Rooted Jeep Cherokee '14 uConnect

What do you wanna see most on a uconnect system


  • Total voters
    182
Search This thread

Mousie123

Member
May 2, 2017
10
0
Hi Folks, does anyone have a copy of the Leighm0's MY16 modified ISO for USB script work and willing to share, the mega site links no longer work? Thankyou
 

obd1976

New member
Feb 18, 2021
1
0
Hello, I also need files and description for my 2 vehicles. uconnect 8.4 old FW. Conversion USA - EU . Thanks
 

Leighm0

Senior Member
Apr 2, 2007
174
72
Perth
Hi Folks, does anyone have a copy of the Leighm0's MY16 modified ISO for USB script work and willing to share, the mega site links no longer work? Thankyou
Hi guys,

Sorry I don't own a Jeep/Chrysler/Dodge anymore or a uConnect head unit, so I've not done this for several years. Apologies to those who sent me DM's about the ISO files being removed from MEGA. Here they are re-uploaded.. I am not sure if mega removed them due to a complaint, so if they do it again I probably won't reupload them.. so grab them while you can and then share them on another service if you wish.

MY14 (v14.05.3 based)
MY16 (v15.41.4011 based)

Some other people also pinged me to do a "conversion" from US to EU or whatever, sorry I don't know how to do that, you would need to talk to the guys from Customtronix for that, or maybe others on this forum have accomplished this procedure.
 

Gosudar

New member
Mar 23, 2021
2
1
Thanks for patch NaviServeron MyGiG 730N RHP / Iam update maps Here 2020-Q4/ Its work fine/

p.s. I rooted MyGiG N730 RHP
If interested - link deleted, please write me to Conversations/
Disable dealer pin-code , Unlock DVD Video in motion
Install map-changer Here or TomTom and other/

p.p.s. sorry for my bad english
 
Last edited:
  • Like
Reactions: Warlord721

radsliwa

New member
Feb 3, 2020
4
0
Hi guys, I have uConnect 8.4 ver. 18.45.01 in my Cherokee 15' now. I read a lot of posts but dont understand. Is any chance to modify my US version to EU by some USB software at this moment? Have anyone to solve this problem?
 

nihonjin

Senior Member
Aug 24, 2008
139
15
Successfully done from 16.x first to version 17.11.07 and then 18.45.01.

Let me collect some diffs and post more details, if this will be of some interest.

Hi devmihkel just wondering if you have any more detail around this process you followed and if I understand you correctly you updated from 16.x that was already rooted to version 17.11.07 and then to 18.45.01 and each time you did not loose root access. I assume however all files and settings you had previously installed were removed and you still had to re modify and install after the update. Were you still able to use the old modified ISO file to make changes ie update navigation files etc? Thanks
 

devmihkel

Member
Apr 10, 2018
36
4
Hi! Unfortunately I totally did not keep the promise of collecting diffs, but I guess I've got the ISO-s still around, somewhere :)
Starting with vulnerable (16.x) version and full root serial console access, both updates I did using modified update process (entering bootmode "D" or "R" i.e. DUPD/OTA mode), as well as modified installer and primary iso files. Update will flash all "nand partitions", but most existing files on MMC (/fs/mmcX) e.g. /fs/mmc0/nav/ will be left intact. Using USB serial cable, I make all changes directly on console, not doing any ISO tricks :)
 

rafal_l

Member
Sep 3, 2021
6
0
Hi
I have Uconnect 8.4 VP4 NA 16.16.13, and I have an old ustore account on it, I live in Poland and ustore is not connected to the network so that I can delete my account normally. When trying to run the performance page uconnect displays "No active subscription"
Does anyone have a script that will allow you to delete the old subscription or block the message?
 

ryci38

Member
Dec 5, 2021
6
0
Z mojego zrozumienia, jednostki vp3 mają 5" i są produkowane przez Continental, jednostki vp4 są 6,5" produkowane przez Harmon... A przynajmniej tak jest z Alfami.

Wiem, że niektóre jednostki 8.4 są określane jako vp3 lub vp4, a różnica między nimi to tylko oprogramowanie / proxy.

Wysłane z mojego CLT-L09 za pomocą Tapatalk
Mam VP3 i mam ekran 6,5 cala i mam problem z konwersją z USA do Europy bo nie wiem skąd go wziąć. I też brakuje mi map dla Europy.
 

Attachments

  • 262160660_900314584017521_6290660322591124780_n.jpg
    262160660_900314584017521_6290660322591124780_n.jpg
    59.3 KB · Views: 83
  • 262281703_310716420730652_7847465488337625013_n.jpg
    262281703_310716420730652_7847465488337625013_n.jpg
    62.1 KB · Views: 84

kryton85

New member
Jan 19, 2022
2
1
Does anyone have the original file for a European vehicle? I just need to disable DRM so my unit doesn't keep saying about issues with subscription when I try to access off road or srt pages. Alternatively, is there any way of pulling the file from my own unit? I assume not but thought I would ask. My firmware is still the older version so its an easier mod to do but can't find the correct FW as starting point

Thanks
 

devmihkel

Member
Apr 10, 2018
36
4
Does anyone have the original file for a European vehicle? I just need to disable DRM ...
Hi, #166
BUT for making in place edits like running a script to make changes or copy and overwrite files you don't really need EU fw file. If your current fw is old and vulnerable you can use "random" ISO or UPD files like created in this thread just to trigger a script stored on your USB stick to run in your unit.
* nope, you cannot pull fw image from your unit.
* not sure old DRM trick (like for enabling Wifi AP) works for your fw version, but you can try :)
Have fun.
 

rtamm

New member
Feb 28, 2022
3
1
Can anyone help with changing radio to EU frequencies?

I have successfully tried with 3 cars this solution and it worked perfectly:
via AlfaOBD (BodyComputer->Car configuration change->ECUConfig 3: Country of Destination to Germany)
After 2 resets, everything works.

Cars where this solution worked are 2016 Ram 1500 with 5" screen, 2017 Challenger with 5" screen and 2018 Challenger with 8.4" screen (Alpine sound).

But now I'm struggling with 2018 Challenger with 8.4" screen, it has Harman Kardon system and almost all extras what was offered.
Radio frequencies can be changed with the same solution, but there is no sound from FM radio (it shows correct radio names and you can tune EU frequencies).
If you play through mobile phone, then there is sound.
One fact more, always you have to make 2 resets for radio, but after first reset, the radio is working perfectly, also EU frequencies. But after second reset, there is no sound.
Does anybody have solution?
 

Stuey29

New member
Mar 6, 2022
1
0
Hi guys,

I’m hoping someone may be able to help! I’m willing to pay $$

I have a 2016 Jeep Grand Cherokee that came from Japan and imported into New Zealand, my biggest problem is the tuner is programmed for Japan not NZ… so only pick up a few stations. The gps also doesn’t work as from japan(I’m not to worried about gps. But would be a bonus if that can work in nz too.

Is there anyone here that can help me update my uconnect to suit NZ/AU settings? I obtained an update file and loaded it to my usb but get promoted with “system market mismatch stick contains ROW source is JP”

I’m not to tech savvy with programming and modifying files etc.. but from reading it looks some of you wizards can?

Any help much appreciated.

Cheers
 

sco16

New member
Apr 6, 2022
2
0
hi all;
own a grand cherokee srt 2014. uconnect was updated to 17.46.1 with performance pages not working ("subscription required" issue). got desperate to have it fixed, replaced the device.
now have a brand-new, with 14.05.03 in it.
what is the safe version to upgrade to, to have pp working (15 or 16 - no 17 please))
where to get the swdl files - searched all, no VP4 EU anywhere.

thanks a lot;
 

devmihkel

Member
Apr 10, 2018
36
4
where to get the swdl files - searched all, no VP4 EU anywhere.
Hey, this VP4 head unit is called with different Rx4 names according to geo, EU sounds like RG4 - search again ;) It is safe to give a try, the unit validates the image on the stick to match before update and prompts before starting anything.
 

sco16

New member
Apr 6, 2022
2
0
yea
Hey, this VP4 head unit is called with different Rx4 names according to geo, EU sounds like RG4 - search again ;) It is safe to give a try, the unit validates the image on the stick to match before update and prompts before starting anything.
yeah, I know that it is rg4, thanks anyway...
 

rtamm

New member
Feb 28, 2022
3
1
Can anyone help with Uconnect boot loop issue?

I had Uconnect version 17.43.01 with EU maps and radio frequencies.
But the Sport Mode function was not working, so I dicided to update software with version 18.45.01. Unfortunately the installation is freezing and continously starting over from 0%. There are 14 units, I have seen the best completed Unit1 with 100% and that's it, after this it will restart.

Can somebody help me?

Car is 2015 Dodge Challenger R/T Scat Pack with 8.4" Uconnect screen, but part number is 68270657AG - I think it is from Ram or Jeep.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    DISCLAIMER:
    Doing anything i describe in this thread is at YOUR OWN RISK, if your Jeep suddenly dies on the highway im not responsible, but if your jeep magically gets 200 MPG or limitless fuel i take full credit :)

    So studying the white paper from those security researchers that hacked the jeep over the sprint network and about a half a days worth of tinkering with the uconnect iso update file, i was finally able to get it to take the modifications, changing root password and editing boot script to run commands from script on USB flash drive, but now I'm at a loss not really sure what to do now.
    I just finished dumping the entire file system to the flash drive for analysis but other than that I don't know, I'm not familiar at all with qnx or even any embedded Linux for that matter so I'm just posting here to see what you guys can come up with.

    One goal of mine is to bring up the hotspot manually without having to pay for it so I can establish a proper ssh terminal, but im dreaming of either running android over top of the jeeps interface or replacing it entirely (maybe someday)

    Here's the link to the whitepaper
    ioactive.com/pdfs/IOActive_Remote_Car_Hacking.pdf

    Ok so i decieded to do a quick run down of what i did,

    First, using a hex editor on the 14.05.03 iso update file, at offset 0x80 insert an 'S' 0x53, on 14.05.03 ONLY this will bypass the initial ISO integrity on anything later the white paper describes a way to 'trick' the check. It involves 2 usb one with a modified ISO and one with a legit ISO. i have never done it this way, but i will describe it anyways: insert the USB with legit ISO, click yes on the pop-up, when the screen turns completely off immediately remove the USB and insert the one with the modified ISO

    9jf8n9o.png


    Second i changed the root password at offset 0x5dd34b4 to 8CNGLiYvSaCbg which is "root"

    Rwq3RCQ.png


    And lastly i inserted the code that will run scripts contained in 'cmds.sh' located on a usb flash drive, now this is tricky, orginially theres this line:
    ''# Start Image Rot Fixer, currently started with high verbosity"
    make it look like this before you insert the line of code:
    "######rently started with high verbosity"
    now after the "-d -p 2000 .." insert "sh /fs/usb0/cmds.sh &" and make sure that after the '&' and before the first '#' there is a line termination hex code 0x0a

    LwjQ109.png


    And that's it, type up a script called 'cmds.sh' and put it on a FAT32 formatted flash drive and your good to go

    The directory list:
    pastebin.com/BKfSptbH

    and a list of available commands
    pastebin.com/jLTaEEge
    Would it be a good idea to upload the actual dump from the file system?

    for ****s and giggles, live long and prosper:
    11951258_10206545819517048_5296661244309759410_n.jpg


    Last thing, most of the credit goes to Chris Valasek and Chris Miller the security researchers that paved the way and published the white paper, i just studied it and put the actual rooting process in an easier format.
    4
    Sounds exiting Leighm0 ! Any chance you could draft a step by step ' how to' for someone like me, who is a little tech savvy but not smart enough to figure our how to do this himself?

    Sorry - have been away / busy with work... only just remembered about this thread. I have written some very basic instructions below, you will need to work out the rest / where to get the files from properly, etc. And as always, do this at your own risk, if you don't know what you're doing and end up missing files or bricking your cars radio, then its your own fault (dealer wont help ya out of this mess)... however on this note - if you do get in a sticky situation I have found its not very hard to reset and start over with fresh firmware, I created a self-updating FW iso by modifying an older ISO which can be patched to auto-start on USB plugin.

    You will need to patch the files based on your given Firmware Level and Model Year / uConnect type... for example FW 15.26.1 MY14 RJ3/RJ4 files differ to FW 16.13.13 MY15 RJ3/RJ4, etc.

    You will also need to buy an iGO map license (~$30AU on Android for Australia - other locations cost more) and grab the files (.lyc) and the map files (requires rooted Android to access the license file, the rest are in the SDCard storage).

    Put the following files onto a USB in the root directory:
    - A patched swdl.iso modified to run "script.lua" instead of the upgrades
    - A patched NaviServer file enabled to allow ANY device License for iGO navigation map licenses. I call mine NaviServer2 so it doesn't conflict with the onboard one. You will need to grab this file off the uconnect from the /bin dir and then patch it using IDA Pro.
    - A copy of the nav.sh and navRestart.sh files from the uconnect /fs/mmc0/app/bin folder (or from the Firmware Update DVD iso file), modified to run NaviServer2 command instead of NaviServer - i.e. patched naviserver, with unlocked device licensing.
    - A RABCDAsm modified main.swf to "Push True" for SRT and Navigation options (if you want SRT backgrounds and startup logos/app logo, and if you don't have Navigation enabled by default i.e. Jeep Laredo model).
    - The map files into a folder called "content", with all your map files (3dc, 3dl, fbl, fda, fjw, fpa, fsp, ftr, hnr, ph, poi, spc), they need to sit in the correct subfolders based on iGO map file locations. (see screenshots)
    - For activating the SRT Apps, patch the xlet files to allow them to run without "conditions" in the xlet_properties files, stick them into a "xlets" directory on usb stick.
    - script.lua LUA script (contents shown below)

    script.lua contains following content, note: I am using Australia maps, obviously you need to change it for your own maps, and also for your own NaviServer file (if you want to call it different).

    NOTE: If you don't want to modify your XLETs (apps) or are unsure, then remove the lines about xlets below in the script.
    Code:
    #!/usr/bin/lua
    local os            = os
    -- copy patched main.swf, nav.sh, navRestart.sh, NaviServer2
    os.execute("cp -f /fs/usb0/main.swf /fs/mmc0/app/share/hmi")
    os.execute("cp -f /fs/usb0/nav.sh /fs/mmc0/app/bin")
    os.execute("cp -f /fs/usb0/NaviServer2 /fs/mmc0/app/bin")
    os.execute("cp -f /fs/usb0/navRestart.sh /fs/mmc0/app/bin")
    -- remove old maps, copy new map files from usb0 content folder
    os.execute("rm -rf /fs/mmc0/nav/NNG/content/building/Australia*")
    os.execute("rm -rf /fs/mmc0/nav/NNG/content/map/Australia*")
    os.execute("rm -rf /fs/mmc0/nav/NNG/content/phoneme/Australia.ph*")
    os.execute("rm -rf /fs/mmc0/nav/NNG/content/poi/Australia*")
    os.execute("rm -rf /fs/mmc0/nav/NNG/content/speedcam/Australia*")
    os.execute("cp -rf /fs/usb0/content /fs/mmc0/nav/NNG")
    -- copy map license files
    os.execute("cp -f /fs/usb0/*.lyc /fs/mmc0/nav/NNG/license")
    -- !!!!! remove old XLETS and copy patched xlets to mmc1  ( OPTIONAL : Remove the following 5 LINES if you dont have modified XLETS to copy over ) !!!!!
    os.execute("mount -uw /fs/mmc1/")
    os.execute("rm -rf /fs/mmc1/kona/preload/xlets/*")
    os.execute("rm -rf /fs/mmc1/xletsdir/xlets/*")
    os.execute("cp -rf /fs/usb0/xlets/* /fs/mmc1/kona/preload/xlets")
    os.execute("cp -rf /fs/usb0/xlets/* /fs/mmc1/xletsdir/xlets")
    -- change permissions for new files copied
    os.execute("chmod 555 /fs/mmc0/app/share/hmi/main.swf")
    os.execute("chmod 755 /fs/mmc0/app/bin/nav.sh")
    os.execute("chmod 755 /fs/mmc0/app/bin/NaviServer2")
    os.execute("chmod 755 /fs/mmc0/app/bin/navRestart.sh")
    os.execute("chmod 555 /fs/mmc0/nav/NNG/content/building/Australia*")
    os.execute("chmod 555 /fs/mmc0/nav/NNG/content/map/Australia*")
    os.execute("chmod 555 /fs/mmc0/nav/NNG/content/phoneme/Australia*")
    os.execute("chmod 555 /fs/mmc0/nav/NNG/content/poi/Australia*")
    os.execute("chmod 555 /fs/mmc0/nav/NNG/content/speedcam/Australia*")
    os.execute("chmod 555 /fs/mmc0/nav/NNG/license/*.lyc")
    os.execute("chmod 555 -R /fs/mmc1/kona/preload/xlets")
    os.execute("chmod 555 -R /fs/mmc1/xletsdir/xlets")
    -- remount mmc0/1 as read-only mode
    os.execute("mount -ur /fs/mmc1/")
    os.execute("mount -ur /fs/mmc0/")
    -- stop mmc mount and end script
    os.execute(mountpath.."/usr/share/scripts/mmc.sh stop")

    Screenshot of the full USB folder/file tree once prepared:
    - Highlighted Yellow files have been modified from Originals.
    - Highlighted Green files are completely new files replacing Originals if exist.
    - Highlighted Blue file is custom LUA script file for above code content.
    - Non-Highlighted files are untouched Originals.

    Screenshot by Lightshot

    And here is what it looks like on the actual USB stick in Explorer:

    Screenshot by Lightshot
    3
    Just adding a DisableDRM file does not actually enable the Wifi App, you need to enable it first - this is just to bypass DRM checks... which are only valid on older firmware now days.. you will need to hack SWF files to ignore DRM checks now days.

    ---------- Post added at 02:07 PM ---------- Previous post was at 02:06 PM ----------



    YES many Thanks Leighm0, the Wifi button is activ! :eek:
    But... which swf needs to be changed to disable the DRM?

    Edit:
    now i have the wifi button , but no gps signal!
    my oiginal /dev/fram/productid "VP4_EU_MY14_REVA_N_D_N" to change "VP4_EU_MY14_REVA_E_D_N" After Change, no GPS Signal.
    itś not an easy job

    Here are my hacks, i cant remember which one got the Ecell GPS disabled (to use the normal GPS.. possibly the last one lol). These need to be executed when car is running, which i do from booter.lua which i get called from a modified media.sh on bootup. I believe i also use flexgps_ndr.sh to allow GPS.. cant recall what i modified in the file, dont have the original on hand to compare.
    Code:
    os.execute("touch /fs/etfs/DISABLE_SPEED_LOCKOUT")
    os.execute("touch /fs/etfs/NAV_SECRETS")
    os.execute("touch /fs/etfs/enableEngMenu")
    os.execute("touch /fs/etfs/enableDlrMenu")
    os.execute("touch /fs/etfs/enableDealerMenu")
    os.execute("touch /fs/etfs/disableDRM")
    os.execute("touch /fs/etfs/disable_DRM")
    os.execute("touch /fs/etfs/disable_SpeedLockout")
    os.execute("touch /fs/etfs/useWLAN4QXDM")
    os.execute("touch /tmp/networkingpossible")
    os.execute("touch /tmp/ECELL_GPS_DISABLED")

    Here is a link to all the files ive modified and uploaded to my head unit, they are for v16.13.13 MY14 car, suggest you either use them on the exact same firmware version, or decompile and compare to your firmwares SWF files and modify on your specific firmware.

    https://mega.nz/#!9gkQhTiR!6anymlEx7ik2zl-Df_Rg3_ls70PgxQOy2JjpDodcBJk

    I've also included all my hacked .sh and .lua files i run on the unit, and a "script.lua" which i use on the firmware update hack to push files to and from the unit, i have commented out all the commands - i usually just uncomment the ones i need to run off the usb upgrade, then go put it in my car and run it..

    Enjoy.

    ---------- Post added at 07:04 AM ---------- Previous post was at 07:03 AM ----------

    Hi Leighm0, absolutely interested to check some of these links of yours, if it would be possible to try out ready-made NaviServer2 binary for testing. Have you managed to try this combination (custom binary + fresh iGo maps) on 16.x software version as well?

    attached file above should help you out. Yes I run 2017 iGO maps with valid license on my car.. just need to get the license and map files..
    2
    Hello,

    I want to activate the wifi on the uconnect. It does not work.

    My uconnect 8.4 / firmware 15.26.1

    1. I downloaded the ISO for MY14-15 Cars
    2. on the USB stick swdl.iso, script.lua and disableDRM


    script.lua:
    Code:
    #!/usr/bin/lua
    local os            = os
    -- copy patched disableDRM
    os.execute("mount -uw /fs/mmc0/") 
    os.execute("cp -f /fs/usb0/disableDRM /fs/etfs")
    os.execute("chmod 555 /fs/etfs/disableDRM")
    -- remount mmc0/1 as read-only mode
    os.execute("mount -ur /fs/mmc0/")
    os.execute("/usr/share/scripts/mmc.sh stop")
    -- stop mmc mount and end script

    after the update the swdlLog.txt is generated.

    swdlLog.txt:
    Code:
    ********SOFTWARE UPDATE LOG********
    Starting Update
    Total units to update: 12
    Installing unit 1 SYSTEM CHECK 
    Got the unit installer for SYSTEM CHECK
     System market mismatch, stick contains NA but target is EU
     System Market matches
     System Product matches
    Script Started.
     ERROR:  Script finished
    Software Update failed, see 'swdlLog.txt' on the USB stick for more details
    Eject USB for RESET

    whats going on here?
    as if the script would not be executed?

    please, help me...:(

    Just adding a DisableDRM file does not actually enable the Wifi App, you need to enable it first - this is just to bypass DRM checks... which are only valid on older firmware now days.. you will need to hack SWF files to ignore DRM checks now days.

    ---------- Post added at 02:07 PM ---------- Previous post was at 02:06 PM ----------

    Perhaps the script runs alright (do an echo or something in your script to your /fs/usb0/ to test), but disableDRM trick has no effect on mine MY16 - so maybe it's just no good for your 15.x firmware anymore neither, I wonder...
    (I still get the same "No Active Subscription..." prompt with or without disableDRM file in place, nor can I see any occurance of this string in 16.x ISOs).

    Correct.. the script runs, and the Error is to bomb out the REAL upgrade scripts.. i.e. dont flash the device back to 14.x.. reboot.

    ---------- Post added at 02:26 PM ---------- Previous post was at 02:07 PM ----------

    Hello,
    It is possible that there is no wifiunit in the EU uconnect device (german 2014)?

    Now, i have access to the partition mmc0 and mmc1. I patched the media.sh "touch /fs/etfs/disableDRM &" , but there is only the normal settings button, no new one with wifi after reboot.
    know one more about the eu uconnect device or still missing an entry for wifi?

    Same as above.. Wifi App doesnt show up just by having disableDRM.. you need to enable the Wifi app..

    Easiest I have found was to modify this file: /dev/fram/productid

    It looks something like this in hexeditor:
    VP3_RW_MY14_REVB_N_N_N<hexchars>
    I converted mine to be: (VP4 got nav by default, VP3 doesnt)
    VP4_RW_MY14_REVB_E_D_N<hexchars>
    Those last 3 letters after "REVB" tell the vehicle what is installed.
    Character one (Wireless/Cell phone module):
    E = ECell (Embedded Cellular module.. for some reason this turns on Wifi AP)
    N = Nothing
    Character Two (Radio type):
    D = DAB radio
    S = Sat radio
    N = Nothing (just normal am/fm radio)
    Character Three (dont recall what it was).
    N = Nothing..

    I dont even remember where I found out what the values were, but it would have been dumping the .sh and .lua scripts from the unit and reading through them, also the SWF menus.. working out what the unit was looking for in this file, to turn on certain functions. (the boot.sh was the major detail of this, also there is a few wlan.sh and other scripts..)

    FYI - my AU vehicle should not have wireless device, or the cell module (it doesnt physically have the Sierra Card), but it still uses something for the wireless AP - which is fully functional.. however quite useless apart from gaining SSH access over wifi.

    You can see a lot of the scripts on the vehicle without gaining access by looking on the original FW isos... folder called "usr\share\MMC_IFS_EXTENSION\bin" has a lot of .sh and lua scripts which tell you how it loads up stuff at bootup...
    2
    this actually looks pretty cool. anyone actually done this to see if it works?


    I am going to assume (I may be wrong) but this is still Android 4.4.4. Anyone who pays that amount of money on a device that has Android 4.4.4. is absolutely crazy.