How I Missed the Biggest Automotive News Story of the Past Decade
Dieselgate. It was one of the biggest corporate scandals in recent history, resulting in billions of dollars in fines, CEOs stepping down in shame, a few scattered criminal charges, and the death of Volkswagen’s beloved TDI diesel engine line in North America. You could even argue that the current accelerated push for EVs is just ongoing fallout from the initial Dieselgate dirty bomb. But by far the worst thing about Dieselgate is that I saw things happening with my own eyes back in 2008, had no idea what I was looking at, and blew my chance to break the biggest automotive news of the decade.
Allow me to set the stage a bit.
In 2007 and going into 2008, I was living in Florida and working for Hartmut Feyhl at RENNtech. Hartmut and I don’t get along these days—that’s my fault, as I went through a nasty divorce and took stuff out on a lot of people that didn’t have it coming—but back then we were two little peas in a Mercedes-shaped pod, and that pod was fast AF. Hartmut was an AMG OG who once served as that company’s Technical Director until they were bought out by MB corporate and he decided to go off on his own. As such, he still had some juice in Affalterbach, and we were one of the first tuning firms to get our hands on the then-new W204 C63 AMG.
What a car that was. The naturally-aspirated V8 had a raspy, satisfying exhaust note that could make even the bleeding-est of hearts look past the abysmal 12 MPG EPA ratings. It was a genuine Teutonic muscle car of the first order, and (like the Lancia Stratos or Shelby Cobra) people will be writing about it for decades to come.
Obviously, we had to tear it apart and try to make it better. Or – faster, anyway. And, to us, that was the same thing.
The only problem was that AMG didn’t make that easy. Take the intake runners for example – in the C63, you had these variable-length intake runners that gave it good low-end torque and good high-rpm horsepower. Leave them closed (short), and you lost the high end. Leave them open, and it fell on its face at the line. We found some improvements by changing the airbox shape ( you can see the original 3D printed and hand-fabbed parts on our test mule, here) and worked on an 82 mm dual-throttle body swap, but the biggest gains were coming from removing the factory catalytic converters and replacing them with high-flow sport cats, all of which are still available on RT’s website. That, and chip tuning, which is how we unknowingly stepped into what would become Dieselgate.
The way it was explained to me, the C63’s Bosch TCU (transmission control unit) had some pretty fancy software in it that generated a 128-bit hash function based on the factory firmware settings that it would then compare to a stored value, called a checksum. You subtract the 128-bit hash from the checksum and you get 0 (they match) or 1 (they don’t match), and if you had a 1 the car wouldn’t run at all. In some cases, like with the V8 Kompressor cars (E55, G55, etc.), you didn’t have to tinker much with the TCU. On the C63, however, factory settings were a big problem for us because you’d put the car on a dyno, go into “dyno mode” (cars have dyno modes), and the power would just disappear.
That was it. That was a car that was cutting back on the fuel burned and kept running the secondary air pump that burns off the unspent fuel in the exhaust gasses to minimize emissions and was, in essence, the very beginning of the Dieselgate scandal—but we didn’t see it for what it was, at all.
Keep in mind: We were tuners. We were looking at this thing through the eyes of “Mercedes doesn’t want people messing with its cars,” and justified all this weird security on the TCU that way – I mean, 128 bits is huge. Libraries using 128-bit checksums should expect 1 collision once they hit 16 quintillion documents (that’s a 16, followed by 18 zeroes), and it’s ridiculous overkill in the context of keeping tuners from publicizing dyno numbers. In the context of the billions of dollars in emissions fines that got served up to VW, Mercedes, and their supplier, Bosch, for hiding emissions-cheating calibrations in their TCUs dyno modes? All that security starts to make a bit more sense, doesn’t it?
Tuners, though, don’t really do the “making sense” thing. And, with our tuner-guy blinders on, this could only be interpreted as a shot across the bow, letting us know that we wouldn’t be allowed to tinker with Mercedes’ finest cars any longer. Once we beat the checksum (hackers be hackin’, yo), we simply congratulated ourselves on our cleverness (Bill and D., you guys rock!) before going back to work on – I think it was the SEMA GLK. Another day in paradise, and absolutely oblivious to the fact that I was this close to the automotive news story of a lifetime.
Maybe next time.
Join the conversation
Latest Car ReviewsRead more
Latest Product ReviewsRead more
- Dawn Maple They haven't even fixed the airbag issues and recalls completely, so why waste more time and money on another "safety feature" that removes choices from the driver? We would be safer getting in a car driven by Helen Keller. Oh wait with driver assist, all she has to do is find her car and turn it on.
- Lorenzo I'm out. I'd never find it in the dark.
- VoGhost Minivans don't sell well, and the market has been declining. And while the entire 'range anxiety' myth is mostly a big oil propaganda designed to scare the weak minded, minivans are often how families travel to grandma's house, so that will be a concern, unless VW can gain access to the Supercharger network. I could see 50K units at peak, declining to 25K/year after a couple of years, unless VW can price competitively with Tesla.
- VoGhost Glad you're healthy, Tim
- VoGhost 20 years ago, Sportage was the bottom of the barrel, a joke. Kia's come a long way.
I'm in the information security field. How did you get around it, by forcing the ECU to accept the new checksum of your updated TCU software, or by disabling the checksum confirmation altogether in the ECU code? It appears that MB didn't encrypt the TCU code, it just used the checksum to validate that the code was unchanged from the factory. If you change just one character in hashed data the resulting hash will be completely different. This is the norm when it comes to validating software. It's not rocket science.
Der Fabrikleiter gibt Anweisungen.