What's a company secret you can share now that you no longer work there? - eviltoast
  • ttr@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    I am VERY interested in your knowledge here. Feel free to DM me if you don’t want to post the info publicly. I pay this company, so I’m not looking for a free ride. I’m mostly just interested in how it all works.

    • eyezhenn@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      There is a decent amount of detail to go into to get to the meat of the issue. In hardware cases, the crux of the problem is that provisioning is generally pretty separated from the actual service and relies heavily on a data channel with the’tier 1’ manufacturers of the hardware modules. This all happens before the hardware is included in the vehicle manufacturing process such that the radios can be enabled as a trial on the dealership lots. There is a mode, however, that is used to ‘fake’ the id signature and fill the signed value with all 0s such that the device can be tested at the manufacturer before it is assigned a real id. If you write this flag to ROM, you could effectively gain full access immediately. However, because the software+hardware solution still uses the id for device with to gain IP service, you could also just proxy the traffic on an IP radio and use that signing mode to gain free access in IP much easier.