• Effective immediately we will be deleting, without notice, any negative threads or posts that deal with the use of encryption and streaming of scanner audio.

    We've noticed a huge increase in rants and negative posts that revolve around agencies going to encryption due to the broadcasting of scanner audio on the internet. It's now worn out and continues to be the same recycled rants. These rants hijack the threads and derail the conversation. They no longer have a place anywhere on this forum other than in the designated threads in the Rants forum in the Tavern.

    If you violate these guidelines your post will be deleted without notice and an infraction will be issued. We are not against discussion of this issue. You just need to do it in the right place. For example:
    https://forums.radioreference.com/rants/224104-official-thread-live-audio-feeds-scanners-wait-encryption.html

Encrypted CAN Bus and Diagnostics

Joined
Apr 30, 2014
Messages
177
Location
UK
#1
This is or soon will be a hot potato in the US.

All current manufacturers are now closing down the EOBD diagnostic ports from all but "official" diagnostic equipment. Some of these restrictions are simple like having to have the bonnet/hood open or as in the case of FCA (Fiat Chrysler Automobiles) they fit a Security Gateway Module onto the CAN Bus and it is buried deeply behind the dashboard and not readily accessibly.

In the near future the whole of the CAN Bus will become fully encrypted. This means that all vehicle "nodes" will have encryption/decryption keys that as things stand will only be available/work if you subscribe and possibly only use specified manufacturers diagnostic kit.

Typical current FCA subscription fees are around $1500 *PER* type of access. $1500 for workshop manuals, $1500 for basic diagnostics, $1500 for ECU and Key programming ability, $1500 for official parts listing access.

Now for those that (meant nicely) are just car drivers this does not affect them. But for current and classic car owners who maintain their own cars the future is looking bleak.

I have not problem or issues with manufacturers "lock down" ECU programming, key and immobiliser programming and other SECURITY related stuff. However it looks like any FCA 2018 vehicle will allow diagnostic kit to read fault codes but not reset them! So your engine knock sensor fails you replace it but you cant reset the error. This has nothing to do with fundamental vehicle security.

So we come to the (I believe) forthcoming legal action on "Right To Repair".

This will be very interesting and probably devastating depending on how US courts act/respond. The manufacturers will say that they are not blocking the right to repair but have a legitimate right to charge for the technical information AND SYSTEMS ACCESS AUTHORITY to allow you to diagnose and repair your vehicle.

I'm not sure how this will all pan out but I believe a fundamental mistake has been made by manufacturers and it is up to society pressure and courts to quickly guide and modify where we are going and as soon as possible.

I pose two major points:

1) Yes everything that can be done to protect the SECURITY or your expensive investment MUST be done

2) Everything outside of (1) should be basically unrestricted

My final point is this. For classic car owners ( I have a 31 year old Italian performance and rare car) I know for fact that the manufacturer no longer even supports basic mechanical parts and it has been like this for 25+ years. Lets roll the clock forward. Are BMW, Mercedes, etc. going to have the computer systems AND DEALERSHIP SUPPORT etc. to support 30+ year old models first introduced in 2017/2018.

Looks like things are going to get very interesting. I can see before long one will not be able to or possibly legally be allowed to maintain your own bicycle, skateboard or wheelchair.
 
Joined
Apr 30, 2014
Messages
177
Location
UK
#5
How can this even be legal?

I can see this going over like a lead balloon.
Well as legal as any manufacturer has the right to keep their interfaces proprietary for their equipment. HOWEVER when we come to EOBD then I guess one has to dig deep into the statutory country legal requirements. Original EOBD (read US California state and others) require manufacturers to provide and interface for authorities to examine engine ECUs for correct operation with respect to clean air and pollution standards. ABS, Air Con, Gearbox, and the vast collection of other items were no covered by there legal requirements. Also original engine requirements were "examination" and "testing" and did not cover fault evaluation and error resetting.

All modern EOBD systems have standard generic functions and codes (read basic pollution control requirements) and then very many manufacturer specific codes, functions, tests and actuator control functions.

So in essence yes they (manufacturers) can dictate and control to what extent and how their diagnostics systems are available. And yes I guess they can and actually do charge for diagnostic interface specifications.

No doubt this will become an interesting legal case if pressed by independent automotive agents/authorities. Also the "right to repair" and the sensible "green" agenda of "repair and not scrap" lobbies take up the case.

Time will tell but at this point in time it is looking very bleak from where I'm standing.
 

nmelfi

Member
Premium Subscriber
Joined
Apr 24, 2011
Messages
287
Location
Travelers Rest S.C.
#6
Mercedes and BMW have already locked out coding for the aftermarket. Have not ran into it with Fiat yet. It should be illegal as that was the point in OBDII. But it is happening, just another downfall in modern society. Forced to do things.
 
Joined
Mar 6, 2008
Messages
2,581
Location
New York North Carolina and all points in between
#7
Like buying a printer nowadays, they basically give the printer but you pay through the nose to replace the cartridge. This is all part of planned obsolencence, and force you into buying an new car after it goes out of warranty. I may keep my existing 2015, 2013 and 2009 cars , and I hope this boomeranges so that people stop buying new cars as a result of this. Alas the melinials have no idea whats coming.
 
Joined
Apr 30, 2014
Messages
177
Location
UK
#8
I would suggest that near on 90%+ of new vehicle buyers use authorised.manufacturer dealers during the vehicle warranty/early years. I would also suggest that 95%+ vehicles owners have no knowledge of vehicle diagnostics let alone the finer implications of interface encryption.

Sadly this means that 90% to 95%+ of the public will carry on buying new vehicles. "Down the road/line" they might be *issed off but by then it will be too late or of no concern.

The only people who can challenge etc. is the independent automotive industry associations. They will be the ones facing increased costs and possibly deciding to only service/repair certain makes in the future.

For the likes of us owners who maintain, serivce and repair our own vehicles then things could be bleak. Having said this the "hacking" community will have some more projects to work on that might alleviate the situation.
 
Joined
Apr 30, 2014
Messages
177
Location
UK
#11
With most normal diagnostic EOBD/manufacturer specific kit then engine performance, emissions, related can not be changed. There are devices and manufacturer kit that allows the loading of new engine maps etc.

People who want to re-map their vehicles (excluding motor sport) will just go so a specialist company and pay them to do it.

What we are talking about here is the wholesale approaching to cutting off all legitimate diagnostic and repair functions unless your have the manufacturer's kit, or after market manufacturer compatible kit (compatible with their way/method of encrypting) AND pay $1500 - $2000 a year for the privilege.

The major driver in this is vehicle security and theft. What the industry should be doing is to ring fence the security related functions and apply encryption etc. to just these functions and leave normal diagnostic and repair functions alone. Instead they are taking the cheap and easy function for them and then charging the automotive garages etc. for access at the same time.

There is also another potentially worrying thing that could occur and that is a "dead" vehicle. If all the messages on the CAN-Bus are encrypted then this means that messages between the instrument cluster, body computer, parking sensors, door node, lighting nodes, etc. (can be 30+ such nodes in a modern vehicle) will require decryption with a valid "per vehicle unique key". Should there be a "glitch" or the key is lost then the whole vehicle will just lock up. Electric Power Steering Node will just lock up leaving the driver barely able to turn the steering which is a safety issue. Functions like Emergency Brake Assist, Anti Collision Radar, etc will all also fail.
 
Joined
Mar 6, 2008
Messages
2,581
Location
New York North Carolina and all points in between
#12
Quote"
Not all a guise, as the manufacturers are being tasked with making sure people do not alter engine performance, for emissions reasons.

BS, this is all to enrich the car manufacturers by ensuring all repairs end up at the dealership. Even after the repairs are done by you or someone else you can't reset the code. Car manufacturers have been trying to eliminate backyard mechanics for over 40 years even back when the first emissions standards came out. Ford bought up all the major junk yards to prevent used engine replacemnts in their products 10 years ago. This also eminiates the car tuners which have been a PIA for them since they lost out in a court battle that says modifing the engine performance doesn't nullify the warranty.

I was considering a new Durango, but with FCA's new encryption scheme in place they just lost that and any other future sales from me.

Quote"
The major driver in this is vehicle security and theft.

Also BS, those modules on the CAN bus are already isolated and cannot be accessed without factory software, but if you want to encrypt them go ahead, but I will just have them disabled as part of the car sale or no car deal. I can install my own anti-theft that doesnt freak out when you park in mid town NYC or near some hi-power transmitter, or cost you $500.0 when you lose a key fob. It can be done as all PD cars come without it installed or enabled. BTW I just heard some of the Chevy anti-theft systems no longer meets insurance standards. They don't like the auto unlock feature when you have the fob in your pocket and don't physically activate the unlock button.

All I can say is I wish I had more time to investigate all this new interconnected crap on the new cars before I bought my 2019 Fusion. I see that car going away as soon as the warranty expires in 3 years, and I will go back to a mid 2000's car bought from some little old lady in Florida that kicked the bucket. Better yet a 1966 Mustang Fastback like the one I had as a teenager.
 

wx5uif

Member
Premium Subscriber
Joined
Aug 24, 2006
Messages
645
Location
Broken Arrow, OK
#13
It's been a couple of years, but I thought the point of the OBD2 specification was interoperability to read CAN data for diagnostics. I think there is / was a US law that prohibited encrypting or obfuscating the OBD2 diagnostic data.

I know several makes lock the programming data. However, some of the 'keys' have been found or you can order an aftermarket computer to use to tune certain vehicles.
 

krokus

Member
Premium Subscriber
Joined
Jun 9, 2006
Messages
3,619
Location
Southeastern Michigan
#14
BS, this is all to enrich the car manufacturers by ensuring all repairs end up at the dealership. Even after the repairs are done by you or someone else you can't reset the code. Car manufacturers have been trying to eliminate backyard mechanics for over 40 years even back when the first emissions standards came out. Ford bought up all the major junk yards to prevent used engine replacemnts in their products 10 years ago. This also eminiates the car tuners which have been a PIA for them since they lost out in a court battle that says modifing the engine performance doesn't nullify the warranty.
There are mandates in place, that the manufacturers must prevent alterations to approved engine configurations. The manufacturers are being held accountable.

Just because you do not like it, does not make it BS.

Sent using Tapatalk
 

nmelfi

Member
Premium Subscriber
Joined
Apr 24, 2011
Messages
287
Location
Travelers Rest S.C.
#16
You can still read using a aftermarket scan tool that has factory software in it. You just can not recode things such as a module replacement or keys.
It's been a couple of years, but I thought the point of the OBD2 specification was interoperability to read CAN data for diagnostics. I think there is / was a US law that prohibited encrypting or obfuscating the OBD2 diagnostic data.

I know several makes lock the programming data. However, some of the 'keys' have been found or you can order an aftermarket computer to use to tune certain vehicles.
 

nmelfi

Member
Premium Subscriber
Joined
Apr 24, 2011
Messages
287
Location
Travelers Rest S.C.
#18
I know, you are one of the smartest guy's here. Silly me! You would think after 40 years of owning a upscale repair shop and being a Master Certified Tech, I would have learned something.
 
Joined
May 7, 2004
Messages
3,679
Location
RLG, Fly heading 053, intercept 315 DVV
#19
This is bunk. A computer easily bought at China Harbor (Harbor Freight) can help you figure out what simple chip needs to be replaced because of this or that. Locking that out from the consumer would be a financial burden. I hope it goes to the Supreme Court.

I'd like to build my own natural gas power hybrid myself. To hell with this new crap. Can't even work on it anyway.
 
Top