Re: Reverse Engineer the Leaf and making it work good (tm)
Posted: Tue Jul 26, 2016 5:07 am
caederus wrote:It would be very helpful to have a candump log of a dealer doing a firmware upgrade - does anyone already have one they'd be willing to share, or a way to obtain one?
Sorry I don't have a firmware update log, but I have observed how the security check works that collink referred to on at least one of the control modules on the Leaf. To be allowed to access protected functions, first the diagnostic tool must pass a test that the ECU gives it. To start the test the ECU sends a pseudo-random number. Based on that number and a 'secret' algorithm, the diagnostics tool generates a 64-bit key which must be correct before access is granted. Apparently other vehicles in the early 2000s used a similar security system but with a 32-bit key which could be cracked by brute force. But with a 64-bit key brute force isn't an option. Also, because the ECU generates a different pseudo-random number each time, a single log of a firmware update wouldn't help with getting past the security - but it still would be very interesting to see. So it isn't exactly going to be easy, but all is not lost.
Also, I'm pretty confident that the Leaf isn't UDS compliant, although many of the commands are shared with UDS.