I was thinking of buying a 2016 pilot. Has there been any progress in getting Carplay working on it?
After about a month of use, this is so great. I love using Waze through the car. And Spotify is really nice to have too. I did the process on my dad's 16 Touring and my brother in law's 17 Touring as well. Both seemed to work fine. Thanks to all for your hard work on this!
Tried Did not Work! Thanks in Advance
Hello,
First, thank you for the noob guide! Much Appreciated
I tried following the steps and got this message
I have a 2017 Honda Accord Ex, 6spd.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Mohammed Ali>cd c:\hondahack\OneClick
c:\hondahack\OneClick>OneClickInstall.bat 172.20.10.13 waze.apk
c:\hondahack\OneClick>.\bin\bash.exe .\OneClickInstall.sh 172.20.10.13 waze.apk
Usage: ./OneClickInstall.sh ipaddress My.apk
Example: ./OneClickInstall.sh 192.168.1.100 Waze.apk
Disconnecting other adb devices\n
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
disconnected everything
Connecting to 172.20.10.13\n
connected to 172.20.10.13:5555
Checking for root...
No root yet, addressing the situation
Attempting to push payloads to /data/local/tmp/rootme\n
[100%] /data/local/tmp/rootme/factory_reset_mod.sh
[100%] /data/local/tmp/rootme/dirtycow
[100%] /data/local/tmp/rootme/nefarious.sh
[100%] /data/local/tmp/rootme/su
Exploiting dirtycow to replace factory_reset.sh with our own\n
warning: new file size (60) and file old size (3489) differ
size 3489
[*] mmap 0x401fa000
[*] exploit (patch)
[*] currently 0x401fa000=732f2123
[*] madvise = 0x401fa000 3489
[*] madvise = 0 1048576
[*] /proc/self/mem -636485632 1048576
[*] exploited 0x401fa000=732f2123
Okay - should be all set, initiate factory reset and hope for the best!
Go to Home ->Settings->System->Factory Data Reset (scroll all the way down) and
ititiate factory reset, press enter when unit has rebooted & reconnected to WiFi
Okay - checking for successfull root\n
disconnected everything
connected to 172.20.10.13:5555
.\OneClickInstall.sh: Hmm, didn't get root. Aborting further operations.: comman
d not found
Thank you again for the help!
Hello,
First, thank you for the noob guide! Much Appreciated
I tried following the steps and got this message
I have a 2017 Honda Accord Ex, 6spd.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Mohammed Ali>cd c:\hondahack\OneClick
c:\hondahack\OneClick>OneClickInstall.bat 172.20.10.13 waze.apk
c:\hondahack\OneClick>.\bin\bash.exe .\OneClickInstall.sh 172.20.10.13 waze.apk
Usage: ./OneClickInstall.sh ipaddress My.apk
Example: ./OneClickInstall.sh 192.168.1.100 Waze.apk
Disconnecting other adb devices\n
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
disconnected everything
Connecting to 172.20.10.13\n
connected to 172.20.10.13:5555
Checking for root...
No root yet, addressing the situation
Attempting to push payloads to /data/local/tmp/rootme\n
[100%] /data/local/tmp/rootme/factory_reset_mod.sh
[100%] /data/local/tmp/rootme/dirtycow
[100%] /data/local/tmp/rootme/nefarious.sh
[100%] /data/local/tmp/rootme/su
Exploiting dirtycow to replace factory_reset.sh with our own\n
warning: new file size (60) and file old size (3489) differ
size 3489
[*] mmap 0x401fa000
[*] exploit (patch)
[*] currently 0x401fa000=732f2123
[*] madvise = 0x401fa000 3489
[*] madvise = 0 1048576
[*] /proc/self/mem -636485632 1048576
[*] exploited 0x401fa000=732f2123
Okay - should be all set, initiate factory reset and hope for the best!
Go to Home ->Settings->System->Factory Data Reset (scroll all the way down) and
ititiate factory reset, press enter when unit has rebooted & reconnected to WiFi
Okay - checking for successfull root\n
disconnected everything
connected to 172.20.10.13:5555
.\OneClickInstall.sh: Hmm, didn't get root. Aborting further operations.: comman
d not found
Thank you again for the help!
Last edited:
I was able to fix this by downloading the oneclick install file from this post rather than using the one from github. Hope this helps.
Can't get apk signature
Hi! Really appreciate your help!! Everything was going smooth until I couldn't get the apk signature. Do you know how I could fix this? Thanks!!
Hi! Really appreciate your help!! Everything was going smooth until I couldn't get the apk signature. Do you know how I could fix this? Thanks!!
What will be the benefit of the reset files. What will it do to the system. Can any one tell me.
Great. Please let me know when you have the reset file.
I finally went to the Honda dealer (busy month) and they did a software update for me. There were no features or enhancements, just big fixes, apparently. I asked for a copy of the flash drive or the file, but was told that Honda will not allow them to give it out.
---------- Post added at 08:37 PM ---------- Previous post was at 08:34 PM ----------
Oh, another piece of info about how Honda will be doing this in the future:
The Honda service rep that I spoke with said that Honda corporate came to their dealership and installed a completely separate WiFi network specifically for future software updates. When you drive your 2018 Odyssey into the service area, the car will automatically connect and install any available software updates! Cool, creepy, convenient, and everything all at once!
The OneClickInstall.bat overwrites the original reset file in order to enable installation of new apps. Replacing the reset file will allow you to return the head unit to a more stock configuration. I haven't actually put the original reset file back on, but if I remember correctly others that have done it said it removed the new apps.
Finally somebody found a way to enter the developer mode: https://xdaforums.com/android/general/guide-how-to-enter-developer-mode-2017-t3621582
Wow! this is the greatest forum i've ever found!
I will be attempting this over the weekend on a 2017 Honda Accord EX w/ HS.
I know some people may be looking for a factory image of this car? Prior to playing around and modifying it, i can take the factory image for you. Please tell me how and i'll do it and upload it here.
Thanks!
I will be attempting this over the weekend on a 2017 Honda Accord EX w/ HS.
I know some people may be looking for a factory image of this car? Prior to playing around and modifying it, i can take the factory image for you. Please tell me how and i'll do it and upload it here.
Thanks!
I don't believe that anyone has figured out how to get a complete factory image for any Hondas that this works on.
However, several people are looking for copies of the original factory_reset.sh files for various models. This file gets overwritten when you run the OneClickInstall batch file, so you need to copy it prior to that. If you are following Living Lejuhnd's guide in post #404 (which I'd recommend) then you can pull a copy of the reset file by executing the following commands right before you run OneClickInstall.bat:
adb connect 192.168.1.200
adb pull /system/etc/factory_reset.sh
This will create a copy of the factory_reset.sh file from your Honda and put it on your PC in the directory that you are in the command prompt (C:\hondahack\OneClick\).
-Tim
Thanks for the reply Tim!
So basically this factory_reset.sh file will restore the headunit if it gets bricked?
If it is truly bricked I don't think you'll be able to get back in to replace the factory_reset.sh file. Obviously someone may figure out a path in the future though or there may be other situations where it would be useful to have it.
To be honest, I haven't had a need for my original reset file. I was just leery of overwriting it without keeping a backup copy.
-Tim
I will post mine just in case someone needs it. All i want is to bypass the function to stop video when driving so my passenger can watch a show while i drive. I'll most likely attempt kodi and netflix only.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
28Disclaimer - this is your vehicle you are messing with. If you are not comfortable with potentially permanently damaging the head unit, stop here.
Now for the good stuff.
Credit where credit is due: this method relies on the recent "dirtycow" exploit. I used the POC Android exploit code located here:
https://github.com/timwr/CVE-2016-5195
This exploit in simple terms takes advantage of a Linux kernel bug that allows a (small) file to be "overwritten", when a user only has read access to that file. It doesn't actually modify filesystem contents, but any application that reads the file after the exploit is used will read the "new", post-exploit contents instead of the original.
The scripts attached use the dirtycow binary to overwrite the "/system/etc/factory_reset.sh" shell script with a nefarious version. This script is executed when you perform a factory reset operation through the settings menu, and gets executed as the root user.
The nefarious script is quite simple - it just calls another script that is uploaded and performs a reboot. The second script mounts the /system partition as R/W, then copies over an su binary and sets appropriate permissions, then syncs and mounts read only again.
Please note that the attached "rootme.sh" script is intended to be run from a Linux machine - if I get the time (or enough donations), or if someone else cares to, it can be ported over to a Windows batch file easily enough.
Updated the attached zip to include a Windows batch file.
Steps:
- Download the attached zip file
- Extract to a machine capable of connecting to your Pilot over ADB
- Modify "rootme.sh" (*nix) or "rootme.bat" (Windows) to use the correct IP
- Change the "172.16.1.217" lines to reflect the correct IP for your Pilot - Execute "rootme.sh" (*nix) or "rootme.bat"
- ./rootme.sh should do it for *nix
- for Windows, open a command prompt, navigate to "rootme.bat" location and type "rootme.bat"
- Watch output for completion - Perform factory reset operation
- Note - should the exploit function correctly, this step should NOT perform any factory reset operations. However, you should fully expect everything to be reset if the exploit failed or some other problem occurred when attempting to use a nefarious factory_reset.sh script.
After the Pilot reboots, you should be able to get a shell over ADB as normal, except now issuing an "su" command will drop you to root!
Update - thanks to purespin figuring out the signature mechanisms, we can now install apps! I've attached OneClick.zip, which contains a series of scripts to automate the rooting & app installation process.
That said, be careful, use these at your own risk, etc.
Extract zip file to some folder then open up a command prompt in that folder. Also drop the APKs you wish to install to that folder.
Type OnceClickInstall.bat [YourHeadUnitIP] [APKToInstall.apk]
The script will root your device if it's not already, then go ahead and perform steps necessary to install the APK (one reboot required if already rooted).
This basically performs the steps described in purespin's post to get a signature of the APK, download and modify the whitelist XML file, upload it back, reboot, then install the APK.
There's one prompt in the script that asks you too look things over - pay attention here, if any issues crop up at this point damage can be avoided, continuing in a bad state will have undefined results.
Updated the scripts to back up the white list on each run to /data/local/tmp/whitelist-(timestamp).xml.
Updated to handle APKs with more than one signature.
Edit: As suggested by wpg_moe, a Git Hub project has been set up here:
https://github.com/jersacct/2016PilotOneClick.git
Changes & suggestions are encouraged and welcomed, but this is a part time hobby project for me, so expect movement to be "lumpy", as I'm mostly only able to work on this during the weekends.23I'm a huge tech fan, but no formal training. I read through the thread start to finish so I could attempt to execute this hack on my 2016 Pilot EX-L. With plenty of re-reading along with lots of googling, I was able to gain root access on my Pilot, along with adding the Waze App. Much thanks to all contributors, especially jersacct and purespin who really got this thing going.
To reciprocate, I decided to create an incredibly dumbed down tutorial on how to get this going. Hopefully this can eliminate some of the burden on fellow forum members to answering the same questions over and over. Since this tutorial is done by a hobbyist and not a professional, it may resonate a bit more with some less tech-savvy people. All of the ADB, JRE, APK lingo can get a bit confusing. But once you understand the basics of what’s going on, the all-in-one script has made this a piece of cake. After creating and reading through the tutorial, I realize I probably went overboard with how much I broke things down, especially considering we're on the xda-developers forums. Either way, maybe it can help a few forum members, along with possibly guiding less tech savvy in future google searches in the future.
---------- Post added at 07:39 AM ---------- Previous post was at 07:34 AM ----------
Super Comprehensive Guide to Hacking your Honda
(Pilot 2016 EX-L for me)
Download OneClick .zip file from page one of this thread. Here is a direct link. We’ll get to this later.
https://xdaforums.com/attachment.php?attachmentid=3950352&d=1480262045
Download ADB Installer v1.4.3. Here is a download link. We'll also get to this later:
http://www.mediafire.com/file/mjjyw6a27m2l1ma/15-Second-ADB-Installer-v1.4.3.zip
In my case, I already had Java SE Runtime environment installed, so I did not have to do this step. But I assume it's straight forward. Here is a link to Oracle’s page. Choose your OS, download, and install.
http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html
Your two previous downloads from steps 1 & 2 should be sitting in your downloads folder. We’ll start with the ADB installer. Extract the files to a new folder:
After extracting, click through the folders until you get to the application. Install the application by right clicking and running as administrator:
I can't say with certainty that selecting yes is necessary for all questions, but it will certainly do no harm. Type y for all 3 questions. Allow the driver to be installed and you should be good to go:
Next, for simplicity purposes, create a folder in your root directory called "hondahack". For people that tend to not pay attention to detail, while it might seem silly to do everything exactly as presented here, it will likely help prevent a minor oversight that could derail the entire project later. Right mouse click and select "new folder". Type in "hondahack". The folder's location will be C:\hondahack
I don't know if this next step is necessary, especially after selecting "y" for "Install ADB system-wide". Either way, stay at root directory. This is where adb was installed. My location for adb is C:\adb as seen below:
Copy the top two files. adb and AdbWinApi.dll and move them to your new hondahack folder. Also, copy the zip from step #1. This is the One Click script located in your downloads directory. Place it into the hondahack folder. Then, right mouse click on the zip file and select, extract here. You should be left with your hondahack folder looking like this:
Cut the two files from before, adb and AdbWinApi.dll and move them into the OneClick folder. Your folder should look like below. In a Windows instance with drive letter C, your working path for this project would be C:\hondahack\OneClick
Next, we're going to download an APK to use in the script. I simply googled "Waze 3.9.9.0 APK" since that was the version I wanted. Many options came up. This one below works fine:
https://www.apk20.com/apk/100989/vstart
Download this file to your working path. Again, in our case, this is the C:\hondahack\OneClick folder. Give it the simple title of waze and save as a .apk file. Don't forget, if it's already showing file type as .apk, do not type in "waze.apk". This will create waze.apk.apk as the filename. If you had "Save as type" set to "All Files", then you would call it "waze.apk". Otherwise, as in the image shown here, call it "waze":
---------- Post added at 07:46 AM ---------- Previous post was at 07:39 AM ----------
Time to head to your vehicle. Here is a screencap of a random youtube video so you can see the screen where you'll be modifying your connection from the Settings > Bluetooth/Wi-Fi tabs section:
First, make sure Wi-Fi On/Off Status is set to on. Then, go to the Wi-Fi network list, and get your vehicle online. Make sure it's on the same local network as your PC. Once connected, check the IP address of your Pilot by going to Settings > Bluetooth/Wi-Fi Settings > Wi-Fi Information. Write this address down and head back to your PC. For our case, we'll say it's 192.168.1.200.
It is important that you make sure that the IP address of the computer which you're executing the script from is on the same subnet as your vehicle. For instance, if your computer's local IP address is 192.168.1.172, then your vehicle must start the same way, with 192.168.1.#. The simplest way to ensure this is to have them both connected to the same router.
To verify, you'll go to the command prompt and type in ipconfig. Click the windows icon and type cmd. Then type, ipconfig and hit enter. You'll be looking at the information on whichever adapter is currently in use. In my case, I'm hardwired so it's the ethernet adapter. I've highlighted my IP address in red.
In this case, the vehicle and the computer are on the same subnet. They both start with 192.168.1. We're good to go, and now over 90% done! From here, it's mostly crossing fingers and hoping things go according to plan.
Head back to the command prompt and bring yourself to the C:\hondahack\OneClick directory. To do this, typeNow, you'll be executing the script. This specific script is broken down into three parts. Batch File Name > IP Address to pass to script > APK to pass to script. For additional applications, all you'll need to do is download the proper APK file, locate it to your C:\hondahack\OneClick directory. In our case, we're going to typeCode:cd c:\hondahack\OneClickCode:OneClickInstall.bat 192.168.1.200 waze.apk
Since I have already done this, the below will show something similar to what the output of that command will be:
Code:Usage: ./OneClickInstall.sh ipaddress My.apk Example: ./OneClickInstall.sh 192.168.1.200 waze.apk Disconnecting other adb devices\n Connecting to 192.168.1.200\n connected to 192.168.1.200:5555 Checking for root... Rooted successfully! Already rooted! Okay, getting signature of Waze.apk Signature: 30820314308202d2a003020102020449806de1300b06072a86 48ce3804030500306c310f300d060355040613064973726165 6c310f300d0603550408130649737261656c3110300e060355 040713075261616e616e61310d300b060355040a130457617a 65310d300b060355040b130457617a65311830160603550403 130f416c657820416772616e6f766963683020170d30393031 32383134333832355a180f3230363331313031313433383235 5a306c310f300d0603550406130649737261656c310f300d06 03550408130649737261656c3110300e060355040713075261 616e616e61310d300b060355040a130457617a65310d300b06 0355040b130457617a65311830160603550403130f416c6578 20416772616e6f76696368308201b83082012c06072a8648ce 3804013082011f02818100fd7f53811d75122952df4a9c2eec e4e7f611b7523cef4400c31e3f80b6512669455d402251fb59 3d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b7 6b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7 c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae 2b61d72aeff22203199dd14801c70215009760508f15230bcc b292b982a2eb840bf0581cf502818100f7e1a085d69b3ddecb bcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159 578ebad4594fe67107108180b449167123e84c281613b7cf09 328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f 0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15a e59f06928b665e807b552564014c3bfecf492a038185000281 8100ce11f6d402adf4a6aceaf6fe81219ed28299e37ffdca84 6241e7d21e5bf35c8938ee20ce6ade9907c38f12556d574135 ebb36a567c7cb001d75d3952bcca616f4ad232563e407706c9 5bc47f2ed115052d5389eb84799956e5aa4481be2312d347c6 20029b2b8903b5553849111da92372cd50e2f9a7c156d5d10f 3d83bbaf03300b06072a8648ce3804030500032f00302c0214 46d982e8f1ea835d06f44934bf60241e5f8be5c402147d372a f681491f354f34c4ab1a6f30475e69767e Getting package information Package name: com.waze Retrieving current whitelist... Preparing replacement whitelist Okay - all set to replace the whitelist. Below are the final steps: 1. Backup existing whitelist to /data/local/tmp/ 2. Upload whitelist to head unit 3. Reboot head unit 4. Install APK normally Please review the below items carefully - if anything doesn't look right, ABORT NOW!\n Root status: rooted APK signature obtained Have package name: com.waze Original whitelist.xml size seems okay Package name is present in new whitelist Would you like to proceed? (y/n):
---------- Post added at 07:52 AM ---------- Previous post was at 07:51 AM ----------
At this point, review the above carefully. If it says you're rooted, the APK signature has been obtained, the whitelist.xml file is okay, and the package name is present in the new whitelist xml file, then you're good to proceed. If these results are not the same as above, select n and head to the forums with your question. If you've followed these directions exactly as presented, more than likely you won't face any issues.
If you select "y" you will see the following:
Code:Backing up whitelist to /data/local/tmp/whitelist-13-12-2016--21-03-02.xml Uploading whitelist 106 KB/s (35666 bytes in 0.328s) Rebooting head unit Press enter when head unit has rebooted and is connected to WiFi
Head to your vehicle. Make sure it restarted and is connceted to Wi-Fi. If so, head back to the computer and hit enter This part may take a few minutes depending on the APK size and your connection speed. You will see the following:
Code:Issuing APK installation command - this may take a while depending on APK size connected to 192.168.1.208:5555 252 KB/s (49700115 bytes in 191.852s) pkg: /data/local/tmp/Waze.apk Success! All done - hope you enjoy!
If you see "Success!", you're good! On your vehicle head unit, go to the home screen, hit the 6 dots at the bottom right, and you should see the little Waze icon. Tap and you're off! Don't forget, you will need to use your phone as a mobile hotspot to provide data while on the go.
If you see a failure, head back to the forums to see if you can figure where you may have went wrong.
*****
Here is TLDR version of this tutorial:
1. Download the script, an ADB installer, JRE, and whatever APKs you want to add to your Honda.
2. Have a single folder with the all in one script, ADB files, and APKs.
3. Run the .bat file from the script at the terminal with the IP of your Honda & the APK of choice as the two parameters. C:\ [.bat file][ip address][apk]
4. Cross your fingers
*****
This tutorial goes into great detail for the installation process, but I will leave any tweaks to the pros. I have yet to encounter (likely to limited use) any of these issues, but many have reported some audio issues with Waze, whether it be too quiet, or improper transitioning from music to notifications. This tutorial does not address these issues. From my understanding, there does not seem to be a consensus on why these problem exist or how to replicate these problems. Until there is a solution, they won't be addressed in this tutorial.
Hopefully this was helpful. Feel free to chime in with any corrections or comments.8Sorry for the delay as I have something to attend after works
First thing first: this totally depends on the root method provided by jersacct in this thread. All the credit to him and others who has helped during the adventure.
Technical details about how to make installation works:
As we all know that ApplistUpdate.apk contains whitelist zip and will install the whitelist.xml in /data/system/ folder. But changing that file didn't seem have any impact, as several of us tried it before. I have searched the whole file system trying to find the files that might be used to control the installation but to no avail.
So I decided to decompile some of the apks and frameworks. The process is quite tedious as the decompilation was not always working, especially for the frameworks. I have tried a few tools but still not 100% working. But luckily I just got enough decompiled code to analyze the logic of whitelisting. After studying the code, here are some findings:
- The "whitelist" system service (in /system/framework/framework.jar/odex) provides the service for other apps to check "whitelist" functionality. It doesn't do much itself except forwarding the call to WhiteListManager.
- The WhiteListManager provides the core functions related to apps installation/permissions and is in /system/framework/services.jar/odex. It loads /system/data/whitelist.xml file during system boot-up. It has the following functions:
- checkInstallPermission()
- checkAddinApplication()
- getRegulationMode()
- checkAudioFlag()
- getAudioStreamType()
- checkRevertFlag()
After lots of tries, I finally managed to create the correct signatures for my test app and I was able to get the "Install" button enabled for my test app!!!
Here are the lines added to whitelist.xml for my test app:
The rest are pretty straightforward, just get the signatures for any app you want install and add it to the whitelist.xml, upload it to HU, reboot and it can be installed.Code:<application> <property> <name>TestApp</name> <package>com.purespin.testapp</package> <versionCode>1-999999999</versionCode> <keyStoreLists> <keyStore>308201e53082014ea003020102020454d05fc1300d06092a864886f70d01010505003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3135303230333035343232355a170d3435303132363035343232355a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730819f300d06092a864886f70d010101050003818d00308189028181009c29ce69a49970e1c26f36c5cbd4051f384b07701e481bcd5563aa5f9952f9ac26aecdee8807de4202ea7cd94a6088d96ef6133d927375759d983777a6f655d08a1e055ce44413dd751a04a407b4773f904abf268faea3ba3de6ae8714c71620dd641d5cbd2deff2e8826aab1f62e3a62e7838a988548d2f76b5e59a35bc9d7d0203010001300d06092a864886f70d0101050500038181004822e80b27a715cd17ee08fa13592e7c18dde93443c1a26d04c80dcbd908e69f2d846a37e397246a64430d858b602a7e7befd77451e7e159de07225d5585e470680acbea0791970bc85f537f7034a5b37ef8fa9f555938d79748fe479c535c9a21cabe3979df15a6ac4428055ae1ad309f5106770223514f2c434447d62c37ca</keyStore> </keyStoreLists> </property> <controlData> <withAudio>without</withAudio> <audioStreamType>null</audioStreamType> <regulation>null</regulation> <revert>no</revert> </controlData> </application>
What have been tested?
I tried some apps and they all can be installed and launched:
- Waze (3.9.9) is running perfectly within 5km test drive without data. I have launched it for a few minutes before going out. So it probably downloaded some maps to cache while still connecting to home wifi.
- HERE/Sygic can be installed and launched but having some problems. The settings page is blank in HERE so I can't choose external USB as the storage. Sygic asked to download maps after launch. So I just uninstalled these 2.
- Spotify is running fine too. But there is no setting to choose external USB as the offline storage (the same version on my phone does have the setting option).
- Kodi is working great. I can even playback video while driving. I know this is illegal but hey! I just want to have some fun . I think this can be disabled by the restrictions settings in the whitelist.xml.
I think the whole process to get the signature from apk, update whitelist.xml and upload it to HU can be automated by writing a simple app, just like what S_Mike did for the EU versions. But given the limited internal storage space, it is low priority now.
Note that all the apps are installed under /data/app/ folder, not under /system/app/ folder. But to my surprise, the installed apps have all the "root" privilege. For example, ES File Explorer can open /data/system/whitelist.xml, which is only rw by the root user. It can even edit and write to the file!!! [highlight](I guess one has to be very careful when someone just play around! They can easily brick the HU!!!)[/highlight]
Quick Test
Sorry for the long story. For someone just need a quick test, you can download the attached whitelist.xml and follow these steps (You should compare the content of it with the original one in your HU to see the differences):
Steps:
- Root your HU by following the instruction in the original post in this thread.
- adb push whitelist.xml /data/local/tmp/
- adb shell
- su
- cd /data/system
- cp whitelist.xml whitelist.xml.original
- cp /data/local/tmp/whitelist.xml .
- reboot
- com.purespin.testapp
- com.waze
- com.spotify.music
- org.xbmc.kodi
- com.estrongs.android.pop
- com.sygic.aura
- com.here.app.maps
- com.tinusapps.gpsspeedo
- oops.ledspeedometer
- com.eclipsim.gpsstatus2
- com.rechild.advancedtaskkiller
For other apps
Download the attached GetAndroidSig.jar file and run it against the apk you want to install:
it will print out the signatures for the apk. Add them to the whitelist.xml together with app name and package name. See the attached whitelist.xml for examples. If there are more then 1 signatures, you need to add them all. Check the HERE WeGo example in the xml file.Code:java -jar GetAndroidSig.jar abc.apk
That's all the info I have now. Let me know if you run into any issue or have any question.
Warnings: I'm not responsible for any damage of your head unit. Use it for your own risk.7
To you and others concerned about complexity:
Would it be beneficial to have a script (Linux script or Windows batch file) that takes an input of APK to be installed, and the script makes the whitelist modifications accordingly and installs the desired APK? I anticipate this to be a straightforward process.
Script inputs: IP address of device, APK to install
Steps:
- Connect to device over ADB
- Check for root (can install root here if needed)
- Create backup of current whitelist
- Download current whitelist
- Identify signature & permissions of APK to be installed
- Modify whitelist appropriately
- Copy new whitelist to device
- Reboot device
- Wait for device to reconnect
- Issue install command to install new APK
Thoughts? I may be able to work on this over the next few days to make rooting & APK installation a simpler process.
Thanks again to purespin - really great work here.
New posts
-
-
TCL 2022 Google TVs (P635/P735/C635/C735/C835/C935)
- Latest: garethk1979