updated prius firmware - Page 2 - Toyota Prius Forum : Prius Online Toyota Forums
User Tag List

Reply
 
LinkBack Thread Tools
post #11 of 22 (permalink) Old 01-19-2006, 12:25 PM Thread Starter
Junior Member
 
Join Date: Jan 2006
Posts: 28
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
(Thread Starter)
Default

Quote:
Originally Posted by KTPhil
I also expect there are checksums in most of the files, and changing a few bits would probably end up disabling the car for a "bad S/W load" type of error at startup.
There's always ways around that. Do you guys know what CPU that update file is going to be run on inside the car? I could probably fire up IDA Pro and reverse it a little if it is supported. Otherwise, I'd have to patch the CRC checks, if any, manually by guessing some stuff about the binary. Actually, if IDA supports this CPU, it wouldn't be hard to reverse if it is not protected. It seems like it is not well masked/encrypted, since the textual data is unaltered in the binary. This is a good sign that it could be easily reversible
khermans is offline  
Sponsored Links
Advertisement
 
post #12 of 22 (permalink) Old 01-19-2006, 01:24 PM
Senior Member
 
Join Date: Apr 2005
Posts: 344
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Default

Quote:
Originally Posted by DanMan32
Galaxee, don't confuse drivetrain reprogramming with AVC reprogramming. Those TSBs/ SSCs are reprogramming the ECM/HV ECU, not the NAV or MFD.

If you recall, updating the combination meter for the fuel guage problem required a replacement, not an onboard firmware update. Which by the way, that is on a separate LAN called the BEAN (Body Electronics Area Network).

The NAV can get a firmware update through the DVD. Not sure about the MFD though. The file on the DVD that is actual code is LOADING.KWI.
he said firmware update and the first thing i thought of was the recall updates. eflier on priuschat has played around with the mfd programming quite a bit in his work with the can-view and says it may not be possible to do much with it. this was in response to a post by iggy1iggy asking about reprogramming the mfd.

i'm flying solo this week, DH is down in jax for some more training classes till saturday, but i just thought i'd just share whatever i could recall...
galaxee is offline  
post #13 of 22 (permalink) Old 01-25-2006, 12:43 PM
Senior Member
 
Join Date: Apr 2004
Location: Michigan
Posts: 128
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Default

I'll offer a little insight. Not the full needs, but part.

The code downloaded into the car is hex. To access the code, you must get it from Toyota (in this case). The code access is well protected to prevent hacking. If you could get the code, you would need to decompile it. Thus you need the processor type and preferably the language used for development. Then you would need access to the program comments to be able to understand what the over 100,000 lines of code are doing. You don't get the comments with the code. If you could figure out some of the code and modify it without the comments, then you would need to know the correct encryption keys used to verify the software is indeed whole and accurate, a step above checksums and other file checks made to ensure accuracy and legitimacy. Then you would need to have access to the programmer. This is a proprietary special tool from Toyota (in this case). Let's assume you get that. So you load your software into the scan tool, and attempt to program. If the encryption keys, programming allowance keys, etc. are not correct the program will not load. If it does not load, it might (depends on the programming sequence) have cleared the existing program and you now have a dead ECU.

We have been working on software security for vehicles for more than two decades. While impossible is not necessarily true, there is significant effort made to prevent modification to critical software. Imagine if someone could reprogram your air bags not to deply, of the brake system to release pressure upon a brake apply. The software sets are large, complex, and secured. I doubt you could get access to one, but if you could, the size and complexity is such that reverse engineering is out of the question. Attempts at it were successful to a small degree two decades ago when the software was simple and small. I have not heard of any success during the last 10 years. Most computers now communicate information to other computers for active use. One mistake in a data value can corrupt several computers in the vehicle.

Some companies have gained access to some engine calibrations. This allows modification of spark and fuel curves, among others, but not to the core program. Of course if you burn a hole in a piston, it is your problem.

2004 Driftwood Pearl #9
mdacmeis is offline  
 
post #14 of 22 (permalink) Old 01-25-2006, 02:03 PM
Senior Member
 
Join Date: Jan 2005
Location: Los Angeles area
Posts: 2,285
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Default

Anyone know if Toyota software meets DO-178B requirements? Safety in software is one advantage of using a system that meets this certification. It's probably overkill for a car, but perhaps Toyota is using it. Or maybe IEC 61508?

2005 Seaside Pearl, BC#6
KTPhil is offline  
post #15 of 22 (permalink) Old 01-25-2006, 03:37 PM
Moderator
 
Join Date: Aug 2004
Location: Tampa Bay
Posts: 7,162
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Send a message via AIM to DanMan32 Send a message via MSN to DanMan32
Default

Actually, by law, Toyota has to provide the updates that comply with the J2534 interface, which is generic. They can charge for the service.

See https://techinfo.toyota.com/public/main ... flash.html

Now the code itself may be secured so that editing would be futile. After all, all that is require is to allow a generic 'file' transfer. It doesn't mean that the contents of the file are encrypted at Toyota, and decrypted by the ECUs for install once they receive it.
DanMan32 is offline  
post #16 of 22 (permalink) Old 01-26-2006, 03:05 PM
Senior Member
 
Join Date: Apr 2004
Location: Michigan
Posts: 128
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Default

Quote:
Originally Posted by DanMan32
Actually, by law, Toyota has to provide the updates that comply with the J2534 interface, which is generic. They can charge for the service.

See https://techinfo.toyota.com/public/main ... flash.html

Now the code itself may be secured so that editing would be futile. After all, all that is require is to allow a generic 'file' transfer. It doesn't mean that the contents of the file are encrypted at Toyota, and decrypted by the ECUs for install once they receive it.
This requirement is for OBD-II compliance. In this area, the requirement is to be able to access the trouble codes for service. After much debate during the early 90's and with Ford, GM, Toyota, etc. all using different protocols to access their codes thus requiring several different scan tools which were also deemed proprietary and restricted to dealers, the OBD-II agreement allows a common architecture to access a minimum amount of information. Dealer tools often include much more diagnostic capability and more data than the generic tools provide. Messages were established that contain specific data in specific byte locations, thus making the basic message content generic. The access method is simply a message sent by the tool requesting a specific message response. If formatted correctly, the vehicle device responds with the data packet requested. This is a read-only capability. If codes are requested to be cleared, this message is sent to the vehicle device, which then clears the codes using its own internal code to accomplish this.

2004 Driftwood Pearl #9
mdacmeis is offline  
post #17 of 22 (permalink) Old 01-28-2006, 10:06 AM
Moderator
 
Join Date: Aug 2004
Location: Tampa Bay
Posts: 7,162
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Send a message via AIM to DanMan32 Send a message via MSN to DanMan32
Default

If you even look at the URL, it is to FLASH the car, not just to get the code.

Might I suggest you click on the link and see what you get. There ARE tools to update the programming of cars.
DanMan32 is offline  
post #18 of 22 (permalink) Old 02-13-2006, 02:09 PM
Senior Member
 
Join Date: Apr 2004
Location: Michigan
Posts: 128
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Default

I understand that. Different issue. Generic tools cannot FLASH cars. The ability to change the program code is complex and proprietary, and as I wrote elsewhere, highly complex to prevent unauthorized changes.

2004 Driftwood Pearl #9
mdacmeis is offline  
post #19 of 22 (permalink) Old 02-13-2006, 08:02 PM
Moderator
 
Join Date: Aug 2004
Location: Tampa Bay
Posts: 7,162
Mentioned: 1 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Send a message via AIM to DanMan32 Send a message via MSN to DanMan32
Default

Yes they can and no you don't. Click on the link and you will see. I am not speaking of DTCs here, where you get a scanguage or something like that to read the errors. I am talking about devices that let you update the firmware on your vehicle, using the manufacturer's firmware update.

A generic tool doesn't have to compile code, only transfer it. An FTP protocol (or HTTP for that matter) can transfer a file, even if the file is encrypted. It is up to the creator of the file, and the one to use the tranferred file to encrypt/decrypt for proper use. A clerk could FTP it without knowing the contents.

I would agree that Toyota would have to provide the file (or files) that is being flashed into the car, but a generic flash tool could be used (and as per the link has been standardized) to transfer the toyota provided flash file into the ECU. Then if security is placed on the data, such as encryption, authentication, and/or checksum, the ECU could verify the file's signature, and decrypt the file.

Would it be easier or safer to use the genuine Toyota tool? Most likely. Is it absolutely necessary? Not at all. Heck, the THHT is a generic tool with Toyota provided software anyway.
DanMan32 is offline  
post #20 of 22 (permalink) Old 02-13-2006, 11:32 PM
mrv
Moderator
 
Join Date: Nov 2002
Location: some north east state in USA...
Posts: 2,820
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Send a message via AIM to mrv Send a message via Yahoo to mrv
Default Re: updated prius firmware

Quote:
Originally Posted by khermans
Isn't there some way to update the Prius internal software via firmware on a CD or DVD (with Navi)? I have heard that to update the Navi maps, you need a DVD update of something. Is this true with the firmware, and how can this be done? I am interested in how this all works...very fascinating
Depends- what type of Prius do you have? What are you trying to update?

If you have a NHW10 or NHW11, the only way to update an ECU is to replace the ECU.

If you have a NHW20, you can visit your dealer, and if there is such an update (service campaign) it'll be uploaded via the Toyota Hand-Held Tester (THHT) (which was downloaded from the dealer's technical data site) through the OBDII port onto the required ECU. Expect a few hours for that to finish... But I don't think that all of the ECUs can be flash-programmed in this fashion yet.

If all you want to do is to update the maps/POI data for your navigation system, then you have to purchase an updated data navigation DVD from your dealer. I think that the newer DVDs will also have some navigation ECU reprogramming (for better routing algorithms, for example, as seen in the LSC 40J for the early 2004s).

-- Michelle Vadeboncoeur, mrv@kluge.net
2001 Aqua Ice Opalescent
2004 Black BC
fuel stats: http://www.kluge.net/~felicity/prius.php
mrv is offline  
Reply

Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



  Similar Threads
Thread Thread Starter Forum Replies Last Post
Official Toyota Remote Start for Prius? UPDATED (Answer: No) cshbell Toyota Prius Accessories & Add Ons 50 07-30-2016 09:11 AM
screen updated tea Toyota Prius Technical - Q & A 1 05-24-2006 05:16 PM
Fox Lake Toyota Has 2006 Prius In stock. Updated Inventory Fox Lake Toyota Dealers, Purchasing and Ordering 0 04-01-2006 07:02 PM
Did we get the 2005 updated May Prius? leeskarha Toyota Prius General Discussion 4 06-24-2005 02:59 PM
Updated to Michelin Hydroedge Tires on Prius SLowen Toyota Prius - Technical Chat 0 07-04-2004 09:09 AM

Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome