2020 Civic Type R support

[ayau]

With every new ECU, Hondata would have to deal with a new jailbreak as Honda would have patched their exploit used to get into the previous one(s). As exploits get patched, newer ones become more difficult to do. I know in the iOS/iPhone/iPad world of jailbreaking/rooting, a lot of developers now "hold onto" exploits to either release when the last version of a major (full-number) update comes out or the exploit gets patched by Apple by sheer luck since finding new ones became that much more difficult. As an architecture gets older finding new exploits will become increasingly difficult as holes are patched (both used and unused). It's a constant game of cat and mouse. I compared this to iOS/iPhone/iPad, but it can be applied to just about any architecture (Playstation, Xbox, Vita, DS, Wii, Switch, etc.). The time it takes to find a viable exploit, use it, and bundle it into an easy user application takes time.

Granted ECU is different than exploiting a phone or game system, they all do have their own challenges. I know for iPhone, there were some exploits that weren't persistent (they'd revert back to an unjailbroken state upon restart, so you'd need to rejailbreak after restarting the device).

thanks for explaining. Depending on who designed the ecu, Bosch for the CTR, I could see them potentially not patching the vulnerability. Also, it may be in Honda’s interest to not patch it due to the demand for aftermarket flashing, even though they won’t warranty flashes ecus.

Hondata already announced that Flashpro will support 2020, so I would assume they’re pretty confident about jailbreaking the ecu. It sounds like getting physical access to the ecu will he easier then trying to jailbreak it remotely.

Sponsored

 

[tinyman392]

thanks for explaining. Depending on who designed the ecu, Bosch for the CTR, I could see them potentially not patching the vulnerability. Also, it may be in Honda’s interest to not patch it due to the demand for aftermarket flashing, even though they won’t warranty flashes ecus.

Hondata already announced that Flashpro will support 2020, so I would assume they’re pretty confident about jailbreaking the ecu. It sounds like getting physical access to the ecu will he easier then trying to jailbreak it remotely.

A vulnerability is just that, it's an exploit that could compromise the security of the device. Keep in mind that while we use jailbreaking to do what we want it to do, a malicious person could in theory use the same exploit to get the car to do what they want it to do. Honda and Bosch have every reason to go about and patch every vulnerability they find due to this.

That said, the 2020 ECU has been jailbroken, but the instant jailbreak (at home method) isn't set up or ready. The ETA for this particular exploit is unknown (according to what I've last heard from Hondata); it depends on how long it takes them to find an exploit in the 2020 ECU (could be weeks, months, or never). This also does show that there was definitely patching done going from 2019 to 2020.

Edit: this is the main reason why if you're going to flash your ECU, make sure you trust the vender that is supplying the tune. Hondata and and KTuner have been in the business for years and definitely research heavily before releasing and updating tunes. There are many tuners out there with great reputations. However, if you do the wrong stuff or use a not-so-great tuner you could easily find yourself with a damaged motor.

 

[ayau]

Edit: this is the main reason why if you're going to flash your ECU, make sure you trust the vender that is supplying the tune. Hondata and and KTuner have been in the business for years and definitely research heavily before releasing and updating tunes. There are many tuners out there with great reputations. However, if you do the wrong stuff or use a not-so-great tuner you could easily find yourself with a damaged motor.

I assume you’re talking about t00ners that have no idea what they’re doing and are just cranking up the boost levels. I think the chances of running into these types are tuners are pretty low at a physical tuning shop. There are also tuners that are willing to take more risks to yield more power. Hondata is on the conservative side just due to their reputation. If someone is advertising an e-tune service for $50, then I hope that raises some alerts.

Unlike other tuning options, Hondata opens up the tables to the owner of the Flashpro device. In theory, you can mess up your own tune as well. Cobb, for example, requires tuners to purchase a separate tuner license.

With regards to the jailbreaking process, I’m curious if that person is someone internally that works at Hondata, or if they just hire whitehat hackers to perform the jailbreak. I’m sure they all have connections. This is a pretty niche skill and in high demand if you’re good, which makes me think Hondata and other flashing companies just hire out.

 

[tinyman392]

I assume you’re talking about t00ners that have no idea what they’re doing and are just cranking up the boost levels. I think the chances of running into these types are tuners are pretty low at a physical tuning shop. There are also tuners that are willing to take more risks to yield more power. Hondata is on the conservative side just due to their reputation. If someone is advertising an e-tune service for $50, then I hope that raises some alerts.

Unlike other tuning options, Hondata opens up the tables to the owner of the Flashpro device. In theory, you can mess up your own tune as well. Cobb, for example, requires tuners to purchase a separate tuner license.

With regards to the jailbreaking process, I’m curious if that person is someone internally that works at Hondata, or if they just hire whitehat hackers to perform the jailbreak. I’m sure they all have connections. This is a pretty niche skill and in high demand if you’re good, which makes me think Hondata and other flashing companies just hire out.

Yup, I refer to any tuners that have no clue what they're doing. Or a person who tries to set tune themselves without knowing what they're doing (anti-lag seems to be popular with those). Could also be a malicious person who wants revenge and has access to your car for whatever reason (super unlikely).

As for who's doing it, that's a good question. I wouldn't call it a niche skill, just about every electronics company hires some of these sorts of people to do this type of stuff. Even Apple poached one of the top jailbreakers in the iOS community (it was sad to see him go). I will say this definitely wouldn't be considered white hat since they don't find the exploit with permission from Honda (maybe they do? Doubtful though), probably more grey hat since there isn't malicious intent, but it's not with Honda's blessing.

 

[turbociv910]

I will say this definitely wouldn't be considered white hat since they don't find the exploit with permission from Honda (maybe they do? Doubtful though), probably more grey hat since there isn't malicious intent, but it's not with Honda's blessing.

*IF* hondata is contracted for them to reflash the ecus for the HPD cars, they have the security road map and unlikely it is much different than the production cars.

just my guess and 2 cent

 

[tinyman392]

*IF* hondata is contracted for them to reflash the ecus for the HPD cars, they have the security road map and unlikely it is much different than the production cars. IMO Hardest part of a password is knowing how many digits it is.

just my guess and 2 cent

I'd put money that Honda flashes their own ECUs and has their own engineering team tune the car. I could be wrong though.

An exploit to jailbreak a system is typically not a password. If it were, then Hondata would have a remote jailbreak in place for the 2020 already as they have a non-remote jailbreak available.

 

[turbociv910]

I'd put money that Honda flashes their own ECUs and has their own engineering team tune the car. I could be wrong though.

An exploit to jailbreak a system is typically not a password. If it were, then Hondata would have a remote jailbreak in place for the 2020 already as they have a non-remote jailbreak available.

i updated my post once i thought about it more , youre right, its not that easy.

 

[SW20MR2]

Will remote clone to new jailbreak ECU will be available (eventually) for 2020?

 

[Centripetal]

I'd put money that Honda flashes their own ECUs and has their own engineering team tune the car. I could be wrong though.

An exploit to jailbreak a system is typically not a password. If it were, then Hondata would have a remote jailbreak in place for the 2020 already as they have a non-remote jailbreak available.

Way back when keyless entry started to hit the market, I was working on a part of that system, and we were doing a exchange with the Bosch ECU. Recently, I was arguing with a car buddy of mine and stated “there is no way to unlock those ECM without opening it” because I knew how locked down they could be. Then @Hondata released the remote jail break. Naturally, I had tell my friend, “see I’m wrong”.
The way most modern ECUs work is they have a framework like AUTOSAR so manufactures don’t have to completely develop to a different API every time. Honda probably does modify some of the running code.
As for vulnerabilities, I think they may be difficult to find because of compliance to standards like ISO 26262 and MISRA, which can require code analysis (static and dynamic) and 100% unit test coverage. The ECM is a safety system and tested rigorously. If it’s locked down properly, it will be a challenge to unlock without physical access.
Hopefully I’m wrong and they’ve left a big gaping hole or it can be done by brute force.

 

[ayau]

Way back when keyless entry started to hit the market, I was working on a part of that system, and we were doing a exchange with the Bosch ECU. Recently, I was arguing with a car buddy of mine and stated “there is no way to unlock those ECM without opening it” because I knew how locked down they could be. Then @Hondata released the remote jail break. Naturally, I had tell my friend, “see I’m wrong”.
The way most modern ECUs work is they have a framework like AUTOSAR so manufactures don’t have to completely develop to a different API every time. Honda probably does modify some of the running code.
As for vulnerabilities, I think they may be difficult to find because of compliance to standards like ISO 26262 and MISRA, which can require code analysis (static and dynamic) and 100% unit test coverage. The ECM is a safety system and tested rigorously. If it’s locked down properly, it will be a challenge to unlock without physical access.
Hopefully I’m wrong and they’ve left a big gaping hole or it can be done by brute force.

This is interesting stuff. Do you mind sharing why having physical access to the ECM makes jailbreaking more easy? Do you have to physically open the ECM and get access to the board?

For instant jailbreak, are you essentially getting privileged access to the ECM via an API vulnerability? Is this why you can instant jailbreak with just an OBD2 connection?

 

[Omgmok]

If a calibration is 'stock equivalent' then it will say, so all the other calibrations are tuned for whatever parameters they list. A couple of software versions ago we changed 'stock equivalent' to 'factory settings' so that people don't confuse it with 'return to stock'.

Stupid question, but if I want to go back to running the stock tune for the time being until I get a custom tune done, which should I use? 'Return to stock' option or just flash the 'factory settings' tune?

 

[Hondata]

I’m curious if that person is someone internally that works at Hondata

I do the jailbreak development, so it is internal.

Will remote clone to new jailbreak ECU will be available (eventually) for 2020?

Read post #22

Stupid question, but if I want to go back to running the stock tune for the time being until I get a custom tune done, which should I use? 'Return to stock' option or just flash the 'factory settings' tune?

Not sure why you need to go back to stock, but either option will work.

 

[LoganP]

@Hondata I recently ordered a Flashpro unit for my 2020 & was issued a refund as I was told jailbreaking was completely unavailable at the moment? Would you mind confirming or denying whether I can physically mail my ECU to your location & have it jailbroken? I understand that remote jailbreak is out of the question for the foreseeable future, however if there is still the option to physically do so I'd love to re-order my Flashpro unit & go that route.

Couldn't find any solid info on whether or not this is possible at the moment, so would definitely appreciate some clarification!

Thanks in advance.

 

[arbies]

@Hondata I recently ordered a Flashpro unit for my 2020 & was issued a refund as I was told jailbreaking was completely unavailable at the moment?

Similar situation for me. I bought the Flashpro from the Honda dealership where I bought my 2020 CTR. This dealership apparently also unlocks the ECUs (not sure if they use instant jailbreak or another method). Later found out they couldn't unlock the 2020 ECU, so I got a refund on the Flashpro.

 

[Dabeast]

See post 22

Sponsored