Audi A6 4G MIB Head Unit HIGH - Страница 4
Добро пожаловать на Turbo Quattro.
Страница 4 из 5 ПерваяПервая ... 2345 ПоследняяПоследняя
Показано с 61 по 80 из 83
  1. #61
    Новичок
    Регистрация
    28.01.2017
    Сообщений
    13

    По умолчанию

    Цитата Сообщение от алексей 3012 Посмотреть сообщение
    Вложение 60800

    This is the secret key file?
    I think it must be an important file. If you check the filename it's "maybe" the container file for FeC codes (like in RMC where FSC are stored in Container too).
    If you reverse the fec binary in IDA you can found some FeC related functions to handle FeC requests....

    Currently I have only 2 fec container files from 2 different devices. One is empty (contains only 4 bytes header) and other has some data inside.
    Next days. I will try to get more container files to check them....
    I don't know (but I hope) if I'm on the right way....

  2. #62
    Новичок
    Регистрация
    05.01.2018
    Сообщений
    10

    По умолчанию

    I have one FecContainer.fec from VW's discover pro (MIB2HIGH). I did some basic check... The file size should be 4 + (195 x FeC counts). The first 4 bytes means how much FeCs inside the container.
    For each FeCs, Start with 0x000000AB and end with 0x000000FF (little endian)
    For each offset of individual FeCs
    byte00 ~ byte03: 0x000000AB
    byte04~ byte05: 0x0211
    byte06 ~ byte09 : FeCs in big endian (i.e. FeC 0931002f would be 09 31 00 2f)
    byte11 ~ byte15 : VCRN code
    byte16 ~ byte33 : VIN + \0 (18bytes)
    byte34 ~ byte37 : Date time of the FeCs (Epoch time in big endian)
    byte38 ~ byte46 : All 0x00
    byte47 ~ byte174 : variant data, signature? (128 bytes)
    byte175 ~ byte 178: 0x00000001
    byte179 ~ byte182: FeCs in little endian (i.e. FeC 0931002f would be 0x0931002f)
    byte183 ~ byte186: 0x00000001
    byte187 ~ byte190: 0x00000003
    byte191 ~ byte194: 0x000000FF
    Последний раз редактировалось jvkk; 27.01.2018 в 15:00.

  3. #63
    Новичок
    Регистрация
    28.01.2017
    Сообщений
    13

    По умолчанию

    Цитата Сообщение от jvkk Посмотреть сообщение
    I have one FecContainer.fec from VW's discover pro (MIB2HIGH). I did some basic check... The file size should be 4 + (195 x FeC counts). The first 4 bytes means how much FeCs inside the container.
    For each FeCs, Start with 0x000000AB and end with 0x000000FF (little endian)
    For each offset of individual FeCs
    byte00 ~ byte03: 0x000000AB
    byte04~ byte05: 0x0211
    byte06 ~ byte09 : FeCs in big endian (i.e. FeC 0931002f would be 09 31 00 2f)
    byte11 ~ byte15 : VCRN code
    byte16 ~ byte33 : VIN + \0 (18bytes)
    byte34 ~ byte37 : Date time of the FeCs (Epoch time in big endian)
    byte38 ~ byte46 : All 0x00
    byte47 ~ byte174 : variant data, signature? (128 bytes)
    byte175 ~ byte 178: 0x00000001
    byte179 ~ byte182: FeCs in little endian (i.e. FeC 0931002f would be 0x0931002f)
    byte183 ~ byte186: 0x00000001
    byte187 ~ byte190: 0x00000003
    byte191 ~ byte194: 0x000000FF
    Hi jvkk,

    It's very usefull infromation.
    Thank you for sharing...

    I think the 128 bytes must be the signature, because the keys are 1024bits (128 bytes) too.

    regards,
    leader

  4. #64
    Новичок
    Регистрация
    05.01.2018
    Сообщений
    10

    По умолчанию

    I also found something interesting when I use 'file' to identify content of dumped data...
    Is this useful or just no use because it's a public key?
    dump/> file HBpersistence/Keys/*/*
    HBpersistence/Keys/DataKey/AU_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/BY_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/PO_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/SE_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/SK_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/VW_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/FECKey/AU_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/BY_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/PO_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/SE_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/SK_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/VW_MIB-High_FEC_public_signed.bin: PGP\011Secret Sub-key -
    HBpersistence/Keys/MetainfoKey/AU_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/BY_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/PO_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/SE_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/SK_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/VW_MIB-High_MI_public_signed.bin: data

  5. #65
    Новичок
    Регистрация
    28.01.2017
    Сообщений
    13

    По умолчанию

    Цитата Сообщение от jvkk Посмотреть сообщение
    I also found something interesting when I use 'file' to identify content of dumped data...
    Is this useful or just no use because it's a public key?
    dump/> file HBpersistence/Keys/*/*
    HBpersistence/Keys/DataKey/AU_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/BY_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/PO_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/SE_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/SK_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/DataKey/VW_MIB-High_DK_public_signed.bin: data
    HBpersistence/Keys/FECKey/AU_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/BY_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/PO_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/SE_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/SK_MIB-High_FEC_public_signed.bin: data
    HBpersistence/Keys/FECKey/VW_MIB-High_FEC_public_signed.bin: PGP\011Secret Sub-key -
    HBpersistence/Keys/MetainfoKey/AU_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/BY_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/PO_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/SE_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/SK_MIB-High_MI_public_signed.bin: data
    HBpersistence/Keys/MetainfoKey/VW_MIB-High_MI_public_signed.bin: data
    These files contains the public keys to check signature in FEC, Metainfo and data files....

  6. #66

    По умолчанию

    Any update on this? Any way to add FSC to FecContainer.fec

  7. #67

    По умолчанию

    Any further break throughs? I have Q7 FecContainer.fec that is 227 bytes in size. VIN starts at byte 20 and it has 5 FeC codes... Wondering how this compares to jvkk.

  8. #68

    По умолчанию

    What I have been able to deduce:

    Bytes 00-03 01 00 00 00
    Bytes 04-19 B7 00 00 00 11 07 FF FF FF FF 03 61 69 DE D4 A7
    Bytes 20-37 VIN + 00 (18 bytes)
    Bytes 38-42 56 4F 19 4F 05
    Bytes 43-46 FeC #1 Big Endian
    Bytes 47-50 FeC #2 Big Endian
    Bytes 51-54 Fec #3 Big Endian
    Bytes 55-58 Fec #4 Big Endian
    Bytes 59-62 FeC #5 Big Endian
    Bytes 63-79 85 18 6F 42 EA D4 9B CD B1 D8 4F E3 F0 64 7E 13
    Bytes 80 - 95 A3 84 37 24 B3 05 34 67 DD 05 DB A5 DC 18 97 5B
    Bytes 96 - 111 A3 F5 C9 74 29 4D 55 23 E4 85 8D B0 81 AB CB 9D
    Bytes 112 -127 AC 95 39 6F 46 39 7A E5 00 88 E3 7B 24 C9 69 D5
    Bytes 128 - 143 30 8B BD D2 9A A8 05 A4 01 A2 09 6F 92 30 87 69
    Bytes 144- 159 0B 59 F0 44 33 6C B2 8E 99 20 3B 8E 4B FE F7 EC
    Bytes 160 - 175 B3 6C 7B 3D 79 DA B7 FE 9A ED 97 B0 D0 DD 60 25
    Bytes 176 - 191 73 16 BB 40 3F A4 5C 4F E2 75 B1 6E 39 F8 6E 05
    Bytes 192 - 194 00 00 00
    Bytes 195-198 FeC #1 Little Endian
    Bytes 199-202 FeC #2 Little Endian
    Bytes 203-206 Fec #3 Little Endian
    Bytes 207-210 Fec #4 Little Endian
    Bytes 211-214 FeC #5 Little Endian
    Bytes 215 -226 01 00 00 00 03 00 00 00 FF 00 00 00

  9. #69

    По умолчанию

    Further

    Bytes 00-03 01 00 00 00
    Bytes 04-19 B7 00 00 00 11 07 FF FF FF FF 03 61 69 DE D4 A7
    Bytes 20-37 VIN + 00 (18 bytes)
    Bytes 38-42 56 4F 19 4F Epoch time
    Byte 42: 05 #Number of FeCs

    Bytes 43-46 FeC #1 Big Endian
    Bytes 47-50 FeC #2 Big Endian
    Bytes 51-54 Fec #3 Big Endian
    Bytes 55-58 Fec #4 Big Endian
    Bytes 59-62 FeC #5 Big Endian
    Bytes 63-79 85 18 6F 42 EA D4 9B CD B1 D8 4F E3 F0 64 7E 13
    Bytes 80 - 95 A3 84 37 24 B3 05 34 67 DD 05 DB A5 DC 18 97 5B
    Bytes 96 - 111 A3 F5 C9 74 29 4D 55 23 E4 85 8D B0 81 AB CB 9D
    Bytes 112 -127 AC 95 39 6F 46 39 7A E5 00 88 E3 7B 24 C9 69 D5
    Bytes 128 - 143 30 8B BD D2 9A A8 05 A4 01 A2 09 6F 92 30 87 69
    Bytes 144- 159 0B 59 F0 44 33 6C B2 8E 99 20 3B 8E 4B FE F7 EC
    Bytes 160 - 175 B3 6C 7B 3D 79 DA B7 FE 9A ED 97 B0 D0 DD 60 25
    Bytes 176 - 191 73 16 BB 40 3F A4 5C 4F E2 75 B1 6E 39 F8 6E 05
    Bytes 192 - 194 00 00 00
    Bytes 195-198 FeC #1 Little Endian
    Bytes 199-202 FeC #2 Little Endian
    Bytes 203-206 Fec #3 Little Endian
    Bytes 207-210 Fec #4 Little Endian
    Bytes 211-214 FeC #5 Little Endian
    Bytes 215 -226 01 00 00 00 03 00 00 00 FF 00 00 00

  10. #70
    Новичок
    Регистрация
    05.01.2018
    Сообщений
    10

    По умолчанию

    Bytes 00-03 01 00 00 00 # 1 FeC collections
    Bytes 04-07 B7 00 00 00 # Size of following contents (i.e. B7 = 183, 183 + 8 = 191)
    Bytes 08-13 11 07 FF FF FF FF
    Bytes 14-19 03 61 69 DE D4 A7 # 03 + VCRN (I have no idea what 03 means)

    Bytes 20-37 VIN + 00 (18 bytes)
    Bytes 38-42 56 4F 19 4F Epoch time
    Byte 42: 05 #Number of FeCs

    Bytes 43-46 FeC #1 Big Endian
    Bytes 47-50 FeC #2 Big Endian
    Bytes 51-54 Fec #3 Big Endian
    Bytes 55-58 Fec #4 Big Endian
    Bytes 59-62 FeC #5 Big Endian
    # Bytes 63 ~ 190 were signature for identification. 128 bytes
    Bytes 63-79 85 18 6F 42 EA D4 9B CD B1 D8 4F E3 F0 64 7E 13
    Bytes 80 - 95 A3 84 37 24 B3 05 34 67 DD 05 DB A5 DC 18 97 5B
    Bytes 96 - 111 A3 F5 C9 74 29 4D 55 23 E4 85 8D B0 81 AB CB 9D
    Bytes 112 -127 AC 95 39 6F 46 39 7A E5 00 88 E3 7B 24 C9 69 D5
    Bytes 128 - 143 30 8B BD D2 9A A8 05 A4 01 A2 09 6F 92 30 87 69
    Bytes 144- 159 0B 59 F0 44 33 6C B2 8E 99 20 3B 8E 4B FE F7 EC
    Bytes 160 - 175 B3 6C 7B 3D 79 DA B7 FE 9A ED 97 B0 D0 DD 60 25
    Bytes 176 - 190 73 16 BB 40 3F A4 5C 4F E2 75 B1 6E 39 F8 6E
    Bytes 191 - 194 05
    00 00 00 # Counts of FeC
    Bytes 195-198 FeC #1 Little Endian
    Bytes 199-202 FeC #2 Little Endian
    Bytes 203-206 Fec #3 Little Endian
    Bytes 207-210 Fec #4 Little Endian
    Bytes 211-214 FeC #5 Little Endian
    Bytes 215 -226 01 00 00 00 03 00 00 00 FF 00 00 00 # These are identify flags

    It is almost not possible to produce an valid FecContainer.fec until you have the private key.
    or I think you can replace the public key inside MU with one related to your own private key.
    This may make some sense, but would be less convenient for later update.

    Последний раз редактировалось jvkk; 12.06.2018 в 03:01.

  11. #71

    По умолчанию

    Makes sense.

  12. #72

    По умолчанию

    Also, I have seen another FecContainer.fec that has had Audi Smartphone Interface (ASI) upgrdaded via SVM and the container then gets TWO additional FeCs appended to it (one for each Apple carplay 00060800 and Android Auto 00060900. Only little endian I can find for the additional keys..

  13. #73

    По умолчанию

    You still need US firmware? I have an update for US. Ordered by mistake LOL

  14. #74
    Пользователь
    Регистрация
    02.04.2018
    Адрес
    Киев
    Сообщений
    41

    По умолчанию

    Цитата Сообщение от spyderboyant Посмотреть сообщение
    You still need US firmware? I have an update for US. Ordered by mistake LOL
    Hi,
    could you clarify which firmware do you have, what version for what car?
    Thanks!

  15. #75

    По умолчанию

    Do ypu know the password

  16. #76
    Новичок
    Регистрация
    25.11.2018
    Адрес
    Großmaischeid
    Сообщений
    2

    По умолчанию

    Hi all,

    anyone can tell me how to mount /usr/ rw ?
    Tried
    mount -uw /usr/ but is not working for this dir/mountpoint

    Also, where dose the root dir come from? There is no mounpoint for /
    not in fstab and also df dosnt show any mount for root dir

  17. #77
    Новичок
    Регистрация
    27.09.2018
    Адрес
    EU
    Сообщений
    8

    По умолчанию

    Hi all! I have an Audi A6 2015 with MIB2. On my MyAudi account, the maps available for update are 2017-2018. A friend with A6 2017 has maps 2018-2019 available. I'm trying to get the maps from him but it did not work. Can someone help me to update the maps with 2018-2019. I have the SD card with 2018-2019 maps!

  18. #78
    Новичок
    Регистрация
    27.09.2018
    Адрес
    EU
    Сообщений
    8

    По умолчанию

    My sotware version is MHI2_ER_AU57x_K2570....is it true that if I upgrade the software to a higher version, will I be able to update it to newer maps?

  19. #79

    По умолчанию

    No, your K2570 is the latest for your pre Facelift Main Unit... You can install newest Maps... But you need an activation of it.
    For this, you have to look for people, which can do this in your country...

  20. #80
    Новичок
    Регистрация
    22.12.2017
    Сообщений
    2

    По умолчанию

    Цитата Сообщение от jvkk Посмотреть сообщение
    Bytes 00-03 01 00 00 00 # 1 FeC collections
    ........

    Bytes 14-19 03 61 69 DE D4 A7 # 03 + VCRN (I have no idea what 03 means)

    .........

    What means VCRN?
    Последний раз редактировалось agr; 05.01.2019 в 17:02.

 

 

Ваши права

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Back to top