<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Just got a file in my eMail from factory. First 120 serial numbers. Like this:<div class=""><br class=""></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class="">2018010014ABCD (last four characters redacted)</div></blockquote><div class=""><div><br class=""></div><div>Very nice, and should work well. If we keep it quiet, the users will start an online discussion topic about the mysterious encoding in the last four characters of the serial number and what it means.</div><div><br class=""></div><div>I also realised that those 120 lines in the file are a master password list for the OVMS modules! A hacker’s delight.</div><div><br class=""></div><div>Regards, Mark.</div><div><br class=""><blockquote type="cite" class=""><div class="">On 4 Mar 2018, at 12:35 PM, Mark Webb-Johnson <<a href="mailto:mark@webb-johnson.net" class="">mark@webb-johnson.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Plan is as follows:<div class=""><br class=""></div><blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;" class=""><div class=""><div class=""><font face="Andale Mono" class=""><span style="font-size: 14px;" class="">Serial numbers are of the form:</span></font></div><div class=""><font face="Andale Mono" class=""><span style="font-size: 14px;" class=""><br class=""></span></font></div><div class=""><font face="Andale Mono" class=""><span style="font-size: 14px;" class="">YYYYBBNNNNN</span></font></div><div class=""><font face="Andale Mono" class=""><span style="font-size: 14px;" class=""><br class=""></span></font></div><div class=""><font face="Andale Mono" class=""><span style="font-size: 14px;" class="">* YYYY is four digit year. For example; 2018</span></font></div><div class=""><font face="Andale Mono" class=""><span style="font-size: 14px;" class="">* BB is two digit batch. For example; 00, 01, 02, etc</span></font></div><div class=""><font face="Andale Mono" class=""><span style="font-size: 14px;" class="">* NNNN is four digit sequence. For example; 0001, 0002, etc</span></font></div><div class=""><font face="Andale Mono" class=""><span style="font-size: 14px;" class=""><br class=""></span></font></div><div class=""><font face="Andale Mono" class=""><span style="font-size: 14px;" class="">First production batch is 2018010001 - 2018010120.</span></font></div></div></blockquote><div class=""><br class=""></div><div class=""><div class="">That would be 10 digits. Not the most secure, and pretty predictable, but better than a simple “OVMS”.</div></div><div class=""><br class=""></div><div class="">I’m asking if the software they have can generate random characters. If it can, then will add four random letters onto the end.</div><div class=""><br class=""></div><div class="">Regards, Mark.</div><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On 4 Mar 2018, at 11:23 AM, Greg D. <<a href="mailto:gregd2350@gmail.com" class="">gregd2350@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
Hi Mark,<br class="">
<br class="">
WPA2 PSK passphrases for WiFi need to be at least 8 characters. Do
the serial numbers have leading zeros?<br class="">
<br class="">
Greg<br class="">
<br class="">
<br class="">
<div class="moz-cite-prefix">Mark Webb-Johnson wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:9CBD2939-6C54-4BEB-B4B7-C41B857E9DD0@webb-johnson.net" class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div class=""><br class="">
</div>
They’ll do pretty much whatever we ask them to do.
<div class=""><br class="">
</div>
<div class="">To try to formalise this, so everyone can see, I’ve
created a production/qc/production_notes.txt file with the
production notes that will be given to the China side. This
should document all the production and QC steps they should do.</div>
<div class=""><br class="">
</div>
<div class="">What I have at the moment is:</div>
<div class=""><br class="">
</div>
<blockquote style="margin: 0 0 0 40px; border: none; padding:
0px;" class="">
<div class="">
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class="">********************************************************************************</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class="">** TOOLS</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class="">********************************************************************************</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""><br class="">
</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class="">1] DB9 CAN Bus QC tool</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""><br class="">
</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> DB9 Female with:</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> * Pins 2, 4, and 6
connected (all CAN-L signals)</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> * Pins 5, 7, and 8
connected (all CAN-H signals)</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> * R120 between
pins 2 and 5</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> * External 12V
power connector</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> * GND on pin 3</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> * +12V on pin 9</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""><br class="">
</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class="">********************************************************************************</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class="">** PRODUCTION STEPS</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class="">********************************************************************************</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""><br class="">
</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class="">1] Default wifi AP and
module passwords</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""><br class="">
</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> OVMS> config set
wifi.ap OVMS <serialnumber></span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> OVMS> config set
password module <serialnumber></span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""><br class="">
</span></font></div>
<div class=""><font class="" face="Andale Mono"><span style="font-size: 14px;" class=""> Where
<serialnumber> is the serial number from the label
on the enclosure.</span></font></div>
</div>
</blockquote>
<div class=""><br class="">
</div>
<div class="">I think that should set both the module default and
auto wifi AP passwords to the serial number of the module. That
will be on a label on the underside of the module.</div>
<div class=""><br class="">
</div>
<div class="">You are correct: this is a connected car, with
possibly disastrous consequences should somebody malicious gain
access. Best to err on the side of caution.</div>
<div class=""><br class="">
</div>
<div class="">Regards, Mark.</div>
<div class=""><br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On 3 Mar 2018, at 4:07 AM, Michael Balzer <<a href="mailto:dexter@expeedo.de" class="" moz-do-not-send="true">dexter@expeedo.de</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<meta http-equiv="Content-Type" content="text/html;
charset=UTF-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""> Mark,<br class="">
<br class="">
<div class="moz-cite-prefix">Am 26.02.2018 um 07:28
schrieb Mark Webb-Johnson:<br class="">
</div>
<blockquote type="cite" cite="mid:B7AB3971-3FB1-4717-98FF-388A790206E7@webb-johnson.net" class="">
<div class=""><br class="">
</div>
I’ve asked the China side. Specifically:
<div class=""><br class="">
</div>
<div class="">
<ol class="MailOutline">
<li class="">Can you print serial number stickers
for these modules? I can provide design - and we
can print a large batch.</li>
<li class="">Then, during manufacturing, have one
step to enter serial number as password into
module, like:</li>
<ol class="">
<li class="">Flash</li>
<li class="">Connect terminal</li>
<li class="">QC checks</li>
<li class="">New step to type: config set
wifi.ap OVMS <serialnumber></li>
</ol>
</ol>
</div>
</blockquote>
<br class="">
Just to double check: so we won't set the module
password, only the AP pass phrase?<br class="">
<br class="">
Has setting the module password any drawbacks?<br class="">
<br class="">
I'm asking because I assume the SMS channel -as soon as
implemented- will also provide command access, which
would be open by default as well without a module
password.<br class="">
<br class="">
Setting the module password would secure the webserver
as well.<br class="">
<br class="">
Regards,<br class="">
Michael<br class="">
<br class="">
<pre class="moz-signature" cols="160">--
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
</pre>
</div>
_______________________________________________<br class="">
OvmsDev mailing list<br class="">
<a href="mailto:OvmsDev@lists.teslaclub.hk" class="" moz-do-not-send="true">OvmsDev@lists.teslaclub.hk</a><br class="">
<a class="moz-txt-link-freetext" href="http://lists.teslaclub.hk/mailman/listinfo/ovmsdev">http://lists.teslaclub.hk/mailman/listinfo/ovmsdev</a><br class="">
</div>
</blockquote>
</div>
<br class="">
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre wrap="" class="">_______________________________________________
OvmsDev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:OvmsDev@lists.teslaclub.hk">OvmsDev@lists.teslaclub.hk</a>
<a class="moz-txt-link-freetext" href="http://lists.teslaclub.hk/mailman/listinfo/ovmsdev">http://lists.teslaclub.hk/mailman/listinfo/ovmsdev</a>
</pre>
</blockquote>
<br class="">
</div>
_______________________________________________<br class="">OvmsDev mailing list<br class=""><a href="mailto:OvmsDev@lists.teslaclub.hk" class="">OvmsDev@lists.teslaclub.hk</a><br class=""><a href="http://lists.teslaclub.hk/mailman/listinfo/ovmsdev" class="">http://lists.teslaclub.hk/mailman/listinfo/ovmsdev</a><br class=""></div></blockquote></div><br class=""></div></div>_______________________________________________<br class="">OvmsDev mailing list<br class=""><a href="mailto:OvmsDev@lists.teslaclub.hk" class="">OvmsDev@lists.teslaclub.hk</a><br class="">http://lists.teslaclub.hk/mailman/listinfo/ovmsdev<br class=""></div></blockquote></div><br class=""></div></body></html>