top | item 32454625

(no title)

fmntf | 3 years ago

The infotainment of the car maker had some oddities: * the binaries were signed with a certificate emitted by a big certification company, repacking an update package could be challenging * the system ran a fork of Windows CE and was co-developed with Microsoft * the SoC documentation was only available under NDA (I was able to find only a one page datasheet)

For those reasons, instead of trying to repack the software for the original ECU, I started to sniff the CAN traffic and analyzing the binaries contained in the software update packages found online. That allowed me to reimplement the communication with other ECUs on a Linux SBC.

discuss

bri3d|3 years ago

Yes, a full replacement absolutely makes sense in this situation! I don't think there are many Windows infotainment units left these days. Analyzing the binaries to figure out the meaning of the CAN traffic is an awesome (and underutilized IMO) technique - I see people sit and stare at CAN dumps in a vacuum a lot when really, whatever checksum or data they're looking for is often right there in the code.

fmntf|3 years ago

Actually there still are a lot of Windows ECUs in the wild. I analyzed the update packets of newer cars than mine (equipped with Uconnect) finding even sndrec.exe and the default page of IIS! Fortunately my company produces Linux-based ECUs, and we use Windows only for Autosar stuff.