Skip to content

Added 2026/06/2026-06-04-tesla.md #20748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dmca-sync-bot merged 1 commit into from
Jun 8, 2026
+201 −0
Merged

Added 2026/06/2026-06-04-tesla.md #20748

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
201 changes: 201 additions & 0 deletions 2026/06/2026-06-04-tesla.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,201 @@
Before disabling any content in relation to this takedown notice, GitHub
- contacted the owners of the affected repositories to give them an opportunity to [make changes](https://docs.github.com/en/github/site-policy/dmca-takedown-policy#a-how-does-this-actually-work).
- provided information on how to [submit a DMCA Counter Notice](https://docs.github.com/en/articles/guide-to-submitting-a-dmca-counter-notice).

To learn about when and why GitHub may process some notices this way, please visit our [README](https://github.com/github/dmca/blob/master/README.md#anatomy-of-a-takedown-notice).

---

**Are you the copyright holder or authorized to act on the copyright owner's behalf? If you are submitting this notice on behalf of a company, please be sure to use an email address on the company's domain. If you use a personal email address for a notice submitted on behalf of a company, we may not be able to process it.**

Yes, I am authorized to act on the copyright owner's behalf.

**Are you submitting a revised DMCA notice after GitHub Trust & Safety requested you make changes to your original notice?**

No

**Does your claim involve content on GitHub or npm.js?**

GitHub

**Please describe the nature of your copyright ownership or authorization to act on the owner's behalf.**

I am a legally authorized representative of Tesla, Inc., the exclusive owner of the copyrighted works described in this notice. Tesla, Inc. owns all rights, title, and interest in the Full Self-Driving (FSD) software, vehicle control systems, communication protocols (including CAN bus and Bluetooth Low Energy), and associated technical access controls. I am authorized to act on behalf of Tesla, Inc. to enforce its intellectual property rights, including under the U.S. Copyright Act and the Digital Millennium Copyright Act (DMCA). This includes the authority to issue takedown notices for unauthorized use, distribution, or circumvention of Tesla’s proprietary software and access control mechanisms.

**Please provide a detailed description of the original copyrighted work that has allegedly been infringed.**

The original copyrighted works that have allegedly been infringed include:

Full Self-Driving (FSD) software and firmware, including but not limited to FSDV14, FSDV15, and related vehicle control logic, which are proprietary, protected by U.S. copyright law, and exclusively owned by Tesla, Inc. This software governs autonomous driving functionality, including traffic light and stop sign recognition, adaptive cruise control, lane centering, and vehicle coordination with the CAN bus.

Vehicle communication protocols, specifically the proprietary CAN bus message formats, timing sequences, and data structures used by Tesla vehicles to exchange control signals between subsystems (e.g., Autopilot, FSD, and body controllers). These protocols are protected as original works of authorship and are not publicly disclosed.

Technical access control mechanisms, including:

- FSD entitlement validation systems (which verify active FSD subscriptions via Tesla’s backend)
- Authentication and authorization logic for Bluetooth Low Energy (BLE) connections
- Secure key exchange protocols used in the Tesla mobile app for vehicle access
- Vehicle state checks that prevent unauthorized command execution (e.g., remote start, charge start)

These works are not publicly available, are not licensed for redistribution, and are protected under 17 U.S.C. § 102(a) as original works of authorship fixed in a tangible medium.

The infringing repositories (https://github.com/Shayennn/FUCKYOU-TESLA-FSD and https://github.com/Shayennn/TeslaBleHttpProxy [private] contain code that copies, replicates, and circumvents these protected works by:

- Intercepting and modifying CAN bus messages to enable FSD without valid entitlements
- Bypassing BLE authentication to allow remote execution of vehicle commands
- Replicating Tesla’s proprietary communication protocols without authorization

This constitutes direct infringement of Tesla’s exclusive rights under U.S. copyright law, including reproduction, distribution, and creation of derivative works.

**If the original work referenced above is available online, please provide a URL.**

The original copyrighted works described, including Full Self-Driving (FSD) software, vehicle communication protocols, and technical access control mechanisms, are not publicly available and are not distributed via any public URL.

These works are:

- Proprietary and confidential
- Only accessible to Tesla employees, authorized partners, and vehicle firmware
- Not published on public websites, GitHub, or open-source platforms
- Protected under U.S. copyright law as original works of authorship

Therefore, no public URL exists for the original copyrighted works. The infringing repositories (https://github.com/Shayennn/FUCKYOU-TESLA-FSD and https://github.com/Shayennn/TeslaBleHttpProxy) contain unauthorized copies and circumventions of these protected works, but they do not represent legitimate public distribution of the original.

**We ask that a DMCA takedown notice list every specific file in the repository that is infringing, unless the entire contents of the repository are infringing on your copyright. Please clearly state that the entire repository is infringing, OR provide the specific files within the repository you would like removed.**

**Based on the above, I confirm that:**

The entire repository is infringing

**Identify the full repository URL that is infringing:**

https://github.com/Shayennn/FUCKYOU-TESLA-FSD
https://github.com/Shayennn/TeslaBleHttpProxy

**Do you claim to have any technological measures in place to control access to your copyrighted content? Please see our <a href="https://docs.github.com/articles/guide-to-submitting-a-dmca-takedown-notice#complaints-about-anti-circumvention-technology">Complaints about Anti-Circumvention Technology</a> if you are unsure.**

Yes

**What technological measures do you have in place and how do they effectively control access to your copyrighted material?**

Tesla implements multiple layered technological measures to control access to its proprietary software and vehicle systems. These measures are designed to prevent unauthorized use, modification, or circumvention of protected works, including Full Self-Driving (FSD) functionality, vehicle control protocols, and secure communication interfaces.

1. FSD Entitlement Validation
- The vehicle checks for a valid FSD subscription via Tesla’s backend servers before enabling FSD features.
- This requires an active, region-qualified subscription tied to a specific Tesla account and vehicle VIN.
- Without a valid entitlement, FSD features remain disabled at the software level even if the hardware is present.

2. CAN Bus Message Authentication and Integrity Checks
- Critical control messages (e.g., CAN IDs 1016, 1021) are signed and validated by the vehicle’s central computer.
- Unauthorized modification of these messages, such as setting the FSD enable bit without proper authorization, is detected and rejected.
- This prevents tampering with core driving logic at the hardware level.

3. Bluetooth Low Energy (BLE) Authentication and Key Exchange
- Tesla vehicles use a secure, encrypted BLE connection to authenticate devices (e.g., the Tesla mobile app).
- A unique, time-limited key is generated and exchanged via the app, ensuring only authorized devices can send commands.
- The TeslaBleHttpProxy bypasses this by using a pre-generated key (via NFC pairing), which circumvents the intended authentication flow.

4. Vehicle State and Command Authorization Checks
- Commands such as `remote_start_drive`, `charge_start`, or `unlock` are only executed if:
- The vehicle is awake and unlocked
- The user is authenticated via the Tesla app
- The command is sent from a trusted device
- These checks prevent remote abuse and ensure only authorized users can control the vehicle.

5. Cryptographic Firmware Signing
- All vehicle firmware updates are digitally signed and verified during installation.
- Unauthorized or unsigned firmware cannot be loaded, preventing malicious modifications to core systems.

6. Secure API Access (Fleet API)
- The Tesla Fleet API requires OAuth2-based authentication with valid access tokens.
- These tokens are tied to specific user accounts and are revoked upon logout or device removal.

These measures collectively form a **multi-layered access control system** that effectively prevents unauthorized access, modification, or use of Tesla’s copyrighted software and vehicle systems. The repositories in question: https://github.com/Shayennn/FUCKYOU-TESLA-FSD and https://github.com/Shayennn/TeslaBleHttpProxy are designed to circumvent each of these protections, thereby violating 17 U.S.C. § 1201(a)(2)(A) of the DMCA.

**How is the accused project designed to circumvent your technological protection measures?**

The accused projects: https://github.com/Shayennn/FUCKYOU-TESLA-FSD and https://github.com/Shayennn/TeslaBleHttpProxy are explicitly designed to circumvent multiple layers of Tesla’s technological protection measures. Here is how each project achieves this:

1. FUCKYOU-TESLA-FSD: Circumvention of FSD Entitlement & CAN Bus Authentication

- Circumvents FSD Entitlement Validation
The firmware runs on an Adafruit Feather M4 CAN board and intercepts CAN bus messages (e.g., ID 1016, 1021) to inject a false FSD enable signal when "Traffic Light and Stop Sign Control" is enabled in the vehicle’s settings.
→ This bypasses Tesla’s backend FSD subscription check by simulating a valid entitlement at the hardware level, even if no subscription exists.

- Circumvents CAN Bus Message Authentication
The project modifies the FSD enable bit in CAN frames without proper cryptographic signing.
→ The vehicle’s central computer detects this as an invalid message, but the firmware re-transmits the modified frame at high frequency, overwhelming the system’s ability to flag it as malicious.
→ This exploits a known vulnerability in the vehicle’s duplicate-frame detection logic, which fails to block repeated, modified frames.

- Circumvents Nag Suppression & Safety Checks
The firmware clears the "hands-on-wheel" nag bit, allowing the vehicle to operate in FSD mode without driver input.
→ This bypasses Tesla’s safety-critical requirement for driver attention.

2. TeslaBleHttpProxy: Circumvention of BLE Authentication & Command Authorization

- Circumvents BLE Key Exchange & Device Authentication
The proxy allows external HTTP clients to send commands to the vehicle via Bluetooth.
→ It uses a pre-generated BLE key (obtained via NFC pairing) that **bypasses the Tesla app’s secure key exchange process**.
→ This allows unauthorized devices to gain persistent access without user consent or app-based authentication.

- Circumvents Vehicle State and Command Authorization
The proxy sends commands (e.g., `remote_start_drive`, `charge_start`, `door_unlock`) directly to the vehicle, **without requiring the vehicle to be awake or unlocked**.
→ It bypasses Tesla’s state checks by automatically waking the vehicle and executing commands without user interaction.

- Circumvents Access Control Based on User Role
The proxy allows execution of commands that require "Owner" privileges (e.g., `set_valet_mode`, `erase_user_data`) using a "Charging Manager" key.
→ This violates Tesla’s role-based access control system, which is designed to limit permissions.

- Circumvents Rate Limiting and Session Security
The proxy queues and processes commands one at a time, but can be used to send repeated commands (e.g., rapid door unlocks) without triggering rate limits or session timeouts.
→ This enables abuse of vehicle functions beyond normal use.

Summary of Circumvention Design:

| Protection Measure | How It Is Circumvented |
|--------------------|------------------------|
| FSD Entitlement Check | Fake enable signal injected at CAN bus level |
| CAN Message Authentication | Modified frames re-transmitted at high frequency |
| BLE Authentication | Pre-generated key used via NFC pairing |
| Vehicle State Checks | Commands sent automatically without wake-up |
| Role-Based Access | Owner-level commands executed with limited key |
| Safety Checks | Hands-on-wheel nag suppressed |

These projects are "not tools for research, education, or debuggin - they are "purpose-built circumvention systems" designed to bypass Tesla’s access controls, enabling unauthorized use of FSD and remote vehicle control.

This constitutes direct violation of 17 U.S.C. § 1201(a)(2)(A) of the DMCA, which prohibits the manufacture, distribution, or use of tools designed to circumvent technological protection measures.

**If you are reporting an allegedly infringing fork, please note that each fork is a distinct repository and <i>must be identified separately</i>. Please read more about <a href="https://docs.github.com/articles/dmca-takedown-policy#b-what-about-forks-or-whats-a-fork">forks.</a> As forks may often contain different material than in the parent repository, if you believe any of the repositories or files in the forks are infringing, please list each fork URL below:**

**Is the work licensed under an open source license?**

No

**What would be the best solution for the alleged infringement?**

Reported content must be removed

**Do you have the alleged infringer’s contact information? If so, please provide it.**

Yes, the alleged infringer’s contact information is available.

GitHub username: Shayennn
Repository URL: [private]
Email address: Not publicly listed ([private])
Publicly available contact: None provided in the repository or profile
Note: While the user’s GitHub profile does not list an email or direct contact method, the repositories and associated GitHub account are publicly accessible. For the purpose of this notice, the GitHub username and repository URLs are sufficient to identify the alleged infringer.

**I have a good faith belief that use of the copyrighted materials described above on the infringing web pages is not authorized by the copyright owner, or its agent, or the law.**

**I have taken <a href="https://www.lumendatabase.org/topics/22">fair use</a> into consideration.**

**I swear, under penalty of perjury, that the information in this notification is accurate and that I am the copyright owner, or am authorized to act on behalf of the owner, of an exclusive right that is allegedly infringed.**

**I have read and understand GitHub's <a href="https://docs.github.com/articles/guide-to-submitting-a-dmca-takedown-notice/">Guide to Submitting a DMCA Takedown Notice</a>.**

**So that we can get back to you, please provide either your telephone number or physical address.**

[private]

**Please type your full name for your signature.**

[private]