8.4 UConnect Update - Deconstructed - Page 4 - Jeep Garage - Jeep Forum

Go Back   Jeep Garage - Jeep Forum > Jeep Platform Discussion > Grand Cherokee - WK2 - > Tech Tips/DIY/How To

Join Jeep Garage Today
Reply
 
Thread Tools Display Modes
 
  #37  
Old 12-08-2014, 12:28 PM
Member
My Jeep: 2014 3.6L WK2
 
Join Date: Jul 2014
Location: Clermont, FL
Posts: 43
Thanks: 13
Thanked 10 Times in 8 Posts
Rep Power: 959
DravenGSX is on a distinguished road
Re: 8.4 UConnect Update - Deconstructed

Quote:
Originally Posted by logan_wk2 View Post
Does anyone know if the updates contain the full ROM or is it a patch?
It is the entire ROM. The filesystems are compiled images, however. Through the use of the QNX SDP, you can dump them.

Reply With Quote
Sponsored Links
Advertisement
 
  #38  
Old 01-13-2015, 11:18 AM
Member
 
Join Date: May 2013
Posts: 147
Thanks: 3
Thanked 5 Times in 5 Posts
Rep Power: 1482
LaNcE10 is on a distinguished road
Re: 8.4 UConnect Update - Deconstructed

any updates on this?
Reply With Quote
  #39  
Old 01-13-2015, 11:55 AM
Member
My Jeep: 2014 3.6L WK2
 
Join Date: Jul 2014
Location: Clermont, FL
Posts: 43
Thanks: 13
Thanked 10 Times in 8 Posts
Rep Power: 959
DravenGSX is on a distinguished road
Re: 8.4 UConnect Update - Deconstructed

I have been able to dump the IFS file system, however I have been unsuccessful with the much larger EFS filesystem where the meat is.

It is a pretty straight forward system.
Reply With Quote
  #40  
Old 01-15-2015, 12:34 AM
Premium Member
My Jeep: 2014 3.6L WK2
 
Join Date: Jul 2013
Location: Boston area
Posts: 265
Thanks: 0
Thanked 22 Times in 20 Posts
Rep Power: 2342
David_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond reputeDavid_Hart has a reputation beyond repute
Re: 8.4 UConnect Update - Deconstructed

Quote:
Originally Posted by DravenGSX View Post
I have been able to dump the IFS file system, however I have been unsuccessful with the much larger EFS filesystem where the meat is.

It is a pretty straight forward system.
What kind of problem are you having with the EFS file system? Mounting it? Or reading it after it has been mounted?

This article talks about mounting it:
foundry27 : Post
__________________
2014 Jeep Grand Cherokee Limited 4x4 3.6L v6 Billet Silver, Black leather interior (new)
x 2003 Nissan Murano SE AWD 3.5L v6 Sunlit Copper, Black leather interior (new)
x 1995 Ford Mustang 3.8L v6 Automatic Silver, Red cloth interior (used)
x 1986 Mercury Lynx 1.9L 4cyl Manual 3-door Hatchback white, grey cloth interior (used)
Reply With Quote
  #41  
Old 01-15-2015, 10:25 AM
Member
My Jeep: 2014 3.6L WK2
 
Join Date: Jul 2014
Location: Clermont, FL
Posts: 43
Thanks: 13
Thanked 10 Times in 8 Posts
Rep Power: 959
DravenGSX is on a distinguished road
Re: 8.4 UConnect Update - Deconstructed

Quote:
Originally Posted by David_Hart View Post
What kind of problem are you having with the EFS file system? Mounting it? Or reading it after it has been mounted?

This article talks about mounting it:
foundry27 : Post
That link talks about how to mount it in QNX. I am trying to dump it with the SDK in a linux environment using the dumpefs tool. When I run dumpefs against the efs image in the iso, I get no output.
Reply With Quote
  #42  
Old 09-28-2015, 11:34 AM
Member
 
Join Date: Dec 2013
Posts: 10
Thanks: 0
Thanked 3 Times in 3 Posts
Rep Power: 1143
nobser is on a distinguished road
Re: 8.4 UConnect Update - Deconstructed

Guys, you just had the solution right in front of your eyes

Quote:
Originally Posted by DravenGSX View Post
So, we know it's been done.

local FLAGPOS=128

local f = io.open(fname, "rb")
if f then
local r, e = f:seek("set", FLAGPOS)
if r and (r == FLAGPOS) then
local x = f:read(1)
if x then
if x == "S" then
print("system_module_check: skip ISO integrity check")

.............. And it goes on and on. Just want to make sure I'm looking in the right place?
Open an hex editor, put an S at Position 128 in the ISO and it will skip the integrity check. So you can install modified ISOs.

It also has been published here, now, but you had it before...:

http://www.ioactive.com/pdfs/IOActiv...ar_Hacking.pdf
Reply With Quote
The Following User Says Thank You to nobser For This Useful Post:
  #43  
Old 09-28-2015, 01:10 PM
Member
My Jeep: 2014 3.6L WK2
 
Join Date: Jul 2014
Location: Clermont, FL
Posts: 43
Thanks: 13
Thanked 10 Times in 8 Posts
Rep Power: 959
DravenGSX is on a distinguished road
Re: 8.4 UConnect Update - Deconstructed

As of 15.26.1, both of the exploits explained in that document have been patched.

Pretty cool read though.
Reply With Quote
  #44  
Old 09-28-2015, 01:36 PM
Member
 
Join Date: Dec 2013
Posts: 10
Thanks: 0
Thanked 3 Times in 3 Posts
Rep Power: 1143
nobser is on a distinguished road
Re: 8.4 UConnect Update - Deconstructed

Quote:
Originally Posted by DravenGSX View Post
As of 15.26.1, both of the exploits explained in that document have been patched.

Pretty cool read though.
Still a chance for 2013/2014 model years (at least RAMs). The recent version there is 14.25.5...
Reply With Quote
  #45  
Old 09-29-2015, 03:48 PM
Member
 
Join Date: Sep 2014
Posts: 264
Thanks: 17
Thanked 48 Times in 38 Posts
Rep Power: 7447
michaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond reputemichaelk has a reputation beyond repute
Re: 8.4 UConnect Update - Deconstructed

Quote:
Originally Posted by DravenGSX View Post
As of 15.26.1, both of the exploits explained in that document have been patched.

Pretty cool read though.
Sorry in advance for my ignorance if I’m incorrect- but the way I read it is the cat’s out of the bag.

You can install any working version for the specific hardware at any time- moving forward or backward. I’ve bounced around various versions on my 13/14 at different times with no problem. So you could just install the old crappy hacked version- break in- then “update” selectively to get to the latest version.

Once you let one hackable version out for a particular hardware setup it’s tough to then close it up tight. I guess you could create a “fix” by 1)forcing a particular version of new software that is “unhacked” and then 2)lock it down so you can’t go backwards (could you throw away the old keys?) . They sort of did the first part by scanning the network to make sure everyone applied the update and also blocking access to the uconnect keyfob functions if you are not on the current version. BUT- currently you can still rollback at will to a hackable version since they have good signatures, do what you want, and then (I BELIEVE) fake an update to the latest version. So it’s still not buttoned up tight.

Now if they had the ability to PUSH updates....
Reply With Quote
  #46  
Old 09-29-2015, 04:48 PM
Member
 
Join Date: Dec 2013
Posts: 10
Thanks: 0
Thanked 3 Times in 3 Posts
Rep Power: 1143
nobser is on a distinguished road
Re: 8.4 UConnect Update - Deconstructed

I think you are completely right and I'll test that soon. Here in Germany it is a little bit more complicated because we are using so called "converted" units. The manufacturer of that software fixed one of these bugs very early and uses own key material as far as I know. So I've to do a rollback to an official software release first to try to get a modified one running... But I'll do and will report ;-)
Reply With Quote
  #47  
Old 11-03-2015, 07:12 AM
Member
 
Join Date: Dec 2013
Posts: 10
Thanks: 0
Thanked 3 Times in 3 Posts
Rep Power: 1143
nobser is on a distinguished road
Re: 8.4 UConnect Update - Deconstructed

To bring it to an end:

Rollback works. I rolled back to 14.22.x and was able to install a manipulated 14.25.x using the "S"-Byte mechanism.

Have fun, Norbert
Reply With Quote
  #48  
Old 06-01-2016, 04:42 PM
Member
 
Join Date: Aug 2015
Location: Chicago Area
Posts: 7
Thanks: 1
Thanked 3 Times in 2 Posts
Rep Power: 539
pcaruso is on a distinguished road
Garage
Re: 8.4 UConnect Update - Deconstructed

Lua!? My favorite!
Reply With Quote
Reply

Tags
uconnect, uconnect 13.19.0, uconnect 8.4an

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Uconnect 430/430N update - June2013 Todd3.6 Interior/Exterior/Visual 23 12-05-2013 06:19 PM
Uconnect - update/patch Roki303 Audio/Visual/Navigation 11 10-09-2013 10:08 AM
Software Update - uConnect Access App Android jdchamp31 Audio/Visual/Navigation 2 06-15-2013 04:54 PM
UConnect 5.0 software update. JeepersCreepers Trouble Shooting/Problems/Service 9 05-09-2013 04:30 AM
UConnect Update Unsequestered Audio/Video/Navigation/Alarms 3 09-27-2012 05:20 PM

Powered by vBadvanced CMPS v3.2.3

All times are GMT -5. The time now is 12:40 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Copyright 2012 - JeepGarage.Org
The Jeep Grand Cherokee Owners Community

JeepGarage.org is in no way associated with or endorsed by FCA US LLC. Chrysler, Dodge, Jeep, Ram, Mopar and SRT are registered trademarks of FCA US LLC.