Comment by StopDisinfo910

Comment by StopDisinfo910 3 days ago

6 replies

View on Hacker News

> What happens when Bosch changes the protocol / encryption just for the heck of it

Bosch old batteries don’t work with their own new controller anymore. Not saying it will never happen but Bosch can’t do that every week either.

dmitrygr 3 days ago

If I was an asshole designing such a protocol, I would design two or three protocols, specifically so I could disable one via an OTA when somebody reverse engineers it. My real batteries would note the authentication failure, and try protocol number two, their firmware aware of the design from the very start. The people who reverse engineered protocol number one would be hosed until they can reverse engineer the second one, because this would be the first time they even see the second protocol. Do this enough times, and the third parties doing reverse engineering run out of customers willing to wait for them to fix it every time. Hell, you can also just make the BMSs support OTAs. OTA a new firmware with new encryption, force REs to re-solve the problem, since of course the OTA for the stock BMS's stm32f104 will not apply to their board's CH23FVQTZM123123.

There are in fact, a few devices out there that did precisely this and successfully hosed reverse engineers (ask me how i know).

Don’t ever depend on reverse engineered protocols for anything you care about. This game of cat and mouse only has one end -- the manufacturer is at a significant advantage.

I tip my hat to this team for successfully reverse engineering, a encrypted protocol. But if they really think they can sell something based on that, I rescind that hat tip because that is fucking insane. There are just so many ways that the manufacturer could fuck with them. And the reverse logistics of shipping back a large battery for all those pissed-off customers who just want a refund are going to cost a lot of dollars.

I personally would not put a cent into this company unless they agreed to only ship products for devices that already support completely normal interoperability. This business of reverse engineering and attempting to sell based on that is going to be a money drain that kills them (thus ending all customer support). I am willing to bet that they have not even priced out ($$$) the cost of a return to them, nor estimated what percent of customers will need it when the encryption changes or something else doesn’t work.

Reply View 0 replies
wongarsu 3 days ago

And there'd still be all the already sold controllers, including brand new bikes at retailers. These things don't exactly have over-the-air updates, they are designed to just work forever with the firmware they ship with

Reply View 4 replies
  • nandomrumber 3 days ago

    There are stick vacuum cleaners with wifi connectivity.

    Reply View 3 replies
    • wongarsu 3 days ago

      Yes, but that's not the way Bosch builds their stuff

      Reply View 2 replies
      • dleary 3 days ago

        Are you sure? My Bosch dishwasher has wifi connectivity and a companion app.

        Reply View 1 reply
        • eliaspro 2 days ago

          BSH Group which builds household appliances for Bosch Home is not related to Bosch eBike Systems in any way.

          They're geographically and organisation-wise so far from each other, they're basically two different companies.

          Reply View 0 replies