Doing anything i describe in this thread is at YOUR OWN RISK, if your Jeep suddenly dies on the highway im not responsible, but if your jeep magically gets 200 MPG or limitless fuel i take full credit
So studying the white paper from those security researchers that hacked the jeep over the sprint network and about a half a days worth of tinkering with the uconnect iso update file, i was finally able to get it to take the modifications, changing root password and editing boot script to run commands from script on USB flash drive, but now I'm at a loss not really sure what to do now.
I just finished dumping the entire file system to the flash drive for analysis but other than that I don't know, I'm not familiar at all with qnx or even any embedded Linux for that matter so I'm just posting here to see what you guys can come up with.
One goal of mine is to bring up the hotspot manually without having to pay for it so I can establish a proper ssh terminal, but im dreaming of either running android over top of the jeeps interface or replacing it entirely (maybe someday)
Here's the link to the whitepaper
Ok so i decieded to do a quick run down of what i did,
First, using a hex editor on the 14.05.03 iso update file, at offset 0x80 insert an 'S' 0x53, on 14.05.03 ONLY this will bypass the initial ISO integrity on anything later the white paper describes a way to 'trick' the check. It involves 2 usb one with a modified ISO and one with a legit ISO. i have never done it this way, but i will describe it anyways: insert the USB with legit ISO, click yes on the pop-up, when the screen turns completely off immediately remove the USB and insert the one with the modified ISO
Second i changed the root password at offset 0x5dd34b4 to 8CNGLiYvSaCbg which is "root"
And lastly i inserted the code that will run scripts contained in 'cmds.sh' located on a usb flash drive, now this is tricky, orginially theres this line:
''# Start Image Rot Fixer, currently started with high verbosity"
make it look like this before you insert the line of code:
"######rently started with high verbosity"
now after the "-d -p 2000 .." insert "sh /fs/usb0/cmds.sh &" and make sure that after the '&' and before the first '#' there is a line termination hex code 0x0a
And that's it, type up a script called 'cmds.sh' and put it on a FAT32 formatted flash drive and your good to go
The directory list:
and a list of available commands
Would it be a good idea to upload the actual dump from the file system?
for ****s and giggles, live long and prosper:
Last thing, most of the credit goes to Chris Valasek and Chris Miller the security researchers that paved the way and published the white paper, i just studied it and put the actual rooting process in an easier format.