DieselArmy.com October 2017
If there’s one thing that can be said about humanity, it’s that we crave the feeling of control. Owning a thing and being responsible for its fate can make us feel important and fulfilled. But in the case of automobiles, things are taking a turn, and GM is leading the way, at least here in America. Earlier this week, we found a thread on the Duramax Forum that piqued our curiosity. User turbowizard started it, stating “L5P and after will never be tuned. Period.” “Folks, this is my first post, so I thought I would come in with a bang,” he opened.
Citing his background of 25 years of IT engineering, turbowizard claimed he had a conversation with a dealership IT manager. The talk centered around the L5P’s ECM and TCM programming, which apparently GM is making uncrackable.
“GM’s Phase-1 overall process involves multi-factor authentication involving dealer employees and credentials and a Diffie-Hellman 2048-bit key exchange using a SHA-256 hash digest that is unique for each VIN ECM and TCM,” he said. “The main concept to keep in mind is that is not a STATIC security implementation […] Diffie-Hellman 2048/SHA-256, if implemented correctly, is un-crackable, even by the NSA.” Turbowizard illustrated his point further: “Current estimates to crack Diffie-Hellman 1024 is 35,000,000 core years, [such that] it would take 35 million CPU cores 1 year to crack a single key exchange, and the key exchange is unique for each VIN. Diffie-Hellman 2048? Forget about it, not going to happen.”Turbowizard capped off his argument, saying, “I’ve had several trucks tuned over the years, and I hate the emissions crap on these new trucks as much as anyone, but I’m afraid we are nearing the end of an era.”Both ominous and saddening, turbowizard’s post garnered loads of attention. Fellow users were quick to label turbowizard a troll, or proclaim that the solution was already there in the form of aftermarket ECMs.“None of the factory instrument cluster, HVAC, audio, BCM, power windows, etc…..NONE of it will work because it has security dependencies on the factory ECM,” said turbowizard. “Every module that communicates with the ECM/TCM uses 2048-bit Diffie-Hellman key exchange with a SHA-256 has…..and aftermarket ECM’s will not have any of that…..useless for a daily or street-driven truck.”
User dubbleu provided the counter-arguments to turbowizard. He said, “We have been through this before in 2012. Once enough of them come off warranty, the powers that be will let us in.” He went on to cite our previous article with Gale Banks at Banks Power regarding the Derringer tuner for the L5P. To gain another perspective on the matter, we reached out to Jon Apogée at Banks. “No one knows the L5P like Gale,” said Apogée. “We have been working on it for almost three years now because of our military contract. Having said that, Gale is adamant that we will have a Derringer inline tuner for the L5P.” “It is true that manufacturers are tightening things up,” continued Apogée. “Some OEMs go quite far. For example, when a dealer re-flashes a vehicle, it is not done locally. It is done over the internet from a central computer. That way, there is none of the ‘Dealer A did this, then Dealer B did that’ without the OEM’s galactic headquarters knowing about it and controlling warranty eligibility. Yes, the noose is tightening; however, there is still plenty of room for smart cowboys.”It will be interesting to see how everything shakes out with the L5P. On the one hand, assuming it’s un-crackable and will remain so for the foreseeable future, this development represents an alarming step toward Big Brother in your truck. On the other hand, perhaps it is simply Chicken Little yelling about a falling sky. Read more about it here.