ECU Remap warning (from JKM)

[TsvRS]

I am toying with the idea of a remap for when I first get my new car and then get it through a running in period.

I noticed this warning on the JKM site actually referenced for a MkVI golf remap but seemingly the only one they do for the 2.0TSI engine.

Anyone else been warned about this or anything like it?

[BigW]

Jim @ Starperformance was talking about this the other day when I was in, seemingly a right pain, needless to say the nerdy chaps are working on this issue day and night and it wont be long till you can go down the port to this ECU too.

[Guinness]

How infuriating!! Don't VWAG realise that part of the appeal of their cars is the fact they are easily tunable? Also, what a waste of time and money developing further security on the ECU which, as the OP says, will inevitably be circumvented before long. Maybe they could have spent the money on creating a washer pipe that doesn't pop off instead or is that just too easy?

rant over

[Dodgy]

Interesting, I enquired about a remap for my new car (now decided against it anyway) and was told by Superchips that the 2010 models have to be brought to their site, but they do have a workaround.

All too much hassle now for me.

[sh4rpsh00ter]

I heard something similar from my local Revo dealer. He said a map could be applied but if the dealer flashed the ecu during a service then I would have to pay for the remap again. As the ecu is given a new code or something like that!!

All in all, a disappointment, see as I'm nor overly impressed with the performance my 170CR :(. Still it is only 1500 miles and 2 weeks old!!

[mannyo]

The work around is to remove the ecu from the car, take it apart and solder in a new chip in place of the current one, the old school way that was all that you could do prior to port programming.

[TeflonTom]

yeah, it's always a bit risky soldering chips onto the board because they are surface mounted and they are really easy to ruin

[JKM_Performance]

Hello Guys.

Just to clear something up, The 'work around' tuning method for the latest Bosch EDC17 and MED17 ECUs with locked Tricore microprocessor's is not to actually remove the original IC from the ECU - instead the 'work around' method is to remove the ECU from the car and boot load the ECU. The method is actually very simular to BDM programing that had to be done on MED9 ECU's and EDC16 ECU's prior to 'easier by comparison' 'serial port flashing that was deveolped for programing these ECU types.

For those intrested, This is a BDM programing JIG for MED9 ECU's (as per TFSI engines) and EDC16 ECU's as per the PD140 Diesel's

This is a boot loading jig for new MED17 and EDC17 ECU's, as used on the new TSI and Common Rail diesel engines.

From what are hearing through ALL the various tuning companies whom we deal with, the Antitune firmware that V.A.G are now introducing is causing a big problem with regards to serial programing. Boot loading (as per above) is the only guaranteed solution for first time programing at the moment :-( If you have a new car that works by serial programing and you get on well with your dealership - ask them to not update your ECU if it is due a manufctures software update - otherwise you run the risk of becoming Non Serial programable (In the aftermarket anyway).

From what I have heard to date so far, the ECU's now employ 1024bit RSA signature encryption, however information is only starting to come out now so I may be wrong. For those intrested, this should help you off to sleep: http://en.wikipedia.org/wiki/RSA or http://www.di-mgt.com.au/rsa_alg.html

Assuming this information is correct (its from a good source) this level of secuirity is very hard to 'crack'. The people who can crack this probabily would take more intrest in internet banking than car tuning In the past manufactures put checksumm 'checks' into the ECU firmware code, these basically checked the value of various memory locations whilst the ECU was running and when the key was off (background checks performed) - these are not what you would call simple checks and they took some very clever people to 'crack the code' - however this new method clearly shows V.A.G getting very very tough with the tuning world :-( Fingers crossed a solution is found.

I hope that this helps.

Keith

Edited 22 February, 2010 by JKM_Performance

[BigW]

Nice post Keith

[shark_90]

<stuff>

Thanks Keith, excellent explaination and you saved me a huge write-up!

Edited 22 February, 2010 by shark_90

[Phil_P]

Thanks for the great info

Wow - 1024bit RSA is some serious encryption. Unless they've messed up in the way they've implemented it and someone can find a way to bypass it, you're not going to crack the encryption itself.

One wonders why they would want to do this?

One question - does this affect the use of software such as VAG-COM/VCDS on affected vehicles?

[k.young]

Maybe VAG are getting ready to start selling their own performance software sometime in the future and their just cornering the market !!??!!

[k.young]

or they are trying to cut down on their warranty payouts.........................damn them to hell !

[shark_90]

Thanks for the great info

Wow - 1024bit RSA is some serious encryption. Unless they've messed up in the way they've implemented it and someone can find a way to bypass it, you're not going to crack the encryption itself.

One wonders why they would want to do this?

One question - does this affect the use of software such as VAG-COM/VCDS on affected vehicles?

You're right in that 1024bit encryption will probably never be hacked, but there is almost always a way around things. The "older" EDC17/MED17 ECUs also used 1024bit encryption and they're tuneable.

And VCDS or indeed any other diagnostic tool is unaffected by this change.

[cheezemonkhai]

You're right in that 1024bit encryption will probably never be hacked, but there is almost always a way around things. The "older" EDC17/MED17 ECUs also used 1024bit encryption and they're tuneable.

And VCDS or indeed any other diagnostic tool is unaffected by this change.

There is a very easy way past 1024bit encryption.... a human.

It only takes the private key to leak and it's gone and had it. There plenty of people making the cars abroad in low wage companies, where it is feasible to pay a bribe worth many years work.

The other thing to look for will be for implementation flaws, however if they do that then they are taking a massive risk with the computer system as a whole.

I for one wouldn't be willing to rely on a system compromised in this way for my safety.

5 years and 1% means that you'd need some serious CPU power to crack it:

http://www.schneier.com/blog/archives/2008/06/kaspersky_labs.html

but then this might be an option if there are enough people with spare CPU/GPU cycles a distributed system could provide a lot of CPU time in not long.

Personally I don't see the issue with taking the board out and using the JTAG points to do it properly. I mean lets face it, at least this way it feels like you're £500 is going somewhere.

It could just be that you will have VAG approved tuning options. They have to approve your software before it can run on the CPU.

As for why.. well safety. Somebody playing with software means it's untested. Sure most of the time they get it right if they know what they are doing, but changing a map, could hit a bug caused only in certain edge cases which cause something to fail in an emergency situation.

[Stoofa]

Your average worker is not going to have access to the private key.

It will be safely stored away and only very few people will be able to get their hands on it.

Sky for example have their boxes made in "low income" countries, but their keys are still nice and safe because it cannot be accessed.

There maybe a way around it but you aren't going to crack 1024bit encryption and I doubt very much if any keys will be leaked.

[shark_90]

The ECUs are made by Bosch and the protection side of things is with them rather than VAG. Eventually a workaround will no doubt be found, but for now the method for tuning is as Keith posted.

And don't think that replacing the anti-tamper bolts is a way to make it "undetectable" - with MED17 and EDC17, there is no such thing, with ANY map from ANY tuner.

[Hedge]

Not sure how feasible this is but could you buy a secondhand ECU for your map.

[k.young]

That would be one expensive remap !! I would rather take the chance invalidating my warranty.

[cheezemonkhai]

The ECUs are made by Bosch and the protection side of things is with them rather than VAG. Eventually a workaround will no doubt be found, but for now the method for tuning is as Keith posted.

And don't think that replacing the anti-tamper bolts is a way to make it "undetectable" - with MED17 and EDC17, there is no such thing, with ANY map from ANY tuner.

Every ship leaks, regardless of what some people might like to think.

[Hedge]

That would be one expensive remap !! I would rather take the chance invalidating my warranty.

I think you miss the point of this thread. Its not a case of invalidating your warranty its the case of the ECU update disabling your remap.

[shark_90]

Not sure how feasible this is but could you buy a secondhand ECU for your map.

With the price of an ECU and the mucking around copying the data etc, you'd have to be very

committed!!

[k.young]

I think you miss the point of this thread. Its not a case of invalidating your warranty its the case of the ECU update disabling your remap.

Silly me. Could you not just instruct the dealer not to flash your ECU, after all, it is your car ?

[Dodgy]

Silly me. Could you not just instruct the dealer not to flash your ECU, after all, it is your car ?

And dealer makes mental note that the car is remapped, he might even write that down somewhere in case of future warranty claims?

[k.young]

And dealer makes mental note that the car is remapped, he might even write that down somewhere in case of future warranty claims?

That leaves us back at my original point, if you really want one of the new ECU's remapped from new, you are going to have to take a chance with your warranty........or your remap. I would love to know how much the "spare" ECU would cost. Thats my tupence worth.

Edited 25 February, 2010 by k.young