uConnect 15.26.1 is buggy; I want to downgrade. - Page 18 - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Jeep Platform Discussion > Grand Cherokee - WK2 - > Audio/Visual/Navigation

Join Jeep Garage Today
Reply
 
Thread Tools Display Modes
 
  #205  
Old 03-02-2016, 05:18 PM
Premium Member
 
Join Date: Mar 2016
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0
BearHunterCO has disabled reputation
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Thanks a bunch, JeepinWA. I was afraid that it might be due to a new ProductID. I'm not sure if I'll try digging around for an older version, or if I might try the Linksys USB300m if I can find it for a reasonable price. Maybe that one doesn't have the same issue.

I am currently running the 15x software, as my friendly dealer updated it the last time I went in for some warranty work. So I'll probably downgrade it back to a 14x version so I can hopefully utilize the byte 128 trick to build a new swdl.iso of the 15x with some modified scripts to inject a userid/password pair in to the filesystem. I would probably also carry forward the system_module_check if I can so that I can continue to utilize the byte 128 bypass.

Reply With Quote
Sponsored Links
Advertisement
 
  #206  
Old 03-02-2016, 05:53 PM
Premium Member
My Jeep: 2015 KL
 
Join Date: Jan 2016
Posts: 9
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 389
JeepinWA is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by BearHunterCO View Post
I'll probably downgrade it back to a 14x version so I can hopefully utilize the byte 128 trick to build a new swdl.iso of the 15x with some modified scripts
The 'byte 128' trick is only half of the validation process. In order for your new ISO to be started up by the running system, you'd need to generate a new digest, sign that digest with a valid rsa key, then inject that signed digest into the ISO header. That's mostly academic, though, because you don't have a valid rsa key to begin with (although I have an untested theory on how to hijack loader.lua to allow for custom ISOs).

That said, a new ISO is unnecessary, as the 15_17_5 (and likely 15.26.1) ISO is just as vulnerable to similar attack vectors.
Reply With Quote
  #207  
Old 03-02-2016, 06:27 PM
Premium Member
 
Join Date: Mar 2016
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0
BearHunterCO has disabled reputation
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by JeepinWA View Post
The 'byte 128' trick is only half of the validation process. In order for your new ISO to be started up by the running system, you'd need to generate a new digest, sign that digest with a valid rsa key, then inject that signed digest into the ISO header. That's mostly academic, though, because you don't have a valid rsa key to begin with (although I have an untested theory on how to hijack loader.lua to allow for custom ISOs).

That said, a new ISO is unnecessary, as the 15_17_5 (and likely 15.26.1) ISO is just as vulnerable to similar attack vectors.
Hmmmm...sounds like I'm further away from doing this than I had thought. I'm just now getting in to looking at the lua scripts from the 14.x versions, and I had misunderstood the byte 128 trick. I thought that it pretty much bypassed the entire ISO hash/digest check altogether, and would allow changes to some of the .sh files.

Guess it's time to re-read that whitepaper and dig through more of the code to try and wrap my brain around this...
Reply With Quote
  #208  
Old 03-02-2016, 06:55 PM
Premium Member
My Jeep: 2015 KL
 
Join Date: Jan 2016
Posts: 9
Thanks: 0
Thanked 1 Time in 1 Post
Rep Power: 389
JeepinWA is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
I thought that it pretty much bypassed the entire ISO hash/digest check altogether, and would allow changes to some of the .sh files.
Check out my previous post in this thread regarding loader.lua and system_module_check.lua.
Reply With Quote
  #209  
Old 03-12-2016, 01:10 AM
Premium Member
 
Join Date: Mar 2016
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Rep Power: 0
BearHunterCO has disabled reputation
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by JeepinWA View Post
Check out my previous post in this thread regarding loader.lua and system_module_check.lua.
Well, I'm getting a little bit closer. I have successfully gained root access in to the system. But of course, all of the really good stuff is in read-only mode. So, I'm going to try downloading all of it in to a virtual machine and see if I can figure out how to modify the file system and maybe write my own set of rsa keys in to the system. I've certainly learned a lot about how this system works. But I have a lot more to learn still.

My goal is actually a pretty simple one. I just want my truck to connect to my home wi-fi when it's parked out front. Then my home computer can connect to it and download any interesting data before the system powers down. Maybe make my own "Vehicle Health Report". Could also grab GPS info and keep track of where all I've driven...
Reply With Quote
  #210  
Old 03-21-2016, 06:56 AM
NetworkTV's Avatar
Member
My Jeep: 2015 3.6L WK2
 
Join Date: Apr 2015
Posts: 833
Thanks: 3
Thanked 191 Times in 144 Posts
Rep Power: 6974
NetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond reputeNetworkTV has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by BearHunterCO View Post
My goal is actually a pretty simple one. I just want my truck to connect to my home wi-fi when it's parked out front. Then my home computer can connect to it and download any interesting data before the system powers down. Maybe make my own "Vehicle Health Report". Could also grab GPS info and keep track of where all I've driven...
That's a feature I really wish my Jeep had - and would actually be willing to pay the monthly UConnect Fee if that's what was required to have it.

If I could also use that function to upload planned GPS routes as well music and playlists from my computer to the Jeep, that would be a major upgrade.
__________________
2015 Jeep Grand Cherokee Limited
Deep Cherry Red Crystal Pearl Coat

Reply With Quote
  #211  
Old 03-22-2016, 05:22 PM
Senior Member
 
Join Date: Sep 2013
Posts: 1,307
Thanks: 46
Thanked 164 Times in 132 Posts
Rep Power: 2876
Roadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond reputeRoadkill has a reputation beyond repute
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Quote:
Originally Posted by BearHunterCO View Post
Well, I'm getting a little bit closer. I have successfully gained root access in to the system. But of course, all of the really good stuff is in read-only mode. So, I'm going to try downloading all of it in to a virtual machine and see if I can figure out how to modify the file system and maybe write my own set of rsa keys in to the system.
A QNX Neutrino VM is a good idea for learning/basic testing, but in order to really test a lot of the crap (like the inner proprietary filesystem image junk from Harman) you'll need full virtualization and a source for Neutrino for ARM. The libraries on the ISO are compiled for the ARM architecture and won't work on something like VirtualBox running one of those free x86 Neutrino development/evaluation VM images.

Quote:
My goal is actually a pretty simple one. I just want my truck to connect to my home wi-fi when it's parked out front. Then my home computer can connect to it
One might imagine there are several ways to accomplish the overall goal without necessarily having to deal with the pain of trying to configure Wi-Fi as a client on the head unit. For example, an inexpensive virtual private server with a static IP where you can dump data from anywhere the Sprint network has coverage. Granted, connecting to home Wi-Fi has advantages for certain use cases.

Quote:
...and download any interesting data before the system powers down.
One might find that it's rather painful to try to hook something on shut down. For example, if your code is expecting to trap a SIG_TERM/SIG_KILL/SIG_PWR type signal during shutdown you might find that if those execute at all then they happen after the network stack is down. There are DBUS services to register a shutdown callback, but again one might find that's tough to use in practice.
Reply With Quote
  #212  
Old 05-09-2016, 07:11 AM
Member
 
Join Date: Feb 2016
Posts: 21
Thanks: 0
Thanked 4 Times in 4 Posts
Rep Power: 353
vecais_dumais_laacis is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

Hi. Can someone explain how/from where dc.sh is executed? I'm currently trying to "europeize" 15' grand cherokee. Seems that there is no problem adding additional maps to navigation. Only thing i'm not sure - if there is a way to override fm frequency hop.

knowledge base:
iso header contains two signatures
1) 0-63rd byte - short iso signature - only first 2048 bytes of each file checked ( or first 2048 bytes of each volume info )
this is used by loader.lua
2) 64-127th byte - full iso signature - used by system_module_check.lua

this allows to modify sytem_module_check.lua to execute some commands while installing
all modifications must be after 2048 position to pass 1st check. it is possible to patch loader.lua to skip iso check. that would allow to use any swdl.iso

currently i'm not sure on which fs this loader.lua exists
mount command on running system doesnt explain much

/dev/umass0t12 on /mnt/usb0 type dos (fat32)
/dev/umass0t12 on /fs/usb0 type dos (fat32)
/dev/etfs2 on /fs/etfs type etfs
/dev/mmc0t178 on /fs/mmc1 type qnx6
/dev/mmc0t177 on /fs/mmc0 type qnx6
Reply With Quote
  #213  
Old 05-10-2016, 04:44 AM
Member
 
Join Date: Feb 2016
Posts: 21
Thanks: 0
Thanked 4 Times in 4 Posts
Rep Power: 353
vecais_dumais_laacis is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

source code for automatic script injection into 14.05.3 MY15 VP4 NA iso ( for others you should change offset/limits )

[C++] uconnect script injecter - Pastebin.com

this allows simpler code execution from usb than manually hex editing every time
it also adds return false to abort update process - whole idea of this script patching is to execute custom lua script and abort update without waiting for whole update install

you can make changes in existing filesystem from lua script like that:

Code:
--this code should copy tuner config from usb to device on startup
os.execute(mountpath.."/usr/share/scripts/mmc.sh start")

os.execute("echo 'mount -uw /fs/mmc0' >      /fs/mmc0/app/bin/booo.sh")
os.execute("echo 'cp /fs/usb0/tuner/* /etc/tuner/'   >> /fs/mmc0/app/bin/booo.sh")
os.execute("chmod 777 /fs/mmc0/app/bin/booo.sh")

os.execute(mountpath.."/usr/share/scripts/mmc.sh stop")
note: i already have patched boot.sh to exec booo.sh as last command
you should be very careful with boot.sh - you wont be able to enter update mode if you accidently break boot process. maybe there is some fallback - i'm not sure
Reply With Quote
  #214  
Old 05-11-2016, 01:36 AM
Member
 
Join Date: Feb 2016
Posts: 21
Thanks: 0
Thanked 4 Times in 4 Posts
Rep Power: 353
vecais_dumais_laacis is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

by using modified engineering menu ( which allows service menu item ) it is possible to enable wifi

seems that it is enough to create file /fs/etfs/disableDRM and reboot unit to remove need to pay for wifi

also there is possibility to use wifi in client mode

edit: just tested - disableDRM hack works - wifi shows up and wifi app allows to see/change access settings. sucks that there is no sprint network in .eu
Reply With Quote
  #215  
Old 05-12-2016, 03:21 PM
Member
 
Join Date: Feb 2016
Posts: 21
Thanks: 0
Thanked 4 Times in 4 Posts
Rep Power: 353
vecais_dumais_laacis is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.



* got ssh access!
* frequency tuning to non .usa frequencies works by calling lua script - so it is possible to alter software for .eu frequencies

todo: find out where i lost navigation button after reset
Reply With Quote
  #216  
Old 05-14-2016, 09:46 AM
Member
 
Join Date: Feb 2016
Posts: 21
Thanks: 0
Thanked 4 Times in 4 Posts
Rep Power: 353
vecais_dumais_laacis is on a distinguished road
Re: uConnect 15.26.1 is buggy; I want to downgrade.

* got back navigation ( factory reset somehow removed some links to files and didnt put them back )
* patched navigation to accept any map with license

todo: radio frequency unlock


edit: aaaaaand done it.

head unit is europe ready
Reply With Quote
Reply

Tags
uconnect

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Oil life algorithm still buggy Roadkill 2014+ Jeep Grand Cherokee Ecodiesel 3.0 7 01-19-2015 09:33 PM
Want to Downgrade from my 2005 REC NAV jsquire1 Troubleshooting/Problems 3 11-14-2013 08:45 PM
The Buggy :: 2012 Jeep Grand Cherokee SRT8 Challenger15 Member Garage Discussions 0 01-04-2013 08:48 AM
My system downgrade - Finished w87will Audio, Video, Navigation & Electronic Modifications 80 10-27-2010 11:49 PM

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 07:21 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.