Slashdot Mirror
Hack Your Ignition (Before Someone Else Does)
guanxi writes: "IEEE Spectrum has an interesting article about hacking and specifically, the "hacker's nirvana on wheels", all the way from hot-rodding to reprogramming your digital ignition. Of course, I neither endorse nor recommend any of the procedures mentioned, any of which may be inherently dangerous to your life and your warranty. "
How about hacking digital odometers?
I'd imaging it is just stored in memory somewhere. Set'er back to 0 and no one would be the wiser!
here is a sweet page about modding cars. It can turn you into a ricer real quick. Car mods are pretty popular these days in my town, from big fins to stickers, to large exhaust pipes, there's just no end to the mods.
Nothing to hack? Hah!
It starts with the baseball cards taped to the frame that make the BRRRRRRR sound in the spokes.
Next thing you know you've got an oxy-acetalyne torch in your hand and you're welding a sissy bar to the frame and extending the front forks for that low-rent low-rider look.
Ask the people at Fat City or Rivendell how they got started.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
One of the problems with tuners is that they add more power without accounting for aging of components. This isn't usually a problem in racing since you're rebuilding your components after every or a number of races. But for "hackers," they often tune it and forget it--or tune it and increase the mods. Sometime down the road, they'll blow a piston or apex seal without warning. Not to mention several thousand dollars' down the drain.
I personally prefer more conservative tuning, but then when some guy beats you during an ad-hoc "race," your first instinct is "gotta get mo' power."
So how do you think you explain this to your car company if you screw it up?
Honda: "what's the problem, sir"
You: "well, I was wiring an internal network into my car and fused my hand to the cable and the glove box. Is this covered?"
Man invents automobile.
Man builds automobile.
Man adds digital data bus to automobile.
Man discovers that you can snoop on automobile's digital data busses.
Man succeeds.
Man discovers no useful information from snooping automobile's digital data bus.
Logical conclusion: Man has too much time on his hands.
Reverse-engineering is fun. Reverse-engineering embedded systems is even more fun, because it's hard. Reverse-engineering safety-critical embedded systems is really challenging, and not for the stupid.
Now, what the author is talking about is reverse-engineering the systems that control AntiLock braking, ignition, and transmission control, among other things. It's a really cheap way to improve performance on a car.
Car companies (well, at least Ford) have a bad history when it comes to electronic civil liberties. At what point in reverse-engineering a throttle control system would you be "bypassing an access protection device"? Probably never. But consider that Adobe got someone jailed for breaking ROT13; Cuecat was XOR. If people start selling hot-rod software (and they are), how long will it be till auto manufacturers start answering Yes to the author's "is it encrypted" question. It might only be ROT13, but it would be enough to bust anyone who was selling firmware upgrades for a Mustang and put them out of business for good.
Anyone remember the 60 minutes Audi 5000 scandal? Where the car's fuel injection system was said to, in rare cases, cause the car to accelerate out of control, causing injury or death? Let your subconcious do the dreaming about the accidents that could come from improperly debugged ABS code or throttle control. Now imagine that someone hacks their car's firmware, crashes in a fireball, and their family sues the automaker. The automaker can't prove that the car was modified... at all.
My prediction: this stuff will scare automakers shitless, and they will fall all overthemselves to find a way to apply the DMCA to stopping the dissemination of reverse-engineering information.
Of course, I could be wrong.
I've got a nice hack for ya.
New Ford F-150's, Expeditions, ect.
Unplug the main harness going to the digital display, and locate a gray wire, with a black stripe. (your VSS wire) Place a small strip of tape over the metal pin, and
VOLIA
no mo miles
There's replacement EEPROMS for various cars with digital ignition (as opposed to a distributor) available on the market, some of them may even be installed by your dealership (depends on the dealership of course). They've also been on the market for quite a while and aren't a novelty. If I'm correct, on non-digital-ignition automobiles, you can use MSD's system to retard or advance your ignition timing. Also, this is not a very safe way to increase your engine's power, as advancing ignition, raises the cylinder pressure far more than any other modification, in propotion to the gain (usually no more than 15 hp).
Here's a car that's been pre-hacked and souped up for ultimate geek driving: the MegaCar! I mean, just look at this picture. LCDs everywhere, 150k/sec mobile connectivity...The flash site is annoying, but damn, that car is sweet....
In most cases, the manufacturer of most sports cars (corvette, etc.) has a liscensed third party like shelby for Ford. These suppliers and aftermarket manufacturers have certin chips that can be installed without ruining you entire warrenty. Sometimes, the warrenty is just modified to take out the changed part of the car.
Not only have they thought of everything that he was talking about, but they actually are doing it. This season, today, right now! Everything is adjustable, although some of it is not legal ;-) The best part, it is all adjustable, on the fly, literally. That's right boys and girls, wireless! Ferrari and Williams BMW are at the forefront, of course. There has been much effort into making sure that each of the teams are not vulnerable to hacking or jamming by the other teams. (The budget for these top-flight teams is supposedly nearly $200,000,000US)
Yep, you got it. I'll buy a beer for the first true hack on a Segway.
Suppose you had one, what would a cool hacker (such as you, dear reader) make it do?
Oh, BTW, I guess I'd have to buy you a Ginger Beer.
Alan.
This is really very common in the automotive tuning world already. Many companies have piggyback-style computers that intercept the signals entering and leaving the stock engine computer and modify them accordingly. Products like the A'PEXi S-AFC (among many many others) use relatively simple mathematical formulae (think...mx+b) or look-up tables to modify the signals that the engine computer sees from the sensors or the signals that the actuators see from the computer.
For the more advanced racer, there are entire standalong engine management systems that entirely the engine computer itself (think Haltech E6k and others).
The point here is that the signals used between sensors and microprocessors onboard a vehicle aren't difficult to decode. Most relate to measuring the resistance across a sensor or sending out a pulse to run a fuel injector at a given interval. Granted, the signals sent between the various computers are a bit more complex, but it's by no means impossible to decode. The only reason that 3rd-party aftermarket manufacturers are really the only people building these things is that there isn't a whole lot of return for the average home-mechanic. By the time Joe Six-Pack builds his engine management system, he's spent so much time that he could have enhanced the performance of his vehicle with all sorts of non-electronic devices that are cheaper and better understood in the automotive community.
Are there very cool things that can be done by the individual with a personally-designed engine (and transmission, and A/C, etc) management system? Sure! Loads of cool stuff!
Now how many people out there can spare the time, effort, and money to have a system that really only performs marginally better than anything that can be bought off the shelf? Not many people, that's for sure.
But luckily, that's what universities are for...which explains why I'm still in school.
It is inappropriate to link to the Jargon File's main corpus....It is several megabytes, and costs the site maintainer mucho bandwidth so you can browse one entry.
. html
Use this: http://www.tuxedo.org/~esr/jargon/html/entry/hack
My impression was that the article writer doesn't have much experience in the tuning market, or he'd have mentioned chipping turbocharged engines, and he'd also demonstrate a better understanding of what goes on. Most chips(even for normally aspirated engines) don't just alter timing; they alter the fuel ratio to be perfect for power, which is different from the ideal air/fuel ratio for emissions. Yes, ignition timing does affect power/emissions too, but it's silly to ignore the other half of the equation. Also, among the european/asian car makes, programmable systems are pretty rare; most simply buy a preprogrammed chip from a company that's done the testing/setup for you. Makes a lot of sense considering how expensive some of these engines can be. Even just altering fuel mixture can cause substantial damage; too rich(ie too much fuel) and you'll cause the catalytic converters to overheat and melt($$$$$$.) Too lean, and you can raise the exhaust gas temperature to the point that you actually destroy the exhaust valves and they start leaking.
As for turbo chips...bear with me here. My car('91 Audi 200 quattro 20v turbo) makes 217hp stock. With new ROM chips for fuel/timing maps and a new pressure sensor supplied by an Audi tuner who has been in business since the early 80's...it makes almost 280, by allowing higher pressure from the turbo(aka "boost".) It yields sub 6 second 0-60 times for a full size luxury sedan(not to brag, but few cars, new or old, can beat me off the line, including any of Audi's current model lineup, unmodified.)
This particular chip pretty much stresses the limit of the k26 turbo; as with any turbo, spin it too fast and it'll disintegrate. These things operate at -very- high speeds...50,000 rpms is not uncommon...very high temps(several hundred degrees or more)...and very close tolerances. If a piece flies off or something, it can cause an enormous amount of damage; little pieces of the turbo can end up getting inhaled by the engine. If you're lucky, it doesn't take the engine with it. If you're not so lucky, the metal shards scratch the cylinder walls, or the oil causes so much crap to build up inside the cylinder that the compression ratio skyrockets and the engine starts to "knock"(ie when the mixture ignites before it should.) When the piston's still going up and the mixture ignites, you can break things. FAST. Look on almost all engines these days and you'll see a small sensor bolted to the block...it's a microphone, basically, and it listens for knocking(the ECU knows when it fired a spark plug, so if it gets a noise when it hasn't...tada, knocking.)
Particularly with a chip, there are a lot of things that can push the turbo over the edge...for example, a clogged air filter will make the turbo work harder to pressurize the same amount of air(ie, it'll need to spin faster.) While the engine control unit(ECU) takes into account high elevation via an external barometric sensor, it can't tell if your air filter is clogged! Another danger is that the intake air temperature can be too high; as you compress air, it heats up, and if it's too hot, the further compression in the cylinder will heat it beyond the flash point of the gas/air mixture, and you get knocking(see above.) You can also exceed the limits of the mechanical strength of the connecting rods(ie what connects the piston to the crankshaft, transferring the force of the explosion into mechanical rotation), the head bolts(what holds the "head" of the engine up against the block; it forms the top of the cylinder, and the more powerful the explosion in the cylinder, the more stress on the head bolts), the transmission, even the driveshafts sometimes
Some early chip designs for A4/S4 models pushed the turbos just a tad too much(the vendor in question had a bad reputation in the first place) and turbos were getting overspun left+right(expensive, considering the S4 has -two- turbos.)
Audi of America got wise to it, and unfortunately, is now -extremely- aggressive about going after owners who have installed aftermarket chips, despite the fact that they're quite safe now that more reputable tuners(who do better QA testing) have forced the crappy chips off the market.
So, dealers started checking ECUs for signs of removal, modification, etc. Owners countered by buying spare ECUs and installing the unmodified ECUs back into the car before having it serviced.
Amusingly, AoA caught on to this too...because their Client Relations staff were reading the webboards these guys belonged to. They were dumb enough to brag about it after "fooling the dealer".
VW and Audi have already started introducing encryption+verification that keys the ECU to all sorts of other things in the car so that it can't be easily swapped. VW/Audi's "real" reason is that it is for antitheft reasons.
It took all but a month or two for someone to figure out how to get around the keying. Same debate as publishing security exploits...except that cars generally don't get stolen unless they can be stolen in a few minutes, and keying the ECU doesn't prevent theft(it just makes the ECU useless in any other car until its been re-keyed.)
The first time I heard of aftermarket ROMs (for the fuel injection computer) the car in question was the 1984 Pontiac Fiero, GM's short-lived (1984-1988, I think) mid-engined sports car.
-Tom Duff
Two points: ONE: most cars do NOT benefit from performance computers. TWO: most performance computers are added on to cars that are normally naturally aspirated and converted to turbo form. (a lot of cars that dont have turbos from the factory judge the amount of air with a vaccuum sensor instead of a mass air sensor) Often the relevant sensors dont even exist for the stock computer to talk to.
To make an example, the average honda civic computer settings are pretty much already maxxed out in stock form. You add an intake and an exhaust and youre still in the range that the stock computer can adjust for. You can actually add about half an atmosphere of boost (from turbo or supercharger) and still not need a custom computer. This applies to a most other non-turbo cars as well. Factory turbo cars have even higher limits.
Remember, modern cars have to be able to operate at 10,000 feet above and below sea level in a wide range of temperatures. Most cars have injectors that can take about 150% to 200% of stock duty before they begin to max out. Up to this point the car will still not even pollute!
Basically the only 2 ways to outpace the stock computer is to
1)bring in too little air at idle or have massively oversized injectors (the computer can't control the injectors to produce less than a certain minimum period of being open) which will cause "lopey idle" or stalling and rich emmissions.
2)bring in so much air at high rpm that the stock injectors can't let in enough fuel. Basically you will start to run "lean" (not enough fuel) which will produce very high temperatures and detonation (and kill your engine).
You basically only need a special computer if you are running massive cams (alternatively you could just raise the idle, which most people do) or if youre running such massive amounts of boost that the only solution is to run massive injectors (here again, you can actually just raise the idle). Now consider this: when youre making over double the stock hp, there is no way a factory computer is going to be able to cope anyway- I dont see the point of making them more hackable. On top of which, the only reason to use an expensive computer is to make the car more emissions friendly. And guess what mods are pretty much illegal under CARB rules? You guessed it! Programmable ECUs!!! The high-boost 323 and miata guys routinely run hacked ECUs with 12-15psi of boost, then turn down the boost and swap injectors for smog every two years. Its pretty sad that you have to break the law to pollute less.
The car manufacturers have another very good reason for keeping the electonics systems relatively simple- so they WORK BETTER. Each flaw costs them millions of dollars in recalls or warrantied repairs. The less extraneous shit they cram into the electronics, the less is likely to go wrong.
;-)
Maybe commerical software engineers will realize this, some day?
OtakuBooty.com: Smart, funny, sexy nerds.
Now if I can just hack my car to start somewhere in the first 200 tries...
Never fight naked, unless you're in prison...
Why would you waste your time hacking a car that fights you every step of the way (physically, electronically, and financially)? I only own and drive open sourced cars. My daily driver is a 1974 Volkswagen Beetle. There is not a single part for this car I couldn't write a check to replace. I also haven't paid a mechanic since I bought it. There're no computer diagnositics I have to pay some guy with his name on his shirt to run for me. All I need is a good chest full of Craftsman metric tools and my ears. Your stock Beetle not fast enough for you? $2000 worth of NEW parts will build a complete engine to your specifications that will propel that 870kg car to speeds you'd never thought possible. Countless books have been written that detail every system in the Beetle inside and out. Why would you buy a car that tries to keep you out with complex computerized systems? Want to modify the ignition timing? All you need is a 10mm socket. Ferdinand Porsche designed my car. Who designed yours?
Brandon D. Valentine
First, the original poster: The audi S4 only goes from 250 crank hp to about 310 crank hp with a computer. YOu can get up to about 350 or so with an intercooler and some other low cost tweaks.
Anyway, second poster: cars today are engineered way way way beyond the use they will see in stock form. An audi s4 most likely will be reliable at 400 crank hp. They have sleeved cylinders and a strong bottom end (amongst other features). 500 would most likely be pushing it. And the S4 will run through tires at the same rate with 250 hp as it would with 600hp. Its all about the weight, not the power, unless you do lots and lots of huge smoky burnouts. The first poster's S4 will actually be no more expensive than stock in the long run, and it will not be any less reliable.
Also, an S4 is not a light little car. It weighs about 3500 lbs, which in my book is a very heavy car. Thats only marginally lighter than a bmw 5 series.
Ferraris are in the shop every 3000 miles for a number of reasons:
Ferrari's reputation isnt based upon having reliable cars- that is Honda's little dance. If Ferrari starts making reliable sorta-fast cars, then they will be written off as having lost touch with their heritage (porsche cayenne anyone? blech)
They arent engineered to be super reliable, they are engineered to be weekend toys for the rich. Ferrari makes a lot of concessions to performance and a lot of concessions to "tradition" since many people buy ferrari because they want to buy into ferraris old racing image. People want gated shifters, a loud whiny exhaust and they want it painted red.
They have more complicated valve trains with a ton more moving parts. A ferrari v12 has about 60 valves and 4 camshafts, non of which are self adjusting (another concession). Sooo, once a year or so, you have to bring your ferrari in and have everything looked at. VERY expensive. About 3 times more labor involved than opening up a dohc 4 cylinder- this before you factor in the traditional ferrari price gouge.
Ferraris have a special formula of oil you can only get at the dealer.
Ferrari parts arent exactly mass produced. Its cheaper to do preventative maintenance than to drive it until it explodes and then replace the engine.
My God ... Nike, Adidas and all the rest rely on the fact that your feet need high-tech aids if you're to simply walk from the fridge to the couch with a cold one.
Do you really believe that your shoes don't record your beverage brand choice?
This meant no headlights, turn signals, radios, and no guages. Nothing. Which meant that the odometer didn't rack up miles. Perfect if you plan on selling the thing.
Heheh...
I imagine though that it would probably be just as easy to disconnect the cable in a normal odometer if you wanted to deceive. I'm not positive though.Older cars had a speedometer cable coming from the transmission tailshaft or transaxle to the gauge. The cable was merely a concentric cable in jacket, kinda like bicycle brake cable but meant to spin. For the most part, you could simply reach up behind the dashboard, feel around to the center of the back of the speedometer, and unclip the speedo cable from the gauge. A warning: this is a lot more difficult than it sounds, the contortions required to get your hand back there are nasty, there are probably live wires with some current (ie. headlight circuit, ammeter, etc) back there so make sure you take off any metallic jewelry, and stuff back there is fragile and expensive (big labor) to fix.
Don't disconnect the speedo cable at the transmission. The cable is usually driven directly by a gear, and it's kept lubricated inside the transmission oil. When you take off the cable, if you don't plug the hole in the transmission well, dust will get in there and lunch your transmission (to say nothing of the big leak messing up your driveway).
Because speedometer cables are expensive and heavy and the fuel injection system likes to know the car's speed so that it can better understand the engine load, most cars since about 1985 will have a Vehicle Speed Sensor. The VSS is attached to the side of the transmission exactly where the speedo cable would have come out. It uses optical sensors, hall effect sensors or magnetic pickup coils to create a pulsetrain relative to the speed of the car. The pulsetrain is then sent to the computer, the computer usually sends that on to the speedometer. Sometimes they're simply paralleled.
You could disconnect the VSS just by unplugging the wire. Most cars won't even notice it until there's an engine load (vacuum is lowered, throttle position and engine speed aren't idle) which could only be explained by movement. At that point, your Check Engine light will light up, and it probably won't go away until you reconnect the sensor. Sometimes it won't go out until you visit the dealership. And, unless the EFI computer reads the data coming from the ABS computer as a backup to the VSS, it's very unlikely that it will generate a signal to drive the speedo or the tach - though, based on engine speed and knowing what gear you're in, the computer could calculate and drive the speedo/odo to display accurate speed and mileage.
My best advice is, if you want to play with the EFI system (and VSS/Speedo/Odo as a consequence), find yourself an earlier (mid-80s) fuel-injected car on the way to the junkyard. Chevy Celebrity / Pontiac 6000 are common, cheap (about $200 if you find one with expired plates rusting in someone's laneway), durable and relatively easy to fix. The GM multiport and throttle body EFI systems are well documented all over the place because they're so popular, and variants were used across the entire product line in a given year.
Buy the car, take it home, start it up, and start pulling sensors to see what they all do!
Fire and Meat. Yummy.
They just want to make their pansy little box or car look faster.
Exactly. For clarity to those who don't know cars:
There's nothing like having some loser describing to you how quickly he can make his 1.6L Honda Civic go.
Imagine if you owned a Cray supercomputer and some child implied that his "tuned" 400MHz Celeron was in the same ballpark.
As the saying goes, there's no replacement for displacement. An engine is an air pump, the more air you suck through it per revolution, the more fuel you can mix with the air to achieve complete combustion. The more combustion, the bigger the explosion pushing the piston down, and the more power you get from the engine.
A 1.6L or whatever Honda is laughable in the face of a common Chevy 350 (5.7L) like you find in a Camaro or Caprice Classic, or in the face of a Ford 302 (5.0L) like in a Mustang, much less the Chrysler 440 (7.2L), Chevy 454 (7.4L) and King of Big-Blocks, the Chrysler 426 Hemi of the musclecar days.
Street racing is acceleration from a stoplight. That's called drag racing. There's a reason why those long and skinny drag racing cars with the huge fat tires (the cars are called "rail cars", the class of racing is Top Fuel drag) are rear-wheel-drive with big V8s, not front-wheel-drive with whiny little 4-cylinder engines.
Those racecars share more in common with my daily-driver 1976 Dodge pickup truck than does a typical ricer's car. My '76 Ram has a 400 (6.6L) V8 driving the rear wheels. With a curb weight of 4,000lb, it's about twice the weight of a Honda Civic. But 6.6L / 1.6L = 4.125 times more engine, and all other things being equal, 4.125 times the power. Into only twice the weight.
Needless to say, when an Integra with a big stereo pulls up beside me, I enjoy stomping on the gas pedal and showing him my taillights.
Modern EFI, overhead cams, combustion chamber design, etc., make incremental differences to improving the power, but a street car's engine is still built for gas mileage, durability and emissions, not for power, and the modern requirements for gas mileage and emissions choke the power potential of these modern improvements.
Those of us with real machines are quite content with our beige cases (in my case, a older, but still fast as all hell compaq proliant 8000 which was picked up dirt cheap from a dot com gone bust) and sleeper cars (also in my case, an Alpina).Indeed! My truck is forest green with rust and primer spots. Someday, I'll get around to painting it so that it looks nice again, but there won't be silly aftermarket rims or little blue lights on the windshield washer jets or clear tailights and big aluminum spoilers.
The car is either fast, or it isn't.
My truck gets 7 miles per gallon on the highway. The HC emissions are ~2 PPM, which is better than lots of 1986 cars, let alone 1976 trucks. I'm burning all that fuel. Where do you think it all goes?
Final thought. I tried Carroll Shelby's old trick. I taped a $20 bill to my dashboard, just in front of the passenger's seat. I had a disbeliever get in. I told him that, when the stoplight turned green, if he could grab that $20, it was his. He didn't get the $20.
Fire and Meat. Yummy.
"My Honda Integra Type R manages about three-four times the power of your big-iron block at the same rev range, not to mention around the same torque."
ROFL! You do realize that HP is a function of torque at a particular RPM right? Ummm... Not too many 4 bangers have v8 torque at ANY rpm let alone the same rpm.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin