      HEY GUYS, GUESS WHAT??

      I can predict the future. But I'm so cool I'm not gonna tell you how I did it or what I found. Anyway here's a sha256sum: "e81de80d870d171ede549b4d212bcfe88c58dd0fdcc4f243a0426a48078cfe25" crack it and you'll learn something amazing about the future!

    • by cas2000 ( 148703 )

      most likely he'll turn out to be some marketing scumbag trying to dress up a rather ordinary press release with some bullshit about "hacking" and sup3r-s3kr3t codez!!! that need to be decrypted.

  • two questions (Score:3, Insightful)

    by Quirkz ( 1206400 ) <ross@qu[ ]z.com ['irk' in gap]> on Monday March 07, 2016 @05:30PM (#51655741) Homepage

    1. Are you actually white hat if you're spilling secrets that aren't yours to tell?

    2. What the heck is a P100D? Couldn't that be squeezed somewhere in the paragraph?

    • by TheCarp ( 96830 ) <sjc@carpaYEATSnet.net minus poet> on Monday March 07, 2016 @05:34PM (#51655751) Homepage

      Based on the title I duduce it is a battery.

      I guess 100 must be the weight of it in stone. Why the weight of it? Beats the fuck out of me, seems like a stupid designation; but, with no other reference, not even what the name of other batteries is, I just have to make assumptions.

      What we do know is its a battery and its "juicier" what we don't know is if its apple or orange. Knowing tesla, they probably went with grape right?

      • I guess 100 must be the weight of it in stone

        i wonder if this'll be the one that's available with the "Totally Fucking Insane Speed" option...

      • I guess 100 must be the weight of it in stone.

        Why guess, it's in the article & summary? It's in line with the way that Tesla does model numbers.
        The base is a number. The number is the kWh of the battery. So a "70" is a 70 kWh battery, '85' is 85kWh, 90, etc...
        If it's a performance model, a "P" is prepended. so a P85 would be a Performance edition with an 85kWh battery.
        Then there's the drive train. If it's all wheel drive, a "D" is appended. So a 70D is a 70kWh battery connected to a 4 wheel drive chassis.

        Today, the options are - 70, 70D, 90D,

    • Re:two questions (Score:5, Insightful)

      by fonos ( 847221 ) on Monday March 07, 2016 @05:37PM (#51655765)

      1. Are you actually white hat if you're spilling secrets that aren't yours to tell?

      He looked at the firmware that was installed in a car the he (I presume) owned, and published his findings. If you want to keep something like this a secret don't distribute this "secret" in a firmware update that every single Tesla owner receives.

      • by Quirkz ( 1206400 )

        Okay, that makes more sense. Firmware already released to a car is essentially public. I guess I missed that, and was thinking it was private data.

        • Dunno... that old "DRM" thing might make it illegal to do so much as run

          %strings tesla_firmware.exe

    • ...if you're spilling secrets that aren't yours to tell?

      I'd love to hear WTF that even means.

    • Re:two questions (Score:4, Informative)

      by MindStalker ( 22827 ) <mindstalker AT gmail DOT com> on Monday March 07, 2016 @05:39PM (#51655783) Journal

      There currently are 3 models of Tesla.
      P70 with a 70kWh battery and P90 with a 90kWh battery, and P90D with dual motors.

      • So you are saying we have no clue what a 100D is?

      • by AaronW ( 33736 )

        There is no P70 or P90. The "P" series are the performance cars. There is only a P90D. There is a S70 and S90 and S90D, however.

        I drive a P85 which is no longer made, the performance version of the 85KWh model.

      • by AmiMoJo ( 196126 )

        More over, the old 85kWh battery was rated for 300 miles range so a 100kWh battery will be rated higher than that. Realistic driving range will likely be around 300 miles at motorway speeds.

        The D is for dual motors, which is the highest performance version.

    • Re:two questions (Score:4, Informative)

      by BeauHD ( 4450103 ) Works for Slashdot on Monday March 07, 2016 @05:49PM (#51655825) Homepage
      Edit: "P100D is the nickname given to Tesla's upcoming 100-kWh battery pack that would give the Model S a range of 300 miles or more."

      Cheers!
      • by Quirkz ( 1206400 )

        Thanks. You're new here; I should give you some slack. But I've been a copy editor, so I can't give anyone slack. Paradox? Regardless, that's an informative edit, and helps quite a bit. Nice to see the new folks listening.

    • It's a hundred D-batteries. Duh!

      • by Quirkz ( 1206400 )

        It's a hundred D-batteries. Duh!

        Well, that covers the 100D, but you left the P out. Given your sig, I don't think I want to know what that stands for.

    • People ought to own the cars they buy including the software in the cars. The published software should have been published as free software [gnu.org] in the first place. Stop making excuses against customers stuck with proprietary software. It was Tesla's choice to put that information into the software, but there are more important issues than future products at stake here: It's only a matter of time until we learn of more ripoffs ala VW's recent gaming the environmental reviews. The thing that ties these issues to
      • "The published software should have been published as free software in the first place."

        That's a wonderful fantasy world you live in. What color is the sky?

  • Sneaky Musk! (Score:5, Interesting)

    by Lisandro ( 799651 ) on Monday March 07, 2016 @05:34PM (#51655749)

    Seems the guys' Tesla automagically downgraded its firmware after the discovery was made public. Musk's answer is priceless. [twitter.com]

  • by Anonymous Coward

    "We don’t know how he did it, but forum member LuckyLuke decrypted Hughes’ hash and discovered its meaning: P100D."

    https://crackstation.net/

  • Aren't they -- by design -- one-way?

    • Typically you just brute-force them. SHA256 is a special case because, just like MD5, is effectively broken [schneier.com]: you can decrypt them with significantly less operations than the brute force approach would require.

      • by Anonymous Coward

        Good job confusing SHA1 with SHA256....

        SHA256 is still quite secure, SHA1 is not.

      • Gah, never mind :( The article i linked lists a practical attack on SHA-1 (aka SHA160), not SHA-2. Still, it is basically the same algorithm with a larger key so it is a matter of time until someone breaks it too.

        • by fnj ( 64210 ) on Monday March 07, 2016 @08:15PM (#51656455)

          Gah, never mind :( The article i linked lists a practical attack on SHA-1 (aka SHA160), not SHA-2. Still, it is basically the same algorithm with a larger key so it is a matter of time until someone breaks it too.

          You have to specify the subtype of SHA-2.

          SHA-1 has only 80 bits of effective security when its weakness is exploited. That's still up to 1.2 trillion trillion computational combinations.
          SHA-256 raises that to 128 bits, which is 281 trillion times more computational work.
          the SHA-512 subtype of SHA-2 raises that to 256 bits, which is 96 thousand trillion trillion trillion trillion times more computational work than SHA-1.

          You could put all the energy in the universe to work on "breaking" SHA-2 SHA-512 and I'm pretty sure you wouldn't get it done before the heat death of the universe. Sure, it's "only" a matter of degree, but the degree is so staggeringly large as to defy the imagination. We're not looking at either just a few years of tech advance, or just a few years of supercomputer time per crack here.

          P.S. - it is criminally, brain-dead stupid to use anything less than SHA-2 SHA-512 for anything new. It's not only trillions of trillions of times more secure than SHA-2 SHA-256, but it's actually FASTER to calculate, and only takes about twice as much time to calculate as the completely obsolete, broken MD5. It just makes me cry to see people still using MD5 and SHA-1 for file checksums when there is just no excuse for doing so.

          • There are lots of reasons for not doing so. Lack of support for SHA-2 is one of them. Given the myriads of different OSes and platforms I have run filechecks on, MD5 is always available, and usually SHA-1. Only on recent Linux machines do I have sha256sum and sha512sum, but that doesn't do me much good if someone is using an old Solaris machine and only has access to MD5.

            Also, I am not transferring files over the public Internet, so MD5/SHA1 is reasonably fine on a private internal only network. I would agr

      • That is not decrypting though. Encryption and hashing are different things. Hashing functions are many to one whereas encryption functions are one-to-one. So, due to the pigeon hole principle, there will be multiple inputs that correspond to any hash. They just found the most likely input. This means you cannot decrypt a hash. The same is not true for encryption which is why the cipher can be decrypted. So to repeat: You can discover a correct input by brute forcing hashes, but that isn't decryption since

        • Agreed, but "decrypting" is the common term used for breaking hashes - you only need one input generating the hash value you're after.

          It is also interesting how most hash algorithms are built around block cipher primitives.

      • by GuB-42 ( 2483988 )

        No it is not, and for this particular attack (preimage) neither MD5 nor any of the SHA are broken.
        What you linked is a unpractical collision attack on SHA-1 (not SHA256). Collision attacks are much weaker. And no actual collision have been published on the standard SHA-1 (but we may be close) and AFAIK, the full SHA256 is still completely safe.

  • The next Tesla S is model name P100D. The Tesla S P100D.
  • by thegarbz ( 1787294 ) on Monday March 07, 2016 @06:16PM (#51655937)

    Dammit I won't consider an electric car until it can do at least 100 miles one one charge!

    What? Oh okay.

    Dammit I won't consider an electric car until it can do at least 200 miles one one charge!

    What? Really? 200miles? Already. No I definitely did not say 100 miles previously. Okay.

    Dammit I won't consider an electric car until it can do at least 300 miles on one charge! AND I reserve my right to change my view with every new breakthrough in the electric car market!

  • I have no idea why they are making electric cars. What they need to do is make an electric van and an electric truck.

    When a new fuel source comes out you target industry first rather than domestic, it happened with petrol and diesel. Commercial has the money to buy your vans and trucks rather than a select group of rich people, they have the resources to make a demand for charging stations at fixed points around the locations they need usually large population centers.

    After they have laid down the infras

    • by Jeremi ( 14640 )

      I have no idea why they are making electric cars. What they need to do is make an electric van and an electric truck.

      Agreed. Also, Serena Williams should stop wasting her time playing tennis. What she really needs to do is take up golf, she'd be much more successful at that. I know this because I am an expert on these things.

  • Found in battery firmware!... Tesla's new battery will be called

    >>> NSAKEY [wikipedia.org] <<<

  • "One computer wiz claims..."

    Wait - I thought we stopped using that term back in the 80's.
    Can we stop calling everyone who searches for strings in a ROM a "computer wiz"? Please?

  • "I don't want to give away the secret outright, I'd rather make a stupid game, where people have to work for it, and troll about how there is much more where that came from"

    Just another troll, ban him, sue him, and fry his ass.

If you have a procedure with 10 parameters, you probably missed some.

Working...