Scripts to Enhance Firmware

From Unofficial Tesla Tech
Jump to navigation Jump to search


I'd offered a number of scripts to customize your firmware, but this article is about a whole new set of scripts to use instead. A much better set. Needless to say, you must have root.

Lunar's scripts by MattG over on github is a comprehensive way to customize your system and are an excellent reference. But I have completely overhauled them with security improvements, consolidations, extensions, and made them Posix-compliant. Thanks Matt, for blazing the trail.

One change I've made is for the scripts to run in sh (Dash) rather than Bash wherever possible. (in memory of the ShellShock bug) We infosec types like simplifying wherever possible to reduce attack surface, and Bash is just not simple.

I'll describe how to install, and set up of these scripts should be self-explanatory as I've annotated exensively. Below is a description of each script and its function so that you can decide which you want to use, if any.

Tokens - Grab 'em

The first thing to do before anything else is to get your two tokens... /var/etc/saccess/tesla1 and tesla2 are the passwords for users tesla1 and tesla2 respectively. Copy these you your laptop, write them on a piece of paper, tape them to your forehead, put them under your pillow. These tokens change every day if Tesla has access to your car, but we are going to fix that right up.

Do not set the tokens immutable (don't ask me how I know...);  if you do, the Upstart SSHd script (/etc/init/ssh.conf) will try to set the tokens' owner and rights but fail, and so guess what? No SSH! Parrty Time! But don't worry, my tokens backup script notices when they change instantly, and backs them up to the IC and (optionally) to your home server.

The Data Structure

As my scripts are so different from Lunars I've renamed them 'solar'.

As I finish these up I'll provide a full archive of them for download. All you have to do is unpack the archive in /var, and make the settings you want by editing /var/solar/solar.conf and scripts.conf . Then set up cron properly.

And tinker and improve, although be forewarned, thar be dragons. I did everything for a reason;  know  thee  what  thine  art  about. Suggestions and improvements welcomed. (Criticisms dispatched with extreme prejudice)

To run any script standalone for testing: # sh {scriptname}.sh ... but be aware; it may need variables assigned first (located in solar.conf) with: # export {variablename}={value} If it seems like it's not working check for this.

The directory structure is:

  • /var
    • /solar
      • assets (directory) - Where all the goods are stored.
      • scripts.conf - The setup file for which scripts you want to run.
      • solar.conf - The setup file for variables.
      • - The file that kicks everything off.
  • /var
    • /solar
      • /assets
        • profile - Additions to the CID and IC /etc/profiles to make things nicer.
        • save-tokens.php - Script to go on your remote (home) server to save tokens.
        • save-vitals.php - Script to go on your remote server to back up vital info of your car.
        • scriptsEveryBoot (directory) - Scripts here are executed every boot.
        • scriptsEveryFiveMinutes (directory) - Scripts here are executed every five minutes (NOT READY)
        • scriptsMisc (directory) - Scripts here have various functions. (NOT READY)
        • wireguard-etc (directory) - The WireGuard /etc config directory. (NOT READY)
        • wireguard-go - The WireGuard executable.
        • wg - Helper program for wireguard, from wireguard-tools. (NOT READY)
  • /var
    • /solar
      • /assets
        • scriptsEveryBoot
          • - Enable Autopilot.
          • - On reboot back up all car-specific files to the IC, and optionally to your home server. (NOT READY)
          • - Set your own password on users root, tesla, and your own chosen setuid account, and set your SSH RSA certificate for all.
          • - Stop the Tesla daemons which seem not useful.
          • - Set up a comprehensive firewall using IPTables to keep Tesla out.
          • rwx------ 1 root root 3696 2020-04-16 15:55 (NOT READY)
          • - Function codes set by some talent to perform actions with shortcuts.
          • - Change from logging to the eMMC flash to RAM, to prevent wearing out the eMMC. Not necessary and not recommended if you've upgraded to a SwissBit eMMC chip. Nonvolatile logs, good -- hysterical daemons battering them, bad.
          • - duh, open the diagnostic port.
          • Add /var/solar/assets/profile to the bottom of /etc/profile for nice additional features.
          • - Change audio volume depending on speed of the vehicle.
          • - Save /var/etc/saccess/tesla* tokens immediately whenever they are changed to the IC, and optionally to your home server.
          • - Set up the WireGuard VPN to your home server, phone, etc. (NOT READY)
  • /var
    • /solar
      • /assets
        • scriptsEveryFiveMinutes


  • /var
    • /solar
      • /assets
        • scriptsMisc



Download the archive (when it's ready), and put it somewhere, /var/local/ is good.
# tar -jxpvf /var/local/solar.bz2 /var/
# cd /var/solar

Now edit solar.conf to your liking, and edit scripts.conf to turn on the scripts you want to run. The defaults are a pretty good start. Everything else should be squared away.

If you want to save files to and communicate with a remote (home) server, particularly using a phone app like MattG's nikola, you'll need to set up a web server which can be accessed from the outside, and/or Wireguard VPN as provided here.

Don't reboot yet! We still have to kick this thing off at boot.
# crontab -e
And add:

@reboot /sbin/start-stop-daemon --start --quiet --make-pidfile --oknodo --background --pidfile /var/run/ --exec /bin/bash /var/solar/

Save it, take a Red, and
# emit-reboot-cid

... in progress

Carl A. Cook