I don't know about electric cars, but for gas powered cars there are open source ECUs [0][1]. There are also tuners that directly modify the car's firmware to improve performance. Finally, you can connect a computer to the CAN bus [2], which allows you to capture and replay commands, as well as craft your own commands. This is how Comma's openpilot [3] works: it connects to the CAN bus and sends commands for all supported functionality.

What kind of features did you have in mind?

[0] https://en.wikipedia.org/wiki/Engine_control_unit

[1] https://rusefi.com/

[2] https://en.wikipedia.org/wiki/CAN_bus

[3] https://comma.ai/openpilot

• whaleofatw2022

  yesterday at 3:48 PM

  There's also the Megasquirt for fuel timing, which is not quite open but not fully closed off either...

  • gia_ferrari

    yesterday at 4:00 PM

    For full open source, there's Speeduino and FOME (newer). I've used both for my cars. https://speeduino.com/home/ https://wiki.fome.tech/

I think I know what you are asking but it is complicated.

For safety, regulator, historical and frankly common sense reasons, a car is not one system. It is a system of system that communicate via a CAN BUS, https://en.wikipedia.org/wiki/CAN_bus. This is still true for electric cars. Can this be hacked? Like everything else, yes.

Can you side load a new ROM like an android device? Not that know of and hope that never becomes a reality because your phone crashing is different than you car crashing (figuratively and literally). Can you enable/disable features? Yes, usually through ECU hacking. On my P3 Volvo, I bought a cheap stripped down Chinese clone of Volvo's diagnostic tool called DiCE. Once the ECU is decrypted, which is done through brute force, you can use something like https://d5t5.com/article/vdash-volvo-diagnostic or P3Tool to change level settings like the theme of LED dash or engine tuning.

You may be interested in https://github.com/jaredthecoder/awesome-vehicle-security#re...

• waffletower

  yesterday at 5:16 PM

  My Tesla used to crash fairly often, and thankfully only once this year. Usually in my driveway but there were two occasions that it crashed while in traffic waiting to make left turns. The touch screen interface component was the subject of all of these so called "crashes": the car is still drivable, but there is a large loss of feedback -- car signal tones are no longer present -- there isn't feedback to know if the car's signal lights are actually engaged or not, no speedometer, climate system stops operation etc. It takes about 2 minutes to restart and recover. Thankfully the Tesla touch screen console is only part of larger system as described.

  • hungmung

    yesterday at 5:30 PM

    This isn't really Tesla specific. I've been in a handful of rental cars that had the infotainment system crash. Which wouldn't be a huge problem if they hadn't eliminated all the physical buttons to do basically anything at all.

    Something that seems to trigger it across makes and models is to adjust media controls while the backup cam is on-screen.

  • waffletower

    yesterday at 9:18 PM

    Nice use of downvoting on a public safety comment!

• markus_zhang

  yesterday at 10:40 PM

  Thanks for the awesome reply. Do you work as a car electronics engineer or in some neighbouring positions? I’m curious how did you validate whatever “hacks” or tools you learned/obtained because, as you said, car crash is different from phone crash.

  I have a Hyundai Tucson and I don’t really dare to touch anything except plugging in a cheap scanner for error codes.

  BTW do you know any technical car hacking forums, in WWW or Onion?

  Thanks a bunch!

• HeyLaughingBoy

  yesterday at 5:41 PM

  Also, in these days of Secure Boot technologies, it's going to be a lot harder to create custom ROMs without having to reverse engineer the whole thing. At least in the past, you could inspect the executable code.

Maybe you want https://comma.ai/, founded by geohot who famously made the iOS and PlayStation jailbreaks

• merelysounds

  yesterday at 2:48 PM

  This is not a custom ROM but a hardware solution (installed on a windshield, with its own camera).

  • eraviloi

    yesterday at 3:26 PM

    It is the closest there will every be to what the OP is asking for.

Mazdas, kind of. https://mazdatweaks.com/

There are of course after market ECU tweaks and parts that, for example, will change your throttle response with a physical piece of hardware—Pedal Commander is a simple example.

Not ROMs but OrBit is a "OrBit is PC software for diagnostics, configuration, and software flashing for newer Volvo and Polestar vehicles".

American Polestars can, for example, enable their adaptive headlights using OrBit.

https://spaycetech.com/

• cmrdporcupine

  yesterday at 3:53 PM

  I've been reluctant to try this with my P2 for fear of voiding warranties etc.

  But it seems Polestar is doing their best to make my warranty useless by closing local dealers and offering shitty service anyways.

  I should give this a whirl.

I'm not aware of anything for electric _cars_ other than aftermarket ECUs and smaller patches, version up/downgrades or cross-market reflashing, but together with a few other people I've built https://librescoot.org/ as an open source replacement firmware for electric scooters (mopeds, not standing scooters). The actual ECU firmware has also been reverse engineered, but for legal reasons has been deprioritized - if anyone here is well-versed in STM32 reverse engineering and feels like taking on e-scooter ECUs, let me know :)

No. Aftermarket ECUs absolutely exist for almost all internal combustion engines. Other aftermarket modules are rare. Integration of them into a complete system even more so.

• MuffinFlavored

  yesterday at 4:31 PM

  > Aftermarket ECUs absolutely exist for almost all internal combustion engines.

  2025 BMW G80 M3 has an aftermarket ECU? Audi RS3? Mercedes E 63 S?

  Immobilizer baked into the gateway and transmission and ignition, etc. etc.

  • piltdownman

    yesterday at 4:57 PM

    No but you can ECU Unlock and re-flash e.g. the RS3 - which ends up fulfilling the same use-case in this instance as an aftermarket ECU.

  • 1970-01-01

    today at 4:09 AM

    Yes. Bypass all this immobilizer nonsense with the aftermarket ECU.

    https://www.ecumaster.com/products/interconnectors/

    https://www.ecumaster.com/products/emu-black/

I believe these systems are quite coupled with the hardware itself, making it quite difficult to port any custom ROM or such on them. I am not aware of any projects with the goals of creating an open-source Android ROM for a car. Even Phone ROMs are slowly dying off, with the exceptions of Lineage and GrapheneOS.

I believe law environment need to change to make possible digital custom car's ROM. Now everything can be closed in same of safety, security, user convience...

Surprised they aren’t all signing their firmware and not loading it if it doesn’t match a fused cert or something.

• eimrine

  yesterday at 3:28 PM

  Security (for vendor) from obscurity. AFAIK most of car owners cannot just buy the replace electronics for his car on used market so most of owners afraid of messing with proprietary computers in the car.

It's legally forbidden for the part of the software that is controlling the car

• AlotOfReading

  yesterday at 3:45 PM

  The only parts where that's true are for things like FCC certification. The US does not have an affirmative certification process for automotive software, including safety critical systems. NHTSA instead puts out a set of rules called FMVSS that manufacturers and aftermarket parts must comply with. Manufacturers then self-certify that they meet FMVSS and produce a bunch of documentation demonstrating that if NHTSA asks.

  Note that FMVSS has almost nothing to say on the topic of software. The industry broadly follows industry standards like ISO 26262 and the less universal 21448, but these don't have firm legal weight outside their status as standards of practice, nor do they preclude installing your own software.

  The situation in Europe is different and an affirmative certification process does exist there.

  • thaeli

    yesterday at 6:43 PM

    For emissions related components, EPA rules do kick in though. While the current administration appears to have paused enforcement, their position for many years has been that running anything except factory approved firmware on an ECU or other emissions related computer constitutes a “defeat device” and is illegal for an on road vehicle subject to emissions controls. (Granted, in practice 99% of the reason anyone installs new firmware on their ECU, or switches to an aftermarket ECU, is for a “tune” that does affect emissions. I’m sure there is some edge case exception, but it’s very rare in on road engines.)

    The alternative, and there are a very few tunes that have done this, is to prove to regulators that the tune does not negatively affect emissions in any way. In practice this is done by getting a CARB exception since they’re the ones actually checking for tunes.

  • HeyLaughingBoy

    yesterday at 5:52 PM

    This seems similar to what we do in medical devices.

    The manufacturer creates a set of procedures covering the design process that meets, at a minimum, the stages set out in 21CFR, often following the industry standard for software: IEC-62304. Then mfr documents that those procedures were followed and at the end submits a set of documents about the test results and development process for agency approval.

    Sound similar? One difference I can see is that if you replace the software in a released medical device with your own, it's no longer considered to be Approved and using it opens you up to Federal liability.

    • AlotOfReading

      yesterday at 7:00 PM

      There's some similarities with the FDA, but quite a lot of important differences. NHTSA doesn't approve vehicles, for example. Manufacturers can sell whatever they want. NHTSA simply has the power to issue recalls (preventing further sales) if those vehicles don't comply with FMVSS.

      NHTSA also doesn't incorporate standards like the FDA does, so while they're aware of industry standards and employ a number of relevant experts for various purposes, you're under no obligation to follow them. Tesla is actually an example here. Their development processes don't follow ISO-26262 (the automotive equivalent of IEC-62304), though stating this properly would need a lot of asterisks I don't want to get into.

      The EU does both of these things for vehicles, though it's a bit more complicated than a flat approval or rejection and it's handled by a designated third party that also does medical device testing like TÜV SÜD. Other countries like the UK have a dedicated agency to handle type approvals.

    • thaeli

      yesterday at 6:46 PM

      Emissions related components work very similarly, replace the software and it’s presumed to be a defeat device unless proved otherwise.

  • SoftTalker

    yesterday at 3:58 PM

    "For off-road use" is the the magic phrase that lets people sell any random garbage as "car parts" or modifications in the USA.

• kjkjadksj

  yesterday at 4:31 PM

  You can throw on a supercharger and no2 system and put down 1000 horsed and it is fine. But dare you change your throttle response curve…

Do they exist for any other car? Genuinely interested

• AlotOfReading

  yesterday at 3:50 PM

  Custom ECU firmware used to be quite common for racing enthusiasts. It was usually just patching a few tables in a binary though.

  • moktonar

    today at 2:39 PM

    Let's say I want to reprogram my car's ECU what resources would you point me at

Not really. You might want to look at what Rivian has been sharing about their vehicle hardware and software architecture. Sandy Munro did a few on site visits with their team.

I think you are underestimating how complex EVs are, how much software goes into them, and what goes into coming up with an alternative software stack. Also, I doubt that the likes of Rivian, Tesla, etc. are going to just let people boot whatever on their cars. Why would they?

But at the lower levels, hacking things like battery management systems is definitely a thing that is done and somewhat supported. A lot of retrofits where ICE engines are swapped out for an electrical drive train end up repurposing drive trains from EVs.

Sorry if off topic, but is there any custom firmware for KIA Sorento 2016-2017 that would allow Android Auto?

KIA won't release any updates to the (Gen 2 I believe) entertainment system firmware that would add Android Auto support, like they did for other cars, but surely it's not a hardware limitation? Could it be?

I would experiment myself if I knew how and had the time...

As I know, all Auto market (not only EV) is extremely regulated (mostly, because of safety measures), so it is not much opened.

I think, it is unfortunately, but not exists official market of custom ROMs.

For about custom ROMs, situation very much like custom ROMs for Canon camera - they don't implemented totally new features, but with hacker methods, unlocked some hidden features, already existing in hardware and software; also exist similarities with Smartphones custom ROMs - for many Smartphones only possible to reset firmware to something like "very new device without traces of wearing", plus some copies of features from same model but other region, or mods (unlock features).

Significant difference of EVs, for them much more frequently used things like "power or torque limited by software", because to faster get certification, producer could limit torque to be equal to ICE original vehicle (usually, electric motor have much higher torque than ICE with comparable other parameters), and in such case don't need to much bother with certification, as in many countries such limited electrification come with very simplified procedure.

Sure, could exist lot of hacks for entertainment system.

And many hacks you could DIY with things like USB to CAN bus controller.

What also interest, exists large market of totaled EVs in 3rd world countries, where in garages literally could refurbish Tesla from trash (suffered extreme collision after which owner decided to utilize machine, but some guys bought it as trash and resell to other country, and it got second life, and I hear many cases, when previous Tesla owners once began get messages from their account but from whole other country).

But that's nearly all, except entertainment system, other parts of EV usually considered highly regulated, so you cannot account for much customization of them.

And level of hacking is very much depend on brand - as I hear, for example, Daimler including in machines "CAN bridges" between entertainment system and ECU, and classic CAN connector could only see entertainment system messages, but access to ECU severe limited (cheaper brands usually don't use CAN bridges).

And sure as with other embedded tech, with time more new designs use locked boot and signed blobs, so with 10 years old machine you will definitely get more access than with brand new.

BTW Tesla is by definition special case, as their electronics could be from different manufacturer in each production batch, as this claimed as feature, because of which Tesla less suffered from covid related issues (when many electronics manufacturers severe drop supply). Sure, this mean, for other manufacturer could be other hack (and early batches hacked much deeper than more modern).

What recourse do consumers have if the software in a car is so faulty as to be dangerous?

Our (brand new) car is the most dangerous vehicle I have ever driven by a large margin because the steering, brakes and accelerator spuriously override the driver in a way that could cause an accident every couple of hundred miles. (It averages a spurious alarm or override every 10 miles or so, and flat out force departs a lane or accelerates at a person / car every few thousand).

Most of these issues could probably be fixed with so-called “deletes” that rip out parts of the active driver assist system, but they aren’t available for this model, and frankly, I’d rather pay to watch it be crushed than mess with such stuff.

[dead]

• drob518

  yesterday at 2:59 PM

  There is a lot of potential liability for anyone who creates something that targets anything other than the infotainment system.

• MostlyStable

  yesterday at 3:47 PM

  Does "infotainment system" include the cluster displays (speedometer etc) in vehicles where that is entirely a digital display (must be most at this point). I really hate the (very non-traditional) way my current vehicle displays this info. Whats funny is that both the highest trim level of this model and the one-step-cheaper model both do it in a more traditional, far superior way.