r/Comma_ai

I’m wanting to get it for my 2019 Bolt. Is it good in city driving as well? Where there’s just tons of traffic? Thanks!

I have had the comma for years but within the last week or so the driver monitor has been beyond sensitive. I’ll be looking straight ahead at the road and it’s constantly going off, no matter the way I have my head positioned.

Any other forks/branches you guys recommend that can help this out? It’s beyond frustrating.

One of the wires got pulled out of my Ford harness. It came out of the connector and I was about two months out of warranty and they still shipped a new harness free!

WHAT? you say. They told us that was impossible!!

The lack of resume has been one of the most annoying things about my Rivian but I absolutely love it otherwise.

When I got my Comma device I figured that it ought to be possible to leverage it to provide a resume feature, but those already working on the Rivian side of things told me it was not worth trying. 'Not possible" they said. I didn't believe them.

So I set about learning how the whole open source openpilot/sunnypilot system works and am now pleased to announce a beta release of this feature in my fork of Sunnypilot/master

If you have a Comma device with the Rivian longitudinal extension, load up this branch from Geomglot/rivian-resume.

If you don't have a Comma device then you might want to look at getting one if you want resume on your Rivian.

Instructions on how it all works are here.https://docs.google.com/document/d/1h3FiLPjMXQh3Ann1S9\_ElCKyN1TYsD5970TkMk791xs/edit?usp=sharing

Enjoy and let me know how it all goes. Send me bug reports

Hello, all. I’m about to pull the trigger on the Comma 4 for my 2024 Mustang Mach E. Before I do, I wanted to see if anyone has installed the Comma 4 in a MME lately. I saw one review that stated running the wire to the trunk was not an issue. But, looking at the Comma 4 site’s install video, it only shows tapping into the cable harness behind the rear view mirror. So, do I in fact have to run a cable to the trunk? If so, when I order the harness will it be long enough/all I need to install or should I order something additional?
Thank you.

Maybe it’s a honeymoon period with the device but I actually enjoy using my car way more. I’m thoroughly impressed by how effective such a small model is with a single forward facing camera. If no progress was made on the current model I’d be very happy with the current state.

That said, is there anything exciting coming our way? I’d love for the stop lights to get polished up, it’s almost there!

It's unlikely comma.ai will "crack" Toyota TSS 3.0+ encryption at scale, and they've effectively deprioritized modern Toyotas. The problem isn't a single encryption cipher to break — it's a hardware-backed security architecture (HSM-protected keys) that makes per-vehicle extraction economically and technically infeasible for a consumer hardware company.
What's Actually Happening (The Technical Reality)
SecOC Is Not "Encryption" — It's Message Authentication
Toyota's implementation uses AUTOSAR SecOC (Secure Onboard Communication), which appends a Message Authentication Code (MAC) to CAN bus messages. This isn't encrypted data you can decrypt — it's a cryptographic signature that proves the message came from an authorized ECU. Without the per-vehicle AES key, comma's devices can listen but can't send valid control commands.
The 2020-2021 Exploit Window Has Closed
Security researchers Willem Melching (former head of openpilot at comma.ai) and Greg Hogan successfully extracted keys from early SecOC vehicles like the 2021 RAV4 Prime by:

1. Using voltage fault injection to bypass the locked debug port on the power steering ECU
2. Reverse-engineering the bootloader to upload shellcode
3. Extracting keys from RAM (since these early ECUs did AES in software, not hardware)
   The critical finding from their research: By 2022+, Toyota began phasing in Hardware Security Modules (HSMs) within the microcontrollers. The keys are no longer in RAM — they're locked in silicon that won't export them, even with code execution.
   What This Means for Newer Vehicles
   From Melching's own analysis on a 2023 Corolla Cross (which still had a vulnerable bootloader):
   • They could still achieve code execution
   • The ECU had started using the HSM for AES operations
   • Keys could not be extracted from memory
   • In theory, you could turn the ECU into a "signing oracle" (keeping it connected and asking it to sign messages), but this isn't practical for a consumer product
   The optskug community documentation (the definitive tracking resource) confirms: "Nobody is known to be working on the issue at the moment."
   ----
   The Vehicles Affected
   Working (key extraction possible):
   • 2021 RAV4 Prime, 2021-2023 Sienna (US-made), 2020-2022 Yaris, 2021 GR Yaris, 2021 Venza
   Not hacked and unlikely to be:
   • 2023+ Lexus RX, RZ, LS, ES
   • 2024+ Grand Highlander, Tacoma, GX, TX
   • 2023+ Prius/Prius Prime
   • 2024+ RAV4 (new generation)
   • 2022+ Tundra, 2023+ Sequoia
   • 2023+ bZ4X/Solterra
   Looking at comma.ai's official vehicle list, their newest "favorite" Toyotas are the 2021-22 Prius and 2020-23 Highlander — models that predate or sit at the edge of the SecOC transition.
   Why Comma.ai Likely Won't Solve This
4. It's Not Their Business Model
   Comma.ai sells consumer hardware that "just works" when you plug it in. The SecOC workaround for early Toyotas required:
   • Physical removal of the power steering ECU
   • Bench-top voltage fault injection equipment
   • Firmware dumping and reverse engineering
   • Per-vehicle key extraction
   This is boutique hardware security research, not a scalable consumer product.
5. Cat-and-Mouse Dynamics Favor Toyota
   Even if researchers found a new bypass on 2023-2024 vehicles, Toyota can:
   • Patch bootloaders via over-the-air updates
   • Rotate to newer HSM implementations
   • Close the vulnerability window
   comma.ai would need to maintain an active hardware security research lab just to chase Toyota's updates.
6. They've Already Moved On
   Comma.ai's recent development focus has shifted to:
   • Tesla (Model 3/Y with HW3/HW4)
   • Rivian (R1T/R1S)
   • Ford (F-150, Explorer, Bronco)
   • Hyundai/Kia ( Ioniq 5, EV6, Palisade)
   These brands either don't use SecOC or have architectures more amenable to comma's integration approach. Their "favorite cars" list now prominently features Hyundai and Ford over Toyota.
7. The Key Talent Has Left
   Willem Melching — who led the original SecOC research while at comma.ai — has since left the company and pursues this research independently. His blog post on the topic explicitly frames it as an owner's rights/access issue, not a comma.ai commercial initiative.
   ----
   What Could Happen (But Is Unlikely)
   Scenario Likelihood Explanation
   New bootloader vulnerability found Low-medium Toyota has patched known bypass vectors
   HSM key extraction via side-channel Very low Requires advanced semiconductor analysis per chip revision
   Firmware modification to disable SecOC Unknown Research stalled in 2025; risks safety system integrity
   Comma.ai partners with Toyota Very low Toyota has no incentive to support aftermarket ADAS competitors
   CAN FD/ethernet architecture change Possible long-term Newer vehicle networks may offer different attack surfaces
   Bottom Line
   If you own a TSS 3.0+ Toyota (2023+ models), don't hold your breath for comma.ai support. The security architecture has fundamentally shifted from "software verification with key in memory" to "hardware-backed signing that can't be extracted."
   Comma.ai is a machine learning and consumer hardware company, not a hardware security research firm. The research that did crack early SecOC vehicles came from individual security researchers with specialized equipment, not from comma.ai's product engineering team. Those researchers have moved on, and comma.ai's commercial priorities have shifted to brands with more open architectures.
   Your best bet for modern driver assistance in a newer Toyota is Toyota's own TSS 3.0 system — which, by most accounts, has improved significantly and now offers competent lane centering and adaptive cruise. It's not openpilot, but it's no longer the uncompetitive system that made comma.ai essential for Toyota owners in the first place.

My C3 just went kaput. I'm taking a long trip soon and I would die without the comma. I have all harness and wires (obviously) so I only need the device itself if anyone is looking to sell.

DM me!

I have a 2021 Camry SE and am looking to install Comma 4. It says openpilot operates above 28mph for Camry 4CYL L, 4CYL LE and 4CYL SE which don't have Full-Speed Range Dynamic Radar Cruise Control. Is there anyway to bypass the 28mph or higher limitation of the car?

I have a C3. I've been out of the loop.

Sunnypilot seems to have dropped C3 support (no commits since October on either `release-tici` or `staging-tici`), leaving a half-finished rewrite.

Not sure about Frogpilot, but stability was... not good when I tried it about 2 years ago.

Any other good forks left?

Hi everyone,

This problem started happening around 2 weeks ago. I have a 2017 honda crv. Running sunnypilot with experimental mode on, using dtr v6, and/or wmi v12.

In a highway setting where theres no car in front of me with a straight away, my car will not drive faster than 66mph. I have tried various speed limit settings, even setting the speed limit to 80mph.

Has anyone encounter that before?

my wife and I are doing some car shopping and have been considering a 2026 Kia carnival or 2026 Sienna. we’re leaning carnival because of their hda2.

How good is the comma 4 really and how long until it would be compatible with these vehicles?

Purchased 11:00pm 4/23/26
Shipped notification and tracking received : 12:45pm
Received: 5/1/26

Reason for purchase:
40 Mille commute each way

Vehicle:

2017 Toyota Corolla
(Radar and lane keep)

Experience with ADAs
( just placing this here for an understanding of my skill level)

Autopilot 1,000 miles
Pro-pilot -500 miles
HDA - 600 miles
FSD - 30,000 miles

Why am i interested:

So my wife is the main driver of our Tesla, and I’ve got a long commute, so I wanted something to make the drive less annoying. Regular cruise control helps, but I’m a tech nerd and recently fell down the whole self‑driving/ADAS/autonomous‑vehicle rabbit hole, so I figured it was time to try something more fun.

I originally looked at the Comma 3X and kept waiting because the 4 was “right around the corner.” I didn’t really want to drop $1,100, but I was willing to do it for the experience. The long lead times kept making me put it off. Honestly, if I had ordered, I’d probably have it by now, but the 4–12 week wait scared me off.

Then I got a Reddit ad for the Sidecar and thought, “Screw it, $500 is way easier to swallow.” I know it doesn’t do custom forks or any of the fancy stuff, but my car is older and has its own limitations, so I doubt custom forks would’ve added much anyway. And honestly, this thing is already a huge upgrade over stock.

Installation:

Super straightforward. Basically the same as a Comma install, but it still uses the older adapter. I pulled the curtain airbag cover, made sure the cable ran along the harness (not in front of the airbag), and routed it through the headliner.

Plugged everything in, tucked the cables (which was a tight fit in my LKAS housing), and zip‑tied everything down. Took me about an hour instead of the advertised 30 minutes, but still easy overall. Looks clean.

Usage:

So far, it’s been great. It does exactly what it says. I’m hands‑free on the highway and honestly pretty impressed. Works day and night, and even does fine on surface streets.

My car has the Toyota limitation where cruise won’t engage below 25 mph, so I can’t fully test steering torque at low speeds, but even with that, the experience has been solid. Definitely feels worth the $500.

The app is basic but useful shows your drives, lets you tweak settings, shows speed and readiness. There’s also a CarPlay app that shows readiness and speed when it’s active. Nothing fancy, but nice to have.

Random Note:

When I parked, the unit flashed red for a bit. Apparently that’s normal it’s just finishing tasks before shutting down.

Why I Posted This:

I figured people would be curious since there was some buzz about this thing a few months back. Happy to be the guinea pig. If you’ve got questions or want me to test something, drop it below and I’ll try it out.

TLDR/
Works good , happy I took the plunge. Now I’ll wait to see longer term reliability. Please ask questions!

I have a 2020 rav4 hybrid, brand new C4 installed with open pilot. Inconsistent reliability. The car is fine one moment, driving with open pilot engaged. and sometimes it disengages and dash alerts start popping up and the camera screen displays messages from "take over vehicle immediately" to "Vehicle variant Unrecognized" . What could be the problem, and is there a solution? Also flashing back to stock didn't work, it won't pop up as a device at all on my laptop. and I have reset the device multiple times.