hacking nac peugeot

Search This thread

Piest4r

Member
Jul 28, 2020
12
1
With stuff like this the manufacturer's showroom should have adjacent or connected maintenance garages who may help with codes etc. They're guaranteed to know them or have access to people who do. Did something similar with my car before (Renault) but I bought it there, they might charge if you didn't.
 

dpeddi

Senior Member
Mar 10, 2007
205
133
I think it would be nice to find out /Data/mnt-wt/public/efs/SecurityFwkInstaller/ca/psaRootCACert.pem,
/Data/mnt-wt/public/efs/SecurityFwkInstaller/certs/ovip_cert.pem and
/Data/mnt-wt/public/efs/SecurityFwkInstaller/keys/ovip_rsa_2048.key

these should allow to unpack encrypted firmware
 

ecoli79

New member
Sep 6, 2020
1
0
Hi everyone! Firstly, sorry for my english :eek:
Tell me, please, how I can get access sql-lite data from nac? Can I do it directly from nac throw ssh (telnet) by wire?
I want change my RT6 system to nac in my peugeot 508 first generation.
Thank all :)
 

Il gladiatore

Member
Oct 5, 2014
8
1
NAC screen resolution

I am using the screen2auto application to transmit the phone screen to the NAC, only not knowing the resolution I find the image cut on the sides.
I wanted to ask the community if they know the NAC "SCREEN WIDTH / SCREEN HEIGHT / DPI" screen resolution. thank you
 

dpeddi

Senior Member
Mar 10, 2007
205
133

GuestD4234

New member
Oct 31, 2020
1
0
I think it would be nice to find out /Data/mnt-wt/public/efs/SecurityFwkInstaller/ca/psaRootCACert.pem,
/Data/mnt-wt/public/efs/SecurityFwkInstaller/certs/ovip_cert.pem and
/Data/mnt-wt/public/efs/SecurityFwkInstaller/keys/ovip_rsa_2048.key
these should allow to unpack encrypted firmware

I have found keys to decrypt firmware in Github "psa-nac-firmware-reverse-engineering"

I have uploaded firmware, decrypted-extracted firmware, and script_keys in google drive to make it easier to download anyone who is interested in this.
"drive.google.com/drive/folders/1_twUGEcjGGxYGINgGsaCYC23DraC8pNx?usp=sharing"
PS: I am no expert in all these, just here to find a way to enable 5GHZ (wireless), wireless android auto, and tomtom traffic in Australia.
 

VLud

New member
Nov 2, 2020
1
0
I have found keys to decrypt firmware in Github "psa-nac-firmware-reverse-engineering"

I have uploaded firmware, decrypted-extracted firmware, and script_keys in google drive to make it easier to download anyone who is interested in this.
PS: I am no expert in all these, just here to find a way to enable 5GHZ (wireless), wireless android auto, and tomtom traffic in Australia.

You don't make it easier at all, you just steal a work that is not yours and divide people from the original source :mad:
Put the Github link instead of yours. You also expose yourself to copyright issues that's why firmware archives are not on the repo.

And yes, you are clearly not an expert, you can't do that from reading the firmware, the Code Signing Certificate key is mandatory to be able to do anything interesting.
 
Last edited:

bennebartsch

Member
Mar 15, 2018
15
3
Very interesting thread, thank's for sharing all your work!
I am searching for a way to control things like the backlight of the NAC or Climate externally. Any ideas?
 

therabbitwindfall

New member
Nov 8, 2020
4
0
I mean, as a developer you always have to keep a back door clear in case the system breaks.:confused:

And they done this with recovery USB that make full reflash. Image of whole firmware (base) and after that they can install prod firmware. But I don't know anyone who doing this. All sales-managers instead sell you new NAC or used one. Just business... ((
 

carson512

Member
Aug 18, 2006
48
0
31
Tianjin
Sad to hear...:crying:

But there must be some possibility for the recovery mode, or not?:confused:
I mean, as a developer you always have to keep a back door clear in case the system breaks.:confused:

What if you try to use the usb stick?

As far as we know there's an option called engineer mode.
Code:
# Activate engineering mode
# engineering_mode=0 (Absent) engineering_mode=1 (Present)
engineering_mode=1

Maybe it has another effect.
My ideas would be that maybe you can use it to call a function / module to unlock.

Like this:
Code:
# Create one spy
# create_spy=0 (don't create spy) create_spy=1 (create spy)
create_spy=1
# Option to automatically sync spies with USB. Currently it exports spies to USB and delete the existing ones on NAND
sync_spies_with_usb=1

Or maybe just leave the USB Stick (with engineering_mode=1) plugged in and see if something changes at the ports.

And maybe the engineer mode is bound to an "id" to work.
To copy spylogs you also need engineer mode and an id (id = ???).
It won't work without the id.

Search for something like this:

Code:
#USB Demo file
[general]
id=

This is the complete procedure to copy spylogs from nac directly to usb without doing anything.

Code:
#USB Demo file
[general]
id=?????????????

# Activate engineering mode
# engineering_mode=0 (Absent) engineering_mode=1 (Present)
engineering_mode=1

# Create one spy
# create_spy=0 (don't create spy) create_spy=1 (create spy)
create_spy=1

# Option to automatically sync spies with USB. Currently it exports spies to USB and delete the existing ones on NAND
sync_spies_with_usb=1

---------- Post added at 12:34 PM ---------- Previous post was at 12:02 PM ----------

Found it!

The id is ->
Code:
9cfd0bf57a94a3beb6c990e9c9c78247a8bc78fd3310aa6f58a247f8dabe3b7f


You find it under rootfs\usr\bin\sem_dm_server



So the complete content of the usb file is
Code:
#USB Demo file
[general]
id=9cfd0bf57a94a3beb6c990e9c9c78247a8bc78fd3310aa6f58a247f8dabe3b7f

# Activate engineering mode
# engineering_mode=0 (Absent) engineering_mode=1 (Present)
engineering_mode=1

# Create one spy
# create_spy=0 (don't create spy) create_spy=1 (create spy)
create_spy=1

# Option to automatically sync spies with USB. Currently it exports spies to USB and delete the existing ones on NAND
sync_spies_with_usb=1

Create a file and rename it to ID (without any file extension!) and copy the code above into the file.
Copy the file in the root directory of the usb stick and plug it in to the nac.

After you insert it in the nac, it will copy the spylogs to usb.

And maybe you can do other things with the engineering mode. :D

I got rootfs\usr\bin\sem_dm_server is file and use ida to open. Can't find the id you said...


Also I try to modify the rootfs.fsn.Then may update use the modify rootfs.
But can't encrypt ....
I just decrypt rootfs.fsn02.And use the crt file in SWL to encrypt the rootfs.fsn02.

openssl smime -encrypt -binary -in /home/ubuntu/psa-nac-firmware-reverse-engineering-main/rootfsdir/decrypted/NAC_B2/OVIP/rootfs.fsn02 -out /home/ubuntu/psa-nac-firmware-reverse-engineering-main/rootfsdir/test02.fsn /home/ubuntu/psa-nac-firmware-reverse-engineering-main/SWL/001315201563355623/Certificates/DPCA-OVIP-CS-G1.crt
But the file out is not same with the original file. Is that the public key or encrypt command error.I think just the key error.
How to find the original public key.
 

tuncina

New member
Feb 27, 2021
1
0
Selam,
Yazdığınız her şeyi uyguladım ve yaklaşık 50 "dlt" dosyasına baktım. Ancak araçta bağımsız telematik kutusu için IMEI numarasını bulamadım.

DLT Viewer - Step by Step for Windows

Meşguldüm, bu yüzden biraz zaman aldı :) DLT Viewer'ın çıktısı muhtemelen birçok insan için anlamlı olmayacak, ancak sonunda kendi sonucunuzu çıkarabilirsiniz. Her adımı not etmek için her şeyi sıfırdan kaldırdım ve yeniden yükledim. Bu, casus günlükleri 1111 kodunu kullanarak dışa aktardığınızı ve bunları PC'nize yerleştirdiğinizi varsayar.

  1. Lz4 sıkıştırılmış casus günlüklerini çıkarmak için bir araç indirin.
    • 7-zip araçlarının / eklentilerinin hiçbiri benim için işe yaramadı.
    • Komut satırından buradaki ikililerden birini kullanabilirsiniz: github.com/lz4/lz4/releases. Dosyaları ayıklamak için komut satırından "lz4.exe <dosya adı> .dlt.lz4" komutunu çalıştırın.
    • Bir GUI arayüzü için reboot.pro/topic/22062-lz4-compressor adresine bakın. Araç içinde, VHD dosya alanında lz4 dosyanızı seçmeniz gerekir (örn. "1_startup_20190924_181656.dlt.lz4"). Lz4 Klasörü alanında çıktı klasörünü seçin . LZ4 alanını boş bırakın . Dosyayı çıkarmak için SIKIŞTIR düğmesine tıklayın (Biliyorum, düğmenin adı bir anlam ifade etmiyor).
    • Bir .dlt dosyası elde etmelisiniz.
  2. Visual Studio Community Edition 2015'i indirin ve yükleyin: stackoverflow.com/questions/44290672/how-to-download-visual-studio-community-edition-2015-not-2017
    • Kurulum sırasında Özel kurulum ve Programlama Dilleri -> Visual C ++ 'ı seçin
  3. DLT Viewer'ı indirin ve açın: github.com/GENIVI/dlt-viewer/archive/master.zip
  4. Qt 5.12.6'yı indirin ve yükleyin: download.qt.io/official_releases/qt/5.12/5.12.6/qt-opensource-windows-x86-5.12.6.exe
    • Kurulum sırasında aşağıdaki bileşeni seçin: Qt -> Qt 5.12.6 -> MSVC 2015 64-bit
  5. Derleyiciyi Qt'de yapılandırın
    • Araçlar menüsüne gidin -> Seçenekler
    • Sol bölmede Kitleri seçin -> Kitler sekmesi
    • "Otomatik algılandı" altında "Dekstop Qt 5.12.6 ..." seçeneğini tıklayın
    • Derleyici C'yi seçin: < Derleyici yok>
    • Derleyici C ++ için seçin: Microsoft Visual C ++ Derleyici 14.0 (amd64)
  6. DLT Görüntüleyici projesini derleyin ve çalıştırın
    • Qt içinde Open Project'e tıklayın ve DLT Viewer'ın sıkıştırılmamış klasöründeki BuildDltViewer.pro projesini açın.
    • Qt, Projeler sayfasına geçecektir (aksi takdirde soldaki Projeler'e tıklayın)
    • Aktif Proje için BuildDltViewer seçilmelidir
    • Sağdaki Projeyi Yapılandır'a tıklayın
    • Build menüsüne gidin -> Build Project ...
    • Yapı tamamlandığında, Build menüsü -> Run'a gidin.
    • Dosya -> Aç'a gidin ve .dlt dosyalarından birini açın.
    • DLT Görüntüleyici kılavuzu şu adreste bulunabilir: at.projects.genivi.org/wiki/display/PROJ/DLT+Viewer+Manual

DLT Görüntüleyici çıktısına bakmak için fazla zaman harcamadım, bu yüzden kimsenin bunu çözmesine yardım edemem. Bulgularınızdan herhangi birini paylaşmaktan çekinmeyin.
[/ALINTI]
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 3
    It seems there isn't any USB HID support, so no external keyboard...

    Sad to hear...:crying:

    But there must be some possibility for the recovery mode, or not?:confused:
    I mean, as a developer you always have to keep a back door clear in case the system breaks.:confused:

    What if you try to use the usb stick?

    As far as we know there's an option called engineer mode.
    Code:
    # Activate engineering mode
    # engineering_mode=0 (Absent) engineering_mode=1 (Present)
    engineering_mode=1

    Maybe it has another effect.
    My ideas would be that maybe you can use it to call a function / module to unlock.

    Like this:
    Code:
    # Create one spy
    # create_spy=0 (don't create spy) create_spy=1 (create spy)
    create_spy=1
    # Option to automatically sync spies with USB. Currently it exports spies to USB and delete the existing ones on NAND
    sync_spies_with_usb=1

    Or maybe just leave the USB Stick (with engineering_mode=1) plugged in and see if something changes at the ports.

    And maybe the engineer mode is bound to an "id" to work.
    To copy spylogs you also need engineer mode and an id (id = ???).
    It won't work without the id.

    Search for something like this:

    Code:
    #USB Demo file
    [general]
    id=

    This is the complete procedure to copy spylogs from nac directly to usb without doing anything.

    Code:
    #USB Demo file
    [general]
    id=?????????????
    
    # Activate engineering mode
    # engineering_mode=0 (Absent) engineering_mode=1 (Present)
    engineering_mode=1
    
    # Create one spy
    # create_spy=0 (don't create spy) create_spy=1 (create spy)
    create_spy=1
    
    # Option to automatically sync spies with USB. Currently it exports spies to USB and delete the existing ones on NAND
    sync_spies_with_usb=1


    ---------- Post added at 12:34 PM ---------- Previous post was at 12:02 PM ----------

    Found it!

    The id is ->
    Code:
    9cfd0bf57a94a3beb6c990e9c9c78247a8bc78fd3310aa6f58a247f8dabe3b7f


    You find it under rootfs\usr\bin\sem_dm_server



    So the complete content of the usb file is
    Code:
    #USB Demo file
    [general]
    id=9cfd0bf57a94a3beb6c990e9c9c78247a8bc78fd3310aa6f58a247f8dabe3b7f
    
    # Activate engineering mode
    # engineering_mode=0 (Absent) engineering_mode=1 (Present)
    engineering_mode=1
    
    # Create one spy
    # create_spy=0 (don't create spy) create_spy=1 (create spy)
    create_spy=1
    
    # Option to automatically sync spies with USB. Currently it exports spies to USB and delete the existing ones on NAND
    sync_spies_with_usb=1

    Create a file and rename it to ID (without any file extension!) and copy the code above into the file.
    Copy the file in the root directory of the usb stick and plug it in to the nac.

    After you insert it in the nac, it will copy the spylogs to usb.

    And maybe you can do other things with the engineering mode. :D
    2
    It is also possible to copy the spylogs directly to usb with these commands

    engineering_mode=1
    create_spy=1
    sync_spies_with_usb=1

    You just have to create a file called "id" without file ending and put it on your usb stick in the root directory.

    You may also need a "id=xxxx" commmand in the "id" file. (xxxx = a long id number needed)

    Maybe there are more commands for usb.

    ---------- Post added at 12:39 PM ---------- Previous post was at 12:23 PM ----------

    And here are the Cheatcodes & informations (maybe not all codes, who knows)


    #Main configuration options

    [Options]
    spiespath = /mnt/mmc_ovip_rw/media/datastore_rw/var/local/sem/spy #path where to store the spies folder
    corespath = /mnt/mmc_ovip_rw/media/datastore_rw/var/local/sem/cores #path where the core dump pool is located
    version = 1.1.7

    [general]
    # Bypass audio processing cheatcode
    BypassON_cheatcode=1144

    # Restore audio processing cheatcode
    BypassOFF_cheatcode=1155

    # Cheatcodes
    # Defined as options:
    #
    # [cc:cheatcodename]
    #
    # They basically have 4 configurable options: type, mons, spies, code. All must be set in order for the cheatcode to be valid.
    # 'type' defines the cheatcode type. Can be one of: GENERIC,DIAGNOSTIC,HMI,AUDIO,CONECTIVITY,MEDIA,NAV,PHONE,RADIO,SSW,SWL,VEHICLE,SERVICES,APPFMK.
    # 'mons' and 'spies' set the ID of the properties that are monitored and spied with this cheatcode. i.e:
    #
    # mons=1,2,3,4,5,6,7
    # spies=1,2,3,4
    #
    # 'code' defines the code of this cheat code, required for activaion. i.e:
    #
    # code=abcdef
    [cc:VUC]
    type=SSW
    code=1130
    mons=0x1, \ #SEM_VUC_TEMP_POWERAMP
    0x2, \ #SEM_VUC_TEMP_MOTHERBOARD
    0x3, \ #SEM_VUC_LC_STATE
    0x4, \ #SEM_VUC_SYSTEM_MANAGER_STATE
    0x5, \ #SEM_VUC_POWER_MANAGER_STATE
    0x6, \ #SEM_VUC_VLOW_STATE
    0x7, \ #SEM_VUC_CAN_LIFE_PHASE
    0x8, \ #SEM_VUC_CAN_CONTACT_STAT
    0x9, \ #SEM_VUC_ECO_MODE
    0xA, \ #SEM_VUC_LC_PHONE_STATE
    0xB, \ #SEM_VUC_ERR_REBOOT_COUNT
    0xC, \ #SEM_VUC_LAST_START_REASON
    0xD, \ #SEM_VUC_POWERAMP_STATE
    0xE, \ #SEM_VUC_FAN_STATE
    0xF, \ #SEM_VUC_CPU_LOAD
    0x10, \ #SEM_VUC_CURRENT_DIAG_SESSION
    0x11, \ #SEM_VUC_RTP_RESYNC_RAP
    0x12, \ #SEM_VUC_RTP_RESYNC_SOC
    0x13, \ #SEM_VUC_RTP_FRAME_ERR_RAP
    0x14, \ #SEM_VUC_RTP_FRAME_ERR_SOC
    0x15, \ #SEM_VUC_CALIBRATION_REFERENCE
    0x16, \ #SEM_VUC_DIAGNOSTIC_FLAGS
    0x17, \ #SEM_VUC_DTC_LIST
    0x18, \ #SEM_VUC_CAN_VERSION
    0x19 #SEM_VUC_HARDWARE_VERSION
    spies=0x1, \ #SEM_VUC_TEMP_POWERAMP
    0x2, \ #SEM_VUC_TEMP_MOTHERBOARD
    0x3, \ #SEM_VUC_LC_STATE
    0x4, \ #SEM_VUC_SYSTEM_MANAGER_STATE
    0x5, \ #SEM_VUC_POWER_MANAGER_STATE
    0x6, \ #SEM_VUC_VLOW_STATE
    0x7, \ #SEM_VUC_CAN_LIFE_PHASE
    0x8, \ #SEM_VUC_CAN_CONTACT_STAT
    0x9, \ #SEM_VUC_ECO_MODE
    0xA, \ #SEM_VUC_LC_PHONE_STATE
    0xB, \ #SEM_VUC_ERR_REBOOT_COUNT
    0xC, \ #SEM_VUC_LAST_START_REASON
    0xD, \ #SEM_VUC_POWERAMP_STATE
    0xE, \ #SEM_VUC_FAN_STATE
    0xF, \ #SEM_VUC_CPU_LOAD
    0x10, \ #SEM_VUC_CURRENT_DIAG_SESSION
    0x11, \ #SEM_VUC_RTP_RESYNC_RAP
    0x12, \ #SEM_VUC_RTP_RESYNC_SOC
    0x13, \ #SEM_VUC_RTP_FRAME_ERR_RAP
    0x14, \ #SEM_VUC_RTP_FRAME_ERR_SOC
    0x15, \ #SEM_VUC_CALIBRATION_REFERENCE
    0x16, \ #SEM_VUC_DIAGNOSTIC_FLAGS
    0x17, \ #SEM_VUC_DTC_LIST
    0x18, \ #SEM_VUC_CAN_VERSION
    0x19 #SEM_VUC_HARDWARE_VERSION

    # For Wave 2, RAP is no more available
    #[cc:RAP]
    #type=SSW
    #code=1131
    #mons=0x100 #SEM_RAP_LC_STATE
    #spies=0x100 #SEM_RAP_LC_STATE

    [cc:SEM]
    type=SSW
    code=1138
    mons=0x200, \ #SEM_OWN_TOTAL_SOC_LOAD
    0x201, \ #SEM_OWN_REBOOT_COUNT
    0x202, \ #SEM_OWN_USB_DETAILS
    0x203, \ #SEM_OWN_DOMAIN_CPU_LOAD
    0x204, \ #SEM_OWN_DOMAIN_RAM_USAGE
    0x205, \ #SEM_OWN_FIRMWARE_VERSION
    0x206, \ #SEM_OWN_OVERALL_SW_VERSION
    0x207, \ #SEM_OWN_SOC_SW_VERSION
    0x208, \ #SEM_OWN_SOC_PDK_VERSION
    0x209, \ #SEM_OWN_VUC_SW_VERSION
    0x20A, \ #SEM_OWN_DAB_SW_VERSION
    0x20B, \ #SEM_OWN_HARDWARE_VARIANT
    0x20C, \ #SEM_OWN_DISPLAY_VARIANT
    0x20D, \ #SEM_OWN_BT_MAC_ADDRESS
    0x20E, \ #SEM_OWN_WIFI_MAC_ADDRESS
    0x20F, \ #SEM_OWN_CUSTOMER_VERSION
    0x210 #SEM_OWN_CUSTOMER_RELEASE_DATE

    spies=0x200, \ #SEM_OWN_TOTAL_SOC_LOAD
    0x201, \ #SEM_OWN_REBOOT_COUNT
    0x202, \ #SEM_OWN_USB_DETAILS
    0x203, \ #SEM_OWN_DOMAIN_CPU_LOAD
    0x204, \ #SEM_OWN_DOMAIN_RAM_USAGE
    0x205, \ #SEM_OWN_FIRMWARE_VERSION
    0x206, \ #SEM_OWN_OVERALL_SW_VERSION
    0x207, \ #SEM_OWN_SOC_SW_VERSION
    0x208, \ #SEM_OWN_SOC_PDK_VERSION
    0x209, \ #SEM_OWN_VUC_SW_VERSION
    0x20A, \ #SEM_OWN_DAB_SW_VERSION
    0x20B, \ #SEM_OWN_HARDWARE_VARIANT
    0x20C, \ #SEM_OWN_DISPLAY_VARIANT
    0x20D, \ #SEM_OWN_BT_MAC_ADDRESS
    0x20E, \ #SEM_OWN_WIFI_MAC_ADDRESS
    0x20F, \ #SEM_OWN_CUSTOMER_VERSION
    0x210 #SEM_OWN_CUSTOMER_RELEASE_DATE

    [cc:Lifecycle]
    type=SSW
    code=1137
    mons=0xA000, \ #SEM_LC_CURRENT_STATE
    0xA001, \ #SEM_LC_HMI_STATE
    0xA002, \ #SEM_LC_APP_STATE
    0xA003, \ #SEM_LC_PHONE_STATE
    0xA004, \ #SEM_LC_SUPPLY_STATE
    0xA005, \ #SEM_LC_PRODUCT_STATE
    0xA006, \ #SEM_LC_POPUP_STATE
    0xA007 #SEM_LC_TEMPERATURE
    spies=0xA000, \ #SEM_LC_CURRENT_STATE
    0xA001, \ #SEM_LC_HMI_STATE
    0xA002, \ #SEM_LC_APP_STATE
    0xA003, \ #SEM_LC_PHONE_STATE
    0xA004, \ #SEM_LC_SUPPLY_STATE
    0xA005, \ #SEM_LC_PRODUCT_STATE
    0xA006, \ #SEM_LC_POPUP_STATE
    0xA007 #SEM_LC_TEMPERATURE

    [cc:Radio]
    type=RADIO
    code=1133
    mons=0xAB00, \ #SEM_RAD_SPY_RDS_QUALITY
    0xAB01, \ #SEM_RAD_ETM_TUNER_AM
    0xAB02, \ #SEM_RAD_ETM_TUNER_FM
    0xAB03, \ #SEM_RAD_ETM_TUNER_DAB
    0xAB04, \ #SEM_RAD_ETM_AF_FM
    0xAB05, \ #SEM_RAD_ETM_AF_DAB
    0xAB06, \ #SEM_RAD_ETM_ALT_PI
    0xAB07, \ #SEM_RAD_ETM_ANTENNAS_FM
    0xAB08, \ #SEM_RAD_ETM_ANTENNAS_DAB
    0xAB09 #SEM_RAD_ETM_TUNER_TMC
    spies=0xAB00, \ #SEM_RAD_SPY_RDS_QUALITY
    0xAB01, \ #SEM_RAD_ETM_TUNER_AM
    0xAB02, \ #SEM_RAD_ETM_TUNER_FM
    0xAB03, \ #SEM_RAD_ETM_TUNER_DAB
    0xAB04, \ #SEM_RAD_ETM_AF_FM
    0xAB05, \ #SEM_RAD_ETM_AF_DAB
    0xAB06, \ #SEM_RAD_ETM_ALT_PI
    0xAB07, \ #SEM_RAD_ETM_ANTENNAS_FM
    0xAB08, \ #SEM_RAD_ETM_ANTENNAS_DAB
    0xAB09 #SEM_RAD_ETM_TUNER_TMC

    [cc:Speech]
    type=SPEECH
    code=1135
    mons=0xAC00, \ #SEM_SPC_VOICEID
    0xAC01, \ #SEM_SPC_TTS_VERSION
    0xAC02 #SEM_SPC_VR_VERSION
    spies=0xAC00, \ #SEM_SPC_VOICEID
    0xAC01, \ #SEM_SPC_TTS_VERSION
    0xAC02 #SEM_SPC_VR_VERSION

    [cc:WIFI]
    type=CONNECTIVITY
    code=1136
    mons=0xAD0E, \ #SEM_CONN_WIFI_DEVICE_IPADDR_VALUE
    0xAD0F, \ #SEM_CONN_WIFI_CHIP_VERSION_VALUE
    0xAD10, \ #SEM_CONN_WIFI_STATUS
    0xAD11, \ #SEM_CONN_WIFI_AP_STATUS
    0xAD12, \ #SEM_CONN_WIFI_STA_LIST_VALUE
    0xAD13, \ #SEM_CONN_WIFI_PERSISTENCE_VALUES
    0xAD14 #SEM_CONN_WIFI_LAST_ERROR_REPORTED
    spies=0xAD0E, \ #SEM_CONN_WIFI_DEVICE_IPADDR_VALUE
    0xAD0F, \ #SEM_CONN_WIFI_CHIP_VERSION_VALUE
    0xAD10, \ #SEM_CONN_WIFI_STATUS
    0xAD11, \ #SEM_CONN_WIFI_AP_STATUS
    0xAD12, \ #SEM_CONN_WIFI_STA_LIST_VALUE
    0xAD13, \ #SEM_CONN_WIFI_PERSISTENCE_VALUES
    0xAD14 #SEM_CONN_WIFI_LAST_ERROR_REPORTED
    [cc:Bluetooth]
    type=CONNECTIVITY
    code=1132
    mons=0xAD00, \ #SEM_CONN_BT_PAIRED_DEVICE1
    0xAD01, \ #SEM_CONN_BT_PAIRED_DEVICE2
    0xAD02, \ #SEM_CONN_BT_PAIRED_DEVICE3
    0xAD03, \ #SEM_CONN_BT_PAIRED_DEVICE4
    0xAD04, \ #SEM_CONN_BT_PAIRED_DEVICE5
    0xAD05, \ #SEM_CONN_BT_PAIRED_DEVICE6
    0xAD06, \ #SEM_CONN_BT_PAIRED_DEVICE7
    0xAD07, \ #SEM_CONN_BT_PAIRED_DEVICE8
    0xAD08, \ #SEM_CONN_BT_PAIRED_DEVICE9
    0xAD09, \ #SEM_CONN_BT_PAIRED_DEVICE10
    0xAD0A, \ #SEM_CONN_BT_DEVICE_CONN_HISTORY
    0xAD0B, \ #SEM_CONN_BT_LOCAL_DEVICE_INFO
    0xAD0C, \ #SEM_CONN_BT_SERVICE_STATUS
    0xAD0D #SEM_CONN_BT_PERSISTANCY_KEYS
    spies=0xAD00, \ #SEM_CONN_BT_PAIRED_DEVICE1
    0xAD01, \ #SEM_CONN_BT_PAIRED_DEVICE2
    0xAD02, \ #SEM_CONN_BT_PAIRED_DEVICE3
    0xAD03, \ #SEM_CONN_BT_PAIRED_DEVICE4
    0xAD04, \ #SEM_CONN_BT_PAIRED_DEVICE5
    0xAD05, \ #SEM_CONN_BT_PAIRED_DEVICE6
    0xAD06, \ #SEM_CONN_BT_PAIRED_DEVICE7
    0xAD07, \ #SEM_CONN_BT_PAIRED_DEVICE8
    0xAD08, \ #SEM_CONN_BT_PAIRED_DEVICE9
    0xAD09, \ #SEM_CONN_BT_PAIRED_DEVICE10
    0xAD0A, \ #SEM_CONN_BT_DEVICE_CONN_HISTORY
    0xAD0B, \ #SEM_CONN_BT_LOCAL_DEVICE_INFO
    0xAD0C, \ #SEM_CONN_BT_SERVICE_STATUS
    0xAD0D #SEM_CONN_BT_PERSISTANCY_KEYS

    [cc:ConnMgr]
    type=CONNECTIVITY
    code=1140
    mons=0xAD15, \ #SEM_CONN_CM_SRV_ORDER
    0xAD16, \ #SEM_CONN_CM_SRV_PROPERTIES
    0xAD17, \ #SEM_CONN_CM_SRV_PROPERTY_CHG
    0xAD18, \ #SEM_CONN_CM_DATA_USAGE_CURR_SRV
    0xAD19, \ #SEM_CONN_CM_DATA_USAGE_ATB
    0xAD1A, \ #SEM_CONN_CM_DATA_USAGE_WIFI
    0xAD1B, \ #SEM_CONN_CM_DATA_USAGE_USB
    0xAD1C, \ #SEM_CONN_CM_DATA_USAGE_BT
    0xAD1D, \ #SEM_CONN_CM_ROUTING_TABLE
    0xAD1E, \ #SEM_CONN_CM_TETHERING_STATE
    0xAD1F, \ #SEM_CONN_CM_ATB_CONNECTED_APPS
    0xAD20, \ #SEM_CONN_CM_LAST_ERROR
    0xAD21, \ #SEM_CONN_CM_WIFI_UPLOAD_RATE
    0xAD22, \ #SEM_CONN_CM_WIFI_DOWNLOAD_RATE
    0xAD23, \ #SEM_CONN_CM_GSM_UPLOAD_RATE
    0xAD24, \ #SEM_CONN_CM_GSM_DOWNLOAD_RATE
    0xAD25, \ #SEM_CONN_CM_BT_UPLOAD_RATE
    0xAD26, \ #SEM_CONN_CM_BT_DOWNLOAD_RATE
    0xAD27, \ #SEM_CONN_CM_USB_UPLOAD_RATE
    0xAD28, \ #SEM_CONN_CM_USB_DOWNLOAD_RATE
    0xAD29, \ #SEM_CONN_CM_REMOTE_CONNECTED_DEVICE_IPADDR
    0xAD2A, \ #SEM_CONN_CM_CURRENT_UPLOAD_RATE
    0xAD2B, \ #SEM_CONN_CM_CURRENT_DOWNLOAD_RATE
    0xAD2C, \ #SEM_CONN_CM_CONNECTIVITY_TYPE
    0xAD2D, \ #SEM_CONN_CM_ATB_PRESENCE_STATUS
    0xAD2E, \ #SEM_CONN_CM_ATB_CONNECTION_STATUS
    0xAD2F, \ #SEM_CONN_CM_ATB_BUSY_STATUS
    0xAD30, \ #SEM_CONN_CM_DEFAULT_GATEWAY_OBJECT_PATH
    0xAD31 #SEM_CONN_CM_COUNT_TELEMATIC_LINK_APPLICATIONS
    spies=0xAD15, \ #SEM_CONN_CM_SRV_ORDER
    0xAD16, \ #SEM_CONN_CM_SRV_PROPERTIES
    0xAD17, \ #SEM_CONN_CM_SRV_PROPERTY_CHG
    0xAD18, \ #SEM_CONN_CM_DATA_USAGE_CURR_SRV
    0xAD19, \ #SEM_CONN_CM_DATA_USAGE_ATB
    0xAD1A, \ #SEM_CONN_CM_DATA_USAGE_WIFI
    0xAD1B, \ #SEM_CONN_CM_DATA_USAGE_USB
    0xAD1C, \ #SEM_CONN_CM_DATA_USAGE_BT
    0xAD1D, \ #SEM_CONN_CM_ROUTING_TABLE
    0xAD1E, \ #SEM_CONN_CM_TETHERING_STATE
    0xAD1F, \ #SEM_CONN_CM_ATB_CONNECTED_APPS
    0xAD20, \ #SEM_CONN_CM_LAST_ERROR
    0xAD21, \ #SEM_CONN_CM_WIFI_UPLOAD_RATE
    0xAD22, \ #SEM_CONN_CM_WIFI_DOWNLOAD_RATE
    0xAD23, \ #SEM_CONN_CM_GSM_UPLOAD_RATE
    0xAD24, \ #SEM_CONN_CM_GSM_DOWNLOAD_RATE
    0xAD25, \ #SEM_CONN_CM_BT_UPLOAD_RATE
    0xAD26, \ #SEM_CONN_CM_BT_DOWNLOAD_RATE
    0xAD27, \ #SEM_CONN_CM_USB_UPLOAD_RATE
    0xAD28, \ #SEM_CONN_CM_USB_DOWNLOAD_RATE
    0xAD29, \ #SEM_CONN_CM_REMOTE_CONNECTED_DEVICE_IPADDR
    0xAD2A, \ #SEM_CONN_CM_CURRENT_UPLOAD_RATE
    0xAD2B, \ #SEM_CONN_CM_CURRENT_DOWNLOAD_RATE
    0xAD2C, \ #SEM_CONN_CM_CONNECTIVITY_TYPE
    0xAD2D, \ #SEM_CONN_CM_ATB_PRESENCE_STATUS
    0xAD2E, \ #SEM_CONN_CM_ATB_CONNECTION_STATUS
    0xAD2F, \ #SEM_CONN_CM_ATB_BUSY_STATUS
    0xAD30, \ #SEM_CONN_CM_DEFAULT_GATEWAY_OBJECT_PATH
    0xAD31 #SEM_CONN_CM_COUNT_TELEMATIC_LINK_APPLICATIONS

    [cc:USBM]
    type=CONNECTIVITY
    code=1141
    mons=0xAD32, \ #SEM_CONN_USBM_DEVICE
    0xAD33 #SEM_CONN_USBM_OVERVOLTAGE
    spies=0xAD32, \ #SEM_CONN_USBM_DEVICE
    0xAD33 #SEM_CONN_USBM_OVERVOLTAGE

    [cc:TBM]
    type=CONNECTIVITY
    code=1142
    mons=0xAD34, \ #SEM_CONN_TBM_CONNECTION_STATUS
    0xAD35, \ #SEM_CONN_TBM_PRESENCE_STATUS
    0xAD36, \ #SEM_CONN_TBM_BUSY_STATUS
    0xAD37, \ #SEM_CONN_TBM_ATB_TELECO_STATUS
    0xAD38, \ #SEM_CONN_TBM_USB_WARNING
    0xAD39 #SEM_CONN_TBM_USB_ERROR
    spies=0xAD34, \ #SEM_CONN_TBM_CONNECTION_STATUS
    0xAD35, \ #SEM_CONN_TBM_PRESENCE_STATUS
    0xAD36, \ #SEM_CONN_TBM_BUSY_STATUS
    0xAD37, \ #SEM_CONN_TBM_ATB_TELECO_STATUS
    0xAD38, \ #SEM_CONN_TBM_USB_WARNING
    0xAD39 #SEM_CONN_TBM_USB_ERROR

    [cc:phone]
    type=CONNECTIVITY
    code=1143
    mons=0xAD3A, \ #SEM_CONN_PHONE_GSM_MCC
    0xAD3B, \ #SEM_CONN_PHONE_GSM_MNC
    0xAD3C, \ #SEM_CONN_PHONE_MANUFACTURER
    0xAD3D, \ #SEM_CONN_PHONE_MODEL
    0xAD3E, \ #SEM_CONN_PHONE_IMEI
    0xAD3F #SEM_CONN_PHONE_SWVERSION
    spies=0xAD3A, \ #SEM_CONN_PHONE_GSM_MCC
    0xAD3B, \ #SEM_CONN_PHONE_GSM_MNC
    0xAD3C, \ #SEM_CONN_PHONE_MANUFACTURER
    0xAD3D, \ #SEM_CONN_PHONE_MODEL
    0xAD3E, \ #SEM_CONN_PHONE_IMEI
    0xAD3F #SEM_CONN_PHONE_SWVERSION

    [cc:Cbook]
    type=CONNECTIVITY
    code=1146
    mons=0xAD40, \ #SEM_CONN_CB_INIT_STATUS
    0xAD41, \ #SEM_CONN_CB_SELECTION_DETAILS
    0xAD42 #SEM_CONN_CB_OPERATION_DETAILS
    spies=0xAD40, \ #SEM_CONN_CB_INIT_STATUS
    0xAD41, \ #SEM_CONN_CB_SELECTION_DETAILS
    0xAD42 #SEM_CONN_CB_OPERATION_DETAILS

    [cc:Messaging]
    type=CONNECTIVITY
    code=1145
    mons=0xAD43, \ #SEM_CONN_MSG_PROVIDER_SET
    0xAD44, \ #SEM_CONN_MSG_PROVIDER_REMOVED
    0xAD45, \ #SEM_CONN_MSG_NEW_MESSAGE_TEMPLATE
    0xAD46, \ #SEM_CONN_MSG_EMAIL_SENT
    0xAD47, \ #SEM_CONN_MSG_SMS_SENT
    0xAD48, \ #SEM_CONN_MSG_EMAIL_DELETED
    0xAD49 #SEM_CONN_MSG_SMS_DELETED
    spies=0xAD43, \ #SEM_CONN_MSG_PROVIDER_SET
    0xAD44, \ #SEM_CONN_MSG_PROVIDER_REMOVED
    0xAD45, \ #SEM_CONN_MSG_NEW_MESSAGE_TEMPLATE
    0xAD46, \ #SEM_CONN_MSG_EMAIL_SENT
    0xAD47, \ #SEM_CONN_MSG_SMS_SENT
    0xAD48, \ #SEM_CONN_MSG_EMAIL_DELETED
    0xAD49 #SEM_CONN_MSG_SMS_DELETED

    [cc:Nagivation]
    type=NAV
    code=1134
    mons=0xAE00, \ #SEM_NAV_GPS_RECEPTION_QUALITY
    0xAE01, \ #SEM_NAV_CAR_SPEED
    0xAE02, \ #SEM_NAV_VISIBLE_SATELLITES
    0xAE03, \ #SEM_NAV_RAW_GPS_POSSITION
    0xAE04, \ #SEM_NAV_GUIDANCE_STATUS
    0xAE05, \ #SEM_NAV_RELEASE_VERSION
    0xAE06, \ #SEM_NAV_MAP_VERSION
    0xAE07, \ #SEM_NAV_PERSISTENCY_DUMP
    0xAE08, \ #SEM_NAV_EXPIRATION_DATES
    0xAE09, \ #SEM_NAV_IDS
    0xAE0A, \ #SEM_NAV_ACTIVE_ROUTE
    0xAE0B, \ #SEM_NAV_MODULE_LOADER_PROGRESS
    0xAE0C, \ #SEM_NAV_SCREEN_STACK
    0xAE0D, \ #SEM_NAV_CONNECTION_STATUS
    0xAE0E, \ #SEM_NAV_LANGUAGE
    0xAE0F, \ #SEM_NAV_DR_SENSORS
    0xAE10, \ #SEM_NAV_LANGUAGE_ENGINE
    0xAE11 #SEM_NAV_GPS_FIRMWARE_VERSION
    spies=0xAE00, \ #SEM_NAV_GPS_RECEPTION_QUALITY
    0xAE01, \ #SEM_NAV_CAR_SPEED
    0xAE02, \ #SEM_NAV_VISIBLE_SATELLITES
    0xAE03, \ #SEM_NAV_RAW_GPS_POSSITION
    0xAE04, \ #SEM_NAV_GUIDANCE_STATUS
    0xAE05, \ #SEM_NAV_RELEASE_VERSION
    0xAE06, \ #SEM_NAV_MAP_VERSION
    0xAE07, \ #SEM_NAV_PERSISTENCY_DUMP
    0xAE08, \ #SEM_NAV_EXPIRATION_DATES
    0xAE09, \ #SEM_NAV_IDS
    0xAE0A, \ #SEM_NAV_ACTIVE_ROUTE
    0xAE0B, \ #SEM_NAV_MODULE_LOADER_PROGRESS
    0xAE0C, \ #SEM_NAV_SCREEN_STACK
    0xAE0D, \ #SEM_NAV_CONNECTION_STATUS
    0xAE0E, \ #SEM_NAV_LANGUAGE
    0xAE0F, \ #SEM_NAV_DR_SENSORS
    0xAE10, \ #SEM_NAV_LANGUAGE_ENGINE
    0xAE11 #SEM_NAV_GPS_FIRMWARE_VERSION

    [cc:HMI]
    type=HMI
    code=1139
    mons=0xAF00, \ #SEM_HMI_FPS_RATE
    0xAF01, \ #SEM_HMI_GPU_LOAD
    0xAF02, \ #SEM_HMI_HAND_WRITING_VERSION
    0xAF03 #SEM_HMI_PIN_YIN_VERSION
    spies=0xAF00, \ #SEM_HMI_FPS_RATE
    0xAF01, \ #SEM_HMI_GPU_LOAD
    0xAF02, \ #SEM_HMI_HAND_WRITING_VERSION
    0xAF03 #SEM_HMI_PIN_YIN_VERSION
    [cc:TSM]
    type=CONNECTIVITY
    code=1147
    mons=0xAD4A, \ #SEM_CONN_TSM_LINK_STATUS
    0xAD4B, \ #SEM_CONN_TSM_CONN_TIME
    0xAD4C, \ #SEM_CONN_TSM_MACHINE_STATE
    0xAD4D, \ #SEM_CONN_TSM_LINK_TRY_CNT
    0xAD4E, \ #SEM_CONN_TSM_SEND_TRY_CNT
    0xAD4F, \ #SEM_CONN_TSM_STARTUP_STATE
    0xAD50, \ #SEM_CONN_TSM_ALL_REQ_CNT
    0xAD51, \ #SEM_CONN_TSM_SMS_REQ_CNT
    0xAD52, \ #SEM_CONN_TSM_FAILED_FORM_REQ_CNT
    0xAD53, \ #SEM_CONN_TSM_OK_FORM_REQ_CNT
    0xAD54, \ #SEM_CONN_TSM_FAILED_EXEC_REQ_CNT
    0xAD55, \ #SEM_CONN_TSM_CURL_SEND_CNT
    0xAD56, \ #SEM_CONN_TSM_LAST_REQ
    0xAD57, \ #SEM_CONN_TSM_LAST_FAILED_FORM_REQ
    0xAD58, \ #SEM_CONN_TSM_LAST_OK_FORM_REQ
    0xAD59, \ #SEM_CONN_TSM_FAILED_EXEC_REQ
    0xAD5A, \ #SEM_CONN_TSM_LAST_CURL_TIME
    0xAD5B, \ #SEM_CONN_TSM_LAST_SERV_TIME
    0xAD5C, \ #SEM_CONN_TSM_MSG_QUEUE_PROP
    0xAD5D, \ #SEM_CONN_TSM_SRV_CHECK
    0xAD5E, \ #SEM_CONN_TSM_CONN_REC
    0xAD5F, \ #SEM_CONN_TSM_SEND_RET
    0xAD60, \ #SEM_CONN_TSM_SEND_INTERVAL
    0xAD61 #SEM_CONN_TSM_ADMIN_URL
    spies=0xAD4A, \ #SEM_CONN_TSM_LINK_STATUS
    0xAD4B, \ #SEM_CONN_TSM_CONN_TIME
    0xAD4C, \ #SEM_CONN_TSM_MACHINE_STATE
    0xAD4D, \ #SEM_CONN_TSM_LINK_TRY_CNT
    0xAD4E, \ #SEM_CONN_TSM_SEND_TRY_CNT
    0xAD4F, \ #SEM_CONN_TSM_STARTUP_STATE
    0xAD50, \ #SEM_CONN_TSM_ALL_REQ_CNT
    0xAD51, \ #SEM_CONN_TSM_SMS_REQ_CNT
    0xAD52, \ #SEM_CONN_TSM_FAILED_FORM_REQ_CNT
    0xAD53, \ #SEM_CONN_TSM_OK_FORM_REQ_CNT
    0xAD54, \ #SEM_CONN_TSM_FAILED_EXEC_REQ_CNT
    0xAD55, \ #SEM_CONN_TSM_CURL_SEND_CNT
    0xAD56, \ #SEM_CONN_TSM_LAST_REQ
    0xAD57, \ #SEM_CONN_TSM_LAST_FAILED_FORM_REQ
    0xAD58, \ #SEM_CONN_TSM_LAST_OK_FORM_REQ
    0xAD59, \ #SEM_CONN_TSM_FAILED_EXEC_REQ
    0xAD5A, \ #SEM_CONN_TSM_LAST_CURL_TIME
    0xAD5B, \ #SEM_CONN_TSM_LAST_SERV_TIME
    0xAD5C, \ #SEM_CONN_TSM_MSG_QUEUE_PROP
    0xAD5D, \ #SEM_CONN_TSM_SRV_CHECK
    0xAD5E, \ #SEM_CONN_TSM_CONN_REC
    0xAD5F, \ #SEM_CONN_TSM_SEND_RET
    0xAD60, \ #SEM_CONN_TSM_SEND_INTERVAL
    0xAD61 #SEM_CONN_TSM_ADMIN_URL

    [cc:eek:nstar]
    type=CONNECTIVITY
    code=1148
    mons=0xAD62, \ #SEM_CONN_OBM_ONSTAR_DEVICE_PRESENCE
    0xAD63, \ #SEM_CONN_OBM_ONSTAR_WIFI_SETTINGS_PROPERTIES
    0xAD64 #SEM_CONN_OBM_ONSTAR_PRIVACY_SETTINGS_PROPERTIES
    spies=0xAD62, \ #SEM_CONN_OBM_ONSTAR_DEVICE_PRESENCE
    0xAD63, \ #SEM_CONN_OBM_ONSTAR_WIFI_SETTINGS_PROPERTIES
    0xAD64 #SEM_CONN_OBM_ONSTAR_PRIVACY_SETTINGS_PROPERTIES

    [cc:AUD]
    type=AUDIO
    code=1149
    mons=0xB000, \ #SEM_AUD_ECNR_VERSION
    0xB001 #SEM_AUD_DIRANA_VERSION
    spies=0xB000, \ #SEM_AUD_ECNR_VERSION
    0xB001 #SEM_AUD_DIRANA_VERSION

    [cc:VEH]
    type=VEHICLE
    code=1151
    mons=0xB100 #SEM_VEH_DENSO_VERSION
    spies=0xB100 #SEM_VEH_DENSO_VERSION

    [cc:Version]
    type=SSW
    code=1152
    mons=0x18, \ #SEM_VUC_SW_VERSION
    0x19, \ #SEM_VUC_CAN_VERSION
    0x1A, \ #SEM_VUC_HARDWARE_VERSION
    0x206, \ #SEM_OWN_OVERALL_SW_VERSION
    0x207, \ #SEM_OWN_SOC_SW_VERSION
    0x208, \ #SEM_OWN_SOC_PDK_VERSION
    0x209, \ #SEM_OWN_VUC_SW_VERSION
    0x20A, \ #SEM_OWN_DAB_SW_VERSION
    0x20B, \ #SEM_OWN_HARDWARE_VARIANT
    0x20C, \ #SEM_OWN_DISPLAY_VARIANT
    0x20D, \ #SEM_OWN_BT_MAC_ADDRESS
    0x20E, \ #SEM_OWN_WIFI_MAC_ADDRESS
    0x20F, \ #SEM_OWN_CUSTOMER_VERSION
    0x210, \ #SEM_OWN_CUSTOMER_RELEASE_DATE
    0xAB0A, \ #SEM_RAD_DAB_VERSION
    0xAC01, \ #SEM_SPC_TTS_VERSION
    0xAC02, \ #SEM_SPC_VR_VERSION
    0xAE05, \ #SEM_NAV_RELEASE_VERSION
    0xAE06, \ #SEM_NAV_MAP_VERSION
    0xAE11, \ #SEM_NAV_GPS_FIRMWARE_VERSION
    0xAF02, \ #SEM_HMI_HAND_WRITING_VERSION
    0xAF03, \ #SEM_HMI_PIN_YIN_VERSION
    0xB000, \ #SEM_AUD_ECNR_VERSION
    0xB001, \ #SEM_AUD_DIRANA_VERSION
    0xB100 #SEM_VEH_DENSO_VERSION
    spies=0x18, \ #SEM_VUC_SW_VERSION
    0x19, \ #SEM_VUC_CAN_VERSION
    0x1A, \ #SEM_VUC_HARDWARE_VERSION
    0x206, \ #SEM_OWN_OVERALL_SW_VERSION
    0x207, \ #SEM_OWN_SOC_SW_VERSION
    0x208, \ #SEM_OWN_SOC_PDK_VERSION
    0x209, \ #SEM_OWN_VUC_SW_VERSION
    0x20A, \ #SEM_OWN_DAB_SW_VERSION
    0x20B, \ #SEM_OWN_HARDWARE_VARIANT
    0x20C, \ #SEM_OWN_DISPLAY_VARIANT
    0x20D, \ #SEM_OWN_BT_MAC_ADDRESS
    0x20E, \ #SEM_OWN_WIFI_MAC_ADDRESS
    0x20F, \ #SEM_OWN_CUSTOMER_VERSION
    0x210, \ #SEM_OWN_CUSTOMER_RELEASE_DATE
    0xAB0A, \ #SEM_RAD_DAB_VERSION
    0xAC01, \ #SEM_SPC_TTS_VERSION
    0xAC02, \ #SEM_SPC_VR_VERSION
    0xAE05, \ #SEM_NAV_RELEASE_VERSION
    0xAE06, \ #SEM_NAV_MAP_VERSION
    0xAE11, \ #SEM_NAV_GPS_FIRMWARE_VERSION
    0xAF02, \ #SEM_HMI_HAND_WRITING_VERSION
    0xAF03, \ #SEM_HMI_PIN_YIN_VERSION
    0xB000, \ #SEM_AUD_ECNR_VERSION
    0xB001, \ #SEM_AUD_DIRANA_VERSION
    0xB100 #SEM_VEH_DENSO_VERSION


    To open the cheatcode window you have to press at least 6 seconds the multimedia button from nac.

    Enter first the cheatcode (for example 1130) and then the code 1122.
    Repeat it with every entered code.

    Example:
    First -> 1130
    Second -> 1122

    First -> 1131
    Second -> 1122

    First -> 1132
    Second -> 1122

    And so on.


    @rui.saraiva
    It would be helpful if you upload the complete update package.
    2
    An old NAC Wave 2 firmware version 21.05.65.32 (early 2017), was wrongly released without any encryption. It was pulled some hours later, but it was a bit too late... I've the full update .tar file, but here's some of the interesting files, including the root filesystem, after converting/extracting - https drive (dot) google (dot) com (slash) open?id=1ocCo5WJheeBkChpydxkE1Q28UYh0Xjq9
    1
    hi guys, I'm also looking for a way to get into the hidden menu of the NAC (3d Connect Nav) Peugeot. My car is a 2008, with CarPlay, Mirrorlink and Android Auto. Now compared to what I saw for the KIA, I would try to figure out if there is a chance to enter the system that is declared Linux, and find a gateway like an android virtual emulator, on which even turns android auto, to install other applications directly on the multimedia of the car. The only 2 codes we know are: 1111 1122, the first for spylogs, the second one gives us a series of info on the system, but apparently they are only legible and there is no way to get inside. In practice using the code 1122 the first time also gave me only info on the radio, but then typing in increasing order the following codes and typing 1122 again, for several times I have drawn many other info. I took pictures that I would like to share with you to find out if there is a chance to find a way.

    First of all, does anyone know that LINUX can run Android within? Would it be possible to enter the NAC system to install Android apps?
    1
    I am using the screen2auto application to transmit the phone screen to the NAC, only not knowing the resolution I find the image cut on the sides.
    I wanted to ask the community if they know the NAC "SCREEN WIDTH / SCREEN HEIGHT / DPI" screen resolution. thank you

    https://developer.groupe-psa.io/webportal/v1/overview/infotainment-system/#screen-size
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone