Teslaflex redundancy at .cap

tacit · July 21, 2024, 3:52pm

given the nature of the github repo I’ve linked below and the ability of the flex-secure to run applications in general at it’s ARM architecture why would one need this particular product (tesla-flex)? is it because of the attractive price-point? are these still actively being produced? perhaps people should know that this particular tesla key applet can run at the flex-secure architecture at the product page…? can someone say more about this?

[tesla .cap repo for execution at arm on flexsecure](GitHub - darconeous/gauss-key-card: Open source Java Card applet that allows you to unlock, start, or lock a Tesla Model 3 just like the official key card](GitHub - darconeous/gauss-key-card: Open source Java Card applet that allows you to unlock, start, or lock a Tesla Model 3 just like the official key card)

Equipter · July 21, 2024, 3:55pm

for the people who want the tesla keycard implant and nothing else? not everyone wants to get down in the trenches of encoding a javacard and enrolling it.

but yeah it would be a good idea to put it on the product page for the teslaflex that the NAK can be run on the flexsecure

tacit · July 21, 2024, 4:08pm

if you knew how powerful the flexsecure was you wouldn’t settle for anything less than an implantable embedded system capable of executing actual instructions at it’s CPU, conveniently performing computations inside your actual body

arm at your arm? super meta.

StarGate01 · July 21, 2024, 4:19pm

The Tesla applet distributed by Vivokey for the Apex and the Tesla implants is a completely separate, closed-source implementation with additional hardening.

Of course you can run any applet you find on the open internet on the flexsecure, that is the whole point

Equipter · July 21, 2024, 4:28pm

yea, for us techy types. some people want immediate, singular functionality and don’t care about the rest of the potential. likely why its not been delisted

tacit · July 21, 2024, 5:09pm

but is the implementation really closed source if one could just purchase a teslaflex, export the binaries at .cap ,disassemble it and reverse engineer it using Ghidra for a direct port to the flexsecure and make a PR to GitHub - DangerousThings/flexsecure-applets: Collection of JavaCard applets for the FlexSecure, as well as build and testing scripts, and documentation. or their own forgejo / gittea instance to make it genuinely open source? it wouldn’t be difficult to make teslaflex obsolete. that said; the teslaflex pricepoint ‘is’ attractive…

StarGate01 · July 21, 2024, 6:38pm

Okay so.

Yes. This definition is a legal one, not a technological one.

This is, by design, impossible. You cannot extract the binaries or secure keys loaded onto a secure chip as they are stored in write-only memory.

You would not even need Ghidra. Applet cap files are just Java archives. Unpack them and use any old Java decompiler if you want to.

Again, you can just use any applet on the flexsecure, including the open source Gauss applet, which implements the same interface as the Vivokey Tesla applet.

Code published on GitHub with the appropriate license is just as open-source as on any other code hosting platform. Again, a question of law and not technology.

The Apex supports the Tesla applet, and so much more.

amal · July 21, 2024, 7:12pm

Also like, we don’t sell the TeslaFlex anymore

tacit · July 26, 2024, 5:22pm

I assumed the proprietary software was compiled into a binary that was executed at the ARM architecture, with that binary living at the @teslaflex.