Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Encryption Programming Security

Hyundai Uses Example Keys For Encryption System (schneier.com) 107

Posted by BeauHD from the slow-clap dept.
"Hyundai predictably fails in attempting to secure their car infotainment system with a default key lifted from programming examples," writes Slashdot reader sinij. "This level of security is unfortunately expected from auto manufacturers, who also would like to sell you always-connected Car2Car self-driving automobiles." Cryptographer and security experience Bruce Schneier writes: "Turns out the [AES] encryption key in that script is the first AES 128-bit CBC example key listed in the NIST document SP800-38A [PDF]," writes an unidentified developer under the name "greenluigi1." Luck held out, in a way. "Greenluigi1" found within the firmware image the RSA public key used by the updater, and searched online for a portion of that key. The search results pointed to a common public key that shows up in online tutorials like "RSA Encryption & Decryption Example with OpenSSL in C." Two questions remain:
1.) How did the test key get left behind?
2) Was it by accident or design?
This discussion has been archived. No new comments can be posted.

Hyundai Uses Example Keys For Encryption System More

Hyundai Uses Example Keys For Encryption System

Comments Filter:

  • How many? (Score:5, Funny)

    by godrik ( 1287354 ) on Monday August 22, 2022 @10:08PM (#62813267)

    Bruce,
    how many people do you want to strangle when stupid mistakes like that happen?

    • Most likely this was about lack of communication.

      • Re:Probably some manager (Score:5, Interesting)

        by Z00L00K ( 682162 ) on Monday August 22, 2022 @11:54PM (#62813407) Homepage Journal

        We'll fix that later. Then deadline for software release approaches and later don't occur.

        Or the person that did use the example data was laid off and hadn't documented it.

        Why not get it right directly? That's usually because it requires a PKI infrastructure that's not in place when the first integration happens. The IT department on large companies has a lead time of a year to get things like that rolling. Often from an outsourced IT department that's billing by the hour so it has to be budgeted first as well - and then they'll have to find someone knowing how to set up a certificate server.

        • Or the person still works there. "Hey Young-Jae, we need some sort of update system for this, can you do it? Just look on Stackoverflow, there's bound to be an example on there you can use". Given the amount of care and effort that goes into, say, ABS software, this is an afterthought to an afterthought, it's not surprising there are bugs in it. And the use of a well-known key will be just the most obvious one, it'll be full of holes top to bottom because crypto is really hard to do right.

        • Re: (Score:2)

          by bn-7bc ( 909819 )
          yea that issue should have been listed as release blocker in whatever system they use

          • Re: (Score:2)

            by Z00L00K ( 682162 )

            The decision of "release blockers" are taken by managers with no clue at all about the severity. They only care about things that the user would recognize as being a problem.
            If the vehicle works as intended then it's not registering as a stopper.

            • Re: (Score:2)

              by bn-7bc ( 909819 )
              Right silly me, for some reason I thought that important decisions like that where taken by people with a clue, my bad

      • Re: (Score:2)

        by gweihir ( 88907 )

        Most likely this was about lack of communication.

        Communication with reality, you mean? Or communication when HR hired people that the domain experts told them to never, ever hire under any circumstances?

        • You have a reality in which the HR people ask domain experts for hiring recommendations? Impressive...

          • Re: (Score:2)

            by gweihir ( 88907 )

            No, I wrote that HR was told to not hire them. HR obviously does not ask and does not listen.

  • ROFL (Score:5, Informative)

    by Midnight_Falcon ( 2432802 ) on Monday August 22, 2022 @10:14PM (#62813279)
    Really!?!? I mean, there's mistakes in key generation. Using a flawed PRNG, or a bad protocol. Keys getting exposed through other methods. But this has to be the singularly most noob thing possible...copying a key from an example manual from NIST (the textbook for this), and using that..instead if generating your own key.

    And it's not like this secures some high school project or little DIY maker faire type item..it's every Hyundai car's updater.

    That means anyone can now apply updates with custom firmware and jailbreak your Hyundai!

    • 95% of professional programmers are noobs in some way. Seriously, this sort of mistake does not surprise me, more surprising is that it got allowed. Ie, "we need someone to implement security, who's the cheapest consultant on our list?" Or "I've been programming for 20 years, let me do it!" Or, "let's delegate it to our outsourcing company!" Or "Why hire someone when I can do it!"

      Honestly, I see so many people attempting to do stuff they have no business doing. Because they think they're helping. I h

      • Re: (Score:3)

        by ls671 ( 1122017 )

        For security, you should never skimp on the cost. And also don't just buy a library then get some cheap guy to integrate it for you, because even if you paid for a security library you still need an expert to use any of them properly.

        I never had to buy a single library in ~25 years to generate keys and certificates, is this really a thing?

        • I never had to buy a single library in ~25 years to generate keys and certificates, is this really a thing?

          Me neither. AFAIK, there's free utilities in both CLI and GUI format for macos, linux and windows to generate all the keys you'd like, especially the type of keys you'd see in examples in NIST guidelines.

      • The problem, of course, is that if you don't have much security knowledge, you can't distinguish between good and expensive vs bad and expensive. There are plenty of 'security consultants' out there who aren't any better at security than your neighborhood CEH but have mastered the art of marketing.

    • Re: (Score:3)

      by ceoyoyo ( 59147 )

      It's a car stereo. If someone's in your car "updating" it, they're more likely to update it right out of there, along with the rest of the car. Someone was probably told to implement some signed code security, you know, stuff, but make sure it doesn't break anything.

      Now, if you used that as a backdoor to give yourself free heated seats or something, it would get fixed in a hurry.

      • Individual vulnerabilities by themselves rarely lead to exciting exploits. The fun happens when they are put together. Being able to sign one's own updates doesn't matter much if you can't get them downloaded to the vehicle. Unfortunately somewhere else there will be loose controls on the update site because it is thought to be a low-value target since, after all, only signed updates can be installed. An attacker who gains access to update the downloads doesn't achieve anything. A moderately creative a

        • Re: (Score:3)

          by ceoyoyo ( 59147 )

          It's a car stereo. People bitch about their consumer gadgets being locked down. Well, this one isn't. Maybe Hyundai is just getting a head start on complying with the new repairability laws.

          • There is a difference between locked-down and secured. Secured means that only the owner has access to it. Locked-down means only the seller does. Infotainments systems are not "car stereos." They typically also have safety functions and need to be operable to operate the car legally. If nothing else they are interfaces to backup cameras. But they may also play other roles in driver-assistance functions. If the radio crashes or reboots during driving, there might be a safety concern. The OTA likely

      • It's a car stereo. If someone's in your car "updating" it, they're more likely to update it right out of there, along with the rest of the car. Someone was probably told to implement some signed code security, you know, stuff, but make sure it doesn't break anything.

        Now, if you used that as a backdoor to give yourself free heated seats or something, it would get fixed in a hurry.

        Actually, the big problem with something like this is that it allows the someone to "update" the stereo to remove any anti-theft stuff (like not working after a power outage without a owner-known code), and resell it.
        This makes owners of the car more likely to have their cars broken into and the stereos stolen.

    • The real issue is not the example key.
      The true real issue is that the key can be read as-is from a ROM dump, because if just means that even a true randomly generated key would still be read from the ROM, the exact same way as the example one was read.

      • Re: (Score:2)

        by La Gris ( 531858 )

        And if I had spare bytes into a ROM. I'd probably fill with a honey pot security key, to mislead researchers the wrong way as much as possible, even if I don't need a security key. Would be very fun to just imagine researchers scratching their head and spending hours trying to crack that ROM chip with pointless efforts.

      • I assume that the key read was the *public* key which is, well, public. It's okay that a public key can be read since that's the point of PKI. What's not okay is that it's a public key that has a compromised private key and that they key was compromised at the time the code was written. (It was an intentionally compromised key to use in examples)

        • Re: (Score:2)

          by pjt33 ( 739471 )

          The writeup describes three keys: a zip file password, an AES key, and an RSA key used for signing. The zip file password and AES key were visible in shell scripts from the build process which were included in distributed firmware. The writeup only mentions finding the public component of the RSA key.

          So you're a bit too optimistic, because secret material was published, but your optimistic assumption does hold for the only asymmetric key.

      • Re: (Score:2)

        by v1 ( 525388 )

        Being able to read the PUBLIC key from ROM isn't really that terrible. You need the private key to sign the firmware, the public key is just in the ROM to verify the signature. And it's intentionally very hard to derive the private key from the public key.

        But my questions here is, if they found the public key in the ROM it doesn't mean they USED it. It could have been one of an array of keys in the code, used for testing, and that key isn't even the one being used. Has anyone checked this?

      • "The true real issue is that the key can be read as-is from a ROM dump, because if just means that even a true randomly generated key would still be read from the ROM, the exact same way as the example one was read.

        No, because the key in ROM is the *public* key. What you need is the corresponding *private* key. if it's an example key, getting the public key gives you private key because the private key is listed right there in the example. If it's a properly generated key pair, having the public key does

    • Re: (Score:2)

      by SpzToid ( 869795 )
      It is an error that any 'example' key, published by NIST even validates begin with. This error starts with the publisher/editor. Everyone knows 'example.com' won't resolve within the DNS infrastructure. This mistake was predictable, given the odds of human-error.

      • Re: (Score:2)

        by dohzer ( 867770 )

        Any number of the correct bit-width can be a "valid key". What's actually needed is a look-up table of common keys, similar to a list of compromised passwords, and software that blocks weak keys (passwords) from being used.
        For all I know, they selected a number at random and it just so happened to be the NIST example, but I wouldn't bet on it.

    • Re:ROFL (Score:5, Insightful)

      by AmiMoJo ( 196126 ) on Tuesday August 23, 2022 @07:22AM (#62813895) Homepage Journal

      Management needs the software to be secure. Tells programmer to secure it. Programmer goggles how to secure it, and reports job done. Box ticked, management moves on.

      Seen it happen. One place I worked argued we didn't need any security because nobody would want to target us.

  • 2) Was it by accident or design? (Score:5, Insightful)

    by TWX ( 665546 ) on Monday August 22, 2022 @10:28PM (#62813291)

    Yes.

    It was by design, because the programmer implementing the system had no training in this particular aspect of the infotainment system, and had no idea how security-oriented decisions affect systems for the long term.

    It was by accident, because the programmer implementing the system didn't even understand just how out of their depth they were, and had no idea how security-oriented decisions affect systems for the long term.

    This is why it's essential to have proper review, and why software quality assurance with access to the code is essential.

    • "yes" indeed. (Score:1)

      by Anonymous Coward

      I would not be surprised at all were we to learn that there was review, but that the reviewer was of comparable competence.

      More worrying than this utter incompetence is that car infotainment systems tend to have access they oughtn't and so breaches here give full access to the rest of the car too, including rather more sensitive parts.

      In short, apparently nobody in the auto industry who does anything at all with all this chippery stuff is capable of long-term thinking, nevermind proper architecting, in th

      • Re: (Score:3, Funny)

        by 93 Escort Wagon ( 326346 )

        I would not be surprised at all were we to learn that there was review, but that the reviewer was of comparable competence.

        Actually, my money is on the following scenario.

        Manager: I've been asked to give you some real-world experience, so I want you to set up the encryption for this system.
        Intern: No problem, I've used AES before. I'll create a secure key and as secure a way as possible to distribute it.
        Manager: Ha ha ha, aren't we eager! But don't go trying to do too much - I've got the keys ready for you. Just plug it in.
        Intern: This looks familiar somehow... regardless, you sent the key to me and the entire management team v

      • Re: (Score:2)

        by DarkOx ( 621550 )

        that car infotainment systems tend to have access they oughtn't

        Is that true for anything modern. I have been tangentially involved in some automotive security assessments and at least in the case of the manufacture we have been working with things like engine management, light controls, wipers etc are whitelisted on the body module, which acts as a sort of firewall and will either not pass messages or only pass certain mostly (read commands) message to the ECM components. Having code execution on the head unit for example, might me you could start sending CAN messages

  • option 3 (Score:5, Insightful)

    by bloodhawk ( 813939 ) on Monday August 22, 2022 @10:30PM (#62813295)
    unlikely to be accident or design. Most likely incompetence, many developers don't have a clue when it comes to encryption and security so if it is working they are loath to touch it.
    • That sounds like a failure of management to me.
      I own a Hyundai and I'm not surprised by this at all. The infotainment system feels like it was made by someone who has heard of smartphones but doesn't use one.

      • I owned a 2013 Hyundai with the low-end audio package. It was clunky and awkward to use, but hey, it's the low end package. I didn't complain. Recently I got rid of it and bought a used 2013 Honda with their high-end audio package. And suddenly I saw just how downright usable the Hyundai system was. At least the Hyundai would sort MP3s on a flash drive by filename. They Honda just presents them in directory order. And only supports a single level of subdirectory. And only displays the first 20 character

    • Incompetence is an example of "by design". Employing this kind of incompetence implies the project is staffed by people who don't meet the requirements to implement what is required in a project. "Designed to fail" describes the execution of the project itself.

  • It's okay, because... (Score:5, Funny)

    by ItsJustAPseudonym ( 1259172 ) on Monday August 22, 2022 @10:52PM (#62813315)
    It's okay, because the whole system is protected by a password, which is 'solarwinds123'.
  • So how long until a new Flipper Zero sub-ghz module exploiting this Hyundai key leak gets distributed?

  • Leaked source code - preceding comment (Score:5, Funny)

    by 93 Escort Wagon ( 326346 ) on Monday August 22, 2022 @11:17PM (#62813347)


    # TODO replace these keys before release!!

    • Exactly, probably combined with turnover.

      An embarrassing mistake, to be sure, but people are really over-doing the importance and the implications. It is a car stereo. Update and move on.

      For people who don't understand the problems with connected cars and centrally integrated appliance electronics, this should be a wakeup call; but it says nothing about Hyundai specifically, or their security practices compared to other companies. Every integrated system will have bugs somewhere in the system that can be us

    • Screw that, it compiles, ship it.

      Bananaware for the win!

  • That's the same AES key I set for my luggage!

  • Korean Programmers don't speak English (Score:5, Insightful)

    by FeelGood314 ( 2516288 ) on Tuesday August 23, 2022 @12:05AM (#62813431)
    In Korea they write code to pass the test case. The developer could read the encryption examples and was probably very hard working but he likely couldn't read the comments or text around the examples well enough to understand what he was doing. He likely didn't even care because there would be nothing to be gained in his career if he did understand the encryption. He just cut and pasted code until he had something that past the test cases. Heck, the person who wrote the test cases probably used the sample keys and probably neither the coder or tester new what keys were.

    To be fair this approach works 99.9% of the time. They got a product finished and it works, it just has a bug that never came up in testing.

    As an aside most Korean government websites have only just started moving to HTTPS. It might be because they have a very honest society but security is not a high priority there.

    • Over half of Koreans speak at least some English. That proportion is going to be higher among people with technical jobs. It is implausible that none of the Korean programmers could read the English comments well enough to tell what was going on.

      • Most Koreans can read a little English and even follow along an English movie without needing the subtitles but the number that are strong enough to read and understand technical instructions is, at least to me, surprisingly low. Further, those that can read, write and communicate technically in English are highly valued and would never be assigned a task like this.

  • What were they supposed to do, roll their own cryptosystem?

    • Re:Damned if you do, damned if you don't (Score:5, Insightful)

      by Opportunist ( 166417 ) on Tuesday August 23, 2022 @02:35AM (#62813627)

      How about, and just as a crazy idea, hear me out on this one, not trying to implement a feature they are not competent enough to implement?

      We're talking CARS here for fuck's sake. This isn't a damn novelty trinket where nobody gets hurt when it's system crashes, when a car crashes, chances are pretty good that someone gets hurt!

      Get someone who knows his shit!

      • Re: (Score:1)

        by Anonymous Coward

        We're talking CARS here for fuck's sake. This isn't a damn novelty trinket where nobody gets hurt when it's system crashes, when a car crashes, chances are pretty good that someone gets hurt!

        No, we are talking an infotainment center here. It plays music and shows videos on the back of the seats to shut up the kids.

        I don't know about you but I've owned a car long ago that didn't even have a radio in it, foregoing this trinket in exchange for being really cheap.
        It still moved to get me to where I needed to go and, equally important, still stopped moving once I got there.

        Even my other cars that did have radios managed to be perfectly safe out on the road without fancy encryption to keep me from p

        • Re: (Score:2)

          by EvilSS ( 557649 )

          No, we are talking an infotainment center here. It plays music and shows videos on the back of the seats to shut up the kids.

          Don't know much about modern cars eh? Getting access to the update function could give them access to a lot more than the infotainment functions. The infotainment system in modern cars is part of a larger software package that runs the entire vehicle, and most do local and over-the-air updates not just for entertainment functions but automotive functions as well. Just go look at Blackberry QNX or Visteon's websites to see how complex modern cars have gotten. It's not just a radio anymore.

        • An infotainment system is still part of the CAN, and there are a lot of high priority tasks the "car stereo" does. Things like climate control, offering preferences for stuff like traction control, auto locking, and in some cases is the main point where updates for the other parts of the car happen.

          Of course, it would be nice to go back to the days where we had one section of the console handle all that, then use a standardized 1-2 DIN mount for a car stereo which... just is a car stereo and doesn't do any

    • > What were they supposed to do, roll their own cryptosystem? :shrug: I got the joke.

  • Whatâ(TM)s the CVE for this?

  • Ironic ... (Score:5, Funny)

    by fahrbot-bot ( 874524 ) on Tuesday August 23, 2022 @01:14AM (#62813545)

    Apparently one of their new marketing campaigns for 2022 is (not making this up) "Leading by Example".

    From Hyundai "Leading by Example" in New Marketing Campaign for the 2022 IONIQ 5 [prnewswire.com]

    FOUNTAIN VALLEY, Calif., April 25, 2022 /PRNewswire/ -- Hyundai Motor America and its African American marketing agency of record, Culture Brands, have launched a new campaign for the award-winning, all-electric 2022 Hyundai IONIQ 5. Building on the OKAY Hyundai theme, the campaign, titled "Leading by Example," showcases the convenience of an electrified lifestyle.

    • Leading by example? That sounds more like some of the people responsible have been sampling the lead.

      • Leading by example is literally a "textbook" slogan that every company / MBA at some point spouts. It's supposed to be the opposite of "do as I say not as I do" and also makes perfect sense when you are demonstrating the capabilities of something new.

  • Make an electronic gas pedal work right.

    How can we be surprised by this?

    Sigh.

  • And the admin password is (Score:3)

    by Required Snark ( 1702878 ) on Tuesday August 23, 2022 @02:17AM (#62813611)
    password

  • Allow me to tell you why (Score:4)

    by Opportunist ( 166417 ) on Tuesday August 23, 2022 @02:31AM (#62813621)

    Why that can happen? Well, it's fairly easy.

    You have car engineers. They know how to design cars and they're really good at that. They've been doing that for ages.

    In comes that young, dynamic and totally clueless markedroid and tells them that we now need the internet in their cars. Because that's what customers want now. Ok, customers don't want it. They don't even know they want it. But customers get told that the car now has one more feature than the competing car and that's one thing more we can do the competitor can't and that's what makes our product better. Right? More stuff is always better, c'mon, what are you do disagree, a commie?

    So our car engineers now have a problem, because they are already unable to really get their home internet running, and they sure as all hell don't get any new talent, let alone security talent (have you taken a look at what these security goofballs charge? And they don't even do anything, they just look at what you did and tell you everything's wrong and that you have to redo it and make everything more expensive! We have no money for that kind of con job!). So they do what every good (ok, bad) programmer in the past 20 years has done when faced with a task they can't do: Copy/paste from Stackexchange. Preferably without even remotely understanding what the fuck they are doing, but hey, it works.

    Now, that's a rather minor problem when dealing with, say, webpages or other programs where a crash isn't fatal. Something that may well happen with a car...

    • Forgive me if I don't share your cynicism. But, as has been stated earlier in the thread, nobody is good at everything and the people who most think they are good at everything are typically the ones who are good at nothing.

      Working on automotive software like this requires knowledge of automobiles, of radios (remember even an AM/FM receiver is using licensed spectrum), probably real-time operating systems, and, of course, security. You aren't going to get somebody who is an expert in all of those. So

      • I don't say that the designer of the car should know security. Would be nice, but as you say, nobody is an expert at everything.

        The flaw also isn't with the engineer. The flaw is in management who wants something that their engineers cannot deliver, or at least cannot deliver securely. They aren't experts in security, they are experts in car design. But if you force them to dabble in fields they are not experienced in, you will get the same kinds of mistakes and security blunders that we haven't seen in com

        • Everything that you are saying is true. Even if engineering and management recognized that there were "skill gaps" (to you a popular euphemism), there would be no way to fill them. If you went out and hired a security professional, even if you could somehow find a great one, their first attempts would likely end in catastrophe. The first implementation would be pretty solid from a security perspective. But then it would turn out that verifying the signatures took too long and the RTOS would kill the pro

          • People who have a background in automotive and security are rare. I know exactly one, me, and that's more a weird coincidence than anything I ever planned. It has more to do with my crazy life. And everything that's rare is also expensive. And sorry, no, I'm taken, I doubt car manufacturers make a better offer than banks.

            But we're not talking about needing a seasoned security expert to implement those processes. What you need is what they already have, and give these people a current security training so th

  • Grey's Law (Score:5, Funny)

    by La Gris ( 531858 ) <lea.gris@noiMENC ... net minus author> on Tuesday August 23, 2022 @03:23AM (#62813685) Homepage

    “Any sufficiently advanced incompetence is indistinguishable from malice.”

    • Does not apply here as this in itself would be an example of "incompetence at malice". Seriously there are many ways of implementing back doors, and simply using a documented example key doesn't make sense for *any* of them.

      Unless the malice you are talking about here is that someone internal to the company is trying to destroy it from within by employing only the most incompetent people, then sure.

    • Re: (Score:2)

      by shanen ( 462549 )

      Mod parent even funnier.

  • You could steal them just by using a USB plug to turn the ignition.
    https://www.thedrive.com/news/... [thedrive.com]

  • Oh please, let it happen to Toyota. (Score:3)

    by Petersko ( 564140 ) on Tuesday August 23, 2022 @03:35AM (#62813697)

    I would love to install a homebrew entertainment O/S over top of the POS that it has at the moment.

    • The infotainment system in my 6 year old Kia (Hyundai), supposedly a Microsoft product, will crash a couple of times a year. Reveals what appears to be a Windows 3 desktop GUI, all in Korean, of course. A power cycle has always brought it back to life. No updates available for the 2016 model.

      • WinCE had car profile, afair. It's not related to any other PC windows different code, real time kernel, custom build system, small code base. Really embedded

  • Marketing feature checkmark (Score:5, Interesting)

    by misnohmer ( 1636461 ) on Tuesday August 23, 2022 @04:10AM (#62813723)
    Sadly, in a lot of places there is no actual design. There are features coming down from marketing, with vague requirements, in this case perhaps nothing more than "update system must support strong encryption". Nothing about the purpose and usecases for said encryption which would determine the key management strategies (should there be one secret key, unique keys per car, is key revocation/replacement needed, is it end to end encryption or only on local device to prevent access to personal data after hardware is discarded, etc, etc). If an engineer asks marketing, they are seen as a difficult because marketing does not have the faintest clue, or give a rat's ass about it - they just want a checkmark to put on marketing slides "support for AES encryption - check, we have it". The engineer who just delivers the checkmark is considered the high performer, while any engineer who tries to obtain requirement details to do actual design is seen as difficult and only slowing down development progress.

  • I can see what happened during last year's outage:
    "You need to generate a new set of encryption keys for the project. Simply go to the NIST example document and copy the key gene{#`%${%&`+'${`%&NO CARRIER)"

  • The last thing I want is some strung out programmer thinking they know better than I how to drive a car. If they can't get a simple key encryption right, what could possibly make them think they can program the software for an automatic car?

    Stick shift, buttons/knobs for most controls. Clear. Simple. Easy.

    • Almost this. Got the wife a new car last year, and it is just too interferringly-automated for me. The headlights are plenty bright, I turned off the brights and the car turned them back on for me. Like most cars, there are a few delay-between-wipes wiper blade setting. I had it set to a low level, a few extra drops of water got on the screen, and the car sped them up. Almost cool - but it didn't slow 'em back down again once the offending droplet was gone.

      The on/off for radio isn't on/off - it is mute

  • When I think about Hyundai, I think 'example cars' built from the textbook without excessive attention to safety.

    Specifically, I get the impression Hyundai cars catch fire too easily after an accident.

    Just googled and found this to back up my viewpoint:
    https://www.abcactionnews.com/... [abcactionnews.com]

  • Comment removed based on user account deletion
  • My first encounter with locked software options. Years ago, the vendor techs were installing this $250K imaging processing system. They were at the stage of activating all the software features we bought. One tech was banging away at the keyboard, obviously getting frustrated. 2nd tech comes over, soon achieves the same frustration level. 3rd tech joins in. I come over to shoulder surf. Their doc says "type in the password for feature X (note: the password is case sensitive )" - these 3 highly trained fie

  • That tutorial is pretty irresponsible too.

    It starts with examples of generating key material, which is good, then the example code uses variables instead of reading from the aforementioned files. The tutorial really should have referenced the files they had demonstrated how to generate.

    If they explicitly wanted to demo embedding keys into the code, they should have shown a snippet to take the files and make C format around them, and use #include, without ever including example keys.

    I've learned in document

  • Well I guess this helps explain why both the latest “Display Audio Software Update” (ie the Carplay upgrade) AND the previous versions have all been yanked off their site since April. Been a pain in the butt not being able to access it after picking up a vehicle that while eligible for the Carplay upgrade it had never been installed on top of the vanilla Hyundai infotainment package. https://update.hyundai.com/US/... [hyundai.com]

    • Yes, this is probably exactly why. They also pulled down their "open source" downloads since that's where the keys were located.

  • Interesting that no one seems to have linked to greenluigi1's original posts:
    https://programmingwithstyle.c... [programmingwithstyle.com]
    It was quite interesting to read all the things they tried.

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close