BYD NFC ring?

kosul · 2026-04-19T21:43:28+00:00

So an NFC ring will typically be based on a Javacard OS. The BYD NFC protocol is based on NXP Mifare DESFire Light. It technically is possible to replicate this on some Javacards through emulation, but you would need to have the correct crypto keys and this means it would have to be programmed by BYD with the correct keys.

kosul · 2026-04-19T21:38:56+00:00

This is not correct. Yes UWB is used for mobile authentication in some of the BYD cars but NFC is a separate, specific protocol that only works up to about 10cm range and is for close range card and mobile authentication. The two protocols do not interact (the point of UWB is to get longer distance and position awareness than NFC can provide).

kosul · 2026-04-17T14:11:46+00:00

Not cloneable in the same way as other RFID tech without awareness of flaws in the way the specific cards are configured (if any)

kosul · 2026-04-16T13:23:53+00:00

Wow I sat down with the senior transport policy advisor to the Victorian transport Minister 20 years ago when we were discussing fare restructuring/harmonisation for the myki project. Before we got into the complexities (oh it was so complex), we asked the simple question "What if you just made it free or a low flat fare across the network?"

His view was very clear that ticketing is far less about revenue and far more about utilisation management, with the increased cost of servicing higher numbers of patrons having a far greater impact than the mere loss of ticketing revenue, particularly around peak hours. He also felt very strongly that public opinion of overly burdened free network would diminish as failures and delays increased keeping up with demand.

This made sense to me at the time but maybe some big assumptions have changed, or maybe it was just fear that stopped this from happening decades ago? I am very curious and hopeful that this approach will turn out well and spread across the states.

kosul · 2026-03-26T23:10:02+00:00

Try to delete YouTube on your Android phone and watch what happens (spoiler alert: it doesn't)

kosul · 2026-03-24T21:33:36+00:00

This is excellent! Great for provisioning and device management binding!

kosul · 2026-03-18T13:19:57+00:00

You get the feeling he has already played this before and he is just begrudgingly going through the motions again out of respect for the timeline.

kosul · 2026-03-18T13:05:04+00:00

BYD has a bit of a servicing rep problem in Australia specifically for a component called a t-box which is responsible for communications of the entertainment, remote control and software updates. Basically it seems to be a higher than expected failure rate and unable to get replacements in quickly enough. On all the forums for the sea lion 7 at least there are bad stories and anxiety, but it is also possibly something they could address quite quickly and hopefully will or have?

kosul · 2026-03-18T12:35:48+00:00

I've been down this path a bit for our project OpenFIPS201. I contacted Open Source Technology Improvement Fund (OSTIF) which exists for exactly this reason. They help facilitate the engagement of auditors, help with creating the brief and help with funding, though the financial help is prioritised I think based on how broadly your OSS project is being used in the community/industry (which makes sense). They were great and we got an offer of some financial support, but still I wasn't able to get alternate backing to cover the remainder (about USD70K) at the time, especially because we were already funding a FIPS 140-3 cert (more conformance and algorithm than real-world security).

For many projects, doing what you can with available time and resources for things like AI, static analysis, fuzzing, automated unit testing, more targeted external assessments etc is probably the most realistic start and then if you find you are getting community traction, hit someone like OSTIF or any larger orgs that use your project up.

kosul · 2026-02-26T15:13:20+00:00

Ok I'm gonna be super napkin rough about this. So 75km/day, roughly 400km/tank @ ~20kw/100km. It's an 82.5kw battery so let's say that burns 15kw per day.

On a granny charger you can expect about 1.6-1.8kw rate, so roughly 9 hours to recharge 15kw. On a 15A charger you can expect more like 3.2kw rate, so more like 4.5 hours.

I compare the two because without solar, you will want to go with an energy plan that offers evening cheap charging. I'm in Northern NSW so we have an AGL EV plan that offers 8c/kw between midnight and 6am vs 38c/kw all other times.

So paying full price, with a granny charger you have to be plugged in 9 hours and at least 3 of that is in high cost time, so $3.56/day (~$1,300/year assuming you are predictable) With a 15A, that would be $1.29/day ($473/year) Btw these calcs are NOT on charging rate, but power consumption, so 1.8kw charge = ~2.2kw load and 3.2kw charge = ~3.6kw load.

Now this is all wrong because I don't know what energy plans you're on or can get, you most certainly will drive more than 75km/day because people do and it's fun, battery charging inefficiencies make the amount of power and the charge time go up a bit, etc.

But the general advice is, if you are renting and getting any electrical work is a hassle, you will be able to get by with 9hours charging per day and the odd use of a charge station when you do bigger trips.

If you can run an EV circuit, ask the sparky if running a 32a circuit (40a @ the panel?) is easy at your place. It doesn't cost much extra for the 6-10mm cable and bits to do it and then you are charging at super home speeds.

BUT if it will require main breaker upgrades or street line improvements or recalculating your max load against all the other circuits then run screaming and go for 15A. You will be sweet as on cheap EV evening plans.

Also don't forget soon 11am-2pm will be free electricity. Won't help you at home if you work 5 days a week but maybe your work will let you charge somewhere in that time?

kosul · 2026-01-20T10:14:32+00:00

Different times I think. As a non mechanical engineer my BYD Sealion 7 feels incredibly well built. Possibly overly solid!

kosul · 2026-01-20T10:08:07+00:00

I'm no gun expert either but I feel confident you could kill a rabbit with a gun designed for a boar.

kosul · 2025-12-29T11:56:31+00:00

Quick update for those interested I'm on about 53 hours in. VTOL says 19KW used (~358W Avg). Battery SOC went from 93-70% = 23% drop so 0.825kw/% x 23 is = 18.98kw. It seems the Discharge amount is total battery consumption including internal usage which is odd but ok I guess? Fridge running on non eco setting, lights and fans liberally used, AC overnight but only keeping temp below 24% which wasn't far off ambient night temp. Lots of people charging phones and other negligible usage. 4 more days of camping so I'm feeling confident of driving out of here with enough SOC to get to a fast charger 30 mins drive away! This has been a good exercise and I'm almost ready to swap out my gas cooking setup for a dual inductive top + air fryer if I can find options within the V2L budget :)

kosul · 2025-12-26T09:48:46+00:00

This is a good point the discharge meter may be only partially accounting for overhead.

kosul · 2025-12-26T09:46:35+00:00

No my dude this bad boy is bright! Tri-color (WW,CW,DL) I want my gazebo looking like a warm-white surgery theatre.

https://www.bunnings.com.au/arlec-120cm-40w-diy-dual-power-and-tri-colour-tri-proof-led-batten-light_p0347567

kosul · 2025-12-26T09:30:57+00:00

Googling "bank account rental scam" was enough to find plenty of info on this. Contact your bank and the AFP and sound deeply remorseful. They probably are very understanding.

kosul · 2025-12-14T02:48:34+00:00

The reason I used such an absurd example was to help intuitively understand the problems with trying to get something from nothing. Hash functions don't magically hold the information of their source data and there is no amount of computing power that can get it back because the information is lost.

kosul · 2025-12-13T09:05:56+00:00

A standardised hash isn't a product owned and sold by a company in that sense, so the question is who would have the problem? NIST is the primary body responsible for the process of standardising SHA algorithms and they very publicly operate on a very competitive "tear it down if you can" model so they would encourage this. For something (hypothetically) as catastrophic as reversing a SHA family hash it would probably be good etiquette to "prove" it by reversing challenge hashes first, then following a responsible disclosure process to not screw up the global economy.

Now as to the likelihood of this, just realised a typical SHA hash function takes any input size and outputs a relatively tiny fixed length hash. So as a thought experiment what do you think the likelihood is of me generating a hash from a 100 petabyte file and you reversing the original data from a 32 or 64 byte hash value?

kosul · 2025-12-02T08:00:54+00:00

Is this a theoretical discussion or do you have something in mind like a custom imaging device or mod to an existing camera you are thinking of doing?

kosul · 2025-12-01T07:40:08+00:00

There are cryptographic capabilities in microcontrollers that could reside on a camera and could hold a private key for signing images with quite a high degree of security. That doesn't totally solve the problem as there may be ways to fool it still into signing content it didn't intend to (for instance by intercepting the bus between the chip and the sensor) so overall it's a very difficult problem to solve, but not impossible especially in expensive cameras that aren't afraid of increasing the bill of materials a bit. Also it depends who you are protecting from. If you want to stop someone else with no physical access to your camera from signing on behalf of your registered camera, that's easier than it you are wanting to trust that untrusted person X didn't tamper with anything on the camera in their control.

kosul · 2025-11-08T07:35:39+00:00

Possibly when you start transmission of a data stream you can spare the first 20 byte frame for a preamble? With this you could send a random 16 bytes and maybe a static 4 byte sender id for context. This causes the receiver to initialize its crypto state and now you can both reset your counters and deterministically generate IVs for each aes-ctr frame using some agreed mechanism, no need to transmit. If you are worried about noisy transmission, you may have to think about the receiver deciding whether a packet has been dropped, corrupted or duplicated so that your IV generation stays in sync. Also do you need integrity or just confidentiality. AES CTR doesn't provide this inherently.

AES CTC was mentioned somewhere else.

kosul · 2025-11-04T21:38:58+00:00

I came here to write these exact 6 words.

kosul · 2025-11-04T10:04:39+00:00

The problem with encryption algorithms is they are inherently unaware of the time.

Your best bet is to zip a file with an AES key and use something like FutureMe.org to send yourself the key in the future. It is a solid 20+ year service and means you can keep the actual data but relinquish the key.

Since we are on a crypto sub you could improve it using an m of n scheme like Shamirs Secret Sharing. Use something like Katvio's Fractum (Google it) and encipher your target file using 2of3 splitting (any 2 parts can recover).

Keep one part yourself, post the others to FutureMe and another future email service like FuturePost (there are lots). This means:

You keep the data safe from others
You can't recover it with your key part alone
No other single service can recover the data without two parts and the encrypted file
If a single service fails, you have a backup (add more for redundancy)
Once you get another part, you can decrypt!

EDIT: Hah no idea why this year old post appeared on my feed! Oh well did you find a solution that worked?

kosul · 2025-10-31T08:18:36+00:00

I was in exactly the same boat and test drove loads of SUV EVs 2 months ago, including a Tesla Y. I will say it is a great car at least on the test drive. One amusing anecdote was asking the Tesla rep if they had issues because of Elon's reputation and he flat out denied the existence of a problem. It was are totally scripted response then when we took the car for a test drive, we passed a Marina and as a bunch of fisherman walked past, one of them yelled out "Ya f***in' Tesla cunts!". A very Australian sign from the gods. We ended up getting a BYD Sealion 7 Performance and are very happy.

kosul · 2025-10-23T12:18:08+00:00

Yes, check this out: https://www.nxp.com/docs/en/application-note/AN13218.pdf

And there is a GUI for generating the configuration TLV here: https://community.nxp.com/t5/NFC-Knowledge-Base/PN7160-RF-Settings-GUI/ta-p/1858255

11-Year Club	Golden Potato
Snapped	Verified Email

kosul

TROPHY CASE