Navigation Hacking - Day-Conday-con.org/NavHack.pdf2009 Honda Civic Hybrid My Goal Modify the...
13
Navigation Hacking Presented By Craig Smith
Transcript of Navigation Hacking - Day-Conday-con.org/NavHack.pdf2009 Honda Civic Hybrid My Goal Modify the...
Navigation Hacking
Presented ByCraig Smith
http://www.day-con.org
* Pick your target and a goal.
* It can be anything. Literally
* Research has no boundaries.
Pick a Car, Any car
http://www.day-con.org
My Target
2009 Honda Civic Hybrid
My Goal
Modify the vehicles navigation system to play music videos
http://www.day-con.org
Step 1 – Find Prior Works
* What information can you gleam from the outside & Documents?
* Has anybody else attempted to research this device or something similar?
* What tools did they use?
* What problems did they run into?
http://www.day-con.org
Details from my initial Research
* The NavTeq System is made by Alpine
* It contains a DVD that is required to run
* Angry Dad did a bunch of work in 2006 but no real work since.
* It is a Windows CE environment running on Hitatchi SuperH SH-4 Processor
http://www.day-con.org
Differences in Research* AngryDad laid out all the files needed for a firmware update. Awesome!
* Their DVD was version 4. Mine was version 6
* They used a tool called Byson to extract the packed binary file from DVD. Windows only tool. I only run Linux
* They managed to change the splash screen, Warranty message and made a small “Hello World” App. No source given.
http://www.day-con.org
Step 2 – Repeat Previous Research
* Ported Byson to Linux and rewrote parts. Source released as cerom.
* Practiced extracting files from the packed rom and modifying them.
* Successfully replaced Splash screen and Nag screen
http://www.day-con.org
Splash Screen Hack
http://www.day-con.org
Nag Screen Hack
http://www.day-con.org
Now for Music Videos...
* Microsoft Automotive Platform Development Kit
* There are 3 versions. The complete kit comes with IE and WMV Player...Sadly that's not the kit I have.
* I do not have access to the SDK
http://www.day-con.org
Next Best Thing...
* Modify to allow for Backed Up versions of the DVD to play!!
* Created a DVD-R and booted the system. Recorded the Error.
* Used “strings” and IDA to locate the code responsible for the error.
http://www.day-con.org
Stamped Checks* Software checked for BookType, Layers, and OTP
http://www.day-con.org
More Info
* Visit the Hive13 Hackerspace in Cincinnati* Details on this hack are on the wiki there:
http://wiki.hive13.org/
* Email me: [email protected]
