Tristan Rice

This is a follow up to Hacking my Tesla Model 3 - Internal API. As part of reverse engineering the Tesla Model 3 internals, I’ve been running a subset of the CID car services to see how they work. The car computers are using Intel Atom based processors so it’s easy to setup a chroot to launch the services. I’ve written two helper scripts to set up the car environment:

This is a follow up to Hacking my Tesla Model 3 - Security Overview. This is a technical description of all the internal services I’ve found and notes about how they work. All of these services described are normally unaccessible due to seceth and firewall rules. Hosts 192.168.90.100 cid ice 192.168.90.100 ic 192.168.90.102 gw 192.168.90.103 ap ape 192.168.90.104 lb 192.168.90.105 ap-b ape-b 192.168.90.30 tuner 192.168.90.60 modem Tuner isn’t present on newer Model 3s as the AM/FM radio has been removed.

See the follow up at Hacking my Tesla Model 3 - Internal API. I recently got a Tesla Model 3 and since I’m a huge nerd I’ve been spending a lot of time poking at the systems and trying to reverse engineer/figure out how to root my car. I work on Machine Learning infrastructure so I’d love to be able to take a deep look at how autopilot/FSD works under the hood and what it can actually do beyond what limited information the UI shows.