Open lihaoran8001 opened 5 months ago
The firmware can be fetched by sniffing the HTTP traffic between the car and the Tesla firmware servers - yes it's really HTTP.
This works (AFAIK) with all the firmware versions. The key is transmitted via a secure channel (Tesla's VPN) - but it's unique per file.
If someone leaks / finds a way to get those keys, they can decrypt the firmware from their side. The key can't really be bruteforced, but one can buy a Tesla infotainment computer off eBay and (with root access) get all the firmware keys from there.
This repo will only help you if you have a copy of the encrypted firmware (I have plenty!) AND their associated key (I have close to 0).
Really appreciate for quick reply. I've understand the mechanism you've explained.
Do you mean that there's a SET(limited number) of firmwares and their corresponding keys? Or it could be every time a car initiate a firmware update, server generate a temporary/random key and use it to encrypt firmware then distributed both to car?
The firmware can be fetched by sniffing the HTTP traffic between the car and the Tesla firmware servers - yes it's really HTTP.
This works (AFAIK) with all the firmware versions. The key is transmitted via a secure channel (Tesla's VPN) - but it's unique per file.
If someone leaks / finds a way to get those keys, they can decrypt the firmware from their side. The key can't really be bruteforced, but one can buy a Tesla infotainment computer off eBay and (with root access) get all the firmware keys from there.
This repo will only help you if you have a copy of the encrypted firmware (I have plenty!) AND their associated key (I have close to 0).
There is one key per firmware file. The firmware URL is signed and it's valid only for a short amount of time, but the file itself is always the same for every (model,version,CPU) version.
That is, if I have an encrypted firmware file 2023.00.00
for a Model 3 AMD and you have retrieved that key - I can use that key to decrypt my file.
Got it, thanks for your help:)
Hi Denys, is it possible to get your encrypted firmwares/keys so I can make a validation on this algo?
The algorithm works, trust me (:
I cannot share the encrypted firmware file and the encryption keys - sorry.
I was wondering How can we get the firmware binary file and what model can this algo applied to? Thanks