@whitequark
The real horror is that #EXI is used in an ISO 15118 sandwich on top of HomePlug AV (with broken encryption) and TCP (mostly with no encryption, but sometimes mixed with a wild PKI) to real-time control up to a Megawatt of electric power flowing into a car.
@whitequark
And to add to the horror, all of the cars and chargers are in the same physical powerline broadcast domain, so when another car is plugged in, it needs to broadcast ping and measure the response signal strength(*) to find out which charger it's connected to...
And once the data channel is up, you authorize the payment with the absolutely unforgeable and secret... *checks notes* serial number of your RFID card!
(*) SLAC (Signal Level Attenuation Characterization)
... Yeah I gotta agree, uncomfortably that answer makes sense.
@whitequark @f4grx @ge0rg can confirm for both this and other compounds
The Drug Alone ain't the whole story
@AliveDevil
How cursed is XML-RPC? 😈
The charger is connected to its backend via OCPP. Luckily, they are phasing out OCPP-X (XML-RPC) in favor of OCPP-J (JSON over WebSockets). Sometimes they even deploy HTTPS on their custom mobile APNs!
When charging with an RFID card, the serial number (UID) sentiment remains. When charging with an app, they should be using whatever custom API your provider made, and OCPI (if I remember right) to the provider of the charger!
@AliveDevil @ge0rg @whitequark So basically all of the EV charging plugs allow encapsulation of arbitrary IEEE 802.* protocols.
I’m shocked we haven’t seen a ransomware incident spread from a public charger to cars yet.
@robot
You know, powerline is essentially a high frequency radio protocol using power lines as antennas, and there is _quite_ a bunch of power lines in an EV charging park.
https://www.sstic.org/media/SSTIC2019/SSTIC-actes/v2g_injector_playing_with_electric_cars_and_chargi/SSTIC2019-Article-v2g_injector_playing_with_electric_cars_and_charging_stations_via_powerline-dudek.pdf §3.2 has a nice write-up of that protocol. Bring booze.
@whitequark
@ge0rg @whitequark yeah, I think one alternative had been “single wire CAN” over the control pilot pin, as used by Tesla Superchargers back then. 83kbps, bidirectional, the basics known by everyone in the industry, a pragmatic and completely sane solution for the problem of charging cars, with much future expandability to spare. Pretty much on point.
But then we came into the “design by committee” phase of EV charging, and now we have this fucking thing.
@vogelchr @ge0rg @whitequark Yeah, that's the part about EV charging that I never understood: What decisions resulted int using a standard derived from residential power line communications being used for vehicle-to-charger communications since
- It's not even powerline with the physical layer impairments that come with it
- They could have used CAN or single-pair ethernet
Was someone on that committee really destined to find new markets for their existing powerline communications protocol?
It's interesting how the DC charge protocols for cars and phones both have their roots in powerline communications, but shed the powerline part by the time they got widely implemented. Leaving us with PHYs that seem inappropriate for their current use.
@ge0rg @whitequark ISO15118 is one of the banes of my life. It's so frustrating that we still let XML related crap into our standards, and that as you say megawatts of power are under the control of all this.
*sobs in incomplete copies of a specification he can't afford*
✧✦Catherine✦✧
Ge0rG
KeithTheEE
JP
F4GRX Sébastien
AliveDevil
Zimmie
Robot
miniBill (Leonardo)
Kate
Aris Adamantiadis 
💲Paid
Jakob (Jack/Jackie)
Hey Gus
Christian Vogel
Lukas
Daniel Silverstone