Golf MK7 Discover Pro Hack possible?

[Sage]

this is an interesting thread. i pickup my golf mk7 this weekend. i will watch with interest!

 

[Chillout]

Have we seen this link ?

https://reverseengineering.stackexchange.com/questions/12286/defeat-rsa-hash-verification/12287

Basically it covers the MetafileChecksum and the signatures. Problem is I need an A, B, C of how to do the activities. I sort of guess that the public key is the same or failing that it can be read from the unit ?. Have we got that key yet ?.

The n in the example is a chunk of the public key.

I can't work out the process for doing "signature s raised to the power of 3 modulus n" (my two maths degrees were too long ago for that). I guess somewhere on the net there are some boxes to fill in that gives you the

0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a050004145e3246e50a4dad079a61f99fa3297c01d802e038

I've loaded up openssl but I really need to know in simple terms using an online process or tool how to compute the process "signature s raised to the power of 3 modulus n".

Any help most appreciated. Having emulated the process described in the link, one then wants to see what it means for the MIB2.

I reckon if one mastered this then one can start editing the map upload files and anything else that needed signed files etc.

Edit you do the maths in python, I was kindly given the formulae for the worked example:

384fc032192a20fd1e242ad64af5b509a76a7432f754aff0d6b74a7ec2072cbb11e91f68f569508b77712d1869edd6d0b9923eb77ba815dba8e44d5e09412cdf2e830518f3b38d48df892a3a0c65cc67f109e5e0f5f06ce0376d032ab21051510f3dab7f75fcdf54a96d8aa7f3c617f76d
e=3
n=0xC0F389EEC7B66C9DC736508FF88AEB1FB113942EAD020814D08D29E868F14B2086BCD7DDCCBA7559F999E76D24619660BBE17434DA59988087F2A99CD465B1FF423522B78CB0DE463A669613D356DFA9E86E0E2E0B6DAB5DE89131C5A0727AEAB1767278AB101DCD9C3CFC1026705C1DAB3BF53BF50AFAFB3F52DA2CEB0BEE57

>>> x = pow(s, e, n)
>>> hex(x)
'0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff003021300906052b0e03021a050004145e3246e50a4dad079a61f99fa3297c01d802e038L'
>>>

Pick off this bit as per the worked example.

3021300906052b0e03021a050004145e3246e50a4dad079a61f99fa3297c01d802e038

Feed into

https://lapo.it/asn1js/#3021300906052B0E03021A05000414A9BC4DC6DBF5A02B19E87DD56D9236EBADA47A2A

For the final bit to give the ANS.1 hex string which is the lock to the file. The metachecksum is locked to the rest of the file less the signature and the statement itself. The chipping away process and this program to get the SHA.1

https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility/

The keys in the original post are applicable to the MIB2 High ones since I got the SLA.1 hash from the method to tally with the signatures that were protecting a VW POI upload file and a map update file. Haven't progressed it further yet, but interesting to note the public signatures are out there.

Perhaps all this is known....

Sorry for the late reply. I didn't know this (although I do know the topic on stackexchange). Did you get any further with this?

chillout, you say that you can use one of these adapters but i have read elsewhere that ver. c1 with chip AX88772B does not work. have you managed to get ver. c1 to work ok?

D-Link DUB-E100 (0x2001, 0x3c05) h/w ver. b1
D-Link DUB-E100 (0x2001, 0x1a02) h/w ver. c1

I didn't test them all.. All I know is the stuff I mentioned should be supported according to the config files.

 

[silkston38]

Vw tdi

Sent from my SM-G930F using Tapatalk

---------- Post added at 12:16 PM ---------- Previous post was at 12:12 PM ----------

Vw tdi g

Sent from my SM-G930F using Tapatalk

 

[MORKAS]

Hello, greetings, this post is very interesting. I'm trying to enter my MIB2 from my car, through telnet, (It has helped me and explained, a lifelong friend who works as a computer, I think on networking issues), but I do not know the root password or user, I'm very unfamiliar with this terminal, but I would like to inquire into the system. I wanted to know, if it is possible to enter in some way without being root, I do not know if I explained myself well, thanks

Enviado desde mi SM-G935F mediante Tapatalk

 

[vierchatura]

MIB Known passwords

Hi

Can everybody share already known MIB passwords here

 

[ac-xda]

Sorry to jump into the thread, but I have an issue with my Discover Pro in my Golf...

Basically it's stuck trying to update the firmware. It went in for a service and whilst updating the firmware it must have locked up or they pulled the SD card.
I have tried to update it myself, however when I insert the SD card with the firmware, it recognises it but ends up back at the current installing page telling me to reinsert the firmware media.

I also get a software update error every time I start the ignition.

So, is there a way to reset the unit or override the current failed update?

Thanks in advance

 

[hugo_nz]

Hey guys, I have a 2017 Tiguan with Discover Media MIB2 (same as the Pro minus the sim-card slot). You can access all the coding and features using the OBD-Eleven dongle and app. I have one and have done plenty of customisation on the headunit. Wifi is super easy to enable and the hardware exists in the headunit (yes, the Non-Pro one), but things like Google Earth and Street View require VW CarNet which isn't available in NZ. I can enable all the functions, but since I cannot enrol into the service I cannot enable them, and so none of the features that rely on CarNet work.

The MIB2 headunits also have the coding options to allow Wireless Car Play and Wireless Android Auto, but trying to activate them simply results in an error. To get past that you need a SWaP (Software as Product) release code from VW, and AFAIK those can only be generated in Germany.

 

[vierchatura]

MIB RCC login with password: harman_f

Hi

Could anyone tell me how could i log in to RCC with known password: harman_f
I get login screen but login root password is unknown
as i know for all navi RCC login is same harman_f but that login to enter and how to log in?

 

[raptik]

Hey guys, anyone here willing to share any version of firmware files for VW MIB2 (preferably v0343 or newer) or anyone willing to make full dump of the VW MIB2's flash?

 

[GPSSlovakia]

Any progress?

 

[henno88]

anyone can tell me how to mount root dir of rcc rw?
I have tried
mount -uw /
mount -uw /usr

not working
An other qnx systems there is a marker file .boot, but seems to be not used in rcc

 

[STL1te]

Can someone share the Discover Pro firmware update files with me via PM?

 

[bunny76]

anyone have the login for harman please?

 

[absetup]

pw

hello
how can i copy all date of the mib1 to the SD card,
i tryied many command but always errors

 

[VAG_Grimreaper]

I have a harmann 9.2 and wanted to see if root access was possible?

5na 035 020a / firmware version 1161

i tried using the serial method by building a custom loom (USB to TTL) and plugging into the blue plug but no SSH access at all, RX is flashing on the TTL adapter.
I tried wifi access by enabling hotspot and again i can ping to the headunit but no access via port 22 or port 23

my final resort is the D Link usb / ethernet adapter which I hope will work!
i am assuming firmware 1161 has blocked the above access methods?

any help would be appreciated!!

 

[offsystem]

Hello

IS it possible to flash a image from SD card in emergency mode?

I need different firmware on unit but SD card train is being rejected.

Thx

 

[camarao69]

Codecs

Can some expert in this subject please explain me if it is possible do add video codecs to mib 2 units, expecially the ones that don't play videos ( discovery media ,composition, bolero.....), do they have any hardware limitation for not playing videos ?

Thank yo

 

[andyvag]

I found by root this text: daPzPBI8LXeWY could you help me with decrypt???

I have now the same firmware and will need the password.
root:daPzPBI8LXeWY

Any help would be appreciated.

 

[Fastredz]

Hi everyone, newbie user here
Have read this thread with great interest.

I have bought a vw discover media head unit to try to get it to work in my vw t6 transporter startline

Vw dealer has removed the component protection and the unit worked for 5 mins.
After that all the extras stopped working.
Apps, nav, tel. Only radio works.
Ive been told that as my transported didnt have these from the factory then they wont be enabled in the head unit.
Google and a few retrofit companies have also said it wont work.

So reading this thread am i correct in thinking the unit can be hacked so all systems will work in my vw t6?
Please treat me as a complete newbie with the tech and hacking

 

[veso266]

enabling Engeneering menu without the CAN cable

Hi there new here
does anyone know is it possible to enable the green developer menu without needing to use ODB2 cable (beucase I don't want to buy 50$ + 90$ software (VCDS) if I only need to activate the green Engeneering menu)

Thanks and Best Regards