uConnect 15.26.1 is buggy; I want to downgrade. - Page 16 - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Jeep Platform Discussion > Grand Cherokee - WK2 - > Audio/Visual/Navigation

Join Jeep Garage Today
Reply
 
Thread Tools Display Modes
 
  #181  
Old 11-20-2015, 06:00 PM
Member
 
Join Date: Oct 2014
Posts: 56
Thanks: 17
Thanked 9 Times in 8 Posts
Rep Power: 11180
CaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Been traveling, and off-line for a while, so I just jumped on here today, and read all the interesting new posts. Thanks to RK, RR & any others who continue to discover the hidden secrets of the Uc.

Wish I had something to contribute, but I am way behind the curve. Still, I will stay tuned, and excited by the possibilities of a custom hack.

Reply With Quote
Sponsored Links
Advertisement
 
  #182  
Old 11-29-2015, 09:59 PM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: Dec 2011
Location: South Coast
Posts: 53
Thanks: 11
Thanked 20 Times in 13 Posts
Rep Power: 1864
Rocketrancher is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Hi CapnWill

Welcome back. How many miles did you get on the jeep?

Things have slowed a bit and I think it will slow further as the holidays spin-up, but the dreams are still alive.

RR
Reply With Quote
  #183  
Old 11-29-2015, 10:30 PM
Member
 
Join Date: Oct 2014
Posts: 56
Thanks: 17
Thanked 9 Times in 8 Posts
Rep Power: 11180
CaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond reputeCaptWill has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by Rocketrancher View Post
Hi CapnWill

Welcome back. How many miles did you get on the jeep?

Things have slowed a bit and I think it will slow further as the holidays spin-up, but the dreams are still alive.

RR
Hi RR ...
We'll fasten your seatbelt for this bit of news. The ole Jeep has 2k miles already!! Yep, it's true. Also true we've been traveling, but the Jeep stayed parked in the garage. We have a camper, and I drove it to Tennessee to attend a state rally, and visit friends, Then went on down to southwest Florida, to visit family for a week..

But I'd almost bet that the Jeep will have 3k mile by Memorial day

I'm happy to hear that you haven't quit thinking about the 'project', and still have hope to go further with it. Meantime, I'm happy to see the little red LED on the rear view mirror, remind me that I have no signal.

TC,
Bill
Reply With Quote
  #184  
Old 11-29-2015, 11:40 PM
Senior Member
 
Join Date: Sep 2013
Posts: 1,288
Thanks: 46
Thanked 155 Times in 126 Posts
Rep Power: 2813
Roadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

It's definitely possible to downgrade to the exploitable firmware version, load a custom modified firmware, and then activate the built-in firewall to block all data traffic—in or out—on the cellular aircard. This would disable the creepy tracking by FCA, as well as preventing hackers from remotely exploiting the vehicle over the cellular network, while leaving the E-911 capability intact, and allowing a stolen vehicle to be located after contacting the police & Sprint with the IMEI/MEID from the engineering menu (i.e. no need to pay that stupid monthly uConnect service fee for stolen vehicle tracking).

Modifying firmware has been discussed in other threads, c.f.
8.4 UConnect Update - Deconstructed

Perhaps one of the users who posted there would be willing to put together a modified "security conscious" hacked firmware distribution. Or perhaps that guy who makes the lockpick firmware could offer this kind of thing as an option.

FWIW, I'm still taken aback by how difficult it has been to disable the aircard from connecting to the towers with antenna mods.
Reply With Quote
The Following 2 Users Say Thank You to Roadkill For This Useful Post:
  #185  
Old 11-30-2015, 12:32 PM
Member
My Jeep: 2014 5.7L WK2
 
Join Date: Dec 2011
Location: South Coast
Posts: 53
Thanks: 11
Thanked 20 Times in 13 Posts
Rep Power: 1864
Rocketrancher is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by Roadkill View Post
FWIW, I'm still taken aback by how difficult it has been to disable the aircard from connecting to the towers with antenna mods.
Amen!

Reflecting on post 179, I think I can conclude that my thoughts were, indeed, a fantasy.

Since then I spent a little time creeping up to my favorite tower and observing mode & address changes among sleep/searching/idle/active in the engineering data. Crude but convincing.

The adventure continues...
Reply With Quote
  #186  
Old 12-04-2015, 04:01 PM
subbie09's Avatar
Member
My Jeep: 2012 3.6L WK2
 
Join Date: Jul 2012
Posts: 817
Thanks: 0
Thanked 34 Times in 31 Posts
Rep Power: 4547
subbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Mine isn't Buggy but I wish they would create an update for the damn amp wake up. Pain in the but.


Sent from my iPhone using JeepGarage
Reply With Quote
  #187  
Old 12-04-2015, 04:22 PM
Member
 
Join Date: Sep 2014
Posts: 264
Thanks: 17
Thanked 48 Times in 38 Posts
Rep Power: 7405
michaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by subbie09 View Post
Mine isn't Buggy but I wish they would create an update for the damn amp wake up. Pain in the but.


Sent from my iPhone using JeepGarage
there's been a TSB for the amp wakeup for a couple months now.

http://www.wk2jeeps.com/tsb/tsb_wk2_0808315a.pdf

are you looking for an update to the update (apparently it still had some bugs)?
Reply With Quote
  #188  
Old 12-04-2015, 05:49 PM
subbie09's Avatar
Member
My Jeep: 2012 3.6L WK2
 
Join Date: Jul 2012
Posts: 817
Thanks: 0
Thanked 34 Times in 31 Posts
Rep Power: 4547
subbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond reputesubbie09 has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by michaelk View Post
there's been a TSB for the amp wakeup for a couple months now.



http://www.wk2jeeps.com/tsb/tsb_wk2_0808315a.pdf



are you looking for an update to the update (apparently it still had some bugs)?

I guess. I'm running the latest firmware that you can get from the Internet and it solved the amp wake o for 2 days then it returned. It's no big problem, just annoying that I have to hit an adjustment to get it proper.


Sent from my iPhone using JeepGarage
Reply With Quote
  #189  
Old 12-05-2015, 05:16 PM
Member
 
Join Date: Mar 2013
Posts: 358
Thanks: 59
Thanked 26 Times in 17 Posts
Rep Power: 1826
Briant73 has a reputation beyond reputeBriant73 has a reputation beyond reputeBriant73 has a reputation beyond reputeBriant73 has a reputation beyond reputeBriant73 has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by subbie09 View Post
I guess. I'm running the latest firmware that you can get from the Internet and it solved the amp wake o for 2 days then it returned. It's no big problem, just annoying that I have to hit an adjustment to get it proper.


Sent from my iPhone using JeepGarage

The amp fix has to be done at the dealer. Print out the tsb and ask your dealer to perform it.


Sent from my iPad using JeepGarage
Reply With Quote
  #190  
Old 01-02-2016, 05:21 PM
Premium Member
 
Join Date: Sep 2012
Posts: 10
Thanks: 4
Thanked 2 Times in 2 Posts
Rep Power: 1555
digi is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by Rocketrancher View Post
Hello everyone!

Here's the picture I promised awhile back, +1.
I was tidying-up the mid-dash from the camera install and removing a cord that I'd passed thru the upper corner of the bezel. I wanted to open Pandora's box again to study the SAW filters that are handling signals to, and within, the air card. I think we can see that they're using the satellite radio antenna for nav, too, with the aircard being the GPS receiver. Interesting that routes are defined for telematics and two cellphone flavors, and not too happy to see the TM center frequency so close to GPS.
First - thank you for consistently contributing such detailed information. Did you happen to take any other high res close up pictures of the RA4? I'm looking for possible JTAG pads specifically.
Reply With Quote
  #191  
Old 01-02-2016, 05:34 PM
Senior Member
 
Join Date: Sep 2013
Posts: 1,288
Thanks: 46
Thanked 155 Times in 126 Posts
Rep Power: 2813
Roadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond repute
Quote:
Originally Posted by digi View Post
I'm looking for possible JTAG pads specifically.
JTAG access would be interesting. Out of curiosity, is there something you specifically need the JTAG for, given that you can roll back your RA4 to pwn-able firmware releases and then follow the steps from the IOActive white paper, which would give you control over the entire system *and* vehicle CAN bus? In that case (presuming you modify the QNX neutrino installation config), JTAG would be mostly useful if one were to accidentally brick their head unit--a distinct possibility given their "update present" check code is executed at the end of the main boot sequence.

Anyway, I shake my head at the engineers that designed this system for their decision to peer the RA4 unit on the bus. It's like they were begging for remote exploits, even before you look at their sad sack code.

BTW, I know I'm right regarding the cause of the earlier firmware releases having juddery backup cam images. I asserted it seemed like the system was overloaded and was dropping frames. Examining the code indicates they use various hacks due to cpu constraints... ultimately this is all just bad code running on a badly designed system.
Reply With Quote
  #192  
Old 01-02-2016, 07:49 PM
Premium Member
 
Join Date: Sep 2012
Posts: 10
Thanks: 4
Thanked 2 Times in 2 Posts
Rep Power: 1555
digi is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by Roadkill View Post
JTAG access would be interesting. Out of curiosity, is there something you specifically need the JTAG for, given that you can roll back your RA4 to pwn-able firmware releases and then follow the steps from the IOActive white paper, which would give you control over the entire system *and* vehicle CAN bus? In that case (presuming you modify the QNX neutrino installation config), JTAG would be mostly useful if one were to accidentally brick their head unit--a distinct possibility given their "update present" check code is executed at the end of the main boot sequence.
This is exactly the use case. With a replacement RA4 at $1k I'd really like to avoid bricking it.

I'm thinking about taking some ballsy shortcuts like using the Lua update tooling from 14.05.03 and seeing if it'll install 15.17.5. If it works, it would save me the hassle of analyzing the new bytecoded Lua scripts and figuring out exactly how FCA/HK mitigated the sum bypass trick. I'm only really willing to go that route if I can read the NAND directly or identify and test a JTAG port.

IHS tore down a 8.4AN (RA3?) in 2013 and posted a few convenient pictures[1] of the flash memory chip and some board layouts, so I am hopeful.

I was able to decode system_module_check.lua with unluac and at first glance the magical "S" marker still appears to be honored, so it must be patched elsewhere.

Code:
    L11_12 = "S"
    L10_11 = L10_11(L11_12)
    if L9_10 == L10_11 then
      L10_11 = print
      L11_12 = "system_module_check: Mfg install mode, skipping file integrity check"
      L10_11(L11_12)
With respect to interacting with the CAN bus I'm under the impression that I'll also need to patch cmcioc.bin and successfully reflash the IOC. I'm far from a seasoned embedded developer, and the firmware blob has in fact been updated in 15.17.5.

Code:
14.05.03 MD5 e21444ebd05f1041dc83190d7572596a
15.17.5 MD5 4f80eaaa37b365aa79aef43481b15124
The authors of this paper are much smarter than I am, and they even made a comment on how much time they invested in this portion of their attack:

Quote:
The reversing of the V850 firmware and SPI communications took several weeks and ended up being the most involved portion of this project.
If my goal is to send and receive signals on the CAN bus I would probably be better off with a BB black or RPI and a CAN interface. I would much rather spend my time building a command and parameter map set.

Quote:
Originally Posted by Roadkill View Post
BTW, I know I'm right regarding the cause of the earlier firmware releases having juddery backup cam images. I asserted it seemed like the system was overloaded and was dropping frames. Examining the code indicates they use various hacks due to cpu constraints... ultimately this is all just bad code running on a badly designed system.
I completely agree with you. It reminds me of an article I read on HN[2] earlier this week about conceptual debt vs actual technical debt. Someone somewhere made a really poor choice early on in the design and HK's (potentially under-qualified) engineers are paying for it every day.

[1] Teardown: The Chrysler UConnect Touch Infotainment Platform | IHS Electronics360
[2] https://news.ycombinator.com/item?id=10804419
Reply With Quote
Reply

Tags
uconnect

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Oil life algorithm still buggy Roadkill 2014+ Jeep Grand Cherokee Ecodiesel 3.0 7 01-19-2015 09:33 PM
Want to Downgrade from my 2005 REC NAV jsquire1 Troubleshooting/Problems 3 11-14-2013 08:45 PM
The Buggy :: 2012 Jeep Grand Cherokee SRT8 Challenger15 Member Garage Discussions 0 01-04-2013 08:48 AM
My system downgrade - Finished w87will Audio, Video, Navigation & Electronic Modifications 80 10-27-2010 11:49 PM

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 06:54 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.