openinverter forum

vaijab wrote: ↑Mon Aug 02, 2021 12:15 pm I am just wondering whether there has been any progress on this project? I am planning for my next EV conversion (bmw e36 cabrio) and looking for options in terms of a drive unit. Would love to go with tesla model 3 one.

Same situation here...

If its any consulation the fact I'm losing my home means I need to wrap up all the M3 stuff by year end so it can go back to its owner.

Anyone see season 1 of Halt and Catch fire will know what this is:)

Jack Bauer wrote: ↑Mon Aug 30, 2021 5:30 pm If its any consulation the fact I'm losing my home means I need to wrap up all the M3 stuff by year end so it can go back to its owner.

How much do we need to pay/put together to let you keep that stuff?
IMHO we better put together that sum else we might loose an important development. Let me know if I can help.

I can ask the owner but given past history of such attempts on this forum I doubt its worth the effort.

Managed to get myself a second dev board this week. Along the way I discovered the existence of Torx Plus® and that this is different from regular external Torx®. This is important for getting at the inverter without damage. :facepalm:

Still to source a wiring harness. Was going to try to replicate some of Damien's work interrogating the Musk Brain then try and fill in some gaps in my understanding of how Tesla use the TI chip. Any discoveries will come in PRs and wiki updates obvs.

Kicking myself for not grabbing a genuine TMS320F28377 from a distributor. Due to the semi shortage they're all gone for now. Eyeing up AliExpress listings warily...

Fairly sure I have a few spare:)

Jack Bauer wrote: ↑Sat Sep 11, 2021 9:33 am I can ask the owner but given past history of such attempts on this forum I doubt its worth the effort.

What do we need and what does it cost. Only the inverter?

What is the sense for the owner to get it back if it doesn't run on openinverter.org?

If we don't find enough people I might just buy it myself from him.
Then you can proceed.

I’m definitely in for helping fund this. This motor has so much potential.
What if you offer the controller board for sale now as a pre-buy option to help gather funds for the drive unit purchase?

Id be happy to help fund it too.....

Ok that's perfect guys!
IMHO it's up to Damien to decide what he wants.

@Damien; I can organize the funding or we go the pre-sale route.

Please advise.

Trying to understand why it is necessary to change the processor if Ingenext can reprogram the inverter?

jetpax wrote: ↑Fri Sep 24, 2021 7:31 pm Trying to understand why it is necessary to change the processor if Ingenext can reprogram the inverter?

being that you send your inverter to ingenext to be “reprogrammed” they may as well be replacing the telsa lockd Texas Instruments processor with a reprogrammed generic one.

Unless they have figured out a back door threw Tesla’s lock down

Looking at the datasheet, once secured, the chip is protected by a 64 bit password.
Not clear what Ingenext are doing - could be they've figured out how Tesla updates firmware over CAN, found/hacked the password, or maybe they're swapping the chip.
Maybe someone could ask him?

Bratitude wrote: ↑Fri Sep 24, 2021 8:06 pm

jetpax wrote: ↑Fri Sep 24, 2021 7:31 pm Trying to understand why it is necessary to change the processor if Ingenext can reprogram the inverter?

being that you send your inverter to ingenext to be “reprogrammed” they may as well be replacing the telsa lockd Texas Instruments processor with a reprogrammed generic one.

Unless they have figured out a back door threw Tesla’s lock down

If I have understood the inner workings, they could emulate (replacement) motor pairing and pair the motor to their controller instead of reprogramming it fully. Hence need for original model3 pedal and brake switch..

- If replacement of the processor, why need for original accessories?

So the motor would have a original Tesla software running, but just think the new control box is the car original control unit, VCU if you prefer. (Like if a motor would be replaced in warranty etc.)

I could be also completely wrong. But it looks like it to me.

Maybe the protection is too hard to crack, in order to rewrite the TMS320 fully..

Not perhaps totally impossible task to write openinverter software without removing The TMS320, but very hard..

They may have found a way to recreate the security matching procedure and their module is effectively a matched setup like a key is to each vehicle.
At least they give the rear motor loom part number
1067968-01-E

Chris Hazel has an Ingenext kit and is engineering it to not need the og throttle and brake switch. Maybe ask him or Tom what they are doing.

Just to refresh memories the aim here is not to be first or best or have the sexiest solution rather something that can be shared openly and is immune to Muskian software whims. We are very lucky here that a very talented software engineer who shall remain nameless:) has undertaken the not so simple task of porting the openinverter firmware to the TI micro used on the drive unit. In this I shall be working in a support role, testing, hardware reverse engineering etc. I'd encourage anyone with an interest to see if there is any way you can support the effort.

Regarding the other control systems I have some knowledge of how they are doing it but it was given to me in confidence so I cannot share. That said any solution that allows us to use these parts in conversions instead of going for scrap is damn cool and I wish them well.

Thanks Damien, really appreciate your integrity here.
Also happy to help the porting effort in any way I can

mikeselectricstuff wrote: ↑Fri Sep 24, 2021 8:19 pm Looking at the datasheet, once secured, the chip is protected by a 64 bit password.
Not clear what Ingenext are doing - could be they've figured out how Tesla updates firmware over CAN, found/hacked the password, or maybe they're swapping the chip.
Maybe someone could ask him?

No need to ask him, another video I found explains most of how to get said password.
Tesla use the same firmware password on all their TI Microcontrollers, it's hidden inside their "toolbox" software.
As per usual with Tesla hardware, people with said password/software aren't sharing it, so fat lot of good it does us.

In theory it should be easy:
1) Get something with a Tesla locked C2000 MCU, ideally a TMS320F28377D.
2) Get said password, as don't need the hassle/liability of the entire firmware/software library that comes with Toolbox.
3) Get devboard to suit said C2000 MCU, so it can be re-programmed. Or at least an isolated JTAG.
4) Plug said C2000 chip into a PC to wipe the Firmware locks.

None of this is exactly easy, but has been made harder than it should be.
1) Yeah I don't have the money to buy Tesla hardware, so short of finding something in a bin and mailing it to me, not an option.
2) Secret Tesla Hacker business actually get your hands on this, to keep anyway.
3) isolated JTAG I have, proper devboard requires sucking up to PCBWay some more (or just more money).
4) Actually easy for once.

Long term idea would be to make some closed source dedicated JTAG programmer, wipes the password, installs new firmware and gets returned in the mail.

Before I get stuck in to any M3 hacking I took some oil pump LIN captures. Damien has merged them here.

I've only done a cursory analysis so far but it seems that there is only one command request from the Tesla inverter to the oil pump (ID: 0x0A). The oil pump is scanned for 6(!) different status responses IDs: 0x2A, 0x30, 0x31, 0x32, 0x3C and 0x3D. I'm assuming that somewhere in there there will be oil temperature so I warmed the pump with a hair drier to get some different values in the captures. I'm also assuming there's a pump speed value in there. My pump sounded like it was stalled and kept trying to restart (I had a very weak old battery as PSU) which hopefully will be visible in the captures.

I plan to revisit this and write a simple analyser for the Saleae Logic software to decode this further. Also got a LIN transceiver and matching connector to play with this in-situ without the inverter. I need some drive shaft stubs and oil before I start playing with that though. Stuff's there if anyone is interested.

Oil flow and temperature values are read by scanmytesla app. Maybe look from that direction for help decoding values.