Dieselgate: Volkswagen to Spend Up to $14.7 Billion to Settle ...
- Thread starter VeeDubTDI
- Start date
- Status
jay_fyp
Veteran Member
- Joined
- Oct 29, 2004
- Location
- New Jersey
- TDI
- 2015 Golf TDI 6MT 2004 Jetta TDI (PD) 5mt R.I.P - 2013 Golf TDI 6mt - 2004 Golf TDI (PD) 5MT
Volkswagen’s Buyback Might Be Worse (Environmentally) Than the Crime
Interesting read.
http://www.thetruthaboutcars.com/2016/04/volkswagens-buyback-might-worse-environmentally-crime/
Interesting read.
http://www.thetruthaboutcars.com/2016/04/volkswagens-buyback-might-worse-environmentally-crime/
That all track GSW sounds sweet! Even includes a dsg transmission. Looks like it has the underpinnings of the R but with 100 less horsepower. Basically a better daily driver.
autdi
Veteran Member
- Joined
- Nov 11, 2004
- Location
- Alabama
- TDI
- 2000 NB, 2003 NB, 2006 Touareg, 2015 Jetta, 2013 Beetle, 2013 Touareg
Actually RSA is an encryption technology. Hashing, namely SHA-2 or SHA-3 would be impossible to break in the memory space in the ECU. SHA-1 has known collision issues, as does MD5, but SHA-2 and 3, are holding up pretty well.
There has been talk of encrypting the ECU code, but that would most likely be AES-GCM, not RSA. RSA is high cost, and really only useful for encrypting keys used in a block cipher, which is more useful for large blocks of data (like the ECU program).
Last edited:
I just bought a 2015 Audi TDI Premium Pack on June 30th does anyone know how this will effect me?
Looking at the the settlement docs I found this "Owners who sell or otherwise transfer ownership of their Volkswagen or Audi 2.0-liter TDI vehicle between June 28, 2016, and September 16, 2016 (the “Opt-Out Deadline”), inclusive of those dates". Which seems to exclude owners who sell there TDI's after June 28th are not eligible.
Also found this "2.30. “Eligible Owner” means the registered owner or owners of an Eligible Vehicle on June 28, 2016, or the registered owner or owners who acquire an Eligible Vehicle after June 28, 2016, but before the end of the Claim Period"
So it looks like an eligible vehicle purchased after June 28th is being treated no differently than if it was purchased before June 28th.
Thoughts and opinions ??
Looking at the the settlement docs I found this "Owners who sell or otherwise transfer ownership of their Volkswagen or Audi 2.0-liter TDI vehicle between June 28, 2016, and September 16, 2016 (the “Opt-Out Deadline”), inclusive of those dates". Which seems to exclude owners who sell there TDI's after June 28th are not eligible.
Also found this "2.30. “Eligible Owner” means the registered owner or owners of an Eligible Vehicle on June 28, 2016, or the registered owner or owners who acquire an Eligible Vehicle after June 28, 2016, but before the end of the Claim Period"
So it looks like an eligible vehicle purchased after June 28th is being treated no differently than if it was purchased before June 28th.
Thoughts and opinions ??
RollingCoal
Veteran Member
My opinion is I hope you got a hell of a deal buying a tdi in the middle of all this.
Paid $25k for a mint 2015 Audi A3 Premium Plus with 8k miles. Damn cars is getting over 50 mpg already.
I'd say you got a nice deal!
mydecember1985
Veteran Member
Whoa, whoa, why the talk about hashing? Did I miss something? Are the going to lock the ECUs in the "fix" or something? If that's the case, I'm bailing. After that extended warranty would run out in Jan 2021 for me, I'd be throwing a tune and DPF delete on it to have a blast with the remaining life of the car.
DanB36
Veteran Member
No, there isn't. It must drive under its own power (specifically, the power of its own 2-liter diesel engine), and not be a salvage title under conditions already discussed up-thread. That's it.
DanB36
Veteran Member
Something else worth considering: As a post-9/17 buyer, I think the proposed settlement is more than fair to post-9/17 buyers. I bought with full knowledge of Dieselgate, and deliberately took advantage of the depressed values when I bought my car. I've suffered no harm at all from this. So why should I get a buyback at all, or compensation for having the fix installed?
Simple: I otherwise don't have any incentive to do it. Like most of the rest of you, I like my car now, and I'm skeptical that any fix (if one ever is approved for Gen 1 cars) will maintain performance, economy, and driveability where they are now. If all they offer is "we'll do the fix for free", it's highly unlikely that I get it done, and their numbers suffer. A large part of the point of this settlement is to get the cars either fixed or off the road.
Simple: I otherwise don't have any incentive to do it. Like most of the rest of you, I like my car now, and I'm skeptical that any fix (if one ever is approved for Gen 1 cars) will maintain performance, economy, and driveability where they are now. If all they offer is "we'll do the fix for free", it's highly unlikely that I get it done, and their numbers suffer. A large part of the point of this settlement is to get the cars either fixed or off the road.
Yes, that makes the calculation work correctly. alighter, if reading you might consider adding that instruction to the calculator
autdi
Veteran Member
- Joined
- Nov 11, 2004
- Location
- Alabama
- TDI
- 2000 NB, 2003 NB, 2006 Touareg, 2015 Jetta, 2013 Beetle, 2013 Touareg
Who it's overly fair to is post 6/28 buyers. No 50/50 split on the owner payment, and a 9/2015 trade in price. Started running numbers last night, based on autotrader listings, can make about 7k a car right now. What isn't clear is how the 50/50 split works, someone sold to a dealer pre-6/28, they get 50%, someone buys post 6/28, there is no split with prior owner language, that I've seen (yet).
coolbreeze
Veteran Member
Maybe you knew but the average car buyer had no clue
I am sure the average person walked onto used car lots in late September and knew they where getting a car with a major scandal brewing. I am sure every car salesman knew what was going on and what would happen and made sure his customer knew about it. Heck I bet the people purchasing TDI's had crystal balls and knew that there was going to be a massive buyback then too.
bubbagumpshrimp
Veteran Member
Just paid to extend my registration.
The best part...now I have to go get an emissions test to get my stickers and make it official, lol.
The best part...now I have to go get an emissions test to get my stickers and make it official, lol.This is an interesting point, maybe I completely missed something. How are these vehicle passing yearly emissions inspections? Are the state requirements so high that it doesn't matter?
Just paid to extend my registration.
bubbagumpshrimp
Veteran Member
Keep in mind...these cars were designed specifically to pass stationary state and federal emissions tests.
autdi
Veteran Member
- Joined
- Nov 11, 2004
- Location
- Alabama
- TDI
- 2000 NB, 2003 NB, 2006 Touareg, 2015 Jetta, 2013 Beetle, 2013 Touareg
Most checks are nothing more that plug in OBD, see readiness indicators and no faults, pass.
This is part of the extended complaint from California, OBD didn't detect the system not working. It was programmed to do that, so OBD was doing exactly what it was programmed to do, but that was to cheat the test.
It should remove the commas and dollar signs for you now... Good catch.
I fixed a few other places that didn't cope well with bad input.
2015vwgolfdiesel
Top Post Dawg
In my state, (Oklahoma) there has not been any testing for decades
jimbo1mcm
Veteran Member
- Joined
- Jan 5, 2015
- Location
- CT USA
- TDI
- 2015 SEL TDI PREMIUM Blue 2015 SEL TDI PREMIUM's Silver and Blue
Cancelled my warranty
Filled out paperwork to cancel my Portfolio warranty. Letting VW buy back my 2015 TDI. Car is financed with VW. Finance guy had to see the car to write down the mileage. The refund will come off what is owed on the car, not a check to the consumer. Finance guy didn't seem very happy.
Filled out paperwork to cancel my Portfolio warranty. Letting VW buy back my 2015 TDI. Car is financed with VW. Finance guy had to see the car to write down the mileage. The refund will come off what is owed on the car, not a check to the consumer. Finance guy didn't seem very happy.
some areas of the ecu are already encrypted using RSA FWIW.
But more effective is configuring the chips for one-time programming (OTP) only. There are already OTP memory areas of the ecu that are written once and can't be overwritten. It's part of the reason it's very difficult to clone the EDC17 ECUs. It can be done by soldering in a virgin tricore BGA chip but there are workarounds that allow using another ecu without actually having to clone it. The TDI Ecus have always had OTP in the processor areas going back to the AHU days, but only recently have the OTP areas started to have car-specific info that won't allow using them in a different car (but as always there are workarounds)
If they OTP the whole ECU that would certianly render the ecu absolutely untuneable barring soldering in a virgin tricore processor chip. But then every dealer update will require a fresh piece of hardware instead of a simple reflash. This would also complicate programming on the assembly line and risk obsoleting large numbers of ECUs before they even get a chance to be installed (which could be very expensive!!!). So there is always going to be a way to write info to ECUs- over OBD too, so the dealer can do it. And if the dealer can do it then the aftermarket will find a way.
If they can be written, then the trick becomes reading the existing info, because regardless of what you may think, tuners do not use "their program" they modify a very small part of the factory DATA areas and then write the revised data tables back to the ecu, with 99.9% of the ecu remaining what was installed at the factory. Nowadays for OBD programming we simply read the identifying info (part number and SW version) and then select the original file from a list of known files. This is known as "virtual reading". The original ecu file has to be acquired somehow, either by reading an ecu with that sw version in boot mode or another outside source. Then it can be written back to the ecu with the modifications after correcting the appropriate checksums.
FWIW these ECU already have RSA encryption of certain key areas. The problem with that is, the tricore processor has to be able to use the instructions and data according to its machine assembler language so the ecu programming also includes a built-in way to decrypt as well.
Can't lock out tuning by hashing because then that precludes dealer updates, too. And there is always going to be an incentive for that capability. So if the dealers can do it, then so can the aftermarket.
I'd think that the 2015+ cars would be easiest to fix. If I had a '15 I would likely be holding on to the car to see how they plan to fix them before making the final decision. We should know something on the 15s before any of the other cars.
jhawklver
Veteran Member
My lady seemed very surprised, and then it was a slow look of of "oh crap, will there be more TDI owners doing this" recognition. I had a feeling she has a normal spiel to try and save it but she didn't even try.
jhawklver
Veteran Member
I should also mention when I brought it to the service dept... they did a walk around. He was eyeballing it pretty hard. He even wiped a white spot I had on my bumper to see if it would come off (it was bird poo so yes). Pretty funny. No clue why the extreme walk around like I was returning or renting a car, that's never happened during maintenance before. I think since he thought it was gas (see below) he was going to see if I was interested in getting a new car?
What wasn't so funny is he started giving me the 50k maintenance for a gas Jetta talk. I had to tell him it was Diesel. This is the dealer that sold it to me. He checked the records to make sure I was right (I mean, I've only put diesel in it for 4.5 years so I'm glad he checked). He was pretty embarrassed.
What wasn't so funny is he started giving me the 50k maintenance for a gas Jetta talk. I had to tell him it was Diesel. This is the dealer that sold it to me. He checked the records to make sure I was right (I mean, I've only put diesel in it for 4.5 years so I'm glad he checked). He was pretty embarrassed.
Last edited:
romad
Top Post Dawg
Doesn't it have TDI markings, & "Diesel Only" label on fuel door?
bubbagumpshrimp
Veteran Member
They probably had someone pull a "there was no dents on my car when I dropped it off for service" bit recently. My cars have gotten that thorough visual inspection 50/50 over the years, when dropping cars off for service.
On the fuel type thing...the average person is doing good to get the car pointing in the right direction down the road and says that they put "gas" in their car, regardless of the fuel type...so you can't blame him for not just taking your word on it. Just my $.02...
2015vwgolfdiesel
Top Post Dawg
^
Yeah, same here ~~ I just started using the word "fuel."
After all ~~ it was "GAS," for my last multiple decades
autdi
Veteran Member
- Joined
- Nov 11, 2004
- Location
- Alabama
- TDI
- 2000 NB, 2003 NB, 2006 Touareg, 2015 Jetta, 2013 Beetle, 2013 Touareg
They actually encrypt the code with RSA, or a key that encrypted the code? RSA is really a poor choice for any significant block size
There is actually a pretty simple way around this, been this way in phones for better than a decade now. OTP is small compared to the old time fuses, even SRAM isn't much smaller, but ROM is smaller, flash memory much larger. So, you put 3-4 programs worth in the part, thinking is you won't have more than 3 updates over the car lifetime, and even those can be managed through patch tables, you only have to update parts of the image, saving space, and only when it's rip it all out and start over do you have to consume an entire image worth. You have an obsolete patch/image table, and as one image is no longer used, you advance to the next bank. Should they use up all the replacement banks, they have to swap ECUs, but that's on the manufacturer, don't mess up the code over and over, no need to replace the ECU.
There are many ways to recover the RSA key, without actually having to get into the part, just let it use it, and you will see it reveal the key using any number of side-channel observation methods, many have 90%+ accuracy on the value.If they can be written, then the trick becomes reading the existing info, because regardless of what you may think, tuners do not use "their program" they modify a very small part of the factory DATA areas and then write the revised data tables back to the ecu, with 99.9% of the ecu remaining what was installed at the factory. Nowadays for OBD programming we simply read the identifying info (part number and SW version) and then select the original file from a list of known files. This is known as "virtual reading". The original ecu file has to be acquired somehow, either by reading an ecu with that sw version in boot mode or another outside source. Then it can be written back to the ecu with the modifications after correcting the appropriate checksums.
FWIW these ECU already have RSA encryption of certain key areas. The problem with that is, the tricore processor has to be able to use the instructions and data according to its machine assembler language so the ecu programming also includes a built-in way to decrypt as well.
Can't lock out tuning by hashing because then that precludes dealer updates, too. And there is always going to be an incentive for that capability. So if the dealers can do it, then so can the aftermarket.
Actually, making the live computed hash readable over OBD, you aren't locking out the programming, simply you can identify the image running is not the approved one due to the hash being different. This is one place AES-GCM really shines, it's a combination encryption and validation method. Burn the key and remainder into the ECU, you can freely read the encrypted values from the ECU, and you can even change them, but lacking the ability to get the correct remainder, which you could compare to the factory authorized values, the ECU knows it's not a valid image.
Last edited:
- Status