apps-inoeg
mib2-toolbox
Our great sponsors
| apps-inoeg | mib2-toolbox | |
|---|---|---|
| 1 | 13 | |
| 0 | 557 | |
| - | - | |
| 7.7 | 2.4 | |
| over 1 year ago | 6 months ago | |
| Svelte | Python | |
| GNU Affero General Public License v3.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
apps-inoeg
-
Hyundai car software update private keys came from easily Googleable sample code
That's why I try to never put any testing or development keys in repositories. From those keys sitting there it just takes one act of negligence for the keys to make it into a production environment.
It's really frustrating that most people don't care about this at all. Even people forking my own projects would not listen when I told them to please just generate the keys dynamically (for which I included all necessary functionality in the software itself, easily accessible in CI and from the CLI via a simple make command), and instead just put dev keys smack in the repository [1]. And mind you those were some really "security minded" people from the CCC.
1: https://github.com/impfen/apps-inoeg/blob/main/tests/fixture...
mib2-toolbox
-
Hate Apple CarPlay & Waze
The free traffic info isn't bad. You can change which channels the unit subscribes to (see TMC channel research). I enabled all useful channels on my unit and it does show traffic quite accurately. Now in my country there are not really any detours possible, there's just one highway that connects to cities/villages together, so any detour doubles to triples the distance driven (and thus it's not worth it).
-
Two navigation sources - Is there any way to have navigation from Google/Apple maps AND the navigation from the MMI at the same time, rather than one or the other?
They are working on it over on the dark side. Lol. https://github.com/jilleb/mib2-toolbox
-
Updated infotainment images
In answer to OP's question: it's likely this person has used the MIB2High toolbox available on GitHub to customize images and startup screens for the unit.
-
Hyundai car software update private keys came from easily Googleable sample code
That's pretty cool! I wonder how properly they were really signed - there are _so many_ mistakes even in systems that at least don't use an example key off the Internet.
The most common ones I know of are:
* Out-of-bounds write issues allowing "signature was validated" flags to be overwritten in Flash memory, like https://github.com/jglim/UnsignedFlash
* State machine mistakes, like https://github.com/bri3d/VW_Flash/blob/master/docs/docs.md - allowing Flash to be written again after it was already written, without an erase first.
* Filesystem parsing mistakes, like those in a number of VW AG head units: https://github.com/jilleb/mib2-toolbox/issues/122
* The use of RSA with E=3 and inadequate padding validation, like https://words.filippo.io/bleichenbacher-06-signature-forgery... .
* Failure to understand the system boundaries, like in the second part of https://github.com/bri3d/simos18_sboot where "secret" data can be recovered by halting the system during a checksum process.
* Hardware fault injection issues, as used in https://fahrplan.events.ccc.de/congress/2015/Fahrplan/system... .
Fundamentally this is of course, a very hard problem, since in the "protect against firmware modification" case, the attacker has physical access. But, compared to the state of the art in mobile devices and game consoles, automotive stuff is still way behind.
- BMW Wants to Charge for Heated Seats. These Grey Market Hackers Will Fix That.
-
Coolwalk Vertical Rail
For split screen you need to do something with the MIB 2 toolbox from what I remember.
-
Getting into QNX embedded system
The big one, a vulnerabilities in the firmware update mechanism which allows installing customised firmware packs, scripts, tools, ssh etc: https://github.com/jilleb/mib2-toolbox/pull/125
-
The First Android Auto 7 Update Is Now Available for Download
You mean stuff like split screen? It's possible but it must be either coming from your vehicle's manufacturer or you have to mess with properties and/or toolboxes (such as MIB2 Toolbox) to get it.
-
Is there an update/upgrade for the 2017 S3 mmi?
As far as I know, there's a MIB toolbox and MIB2 Patches to unlock stuff.
-
Android auto fullscreen problem (seat arona)
Try the MIB 2 toolbox You can modify the aspect ratio and such
What are some alternatives?
UnsignedFlash - Firmware signature bypass on the IC204
mqb-pm - Performance Monitor for VAG-group cars with Android Auto
Simos18_SBOOT - Documentation and tools about Simos18 SBOOT (Supplier Bootloader), including a Seed/Key bypass and Tricore boot password recovery tool.
volkswagen - :see_no_evil: Volkswagen detects when your tests are being run in a CI server, and makes them pass.
VW_Flash - Flashing tools for VW AG control units over UDS. Compression, encryption, RSA bypass, and checksums are supported for Simos18.1/6/10, DQ250-MQB, DQ381-MQB, and Haldex4Motion-Gen5-MQB.
LinkLiar - :link: Link-Layer MAC spoofing GUI for macOS
hn-search - Hacker News Search
IDDataLogger - A DataLogger for Volkwagen ID vehicles. Includes an iOS Widget. Works with VW ID.3 and ID.4 vehicles.
mib-std2-pq-zr-toolbox - Toolbox for MIB STD2 PQ/ZR Technisat/Preh units.
VWsFriend - VW WeConnect visualization and control