Difference between revisions of "MIB2"

From Automotive Wiki from mr-fix
Jump to: navigation, search
Line 144: Line 144:
  
 
After this you should be able to use SWaP code / FEC protected features.
 
After this you should be able to use SWaP code / FEC protected features.
 +
 +
== non-Hacking feature activation ==
 +
MIB software has an option to override .fec file for software testing purposes. Presence of a special file with SWaP codes listed in it will cause those codes to be visible in system a valid.
 +
To insert this file there's no root access required. It's copied to the system via SD-card update procedure. File contains information about [[VCRN]] to ensure that it's used on a test unit.

Revision as of 17:29, 31 July 2020

Cars and Devices

Volkswagen

Composition Media MIB2, Discover Media MIB2, Discover Pro MIB2.

  • VW Golf MK7 (5G)
  • VW Passat B8
  • VW Tiguan MK2
  • VW Polo

Skoda

  • Skoda Karoq (NU)
  • Skoda Kodiaq (NS)
  • Skoda Octavia (5E)
  • Skoda Yeti (5L)
  • Skoda Superb (3V)

Seat

  • Seat Leon (5F)
  • Seat Ibiza (5P)
  • Seat Arona
  • Seat Ateca
  • Seat Toledo
  • Seat Alhambra

Porsche

PCM4.0 Infotainment system

USB ports

There are many types of USB ports with different functionality.

5G0 035 222 E

  • AUX support
  • USB iOS (UI4) support
  • Standard Infotainment Unit (I8E) support
  • High Infotainment Unit (I8H) support
  • Android/MirrorLink support

5G0 035 222 F

  • AUX support
  • limited USB (UE4) support
  • Standard radio Gen2 (I8E) support
  • High Infotainment Unit (I8H) support
  • Android/MirrorLink support

5G0 035 222 H

  • AUX support
  • USB iOS (UI4) support
  • Standard radio Gen2 (I8E) support
  • Android/MirrorLink support

FEC / SWaP Codes

SWaP is short for SoftWare as a Product. This is a strategy to sell and protect optional features and functionality for Audi, Volkswagen, Seat, Skoda, and Porsche infotainment units as if it was an actual material product. Most likely it's cheaper to manufacture an infotainment headunit that is equipped with hardware supporting all features and the lock out these that were not play for, than to have separate hardware configurations designed for each variant of optional equipment. This method gives also chance to cross sell additional features later on.
Here's where the FEC comes in. It's short for Function Enabling Code, and this is exactly what it does. After buying such code for feature that you are interested in having, dealer is installing it in your cars infotainment headunit and from now on desired feature is available for you.

List of SWaP Codes

  • 00030000 AMI (USB Enable)
  • 00030001 Gracenote
  • 00040100 Navigation
  • 00050000 Bluetooth
  • 00060100 Vehicle Data Interface
  • 00060200 Infotaiment Control
  • 00060300 Mirror Link
  • 00060400 Sport HMI / Performence Monitor
  • 00060500 Sport Chrono
  • 00060600 Logbook
  • 00060700 Online services
  • 00060800 Apple Carplay
  • 00060900 Google Automotive Link / Android Auto
  • 00070100 SDS
  • 00070200 SDS for Nav
  • 00070400 Electronic Voice Amplifier

Legal activation

You can buy at the dealership activation codes to enable some of the SWaP features. Order it by FEC part number.

Generating FecContainer.fec

File named FecContainer.fec stores information about which codes are valid and which features should be enabled for end user. You can make your own FecContainer.fec file and replace the original one but it will be detected as invalid since it will not be signed with proper certificate. You can bypass this by patching the system.

Hacking

In some cases hacking is the only way to enable some features in some cars. For example Porsche PCM4.0 was not available from factory with Android Auto support. Also there is no FEC for Performance Monitor if it was not enabled from the factory.
Hacking MIB2 is basically 3-step process:

  1. Access filesystem
  2. Replacing ifs-root.ifs with patched one
  3. Replacing FecContainer.fec file with custom one

Fileststem access methods

There are several methods to access MIB2 filesystem. After establishing network connection you can telnet into the device and use log in using one of the MIB2 root passwords that matches your device.

USB to RJ45

By enabling Developer Mode and connecting UBS to Ethernet adapter. [3]

  • D-Link DUB-E100 (0x2001, 0x3c05)
  • D-Link DUB-E100 (0x2001, 0x1a02)
  • SMSC9500 (0x0424, 0x9500)
  • Germaneers LAN9514 (0x2721, 0xec00)
  • Cinterion AH6A 3G (0x1e2d, 0x0055)
  • Cinterion ALS1/ALS6 (0x1e2d, 0x0060)

Some sources indicate that USB connection will only work if empty file /var/dataoverdlink is present.

Quadlock Rx/Tx

  1. Adapter GND to car GND
  2. Adapter RX to J5_TX
  3. Adapter TX to J5_RX [4]

WLAN

  1. Create access point with your phone (or any other device)
  2. Connect your MIB2 device to this access point
  3. MIB2 will get a local IP - connect to this IP using telnet on port 23

POI update via SD card / USB

Custom update files that will inject additional custom hidden green menu screens with options to copy and replace system files. [5].
POI update file must be prepared with correct structure and checksums. [6][7]

autorun script

In Discover Pro firmware 388 it is possible to execute a script named autorun placed on USB stick [8]

custom firmware update via SD card / USB

If you just want to replace some file with patched ones, then you really don't need filesystem access. You can prepare custom firmware update file that will replace said file for you.

Patching system and replacing FEC file

by custom firmware update [9]

  1. Prepare SD card with custom firmware on it.
  2. Enable hidden green menu to adjust developer-level options (production -> rcc_prod -> swdl_prod).
  3. Initiate update procedure.
  4. Device will reboot couple times which is normal in any firmware update procedure.

by replacing files with patched [10]

  1. Connect with MIB2-PCM4 via UART
  2. Launch a serial connection - 115200, 8, N, 1
  3. Login with root / oaIQOqkW (check MIB2 root passwords)
  4. Download Root-IFS
  5. Unpack Root-IFS (if using downloaded image from PCM4) [11]
  6. Patch out FEC checks and Component Protection
  7. Rebuild IFS image
  8. Create your new FEC file
  9. Load new files to head unit
  10. Change adaptation values as needed

After this you should be able to use SWaP code / FEC protected features.

non-Hacking feature activation

MIB software has an option to override .fec file for software testing purposes. Presence of a special file with SWaP codes listed in it will cause those codes to be visible in system a valid.

To insert this file there's no root access required. It's copied to the system via SD-card update procedure. File contains information about VCRN to ensure that it's used on a test unit.
  1. https://github.com/herrfrei/PorschePCMStuff
  2. http://bit.ly/whatthefec2020
  3. https://www.speakev.com/threads/who-wants-to-share-his-her-discover-pro-mib2-vcds-controller-channel-map.22361/page-2#post-1241153
  4. https://rennlist.com/forums/991/1049794-porsche-pcm-upgrade-hack-for-android-auto-is-this-real.html
  5. https://github.com/jilleb/mib2-toolbox
  6. https://github.com/jimmyH/mypois
  7. https://github.com/mcaddy/audipoi
  8. https://turbo-quattro.com/archive/index.php/t-23041.html
  9. https://www.audizine.com/forum/showthread.php/860600-C7-5-2016-A6-(and-others)-CarPlay-Android-Auto-Activation-DIY-Guide
  10. https://cartechnology.co.uk/showthread.php?tid=56065&page=2&fbclid=IwAR1NYi3njsAcjZbXAgBVeB6gRet2VpxQHdusMtOqLtDs6Ev7o0ssbL4L-qQ
  11. https://github.com/unbe/mmi-ifs