TSB 19-NA-100 Radio Software Version 22.8 and TSB 19-NA-249 Favorites Grayed Out- Nov 4, 2019

[danzig997]

I've uploaded both to onedrive - post #316 😉
TSB 19-NA-100 Radio Software Version 22.8 and TSB 19-NA-249 Favorites Grayed Out- Nov 4, 2019

My Regal GS instrument cluster boots with the Opel theme, but the infotainment system boots with the Buick theme. How do I change the infotainment system's boot animation to match?

 

[pioadam]

My Regal GS instrument cluster boots with the Opel theme, but the infotainment system boots with the Buick theme. How do I change the infotainment system's boot animation to match?

I'm still trying to figure it out - easiest way would be changing filenames in \resource\ro\anim\
File "7" should be renamed to "5", but you need root to do it and GM locked adb shell. I'm looking for exploit for temporary root, that would allow us to do some mods (most probably dirty cow should do the job as our system should be vulnerable), but I've 2 y.o. son so it's hard to get some free time after work 😅.

I've tried to prepare new image, but every file have stored checksum + there is checksum for whole partition so any mods in those files cause change of checksum and car reject it on installation :/

So, WIP but no ETA.

 

[Chef jpd]

"Dirty Cow"??????

 

[pioadam]

"Dirty Cow"??????

Dirty COW (CVE-2016-5195)

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel.

dirtycow.ninja

GitHub - j0nk0/GetRoot-Android-DirtyCow: Get temporary root by exploiting the dirtycow vulnerability.

Get temporary root by exploiting the dirtycow vulnerability. - j0nk0/GetRoot-Android-DirtyCow

github.com

But we need to find a way to execute it without ADB.
I'm pretty sure hondahack use something similar and it's web based exploit.

 

[pioadam]

Hey! I tried your links originally but I got an error saying access denied. That could just be a user error on my side though.

That's strange, few guys already downloaded it from my 1drv (to be exact I can see 7 users on onedrive). I've generated new url, could you check it? BUICK
BTW, you are logged in to MS Onedrive right?

 

[pioadam]

the onedrive link from post#316 doesn't seem to be working.

Could you try the one posted above? I Don't see any restrictions on my 1drv, but I've generated new url

 

[CNYmetalGuy]

"Dirty Cow"??????

Way off topic (kinda)

But ..

Sometimes vuln names (or even APT group names) are oddly chosen. I used to think someone at Crowdstrike or NIST has a warped sense of humor.

Example regarding APT (Advanced Persistent Threat) group names: Fancy Bear(apt 29) and Cozy Bear (apt 28) are Russian threat actor groups. Naming kinda makes sense. Mythic Leopard (apt 36 Pakistan) on the other hand sorta doesn't.

For those interested at home I've attached the following 2 pics

 

[CNYmetalGuy]

That's strange, few guys already downloaded it from my 1drv (to be exact I can see 7 users on onedrive). I've generated new url, could you check it? BUICK
BTW, you are logged in to MS Onedrive right?

I posted a link to my OneDrive semi recently in this thread. Last I knew it was working

 

[CNYmetalGuy]

Dirty COW (CVE-2016-5195)

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel.

dirtycow.ninja

GitHub - j0nk0/GetRoot-Android-DirtyCow: Get temporary root by exploiting the dirtycow vulnerability.

Get temporary root by exploiting the dirtycow vulnerability. - j0nk0/GetRoot-Android-DirtyCow

github.com

But we need to find a way to execute it without ADB.
I'm pretty sure hondahack use something similar and it's web based exploit

The tool GM uses to update the infotainment software can force it through and update even if validation fails right? If so, what's the tool name? Might be able to mimic the tool. And it's Hacker Summer camp next week so all those brains gathered in the same area... Maybe give them a problem to solve

 

[diplocentrus]

That's strange, few guys already downloaded it from my 1drv (to be exact I can see 7 users on onedrive). I've generated new url, could you check it? BUICK
BTW, you are logged in to MS Onedrive right?

That one worked! Thanks to everyone who helped out. Gonna install tomorrow. Super pumped!

I tried two Microsoft accounts. Both got AccessDenied. Not sure if it was just me. But either way, I appreciate you for helping!

 

[Johnlewelling]

I posted a link to my OneDrive semi recently in this thread. Last I knew it was working

perhaps I'm doing something wrong, the link is just where is says OneDrive correct? when i click on it, it take me to OneDrive but it says something went wrong. any help would be great, im hoping this will fix my audio dropping issues.

 

[CNYmetalGuy]

perhaps I'm doing something wrong, the link is just where is says OneDrive correct? when i click on it, it take me to OneDrive but it says something went wrong. any help would be great, im hoping this will fix my audio dropping issues.

I apologize as I used Google drive not OneDrive. But click the clink in the first pic. If you get prompted to choose an account then select the appropriate one. Click the folder name that you want and you should see a screen that shows all the files. Select one then choose select all then download.

I should zip them to make this process less tedious

 

[pioadam]

The tool GM uses to update the infotainment software can force it through and update even if validation fails right? If so, what's the tool name? Might be able to mimic the tool. And it's Hacker Summer camp next week so all those brains gathered in the same area... Maybe give them a problem to solve

GMTool is something different - our adb is locked for authorized devs only and you can't permanently modify anything even if you have this tool. You need to connect car to wifi, use GM dev environment and then you can install anything you want, but it will be wiped off after disconnecting from GM Dev server 🙁
For OS upgrade I think Buick / Opel use just a pendrive with image, I'm not sure if MDI2 is able to flash whole new ROM via OBD (I'd say it can't).
That's why I'm looking for options to root our image directly from head unit, then we will be able to install any apps straight from USB

 

[CNYmetalGuy]

GMTool is something different - our adb is locked for authorized devs only and you can't permanently modify anything even if you have this tool. You need to connect car to wifi, use GM dev environment and then you can install anything you want, but it will be wiped off after disconnecting from GM Dev server 🙁
For OS upgrade I think Buick / Opel use just a pendrive with image, I'm not sure if MDI2 is able to flash whole new ROM via OBD (I'd say it can't).
That's why I'm looking for options to root our image directly from head unit, then we will be able to install any apps straight from USB

Well there goes that attack vector. But I agree with you on the rom needing to be rooted and the root persistent.

I'm currently stripping down my 18 and have thought about using its infotainment as a dev/test environment but the problem with that idea is its a red needle.

 

[pioadam]

Well there goes that attack vector. But I agree with you on the rom needing to be rooted and the root persistent.

I'm currently stripping down my 18 and have thought about using its infotainment as a dev/test environment but the problem with that idea is its a red needle.

It doesn't really matter if it's white or red needle - as long as it's Info3 it's the same unit. In Insignia there was Navi900 for first years, later it was replaced by Info3, but I didn't seen a single picture of Buick with Navi900 so it looks like Regal got Info3 from the beginning.
Yesterday I've noticed a problem with connecting to wifi - connection was dropped after few seconds, but I'm not sure if it's an issue with 22.11 or with my phone, need to bring mikrotik to garage and set it up as repeater.
BTW do you know how Internet from OnStar is provided to headunit? Is it over Wi-Fi or Ethernet?
OnStar was disabled in Europe so I'm planning to remove whole unit and replace it by GPS tracking system and LTE router, if radio use ethernet then I'll try to build an adapter to connect it to new router.

 

[CNYmetalGuy]

It doesn't really matter if it's white or red needle - as long as it's Info3 it's the same unit. In Insignia there was Navi900 for first years, later it was replaced by Info3, but I didn't seen a single picture of Buick with Navi900 so it looks like Regal got Info3 from the beginning.
Yesterday I've noticed a problem with connecting to wifi - connection was dropped after few seconds, but I'm not sure if it's an issue with 22.11 or with my phone, need to bring mikrotik to garage and set it up as repeater.
BTW do you know how Internet from OnStar is provided to headunit? Is it over Wi-Fi or Ethernet?
OnStar was disabled in Europe so I'm planning to remove whole unit and replace it by GPS tracking system and LTE router, if radio use ethernet then I'll try to build an adapter to connect it to new router.

From what I can determine from the parts lists and wiring diagrams it's hardwired to the head unit from the LTE antenna.

 

[CNYmetalGuy]

GMTool is something different - our adb is locked for authorized devs only and you can't permanently modify anything even if you have this tool. You need to connect car to wifi, use GM dev environment and then you can install anything you want, but it will be wiped off after disconnecting from GM Dev server 🙁
For OS upgrade I think Buick / Opel use just a pendrive with image, I'm not sure if MDI2 is able to flash whole new ROM via OBD (I'd say it can't).
That's why I'm looking for options to root our image directly from head unit, then we will be able to install any apps straight from USB

Anyone know this whiteandblue account from?

HMI Logo

Hi, I have an Opel Insignia and I'm using HMI calibration files from Chevrolet. I like the Chevy theme, but I want to know if I could change only the startup logo back to Opel one.

www.cameraloops.ru

 

[pioadam]

Anyone know this whiteandblue account from?

HMI Logo

Hi, I have an Opel Insignia and I'm using HMI calibration files from Chevrolet. I like the Chevy theme, but I want to know if I could change only the startup logo back to Opel one.

www.cameraloops.ru

Maybe @Arbe_GTC ? I've looked at his (whiteandblue) posts over that forum and seems to be just a random guy with MDI2

One step backwards in hacking our headunit. Today I had some time to fix mentioned Wi-Fi issue, factory reset solved the problem so now connection with mobile hotspot is working fine but I've noticed that we don't have build in browser 😅 (not the AA one, I'd like to run exploit straight form browser on headunit). To be exact there is a build in browser, but we don't have any shortcut to run it (limited in luncher) and all internal html files like EULA are opening in kiosk mode so with no address bar :/ Another point to figure out, but maybe AA browser would do the job - need to read more about it 🙂

 

[CNYmetalGuy]

Maybe @Arbe_GTC ? I've looked at his (whiteandblue) posts over that forum and seems to be just a random guy with MDI2

One step backwards in hacking our headunit. Today I had some time to fix mentioned Wi-Fi issue, factory reset solved the problem so now connection with mobile hotspot is working fine but I've noticed that we don't have build in browser 😅 (not the AA one, I'd like to run exploit straight form browser on headunit). To be exact there is a build in browser, but we don't have any shortcut to run it (limited in luncher) and all internal html files like EULA are opening in kiosk mode so with no address bar :/ Another point to figure out, but maybe AA browser would do the job - need to read more about it 🙂

I was going to say there has to be something installed for browser. Likely chromium based but tweaked by GM/Google. I'm half tempted to become a member of that forum and ask questions, etc but I hate the idea because it is a ru forum. But gives me things to think about

 

[stembridge]

I'm attempting to update our '18 TourX Essence to 21.11 (or .10), using a FAT32-formatted USB drive. I've extracted the update files into the root directory of the USB, but am getting the error message "Vehicle update download failed." upon insert of the USB. Have tried with both x.11 and x.10 with the same result.

FWIW, I've done similar updates on my other vehicles, so I'm not new to the process, but could also be missing something obvious.

I didn't see this anywhere in this whole thread, but it seems the car must either be running, or have the ignition "ON" (not running, not in ACC) for the update process to start. I do have a battery jump-pack connected (not plugged in).

Don't know if it matters, but we have never activated OnStar on this vehicle (since new).

Any suggestions?