LoneJeeper
Junior Member
Hello all.
Perhaps my google-fu is failing me, as I didn't find much related to what I'm up to.... so far what I've found is interesting.
I have a fair amount of hardware and software hacking experience under my belt, so when I found out that I'm eligible for a UConnect update, and that I can apply it myself the wheels in my brain started turning. At this point, I'm mostly curious as to if this has been explored or if anyone has a source on it that I couldn't find.
It is possible to 'explode' the update file, explore the updates' file structure, files themselves, make edits, recompile the update files and the truck will use this new data to update the UConnect system.
Obviously, the usual warnings and caveats regarding warranty, bricking, etc all apply here.... I also think it is a huge mistake to put these files into the hands of end users as opposed to it being a dealer-only operation.
I've only given this a couple hours, but I've found where I could change dashboard colors, icons, and some text. It appears I can also export a system backup back out to my USB drive and run whatever shell commands I'd want. My end goal is to have my truck connect to the wireless internet at my house and transfer files to USB storage.
Other interesting finds:
Proxy options:
* Set up the truck to proxy all traffic through my home lab.
* This lets me see what requests and data are being sent/received and intercept any/all files, plus inject my own.
Sat/Nav setup options:
* I have Sat/Nav, so I'd have to see how other update files differ, but perhaps you could enable it through here.
Cameras:
* I have seen some camera information in the .lua code, need to dig here more.
Button action data:
* decompiling the *.swf files, I've seen some ActionScript concerning button names and corresponding scripts which I'd have to pull from the filesystem, but I can run my own edited .sh scrips... I just don't know, yet, how to trigger a second update once I've got those files.
I haven't yet seen where there is any tamper detection or MD5/SHA checksum going on, nor have I found where it is tied to the VIN. Given the RAX hack needs the VIN, it's probably in there somewhere I haven't found... I expect a method very similar to what I'm up to is used in the RAX kit.
So, anyone else know of some research into this area?
Perhaps my google-fu is failing me, as I didn't find much related to what I'm up to.... so far what I've found is interesting.
I have a fair amount of hardware and software hacking experience under my belt, so when I found out that I'm eligible for a UConnect update, and that I can apply it myself the wheels in my brain started turning. At this point, I'm mostly curious as to if this has been explored or if anyone has a source on it that I couldn't find.
It is possible to 'explode' the update file, explore the updates' file structure, files themselves, make edits, recompile the update files and the truck will use this new data to update the UConnect system.
Obviously, the usual warnings and caveats regarding warranty, bricking, etc all apply here.... I also think it is a huge mistake to put these files into the hands of end users as opposed to it being a dealer-only operation.
I've only given this a couple hours, but I've found where I could change dashboard colors, icons, and some text. It appears I can also export a system backup back out to my USB drive and run whatever shell commands I'd want. My end goal is to have my truck connect to the wireless internet at my house and transfer files to USB storage.
Other interesting finds:
Proxy options:
* Set up the truck to proxy all traffic through my home lab.
* This lets me see what requests and data are being sent/received and intercept any/all files, plus inject my own.
Sat/Nav setup options:
* I have Sat/Nav, so I'd have to see how other update files differ, but perhaps you could enable it through here.
Cameras:
* I have seen some camera information in the .lua code, need to dig here more.
Button action data:
* decompiling the *.swf files, I've seen some ActionScript concerning button names and corresponding scripts which I'd have to pull from the filesystem, but I can run my own edited .sh scrips... I just don't know, yet, how to trigger a second update once I've got those files.
I haven't yet seen where there is any tamper detection or MD5/SHA checksum going on, nor have I found where it is tied to the VIN. Given the RAX hack needs the VIN, it's probably in there somewhere I haven't found... I expect a method very similar to what I'm up to is used in the RAX kit.
So, anyone else know of some research into this area?