Hello,

Anyone know how to skip or calculate the metafile signature?
In the file tsd.mibstd2.system.swdownload in the software there is "SkipSignatureCheck = "true", will not check signature of metainfo2.txt file"

Adding SkipSignatureCheck = "true" to the metafile doesnt work.

Any idea? in IDAPRO i can see the flag but cant find out how to get it to work.

I tried to modify the MetafileChecksum inside the metainfo2 file to prompt the signing error59469

the metafilechecksum is easy to calculate, but after that you need to calculate new signature and thats almost imposible.

https://reverseengineering.stackexchange.com/questions/12286/defeat-rsa-hash-verification/12287 here you find more info about the signature.

in the software donwload part of the firmware tsd.mibstd2.system.swdownload you find SkipSignatureCheck = "true" but adding this to metainfo doenst seem to work.

I want to go this way https://forum.xda-developers.com/general/connected-car/success-to-hack-technisat-mib2-t3584185#post74201158 found the emmc MTFC8GLWDQ-3M AIT Z. someone can get the datasheet of it?

This chip is BGA100 eMMC memory, you can read it with this: https://pl.aliexpress.com/store/product/eMMC-socket-with-USB-for-BGA-100-testing-Nand-flash-testing-eMMC-programmer-size-14x18-1/1195728_32493162252.html or simple SD card reader when add correct voltage and connect with good pins :)

Too much effort just to see that you cant touch anything on these units :(
Thecnisat made it secure, nothing in common with harman or delphi.
Way much easy is to use special SD cards.

I want to go this way https://forum.xda-developers.com/general/connected-car/success-to-hack-technisat-mib2-t3584185#post74201158 found the emmc MTFC8GLWDQ-3M AIT Z. someone can get the datasheet of it?

Look for "EMMC LFBGA 100 pinout" - soldering is simple, with every tool developed to work with eMMC can read this memory (even simple sd card reader, but U must to add some voltage).

Too much effort just to see that you cant touch anything on these units :(
Thecnisat made it secure, nothing in common with harman or delphi.
Way much easy is to use special SD cards.


private keys are usefull for this unit :)

If you have them yes.

MetafileChecksum Calculating is easy, it is difficult to calculate the signature, there is no good way

How much special the SD card should be?
Any hint?

How much special the SD card should be?
Any hint?


its not for production units

is there a way to get X devl sw on production units ?

How X soft help you ?

You will need patch tsd.mibstd2.system.swdownload

Spent already few hours with patching tsd.mibstd2.system.swdownload

But no success till now