uConnect 15.26.1 is buggy; I want to downgrade. - Page 11 - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Jeep Platform Discussion > Grand Cherokee - WK2 - > Audio/Visual/Navigation

Join Jeep Garage Today
Reply
 
Thread Tools Display Modes
 
  #121  
Old 08-31-2015, 11:57 PM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: Dec 2011
Location: South Coast
Posts: 53
Thanks: 11
Thanked 20 Times in 13 Posts
Rep Power: 1862
Rocketrancher is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by Roadkill
Bummer. I checked your pics of the board... the Sierra Wireless card doesn't appear to be removable. Is it?
Their literature (and I'm taking a lot out-of-context) indicates both solder and socketed options, but I don't see anything that resembles their socketry.

Quote:
Originally Posted by Roadkill
I have a tip of the hat for the engineers who made their radio datalink harder to eradicate than a cockroach infestation.
I keep thinking that this should more straightforward, but approaching it from the RF side may just bring in more witchcraft. Thought about removing power from the module, but what errors will spring forth then? Also thinking wouldn't it be nice to find a setup script and just add a command to put the @#%$ thing in "Airplane Mode"? Dreaming on….

Quote:
Originally Posted by Roadkill
Thanks for your continued research on this. Do you suspect that continued network registration is arising from board traces (or otherwise within the radio housing)?
Still in the boat and I'll keep looking around for more ideas.
I have to imagine that something is getting signal. The casting sure seems robust and the connections are bonded to the case. I'll have to take a closer look inside next opportunity, and maybe a shielding trial. Maybe Faraday is not happy.

Y'know, there's something that's been bugging me and I can't quite sort it out: The "phone" touch on the screen displays signal strength, and when there's no service there are no bars. The "apps" touch also has a bar graph but when there's no service (The "Ø" does mean "no service", right?) it displays one bar. Sorta creeps me out.

Reply With Quote
Sponsored Links
Advertisement
 
  #122  
Old 09-01-2015, 04:37 PM
Member
 
Join Date: Jul 2014
Posts: 51
Thanks: 1
Thanked 2 Times in 2 Posts
Rep Power: 918
karirick is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by Rocketrancher View Post
Greetings

I've been lurking around for a long time but never really had something I thought significant to share until now. I think I can help…

I never activated even the trial "Access" because, after reading the privacy policy, i disagreed with feeding operational data from my vehicle to who-knows-where-and-why. The proof-of-concept exploit didn't really scare me but after reading quotes from FCA claiming they know everything about how all their products are being used, it's pretty clear that they don't need anyone to agree with their policies to siphon data so it's time to AirGap the Rat.

Yes, the CDMA radio has a unique antenna. And it can be disconnected without compromising the satellite and terrestrial entertainment radios. That's good news.

Satellite-delivered services, like TravelLink, are not affected if the CDMA radio is disconnected. More good news.

Not-so-good news: That radio knows when it doesn't have an antenna and posts a nag screen to have the "vehicle phone serviced". Although the screen can be dismissed or will time-out after a few seconds, it's still a nuisance and will occur each time Uconnect initializes. The "no service" indicator on the rearview mirror is also lit.

Next step is to see if there's DC power on that port to help to decide if I can terminate the antenna port with a dummy load to appease the radio, so I'll be shopping for connectors for a little while - maybe a trip to the junkyard - and hope to offer some more findings before too long.

I'm also curious about just where this antenna is…..sharkfin? dashboard? Perhaps minor details, but if it's in the dash it might also be tamed with a shield……tinfoil hat, anyone?

Anyway, I hope this helps.
In the meantime, here's what I know, for others who also might want to pursue the air gap:

(Connections in the back of the Uconnect head)

White - am/fm terrestrial radio
Green - for sat + nav radio
Pink - for sat radio only
Red - CDMA radio

There is another White connector body, larger and away from the antenna cables, that connects to the USB hub.

(some pics)

The cables…


CDMA connected… (sorry 'bout the glare)


CDMA disconnected, TravelLink lives!


Nag screen…


No service…
We are having those exact screens/issues and our clock syncs at startup and then stays where it was no matter how long we drive? And Nav is off sometimes. Dealer applied the recent update. Dealer unsure of what to do??
Reply With Quote
  #123  
Old 09-01-2015, 09:57 PM
Member
 
Join Date: Sep 2014
Posts: 264
Thanks: 17
Thanked 48 Times in 38 Posts
Rep Power: 7403
michaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by Rocketrancher View Post
I keep thinking that this should more straightforward, but approaching it from the RF side may just bring in more witchcraft. Thought about removing power from the module, but what errors will spring forth then? Also thinking wouldn't it be nice to find a setup script and just add a command to put the @#%$ thing in "Airplane Mode"? Dreaming on….
I'm far from a coder/hacker/anything but a user- but if you read the report from the hackers that got all the headlines they laid it out that it looked like someone who knew what they were doing could easily do a lot.

I think somone posted the report link earlier in this thread- it was a neat read ever for a dummy like myself.

From what i read it looked like someone who knew such things could create a firmware version or a USB drive with a script at boot time that could stop the modem drivers from running. No idea what that would do but seemed like a possibility when i read the report.

If you could figure out the proper command- airplane mode seems completely doable too from a script file.
Reply With Quote
  #124  
Old 09-03-2015, 11:42 AM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: Dec 2011
Location: South Coast
Posts: 53
Thanks: 11
Thanked 20 Times in 13 Posts
Rep Power: 1862
Rocketrancher is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by karirick View Post
We are having those exact screens/issues and our clock syncs at startup and then stays where it was no matter how long we drive? And Nav is off sometimes. Dealer applied the recent update. Dealer unsure of what to do??
That sequence of events relates to a disconnected cellular radio antenna, circled in first picture. Perhaps yours has gotten damaged or somehow loose? Else there is an issue inside the uconnect box itself.
(Tell dealer to send $130 for the consult )
Reply With Quote
  #125  
Old 09-03-2015, 11:57 AM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: Dec 2011
Location: South Coast
Posts: 53
Thanks: 11
Thanked 20 Times in 13 Posts
Rep Power: 1862
Rocketrancher is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by michaelk View Post

From what i read it looked like someone who knew such things could create a firmware version or a USB drive with a script at boot time that could stop the modem drivers from running. No idea what that would do but seemed like a possibility when i read the report.

If you could figure out the proper command- airplane mode seems completely doable too from a script file.
It does sound inviting and judging from literature it could be as simple as an AT command in the right place
I haven't a clue how interactive and convoluted the uconnect loads are but, from reading the jailbreak threads and information, the code is signed so without the proper signature an edited version would be rejected. Maybe scripts get by...maybe not. I dunno - I'm just kinda dangerous there.
Reply With Quote
  #126  
Old 09-03-2015, 02:12 PM
Member
 
Join Date: Sep 2014
Posts: 264
Thanks: 17
Thanked 48 Times in 38 Posts
Rep Power: 7403
michaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by Rocketrancher View Post
It does sound inviting and judging from literature it could be as simple as an AT command in the right place
I haven't a clue how interactive and convoluted the uconnect loads are but, from reading the jailbreak threads and information, the code is signed so without the proper signature an edited version would be rejected. Maybe scripts get by...maybe not. I dunno - I'm just kinda dangerous there.
find the hacker's paper- they give the step by step how to defeat the signature.

there were at least two ways-

First you start with a good update image- then where it reboots you yank the usb stick. It prompts to put it back. You put back an unsigned image and as long as it was "close enough" it will work.

Second recollection is that an earlier version (maybe a 13.x.y) had a broken signature check. Or you could comment out the check or something. like that.

You could do the above to inject scripts, give yourself root access or the like.

read the report- it was pretty simple to read even for a hacking dummy like myself- so for folks with a clue it seemed easy enough.
Reply With Quote
  #127  
Old 09-03-2015, 02:18 PM
Member
 
Join Date: Sep 2014
Posts: 264
Thanks: 17
Thanked 48 Times in 38 Posts
Rep Power: 7403
michaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

here's the whitepaper:
http://illmatics.com/Remote%20Car%20Hacking.pdf

page 34 starts the jailbreaking discussion:

Quote:
You can insert the USB stick with a valid ISO on it into the USB port on the Uconnect system. The head
unit will recognize that the stick contains an update and begins the updating process, as shown below

If you try to remove the USB stick after it verifies it, but before it reboots, it aborts the update and just
reboots into normal (non-update) mode.
35
However, after verification of the USB stick, the system reboots the head unit. If, when the power is off,
you pull out the USB stick, it simply asks you to insert it.

You can insert a new USB stick at this point. It is not clear what check it runs on the new USB stick, but it
has to be “close” to the old one or it just doesn’t do anything. However, it can contain modified files.
Hex editing the original ISO, to change the root password for example, will work successfully. The
update runs from the ISO, including the code used to verify the validity of the ISO. Therefore, you can
stop that code from running the integrity check if so desired.

Quote:
Version 14_05_03
Version 14_05_03 has a bug that allows bypassing of the ISO verification process. The ISO still needs to
maintain integrity of certain attributes, which are not completely known to us (as above). At a minimum
these includes some hashes and signatures in the file. Hand editing the ISO works to bypass the
integrity check.
The bug:
/usr/share/scripts/update/installer/system_module_check.lua
91 local fname= string.format("%s/swdl.iso", os.getenv("USB_STICK") or
"/fs/usb0")
92 local FLAGPOS=128
93
94 local f = io.open(fname, "rb")
95 if f then
96 local r, e = f:seek("set", FLAGPOS)
97 if r and (r == FLAGPOS) then
98 local x = f:read(1)
99 if x then
100 if x == "S" then
101 print("system_module_check: skip ISO integrity check")
Bypassing the validation checks of the ISO is as simple as hand editing the file in a hex editor and
changing the value at offset 128 (0x80) to ‘S’ (0x53).

then it goes on into two ways you can run arbitrary code- either in "update" or "normal" modes. Again I am no hacker but i think you could use either of the code running methods to load a USB "key" so a script (say to run an AT command to kill the modem) would run whenever the key is inserted. If you wanted to run "unhacked" then you would just pull the "key" before bootup and it would boot as normal.


Quote:
After this change, the Uconnect system will execute any commands on a file called ‘cmds.sh’ on the USB
stick if it is in at boot time.
Reply With Quote
The Following User Says Thank You to michaelk For This Useful Post:
  #128  
Old 09-03-2015, 04:48 PM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: Dec 2011
Location: South Coast
Posts: 53
Thanks: 11
Thanked 20 Times in 13 Posts
Rep Power: 1862
Rocketrancher is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by michaelk View Post
here's the whitepaper:
http://illmatics.com/Remote%20Car%20Hacking.pdf

page 34 starts the jailbreaking discussion:
.
Thanks for the link!
Looks like the IOActive document without footnotes; I'll add it to my collection and give it a good read.
Reply With Quote
  #129  
Old 09-03-2015, 05:01 PM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: Dec 2011
Location: South Coast
Posts: 53
Thanks: 11
Thanked 20 Times in 13 Posts
Rep Power: 1862
Rocketrancher is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by karirick View Post
We are having those exact screens/issues and our clock syncs at startup and then stays where it was no matter how long we drive? And Nav is off sometimes. Dealer applied the recent update. Dealer unsure of what to do??
Also came across this thread on another site:
Bricked 8.4an with 14.5.3, possible bad air card? - 2014 - 2015 Jeep Cherokee Forums

Seems there have been hardware failures of the module.

Some interesting dialogue along the way….

"...Based on my review of the software ISO itself, there are several checks in the embedded aircard script that would seem to indicate the install should fail before the point I get to if the 3G chipset itself was not working hardware-wise. Per the above release note, my best guess is that the software changes the state of the 3G chipset, like to put it to sleep, or in standby, or something similar, and some bug in the software is putting it into a state it can't wake back up from, so it no longer does it's job but still is working enough to pass the failure checks in the upgrade script."

But I think I'm still looking most at the RF side of things for a while yet.
Reply With Quote
  #130  
Old 09-10-2015, 04:00 PM
Member
 
Join Date: Mar 2013
Posts: 358
Thanks: 59
Thanked 26 Times in 17 Posts
Rep Power: 1824
Briant73 has a reputation beyond reputeBriant73 has a reputation beyond reputeBriant73 has a reputation beyond reputeBriant73 has a reputation beyond reputeBriant73 has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

About the sleepy Amp issue , a TSB has been issued but only for 2015s so far http://wk2jeeps.com/tsb/tsb_wk2_0808315.pdf
Reply With Quote
  #131  
Old 09-12-2015, 01:36 AM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: Dec 2011
Location: South Coast
Posts: 53
Thanks: 11
Thanked 20 Times in 13 Posts
Rep Power: 1862
Rocketrancher is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Update time.

The holiday weekend and weather set me back a little, but I did some more poking around during the week and have some news, albeit not the pot o'gold yet.

Short version:
I cut the range some more and took more snapshots of the radio.

Long version:
A while back, in #94, @jeepgrandcherokeesal mentioned antenna grounding and the vehicle floating. I kept getting mental pictures of the plastic dash frame and the radio's mounting flanges also being plastic. So I measured bond between the coax shields and the radio case again and then from the radio case to the cast subframe near the firewall. There was a difference of an ohm or so, but the case was neither bonded nor isolated. I also found no measurable DC there.

I took about 6" of braid and lugged it; then attached one terminal to the conveniently-drilled hole in one of the radio's fins. The other went under a screw found in the dash frame below the radio, threaded into the metal subframe.

Noticeable improvement: I now have to be about 100' from the base of the tower before I see a 1x registration. So close, almost good enough, but still not there.

So back to another spell of meditation.

Meanwhile, I'd been curious about what lies between the Sat radio connection and the CDMA connections so I took the covers off again and exposed more of the radio for sightseeing…..

Directly under the rear casting



And digging a little deeper on the opposite side, with the cover off the CDMA and "Pink" ports. Simple enough under the cover. To the left, though, is a curiosity to me, and what the network around the SXM connection is up to. From the literature, I understand that the Sierra module is also our GPS receiver, so perhaps there's filtering and routing there.



So I put the cover back on and was staring at the at the SXM connection, idly tapping on the top of the air card with a dental probe and then realized that it sounded hollow…..and loose. Like the cover above, it is clipped-on and turns out to not be the monolithic monster I was expecting…but still a monster.



Turning to the rest of the box, I had to get a closer look at the display, and slipped it from the other half of the casting. There's another aircard which I'll presume is the bluetooth/wifi module, and some feedlines leading to the front...



…where they attach to a contact assembly at the bottom of the display face...



…and then to printed elements under the first layer of glass…



So, that's where I'm at today.
Oh, and the radio/nav/bluetooth still work just fine.
Reply With Quote
The Following 2 Users Say Thank You to Rocketrancher For This Useful Post:
  #132  
Old 09-14-2015, 01:01 PM
New Member
 
Join Date: Sep 2015
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
kerrys914 is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Hey JEEP'ers

I found this thread from a Chrysler board. I have an adapter I use/make for the 8.4an navigation radios which gets rid of the "NAG" 911 phone message screen.

It just plugs into the back of the radio (no cutting or opening of the radio) and mimics the antenna connection to stop the 911 message from popping up.

It might work for you guys too.

kerrys914@yahoo.com
Reply With Quote
Reply

Tags
uconnect

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Oil life algorithm still buggy Roadkill 2014+ Jeep Grand Cherokee Ecodiesel 3.0 7 01-19-2015 09:33 PM
Want to Downgrade from my 2005 REC NAV jsquire1 Troubleshooting/Problems 3 11-14-2013 08:45 PM
The Buggy :: 2012 Jeep Grand Cherokee SRT8 Challenger15 Member Garage Discussions 0 01-04-2013 08:48 AM
My system downgrade - Finished w87will Audio, Video, Navigation & Electronic Modifications 80 10-27-2010 11:49 PM

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 06:34 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.