VWVortex.com - Discover Pro Hack may be possible.
Username or Email Address
Do you already have an account?
Forgot your password?
  • Log in or Sign up

    VWVortex


    Page 5 of 9 FirstFirst 123456789 LastLast
    Results 101 to 125 of 220

    Thread: Discover Pro Hack may be possible.

    1. Member
      Join Date
      Apr 29th, 2009
      Location
      The Netherlands
      Posts
      351
      Vehicles
      '15 GTE
      02-15-2016 05:31 AM #101
      Quote Originally Posted by Nerdbox View Post
      Thanks for the heads up, I'll give you some heads up too. I finally received the car! MIB2 --> WLAN enabled (no tests yet). Haven't done any firmware analyzing just yet.
      Congratulations on the new car!
      I haven't spend much time on the car the last few days... busy with a lot of other things.
      Since you have the GTE... there are some possible hacks on the Telematics-module as well (the module that allows us to configure the charging of the car by app/website). Whenever I have some time, I continue brute forcing the access code (using VCP), and then we might be able to have remote unlock/horn/lights

    2. Remove Advertisements

      Advertisements
       

    3. Member
      Join Date
      Feb 22nd, 2016
      Location
      Cambridge, Ontario
      Posts
      187
      Vehicles
      2016 Golf R
      02-25-2016 12:33 PM #102
      Great job on this stuff guys. You've got my interest piqued.

      I'm taking delivery of my car sometime in May or June likely. I'll see what I can do to help once I've got it.

    4. 02-29-2016 05:34 AM #103
      Quote Originally Posted by Chillout View Post
      Code:
      PORT      STATE SERVICE VERSION
      
      53/tcp    open  domain  dnsmasq 2.66
      I'm owner of a Skoda MY16 MIB2, and it has dnsmasq 2.72 running. This is actually very interesting news, because dnsmasq is licensed under the GPLv2, and thus VW/Skoda are required to provide us with source code. I haven't yet looked into the paper documentation / on-screen infos in depth, but if there is no page describing how to get the source code from them, it is a clear GPL violation. And if there is such a page, it's high time to request the SDK ;-)

      P.S: Could you provide a link to some shady mirror of the MIB firmware? I'd love to have a look at the binary blob as well, but my MIB2 isn't eligible for updates yet.

    5. Member
      Join Date
      Apr 29th, 2009
      Location
      The Netherlands
      Posts
      351
      Vehicles
      '15 GTE
      03-01-2016 07:57 AM #104
      Quote Originally Posted by BerndDasBrot View Post
      I'm owner of a Skoda MY16 MIB2, and it has dnsmasq 2.72 running. This is actually very interesting news, because dnsmasq is licensed under the GPLv2, and thus VW/Skoda are required to provide us with source code. I haven't yet looked into the paper documentation / on-screen infos in depth, but if there is no page describing how to get the source code from them, it is a clear GPL violation. And if there is such a page, it's high time to request the SDK ;-)

      P.S: Could you provide a link to some shady mirror of the MIB firmware? I'd love to have a look at the binary blob as well, but my MIB2 isn't eligible for updates yet.
      I like your thinking
      I'll put my firmware (0388) somewhere online again and PM you with a link.

    6. 03-01-2016 08:44 AM #105
      I have a lot of FW for skoda MIB1/MIB2 aswell.

      I will try to up it to my Dropbox.

      Regards 👋

    7. 03-02-2016 03:46 PM #106
      Hi guys! I've received one week ago my new Golf GTE...
      I've a lot of skill in BMW programming... BMW use the same platform (nvidia tegra) and same producer (Harman) and same OS (QNX centrino).
      BMW navi are already a bit hackable... My unit is MIB2 discover pro... Can i have also firmware update for MIB2 units to search some BMW style hacks?

      Thanks!!

    8. Junior Member
      Join Date
      Apr 15th, 2015
      Location
      San Jose, CA
      Posts
      44
      Vehicles
      2015 GTI Autobahn DSG
      03-02-2016 06:55 PM #107
      I just ordered the 0245 firmware update for H25 hardware units today. Total was $36 after tax and shipping. I'm interested in poking around in it.

    9. 03-03-2016 07:43 AM #108
      Quote Originally Posted by BerndDasBrot View Post
      I haven't yet looked into the paper documentation / on-screen infos in depth, but if there is no page describing how to get the source code from them, it is a clear GPL violation. And if there is such a page, it's high time to request the SDK ;-)
      Okay, so I have looked into the "Licenses" screen of the MIB. It lists "www.audi.com/softwareinfo" as the reference to obtain source code. There is an online form to request sourcecode-on-CD that only lists Audi models, and the referenced support hotline obviously never heard of GPL or "Open Sores". Audi hotline sent me to Skoda hotline, Skoda hotline sent me to local partner. Let's see if they can tell me who's responsible, without me explaining the GPL to them...

    10. Member
      Join Date
      Apr 29th, 2009
      Location
      The Netherlands
      Posts
      351
      Vehicles
      '15 GTE
      03-05-2016 06:43 AM #109
      that must be frustrating...

      BUt... I guess source code for the Audi MMI 3G Devices could be useful too!

    11. 03-10-2016 07:37 AM #110
      Quote Originally Posted by ShapeShifterZ View Post
      I just ordered the 0245 firmware update for H25 hardware units today. Total was $36 after tax and shipping. I'm interested in poking around in it.
      Did u received FW?

    12. Member
      Join Date
      Apr 29th, 2009
      Location
      The Netherlands
      Posts
      351
      Vehicles
      '15 GTE
      03-10-2016 10:33 AM #111
      Update:
      I got a bit tired of messing around in VCP and VCDS... so I did some research on drive.net, where some guys are pretty advanced when it comes to messing around with the MQB platform.
      What they can do currently:
      - enable 5-channel equaliser (instead of 3)
      - tweak 40-ish sound parameters

      The only discovery I did the last few weeks: changing byte 02 on module 5F changes my car graphic from regular Golf to E-Golf. Previously, only byte 18 seemed to change the car graphics, so this is new.

    13. Member
      Join Date
      Apr 29th, 2009
      Location
      The Netherlands
      Posts
      351
      Vehicles
      '15 GTE
      03-10-2016 11:06 AM #112
      Idea!!
      What if we...

      - enable WLAN
      - go to firmware update
      - set TCP-IP, and address of update server = address of laptop
      - sniff traffic while Discover Pro is trying to initate some connection with the fake server.

      This might enable us to get to know more information.
      For instance: I've noticed port 21001 is shown (although closed) sometimes... what if a FTP server is listening there? It might be our way in.

    14. 03-16-2016 10:14 PM #113
      Quote Originally Posted by Chillout View Post
      I didn't want to spend my night in the car messing around with VCDS & VCP for once... so I decided to dig into the pictures I took from the main board a few weeks ago.

      Here's a close-up. It looks a little like a PCI Express 1x connector, but it isn't. (this one is 9 + 3 pins on both sides... PCIe is 11 + 7 pins on both sides).
      So we've got 24 pins for each connector, and I haven't got a clue what to do with it.


      Those connectors are used for connection by Terminal, telnet, etc. for 3g platform, probably same logic for MIB units, even there is little bit higher protection...

      At Audi 3G+, VW RNS 850 10pins connector is easy used for connection by terminal, and easy access to whole OS of unit and flash memory, where is possible to modify many things... Even by telnet is easy, cause pass can be broken easy.

    15. Member
      Join Date
      Apr 29th, 2009
      Location
      The Netherlands
      Posts
      351
      Vehicles
      '15 GTE
      03-17-2016 09:52 AM #114
      Quote Originally Posted by nowishard View Post
      Those connectors are used for connection by Terminal, telnet, etc. for 3g platform, probably same logic for MIB units, even there is little bit higher protection...

      At Audi 3G+, VW RNS 850 10pins connector is easy used for connection by terminal, and easy access to whole OS of unit and flash memory, where is possible to modify many things... Even by telnet is easy, cause pass can be broken easy.
      That's valuable info, thanks!
      Do you know where I can find an interface cable for this type of connector?
      I'm not worried about terminal access... that's all I need. Getting access should be easy as soon as I can connect to this port.
      Last edited by Chillout; 03-17-2016 at 09:56 AM.

    16. Member
      Join Date
      Apr 29th, 2009
      Location
      The Netherlands
      Posts
      351
      Vehicles
      '15 GTE
      03-17-2016 12:01 PM #115
      Found the answer!


    17. 03-18-2016 07:16 PM #116
      Quote Originally Posted by Chillout
      That's valuable info, thanks!
      Do you know where I can find an interface cable for this type of connector?
      I'm not worried about terminal access... that's all I need. Getting access should be easy as soon as I can connect to this port.
      You are welcome. You can find in any solid shop with electronics parts, and even with 3 wires you can make simple connection to RS232 cable, Rx Tx GND, scheme you wrote is only for Audi 3G platform and RNS850, not for MIB Audi, VW unfortunately, not sure that someone found which pins used for terminal access at MIB, cause different connectors like you could see at MB. Hm, i don't think so easy at MIB, like at 3G, cause now protection is different, and pass more hard to break, but you can try ... Post, if you suceed or has some progres...

      For those, without com port, just use usb to uart converter, and you'll fix connection to usb of your PC/notebook.

    18. Member
      Join Date
      Apr 29th, 2009
      Location
      The Netherlands
      Posts
      351
      Vehicles
      '15 GTE
      03-23-2016 07:17 AM #117
      I got some valuable information on Drive.net, a car community:

      You need uart-adapter (RX/TX).
      The terminal pins are at quadlock, the microphone connector.
      Pin #3 — RX
      Pin #9 — TX.
      Pin #7 — Ground.

      If succesfull, you will see the boot-sequence of a QNX operating system.
      So... I ordered a USB-UART adapter. I'll be having a few days off soon, so I'll be able to mess around with it

    19. n00b
      Join Date
      Mar 24th, 2016
      Location
      Seattle, WA
      Posts
      1
      03-24-2016 04:27 AM #118
      Quote Originally Posted by Chillout View Post
      I like your thinking
      I'll put my firmware (0388) somewhere online again and PM you with a link.
      Signed up to post in this thread. I have a regular 2016 TSI with the MIB II headunit that's not Discover Pro. Since they share a bunch of features, I'm hopeful that the firmware is pretty similar.

      I did some work on the USB host port since it supports Android Auto with regards to driver enumeration (and also managed to scratch the door sill with a USB cable ). The host appears to load a driver for a particular USB ethernet adapter (0b95:7720), but the OS doesn't want to bring the interface up, so no luck there. I'm afraid to do anything more dynamically that could set persistent state because there's a very real possibility of bricking the headunit. I still like the car.

      Would you mind PM'ing me a link to the FW?

      Would be nice to run binwalk on the binary to see if it's encrypted. If not, one possible next step would be to try and mount the file system.

    20. 03-24-2016 08:50 AM #119
      Quote Originally Posted by meich View Post
      I have a lot of FW for skoda MIB1/MIB2 aswell.

      I will try to up it to my Dropbox.

      Regards 👋


      Hi,
      I bought a golf (standard highline) next week. But its Mediaplayer don't include app connect or mirrorlink(at main menu, it don't show)
      Is there a way to enable them?( 2016 - 1.4 highline Dsg - Hw:H24 composition Mediaplayer)

    21. 03-24-2016 11:54 PM #120
      Signed up to post in this thread. Does anybody know howto dump the FW from the Car? I own an Audi Q7 2016. It’s MIB2 system based on MLB-Evo.

    22. 03-27-2016 02:13 PM #121
      Hi

      Can anyone please PM me a link to firmware 388 (or higher) for a MIB1 Discover Pro?
      I downloaded the 2.2GB image, but it doesn't work on my unit - it's a FMU-H-N-RW-VW (Rest of World). The firmware I got was specifically for the EU model variants.

      thank you

    23. 03-28-2016 04:47 PM #122
      Quote Originally Posted by Chillout View Post
      I got some valuable information on Drive.net, a car community:



      So... I ordered a USB-UART adapter. I'll be having a few days off soon, so I'll be able to mess around with it

      Could you please give link where you was found this information? Thank you!

    24. 04-06-2016 11:44 PM #123
      We did a thing - and it works!

      Next week i get a latest DP2 FW.

      See you! 😊


    25. Member
      Join Date
      Apr 29th, 2009
      Location
      The Netherlands
      Posts
      351
      Vehicles
      '15 GTE
      04-07-2016 06:52 AM #124
      NIIICE!

      What USB-RJ45 device did you use?

    26. Junior Member
      Join Date
      Apr 15th, 2015
      Location
      San Jose, CA
      Posts
      44
      Vehicles
      2015 GTI Autobahn DSG
      04-07-2016 01:15 PM #125
      I have the latest firmware 0245 for hardware revision H25 MIB-2 units. Let me know if you want a copy.

      But that doesn't look like a Golf glovebox, so you likely are looking for non-NAR firmware?
      Last edited by ShapeShifterZ; 04-07-2016 at 01:18 PM.

    Page 5 of 9 FirstFirst 123456789 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •