View Single Post
Old 02-22-2012, 02:02 PM
dixiejwo dixiejwo is offline
Dodge Ram Forum Senior Member!
Join Date: Dec 2011
Age: 38
Posts: 88
Gender: Male
Vehicle: 2012 Ram 2500
Rep Power: 0
dixiejwo is on a distinguished road

I am a software developer (electrical engineer by training) who's been involved in a lot of PC and embedded projects over the years. Perhaps I can shed some light on what's going on with these tuners. First some background...

An encryption system in its most basic flavor relies on two things: an encrypted payload that usually looks like random scrambled characters and a key that can be used to decrypt it. It can get quite a bit more complex but those two elements always exist. The key can be a number of might be a password that's in your head (like in the case of encrypting your hard drive) or a large string of numbers stored somewhere else (like in the case of online banking) or even something completely random.

Since encryption algorithms are generally known and published, the encrypted payload can theoretically be descrambled mathematically without knowing the key. The reason encryption is effective is simply that the math problem is hard and it takes a very, very long time to solve, even for a computer. Having the key fills in one of the variables and makes the problem trivial to solve. Barring a huge leap in computer technology or mathematics (especially prime numbers) the encrypted data is safe unless the attacker has the key.

The challenge here likely has nothing to do with breaking the encryption. That's not realistic or even necessary. The PCM code may be encrypted but the truck sitting in your driveway already knows how to decrypt that code. It must or it couldn't use the code either. Each of our trucks already has both the key and the decryption code in it. The trick is to find it.

(For what it's worth the situation is similar to DVD movies. They are distributed encrypted but, of course, your DVD player must know how to decrypt them or they're useless. So between the DVD and the DVD player one or the other has the key. And it's all over the Internet now too.)

The challenges they're facing are probably:

1. Finding the key. It could theoretically be on any connected piece of silicon in the truck. And it's not like there's a comment that says "KEY STARTS HERE"'ll probably look very similar to the encrypted code itself. There may be multiple.

2. Identifying the encryption algorithm. Usually not hard since you probably had to decompile the loader routines to locate the key(s) anyway. Sometimes you get lucky with trial and error. Other times they've done something homegrown and you have to implement it line by line.

3. Dealing with the fact that each of our trucks probably has a different key. If I were designing the system for maximum security I'd do that and make sure whatever component held the key was electrically isolated from the OBDII port. That would make it very difficult to create a universal programmer that was convenient for the end user (read: marketable).

(Does anyone know how the dealer flashes our trucks? Via a cable to that port? Or do they remove the unit and plug it in to something else? That process would be similar to what a tuner would have to do.)

4. Getting the lawyers to approve it. It's kind of a gray area but the DMCA has been used to prosecute people for subverting encrypted systems. The argument would be that Chrysler wrote the PCM code and encrypted it (in part) to prevent theft of trade secrets by other automakers. Producing and marketing a device that can decrypt that code as a tuner would have to do would probably violate Chrysler's rights under the DMCA. The law that protects Chrysler's IP might inadvertently prevent you from tuning your truck.

As I understand it there actually is case law around #4 from when Apple started encrypting their BIOS code a number of years ago. I don't know a whole lot about it but I'm pretty sure that's part of the reason why you still can't legally buy a commercial product that lets you run MacOS on your PC.

Issues #1 and #2 above are completely solvable by someone with the right tools, knowledge, time and a Dodge truck. My guess is that #3 and #4 are the real challenges...trying to package something that's fit for the end consumer and keeping Chrysler from suing you. After all if they didn't mind trucks under warranty being tuned then they wouldn't have bothered encrypting it in the first place.

My bet is we'll see something right about 2015 when the 2012s start going out of warranty.

Last edited by dixiejwo; 02-22-2012 at 02:07 PM.
Reply With Quote