Jeep Garage  - Jeep Forum banner
1 - 20 of 58 Posts

·
Premium Member
Joined
·
65 Posts
Discussion Starter · #1 ·
So, the new uconnect update allowed for insight into the new 8.4 systems. Seems they are an embedded linux based (shocker) and has access to a lot of stuff. I was actually surprised that the upgrade wasn't encrypted in some form.

Things I found that were of interest:

SQLite3 databases containing siriusxm data for weather, traffic, fuel, ect

Splash screens for Ferrari, Lancia, Jeep, Dodge, ect.

Screen Calibration info. Makes me think there is a way to get into service/setup mode somehow.

There are files for an anti-theft keypad screen... Might turn out to be something like the Chevy concierge mode that locks out the phone book.

There is a REALLY strange video set to "Evanescence - My Immortal" with a bunch of accidents. Says Streetracing.ru and "Speeding. No one thinkgs big of you."

UI seems to be mostly on standard web platform with HTML, Flash, ect.

Leg work is being done via Lua and shell scripts.

SiLabs seems to be the partner for stereo tuner.

Seems some of the packages used are shared with Toyota's embedded OS.

Sierra Wireless devices used for the 3g connectivity

Partnership with airbiquity.com



I hope to get a stereo (once they are available) for testing. I think there is a lot of room for modding once root'd. I also fear, there is a lot of room for exploitation. Might lead to a cool blackhat talk...

Anyone else find anything else cool?

PS - cool Jeep and SRT files attached. Plus that strange video...
 

Attachments

·
Registered
GC Limited
Joined
·
71 Posts
Funny I noticed that two when looking at the update, I did open several of the files for editing. I have done editing with game files like this. I cant wait for someone to figure them out. I have a new radio being installed next week I should go play with the files.
 

·
Premium Member
Joined
·
65 Posts
Discussion Starter · #6 ·
Yeah, told ya guys that video is creepy... If anyone is offended please let me know and I will remove it. It just made the interesting list b/c, well, you see why...

Thanks Willx for the new files, gonna take a look at those. I also hope to get some time to sit down and fully review the scripts and content to see what kinda mods can be done.

Just form the light reivew, the manifest files and scripts are not doing any serious validation. So it should be possible to swap in custom images and what not. Makes me wish they had a cert/hash check somewhere. Not that it is full proof, but it helps make it fool proof.

What I really want to do is get a full copy of the OS for a full review. From that, i am sure there are some bit flips that can do some cool stuff. The 8.4 systems are extremely integrated into the Jeep. To the point where if it were removed I am not even sure the jeep would run properly.
 

·
Premium Member
Joined
·
4,989 Posts
Yeah, told ya guys that video is creepy... If anyone is offended please let me know and I will remove it. It just made the interesting list b/c, well, you see why...

Thanks Willx for the new files, gonna take a look at those. I also hope to get some time to sit down and fully review the scripts and content to see what kinda mods can be done.

Just form the light reivew, the manifest files and scripts are not doing any serious validation. So it should be possible to swap in custom images and what not. Makes me wish they had a cert/hash check somewhere. Not that it is full proof, but it helps make it fool proof.

What I really want to do is get a full copy of the OS for a full review. From that, i am sure there are some bit flips that can do some cool stuff. The 8.4 systems are extremely integrated into the Jeep. To the point where if it were removed I am not even sure the jeep would run properly.
There is a mode in the Jeep that allows it to run normally without a functioning and or a corrupted system. Same as factory ship mode. Now whether there is pass through on the buss, dunno.

I don't think there is a problem with the video. It is encased in a public release that others received from Chrysler. I just think it is an interesting easter egg. Someone in development was clearly concerned about distractions while driving and was making a point. Up to the MODS to decide though.
 

·
Premium Member
Joined
·
3,465 Posts
Yeah, told ya guys that video is creepy... If anyone is offended please let me know and I will remove it. It just made the interesting list b/c, well, you see why...
That video is the real world. I think every person who drives a vehicle or owns a cellphone should be required to watch it with the people they care most about, and then talk about what they saw with each other. Ask SnoFire, he sees it every day.
 
  • Like
Reactions: Willx

·
The Negotiator
Joined
·
5,363 Posts
That video is the real world. I think every person who drives a vehicle or owns a cellphone should be required to watch it with the people they care most about, and then talk about what they saw with each other. Ask SnoFire, he sees it every day.
I don't see it everyday but often enough. I wish they would show that to kids in high school so they can really think about their decisions behind the wheel of any vehicle. Messing around in the car with friends is one thing but you distract the driver or mess around with them while driving, your asking for bad things to happen. It might not happen now, but it can at any moment. I truly don't think some people and most teens think beyond what would life be like if this happened to them (cause of accident or victim) or someone they are very close with. It's videos like this that should remind us of what is at stake when you are in a vehicle. Is yours or someones life worth the driving like an A$$ or really needing to get to your destination 3 seconds faster? Test fate and see who wins, remember it only has to win 1 time for you to feel the affects...

Ok, my public service announcement is over. As a side note, enough life to the fullest even if you drive like a wacko (or like Jacko...lol j/k).
 

·
Premium Member
Joined
·
4,989 Posts
I don't see it everyday but often enough. I wish they would show that to kids in high school so they can really think about their decisions behind the wheel of any vehicle. Messing around in the car with friends is one thing but you distract the driver or mess around with them while driving, your asking for bad things to happen. It might not happen now, but it can at any moment. I truly don't think some people and most teens think beyond what would life be like if this happened to them (cause of accident or victim) or someone they are very close with. It's videos like this that should remind us of what is at stake when you are in a vehicle. Is yours or someones life worth the driving like an A$$ or really needing to get to your destination 3 seconds faster? Test fate and see who wins, remember it only has to win 1 time for you to feel the affects...

Ok, my public service announcement is over. As a side note, enough life to the fullest even if you drive like a wacko (or like Jacko...lol j/k).
100% agree with both you and Jacko. While back there was a British ad that had a girl texting and she got in a head on (drifted over the line) and her friend(s)? laid dead beside here and she was there trapped screaming.

Truth isn't always pretty or pleasant.
 

·
Premium Member
Joined
·
65 Posts
Discussion Starter · #11 ·
So some additional tidbits.

Updates seemed to be rolled up, atm no need to run one and then the next.

Sierra Air Card seems to be running on sprintpcs network.

There is some code to do upgrade validation to verify it before executing. From what I can tell it isn't in use yet.

Sirius information on weather, destinations, movies, ect seems to be setup independently from driver A vs driver B

So far, none of the code is obfuscated. Standard decompilers work just fine on the swf and jar files.

Lots of notes in the scripts :thumbsup:

I think most have already observed this, but the apps require 3g connection.

I haven't solid poof yet, but there are some indications that sensor (diagnostic) information may be getting sent back to Chrysler. Time to put on my tin foil hat.

Lots more interesting bits to explore. If I ever get the time and become brave enough to mod or at least explore it, I will drop something under the new Uconnect Premium Members Area.
 
  • Like
Reactions: xteam and Willx

·
Premium Member
Joined
·
1,040 Posts
Lots more interesting bits to explore. If I ever get the time and become brave enough to mod or at least explore it, I will drop something under the new Uconnect Premium Members Area.
Where is this UConnect Premium Member area? My membership already paid itself by getting free tracking from Milous and build sheet. Seems like good stuff keep on coming. Best spend couple of $$$ so far.
 

·
Premium Member
Joined
·
4,989 Posts
Where is this UConnect Premium Member area? My membership already paid itself by getting free tracking from Milous and build sheet. Seems like good stuff keep on coming. Best spend couple of $$$ so far.
Premium Area Direct http://www.jeepgarage.org/f86/

There is a sub thread, not much there but have spoken to a few people. There may *possibly* some custom mods posted down the road. I also have not problems providing updates for other Premium Members vehicles where I have that access.

As I have noted to others, I have had an extreme amount of flexibility recently but that isn't always the case. I just my own upgrade on my RHR in my Durango... IT WAS FACTORY and it is 2011, sad!
 

·
Premium Member
Joined
·
1,040 Posts
One thing that I've seen is that 13.15.4 was build on 4/9. This release 13.19 was build on 5/6. Seems like they are on a monthly release cycle.
 

·
Premium Member
Joined
·
1,040 Posts
There are also jpg files for splash screens for MB, VW and Mitsubishi although they are all saying: "Splash-Screen not available for: <blah>"
 

·
Registered
Joined
·
747 Posts
Ok, watched the video content and, well, the first couple in particular, pretty much sucked the life out of me for the afternoon.

I live on a popular rush hour "short cut" and witness near misses daily due to texting or speeding, and have a 2 yr old who is in the take of and run phase right now.

These are the types of PSAs that need to be on american TV, could care less who is offended!!
 
  • Like
Reactions: jim_87

·
Registered
Joined
·
4 Posts
Here is what I have found out:

definitely QNX (6.5.0?) Same OS that runs the new blackberries.

The device looks for a DLink and Cisco network card when they boot. I forget the specific model but I have confirmed they do work when plugged in the USB port.

The IP of the device is 192.168.65.1 I think.

When linked up there are a lot of open ports, most of them don't seem to do anything but they do show as open. A couple are quite chatty. Mostly log stuff as far as I can tell.

The QConn exploit seems to be patched so no dice there.
The device uses I2c and a BMC to communicate with the truck, however the cluster display isnt dependant on it. In talking to on of the mechanics I think that it does have the ability to write to the Body control module. Basically there are codes they can put in that enable features in the vehicle its self.

QNX and the omap processor require the flash image to be signed and hashed before it will boot it or flash it, meaning anything that is done ROM wise will require a tethered solution unless the private cert is found.

Also from what I can tell the kernel, initrd, and the whole base OS ( including /etc) is compressed in some weird binary format thats proprietary to QNX. If that can be decompressed, might get lucky with a user name and password. The telnet and ssh ports are open and are responding.

The only way I can see in is through the network but I imagine that most things that may force root access or drop a shell would probably get caught by the strict watchdog they have. Its more advanced then the Linux standard watch dog. There is a specific reference to it in the LUA scripts; something about "petting the dog".
 

·
Premium Member
2017 Summit
Joined
·
8,869 Posts
Here is what I have found out:

definitely QNX (6.5.0?) Same OS that runs the new blackberries.

The device looks for a DLink and Cisco network card when they boot. I forget the specific model but I have confirmed they do work when plugged in the USB port.

The IP of the device is 192.168.65.1 I think.

When linked up there are a lot of open ports, most of them don't seem to do anything but they do show as open. A couple are quite chatty. Mostly log stuff as far as I can tell.

The QConn exploit seems to be patched so no dice there.
The device uses I2c and a BMC to communicate with the truck, however the cluster display isnt dependant on it. In talking to on of the mechanics I think that it does have the ability to write to the Body control module. Basically there are codes they can put in that enable features in the vehicle its self.

QNX and the omap processor require the flash image to be signed and hashed before it will boot it or flash it, meaning anything that is done ROM wise will require a tethered solution unless the private cert is found.

Also from what I can tell the kernel, initrd, and the whole base OS ( including /etc) is compressed in some weird binary format thats proprietary to QNX. If that can be decompressed, might get lucky with a user name and password. The telnet and ssh ports are open and are responding.

The only way I can see in is through the network but I imagine that most things that may force root access or drop a shell would probably get caught by the strict watchdog they have. Its more advanced then the Linux standard watch dog. There is a specific reference to it in the LUA scripts; something about "petting the dog".
Will all this give me better gas mileage? :lol:


---
 
1 - 20 of 58 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Top