HACK Navigation/Multimedia systems KIA/HYUNDAI and install third-party applications

[Plasur]

Hyundai Kia 10.25-inch Touchscreen Could Get Wireless Connectivity

At the launch of the 2023 Hyundai Verna, Hyundai officials told V3Cars that they are working on an update, which will enable wireless connectivity for Android Auto and Apple CarPlay. Read on to know more details about this future update.

www.v3cars.com

 

[olega59]

Oleg, given you are the guru of all, this question is for you if you would please take the time.

I imported a 2019 kia cadenza sxl from USA to dubai, through the setting>navigation I can choose the speed displayed between miles and km, but it does not actually change in the cluster, my map is also stuck at the last location the car was last active in, California, in my own assumptions, i think because the car is not functioning with the gps the speed units have proven to be null, there are no controls from the cluster, just the head unit.

I dug around on the kia navigation update program, and when I compared both firmwares provided by the USA version and Middle East "MES", (attachments below), they both use the same format, which is YG19****STD_H. The USA file was around 20gb and the middle east was 7gb, so I downloaded the MES version onto the SD card, backed up my USA version and put it in the car but to no avail, is there a way around this? A force update or something?

Worth mentioning, I can access dealer options through the volume sequence and engineering mode through tapping 5 left to update and once to the right.

And if others have input on the matter please dont be shy to share in, thank you all for your efforts in advance.

Hello. Each region has its own navigation. Simply replacing the files on the SD card will not start navigation.

 

[Warriorchicken]

Hello. Each region has its own navigation. Simply replacing the files on the SD card will not start navigation.

What needs to be done differently then?

 

[ibraheem saleh]

Hello, when I enter the engineer mode in Kia Niro 2017, I cannot change the settings as shown in the pictures. Is there a way to solve this problem? Thank you

 

[ibraheem saleh]

Hello, when I enter the engineer mode in Kia Niro 2017, I cannot change the settings as shown in the pictures. Is there a way to solve this problem? Thank you

 

[Warriorchicken]

guys quick question, I searched highs and lows but to no avail on how to change the map region on a kia, so the next step is changing the brains of the headunit, as explained the touch screen is only a screen that does not hold data, it receives from the control unit outlined in the picture below, is this true? or would I have to change out the screen aswell?

In short, my current plan is to take out the control unit outlined and fit in one that is from my region. I understand the wirings may differ and so on but that would be a me problem.

 

[Warthog13]

Hello! I have opened ADB via USB on firmware UM_PE.KOR.SOP.048.220121.STD_H (Sorento 2017, gen 5), installed APK, changed language to Russian. But Carplay doesn't work. Turning ADB on/off didn't help.

 

[Warriorchicken]

hello guys, anyone has the password for this update folder?

 

[olega59]

hello guys, anyone has the password for this update folder?

Each firmware model has its own password. This has already been discussed.

 

[Warriorchicken]

Each firmware model has its own password. This has already been discussed.

are you implying a password is available within the treads or what?

xakcop has provided inputs about the passwords but I have had no luck with them, wondering if anyone would happen to have them on.
I have also used bkcrack but with no luck and when trying to brute force dates I am met with an error continuously.​

 

[olega59]

are you implying a password is available within the treads or what?

xakcop has provided inputs about the passwords but I have had no luck with them, wondering if anyone would happen to have them on.​

I have also used bkcrack but with no luck and when trying to brute force dates I am met with an error continuously.​

Each firmware has its own password.

 

[Warriorchicken]

Hello everyone,

I appreciate the inputs provided so far regarding the password for the update folder. I understand that each firmware model may have its own unique password. Despite trying various suggestions and even using tools like bkcrack, I haven't had any luck cracking the passkey yet.

If anyone has successfully cracked a similar firmware's password or has any guidance on how to approach this situation, I would greatly appreciate your assistance. Additionally, if there are any specific threads or resources you could point me towards, it would be very helpful.

On another note, I would like to mention that while Olega mentioned that each firmware has its own password, I believe it would be more constructive to provide specific guidance or suggestions rather than repeating the information that has been discussed before.

Thank you in advance for your support and guidance!

 

[yaglnet]

To enable adb, change language, etc. we need to learn how to create our own firmware. To do this, we need to decompile the upgrade_parser. Judging by IDA Pro, there seems to be nothing complicated

 

[yaglnet]

What needs to be done differently then?

They won't say anything. He makes money from it

 

[olega59]

On another note, I would like to mention that while Olega mentioned that each firmware has its own password, I believe it would be more constructive to provide specific guidance or suggestions rather than repeating the information that has been discussed before.

You want to get the password but don't want to give the full version of the firmware.
Do we need to guess? But that's not right!

 

[Dũng Nguyễn 1186]

Bạn làm theo hướng dẫn trong video full này nhé. Có cả link để tải phần mềm phia dưới.

Ngoài ra bạn có thể xem bài hướng dẫn chi tiết ở nhóm kia seltos này nhé.

KIA SELTOS VIET NAM GROUP | Facebook

www.facebook.com

Nếu ko làm đc inbox mình zalo của bạn.
Cheers,

Cho em hỏi màn của em ấn ở màn hình khôi phục cài đặt gốc 5 lần góc bên trái, 5 lần góc bên phải nhưng không hiện cửa sổ ấn số mờ thì làm như thế nào ạ? Và bác có cách hack màn 10.25in không?

 

[Warriorchicken]

You want to get the password but don't want to give the full version of the firmware.
Do we need to guess? But that's not right!

Sure thing, despite previously uploading two screenshots of the firmwares in question, I can understand how this has caused confusion mainly because I did not specify which version the update_package.zip is linked to. The software or firmware version is not of direct importance for the specific task of cracking the update_package.zip file in my case, but that could be different in yours. My focus has been on analyzing the ZIP file header and using tools like bkcrack to attempt password cracking.

To provide more context, the update_package.zip file I shared was obtained from the official navigation updater version YG19.MES.SOP.V134.221025.STD_H. I have been attempting to install the Middle East firmware on a 2019 head unit, which originally had the American firmware.

Regarding the steps I have been following, I have analyzed the ZIP file structure and made assumptions based on common patterns. For the plain.bin files, I created variations with different fixed values for the ZIP file header, such as the version bytes and the general purpose bit flag. This allows me to cover different possibilities during the password cracking process.

In the case of Radoslav's explanation, he made a wild guess about the subfolder's edit date being the same as the update_package.zip file, which he converted to MS-DOS format. However, I am currently trying to figure out the MS-DOS format conversion for my specific date (25 October 2022) to proceed with the attack.

Additionally, I have been exploring options to integrate Python with bkcrack to automate the process of trying different years and combining it with bkcrack. Unfortunately, I have encountered some challenges in integrating the two effectively.

If there are any additional steps or considerations that I might have missed in my previous explanations, please let me know. I appreciate your guidance and assistance in this matter.

 

[olega59]

Sure thing, despite previously uploading two screenshots of the firmwares in question, I can understand how this has caused confusion mainly because I did not specify which version the update_package.zip is linked to. The software or firmware version is not of direct importance for the specific task of cracking the update_package.zip file in my case, but that could be different in yours. My focus has been on analyzing the ZIP file header and using tools like bkcrack to attempt password cracking.

To provide more context, the update_package.zip file I shared was obtained from the official navigation updater version YG19.MES.SOP.V134.221025.STD_H. I have been attempting to install the Middle East firmware on a 2019 head unit, which originally had the American firmware.

Regarding the steps I have been following, I have analyzed the ZIP file structure and made assumptions based on common patterns. For the plain.bin files, I created variations with different fixed values for the ZIP file header, such as the version bytes and the general purpose bit flag. This allows me to cover different possibilities during the password cracking process.

In the case of Radoslav's explanation, he made a wild guess about the subfolder's edit date being the same as the update_package.zip file, which he converted to MS-DOS format. However, I am currently trying to figure out the MS-DOS format conversion for my specific date (25 October 2022) to proceed with the attack.

Additionally, I have been exploring options to integrate Python with bkcrack to automate the process of trying different years and combining it with bkcrack. Unfortunately, I have encountered some challenges in integrating the two effectively.

If there are any additional steps or considerations that I might have missed in my previous explanations, please let me know. I appreciate your guidance and assistance in this matter.

I don't think that by brute force you will be able to pick up a password of this type - 62166D314AC2A1BC503335801E10
Namely, such a password for the archive in these GUs.
P.S. this is not your password but just an example based on SantaFe

 

[Warriorchicken]

I don't think that by brute force you will be able to pick up a password of this type - 62166D314AC2A1BC503335801E10
Namely, such a password for the archive in these GUs.
P.S. this is not your password but just an example based on SantaFe

For a split second I got all hyped up thinking you had it until I saw it was for SantaFe xD

Given the difficulties I have encountered thus far in cracking the password using different approaches, including tools like bkcrack and zip_password_calculator, I am open to any alternative suggestions or methodologies that you might recommend. If there are any specific techniques or resources that have been successful in similar scenarios, I would greatly appreciate your insights.

 

[olega59]

For a split second I got all hyped up thinking you had it until I saw it was for SantaFe xD

Given the difficulties I have encountered thus far in cracking the password using different approaches, including tools like bkcrack and zip_password_calculator, I am open to any alternative suggestions or methodologies that you might recommend. If there are any specific techniques or resources that have been successful in similar scenarios, I would greatly appreciate your insights.

Post your firmware and give me a link.
There are many variables for opening the password.
Я посмотрю что я могу сделать.
P.S.
I downloaded your firmware myself.
Key generation is carried out according to 10 parameters. For which I will not speak, but the key to your firmware is this - EFA05D6E28D642EC1B40CF50FF34