Просмотр полной версии : MIBSTD2 Signature
Hello,
Anyone know how to skip or calculate the metafile signature?
In the file tsd.mibstd2.system.swdownload in the software there is "SkipSignatureCheck = "true", will not check signature of metainfo2.txt file"
Adding SkipSignatureCheck = "true" to the metafile doesnt work.
Any idea? in IDAPRO i can see the flag but cant find out how to get it to work.
алексей 3012
15.10.2017, 06:42
I tried to modify the MetafileChecksum inside the metainfo2 file to prompt the signing error59469
the metafilechecksum is easy to calculate, but after that you need to calculate new signature and thats almost imposible.
https://reverseengineering.stackexchange.com/questions/12286/defeat-rsa-hash-verification/12287 here you find more info about the signature.
in the software donwload part of the firmware tsd.mibstd2.system.swdownload you find SkipSignatureCheck = "true" but adding this to metainfo doenst seem to work.
I want to go this way https://forum.xda-developers.com/general/connected-car/success-to-hack-technisat-mib2-t3584185#post74201158 found the emmc MTFC8GLWDQ-3M AIT Z. someone can get the datasheet of it?
This chip is BGA100 eMMC memory, you can read it with this: https://pl.aliexpress.com/store/product/eMMC-socket-with-USB-for-BGA-100-testing-Nand-flash-testing-eMMC-programmer-size-14x18-1/1195728_32493162252.html or simple SD card reader when add correct voltage and connect with good pins :)
Too much effort just to see that you cant touch anything on these units :(
Thecnisat made it secure, nothing in common with harman or delphi.
Way much easy is to use special SD cards.
I want to go this way https://forum.xda-developers.com/general/connected-car/success-to-hack-technisat-mib2-t3584185#post74201158 found the emmc MTFC8GLWDQ-3M AIT Z. someone can get the datasheet of it?
Look for "EMMC LFBGA 100 pinout" - soldering is simple, with every tool developed to work with eMMC can read this memory (even simple sd card reader, but U must to add some voltage).
Too much effort just to see that you cant touch anything on these units :(
Thecnisat made it secure, nothing in common with harman or delphi.
Way much easy is to use special SD cards.
private keys are usefull for this unit :)
алексей 3012
13.12.2017, 09:41
MetafileChecksum Calculating is easy, it is difficult to calculate the signature, there is no good way
How much special the SD card should be?
Any hint?
How much special the SD card should be?
Any hint?
its not for production units
chris2011
22.10.2019, 16:51
is there a way to get X devl sw on production units ?
Crash-100
24.12.2019, 23:26
How X soft help you ?
Crash-100
24.12.2019, 23:27
You will need patch tsd.mibstd2.system.swdownload
chris2011
24.12.2019, 23:32
Spent already few hours with patching tsd.mibstd2.system.swdownload
But no success till now
Powered by vBulletin® Version 4.2.6 by vBS Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. Перевод: zCarot