Author Topic: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM  (Read 11416 times)

0 Members and 1 Guest are viewing this topic.

Online nctnico

  • Super Contributor
  • ***
  • Posts: 18001
  • Country: nl
    • NCT Developments
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #25 on: February 16, 2019, 11:04:48 pm »
BTW: I made my previous (turbo diesel) car run 5% more efficient using a 1.5V zener diode. Bonus points to the first one who figures out where I put it!
Disable EGR and use the zener to keep the ECU from figuring it out?
No. Offset the turbo pressure sensor so the ECU allowed to inject more fuel at low RPM giving is more power in low RPM (also known as eco-tuning). With the fix it allowed to drive the car at 70km/h in 5th gear instead of 4th gear.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline SilverSolder

  • Frequent Contributor
  • **
  • Posts: 846
  • Country: 00
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #26 on: February 16, 2019, 11:06:22 pm »
What if the device actually works...  by making the driver being more careful on the gas pedal?   Recent research has shown that placebos work...   even if the patient knows he is getting a placebo!

https://www.npr.org/sections/health-shots/2016/10/27/499475288/is-it-still-a-placebo-when-it-works-and-you-know-its-a-placebo
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 2954
  • Country: fr
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #27 on: February 16, 2019, 11:09:09 pm »
@EEVblog
Even if that thingy wanted to program the ECU the car needs to be a very old one because most new ones wont talk to devices that arent running the official SW from the car manufacturer(aside from a few basic things OFC)....

That doesn't mean you can't make a dongle that will talk to a particular make/model of a car and actually do something (whether useful or not). For some cars it is easier than others. Most cars don't use any cryptography or strong security anywhere, only security by obscurity (aka protocols are secret and only the dealerships/authorized mechanics have access to the software). Which inevitably means it will leak at some point and get reverse engineered/cracked.

And re basic things - well, it depends on the car but for some you can do some truly scary stuff through the OBDII port. E.g. this Jeep model from 2016 or so (which is pretty recent) where the attackers were able to mess with brakes - while the car was moving. Or messing with the steering. The security in car industry is pretty much nonexistent, only designed to keep unauthorized repairmen out, not to actually stop any dedicated attackers.

https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/

E.g. this exists and is apparently popular:
https://www.mybluefin.co.uk/

Of course, a tiny dongle claiming to be able to reprogram (almost) any car and model is most likely BS.
« Last Edit: February 16, 2019, 11:23:10 pm by janoc »
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 8156
  • Country: 00
  • Display aficionado
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #28 on: February 16, 2019, 11:24:06 pm »
What if the device actually works...  by making the driver being more careful on the gas pedal?   Recent research has shown that placebos work...   even if the patient knows he is getting a placebo!

https://www.npr.org/sections/health-shots/2016/10/27/499475288/is-it-still-a-placebo-when-it-works-and-you-know-its-a-placebo
What if the device works by making the driver think he can be more careless with the right foot, increasing consumption? Maybe even while making him thing it's actually better.
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 4394
  • Country: au
  • Question Everything... Except This Statement
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #29 on: February 17, 2019, 12:39:51 am »
Depends on the model of car, but most vehicles expose all of there memories (even runtime RAM) via a special per manufacturer mode, Now I have 0 doubt the devices out there cannot possibly do what they are claiming, though they can kinda do something, even if its the wrong thing to do, Reset the ECU memory every time it starts up the the stored 100Km economy average is above what feels "normal" In my own experience this tends to make the fuel range and average economy values on most instrument clusters also reset, meaning for the first few minutes into a trip, it can seem like you have much more range, or more economy, because that average has been discarded.

I have been slowly digging into the manufacturer programming modes for other things, and there is a lot of copy-paste stuff going around where different car manufacturers use the same brand ECU's etc, And some much more scary things that could be used to make things seem more economic, e.g. most european instrument clusters, even if they use an analog fuel signal, has a test mode where you can set it to read a certain value via can. same for the range and economy displays, without the vehicle getting upset you can lie to the driver, You can alter the scaling of the RPM gauge, to make it seem like your running at lower RPM, and stuff I really would never want to see one of these device touch, shift the gearbox switching points dynamically.

As for security, some have recently started using magic tokens to enter these programming modes, this to me seemed to be spurred by the Airbag Controllers before anything else, but I feel that was in response to people resetting them after an accident to sell write off cars. however per year model these tokens seem fixed, Its only really the indentured repair manufactures, e.g. certain tractor companies that are doing things like signing firmware updates and making it a right pain to enter the programming modes, (VS scattered CRC for blocks in most vehicles)
 

Offline Lockon Stratos

  • Contributor
  • Posts: 39
  • Country: hu
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #30 on: February 17, 2019, 04:07:32 am »
@EEVblog
Even if that thingy wanted to program the ECU the car needs to be a very old one because most new ones wont talk to devices that arent running the official SW from the car manufacturer(aside from a few basic things OFC)....

That doesn't mean you can't make a dongle that will talk to a particular make/model of a car and actually do something (whether useful or not). For some cars it is easier than others. Most cars don't use any cryptography or strong security anywhere, only security by obscurity (aka protocols are secret and only the dealerships/authorized mechanics have access to the software). Which inevitably means it will leak at some point and get reverse engineered/cracked.

And re basic things - well, it depends on the car but for some you can do some truly scary stuff through the OBDII port. E.g. this Jeep model from 2016 or so (which is pretty recent) where the attackers were able to mess with brakes - while the car was moving. Or messing with the steering. The security in car industry is pretty much nonexistent, only designed to keep unauthorized repairmen out, not to actually stop any dedicated attackers.

https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/

E.g. this exists and is apparently popular:
https://www.mybluefin.co.uk/

Of course, a tiny dongle claiming to be able to reprogram (almost) any car and model is most likely BS.
Well i only have experience with only one manufacturer but their system is pretty strict, you cant change anything that has electronics in it without an online connection to the main server god knows where. Its actually so strict that even in production a specialized tool is needed to get all the new parts to talk to each other...
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 4394
  • Country: au
  • Question Everything... Except This Statement
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #31 on: February 17, 2019, 04:14:33 am »
I can guess the vehicle your talking about is 1 of 3 brands, My top guesses would be Volvo or Mercedes,

Of the manufacturer diagnostic tools I have seen, its generally only new commissioning of units that need the online part to pull the latest firmware, I've been stuck on site for about 3 hours while I slowly watched the progress bar increase for the download on an out of data firmware on 1 module of a truck, for the next truck I asked the tech to try switching off wifi after he had logged in to the tool, and he could change anything without the forced firmware update. (had 15 trucks to do fittings to over the course of a week, and no body has the time for 3 hours per vehicle of downloads due to the software not caching any of the downloads)
 

Offline Lockon Stratos

  • Contributor
  • Posts: 39
  • Country: hu
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #32 on: February 17, 2019, 04:20:31 am »
None of those, this manufacturer do not have trucks.

/EDIT
And you cannot disconnect from the network if you want to install any new parts(hell, maybe by now it is mandatory to be connected to the network the whole time).
« Last Edit: February 17, 2019, 04:22:21 am by Lockon Stratos »
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 2954
  • Country: fr
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #33 on: February 17, 2019, 09:26:21 am »
Well i only have experience with only one manufacturer but their system is pretty strict, you cant change anything that has electronics in it without an online connection to the main server god knows where. Its actually so strict that even in production a specialized tool is needed to get all the new parts to talk to each other...

BMW does this. And there are tons of published hacks and workarounds for it online, so that you can "code" and program the various bits and pieces to work with the car when you change them without going to the dealer (and paying top $$$ for them doing it). E.g. my boss was replacing one module that controls most of the lights in the car recently and reprogrammed it using a generic dongle and a copy of the manufacturer's sw downloaded online. So much for such "security".
 

Offline Lockon Stratos

  • Contributor
  • Posts: 39
  • Country: hu
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #34 on: February 17, 2019, 04:54:28 pm »
BMW does this. And there are tons of published hacks and workarounds for it online, so that you can "code" and program the various bits and pieces to work with the car when you change them without going to the dealer (and paying top $$$ for them doing it). E.g. my boss was replacing one module that controls most of the lights in the car recently and reprogrammed it using a generic dongle and a copy of the manufacturer's sw downloaded online. So much for such "security".
Thats a pretty big gamble right there, if he borks it then the dealer wont touch it and he will have a very expensive paper weight... :D AFAIK in case of the manufacturer i know even if you have the software from the web you still need the online connection to the main server to get the codes so the car will talk to the new part.
 

Online langwadt

  • Super Contributor
  • ***
  • Posts: 1531
  • Country: dk
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #35 on: February 17, 2019, 05:34:16 pm »
Hypermilers know about OBD2 gadgets that really can boost MPG - the Scangauge being one of the earliest ones. Quite a bit more complex than a box with flashing LEDs, but not that much more complex.

afaikt Scangauge is just a monitor

Of which, what I would like to see is a gadget that uses GPS data and computer vision to learn the timing of the traffic lights and inform the driver to speed up or slow down in order to maximize the chances of getting to it on green. Not at all an easy task but it can save a lot of time as well as energy.

traffic lights are usually timed to do that at regular speeds already
 

Offline German_EE

  • Super Contributor
  • ***
  • Posts: 2306
  • Country: de
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #36 on: February 17, 2019, 06:19:25 pm »
I like to watch car mechanics because I learn stuff, and in years of doing this I have only seen a mechanic use the OBD port once.

We had lost a key so we needed to a) delete the lost key from the ECU list and b) program a new key. The Ford mechanic had to use a Ford issued notebook plugged into the car and running the security software, and this would only work when also connected to the Ford servers over the Internet.

The cost of all this? Enough to ensure that I will NEVER lose a car key ever again.

Random dongles from China don't have a chance.
Should you find yourself in a chronically leaking boat, energy devoted to changing vessels is likely to be more productive than energy devoted to patching leaks.

Warren Buffett
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 2954
  • Country: fr
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #37 on: February 17, 2019, 07:15:59 pm »
Thats a pretty big gamble right there, if he borks it then the dealer wont touch it and he will have a very expensive paper weight... :D AFAIK in case of the manufacturer i know even if you have the software from the web you still need the online connection to the main server to get the codes so the car will talk to the new part.

Yeah, but also keep in mind that replacing a broken module (which literally just bricks itself in software because of a power spike or whatever - it can be reset and made to work again) is maybe 30 minutes of work + cost of the module.

If you go to the dealer, they will charge you several hundreds of euro for literally plugging in a dongle into that OBDII port and clicking a few buttons. I am not saying it is a smart thing to do, especially for people who don't have much clue about electronics, but for the owners of the older, out of warranty cars, the financial motivation to tinker like this is strong.


« Last Edit: February 17, 2019, 07:18:55 pm by janoc »
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 8156
  • Country: 00
  • Display aficionado
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #38 on: February 17, 2019, 11:40:30 pm »
The most painful part is that's it's essentially DRM to prevent lawful owners from repairing their cars, while doing little in the way of actual security. Cars are still full of security holes, with hackers remotely activating brakes and throttle by means of a laptop.
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 6541
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #39 on: February 18, 2019, 04:23:11 am »
My car doesn't even have a computer, much less an OBD2 port :-//
 

Offline SilverSolder

  • Frequent Contributor
  • **
  • Posts: 846
  • Country: 00
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #40 on: February 18, 2019, 06:03:46 am »
Cars are still full of security holes

That's probably why they start and run reliably...

At work, the IT guys tell me 99.9% of the problems they deal with are to do with security.  [Not hackers trying to get in...  but security related software and systems causing problems for legitimate users]
« Last Edit: February 18, 2019, 06:06:48 am by SilverSolder »
 

Offline Rerouter

  • Super Contributor
  • ***
  • Posts: 4394
  • Country: au
  • Question Everything... Except This Statement
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #41 on: February 18, 2019, 07:05:31 am »
Your confusing the type of security, this is about basic things like buffer overflows, and only really for the non physical access hacks, e.g. way too many canbus connected radios can be used to gain read / write access to canbus via bluetooth or wifi without authentication. So far i have not seen any ECU's that get upset from byte extension, etc, because the transceiver discards everything that isn't valid.

For physical access, how they currently set things up and have workshops able to access or edit things prevent them from ever really locking it down, Just like how a certain line of chips have a programming method documented, if you dig in deep enough you can also find the programming methods for ECU's, ABS modules, Instrument Clusters, Etc, all via Canbus or through a proxy connection for most parts these days, as that is generally how they commission them on the assembly line.

The hard part is finding the definition of what byte controls what function or switch, how a given modules memory is segmented, etc, this is why most documented hacks only touch on the easy stuff like broadcasting standard messages like throttle position request, brake application request, gear selection request, This is the easy picking, especially if you have physical access, as its just replay attacks with well documented specifications. some cars even have fun things like steering wheel angle messages for full fly by wire vehicles. but you could repeat this "hack" with a ELM327 and an hour of your time on just about any car post 2003
 

Offline SilverSolder

  • Frequent Contributor
  • **
  • Posts: 846
  • Country: 00
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #42 on: February 18, 2019, 09:14:53 am »
The point is that adding security also adds extra layers of things that can go wrong and prevent the car you are trying to fix from working for the authorized owner/user.  That is the problem the IT guys spend their lives on -  encryption, configuring firewall rules, etc. etc.

I don't think it is a good idea (awful design, actually) that the radio can be used to hack into a car, but on the other hand if someone wants to mess with you and your car, they could let the air out of the tires or key the car, or partly cut the brake lines, or the steering linkages, or any number of bad things.  The only real security is for your car to be garaged and watched whenever you are not driving it...
« Last Edit: February 18, 2019, 09:16:30 am by SilverSolder »
 

Offline johnlsenchak

  • Frequent Contributor
  • **
  • Posts: 312
  • Country: us
  • js@antihotmail.com
    • paypal.me/johnsenchak
Re: EEVblog #1181 - Car ECO OBD2 Fuel Saver SCAM
« Reply #43 on: February 27, 2019, 04:44:27 pm »


Another  Big Clive  video  !


John Senchak "Daytona  Beach  Florida "
 jls (at)  antihotmail.com   http://www.antihotmail.com
https://www.facebook.com/john.senchak.1
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf