Related
Heya,
Unfortunately android, to be precisely wpa_supplicant does not show ad-hoc networks, the following modified wpa_supplicant shows them, haven't seen it before so I posted it .
all credits go to szym (http://szym.net/android/adhoc-wpa-supp.html)
The patch below modifies the wpa_supplicant code in the external/wpa_supplicant AOSP repo to make ad-hoc networks appear as regular APs with a (*) prefix.
The patch:
* removes the [IBSS] flag from scan results,
* masquerades and demasquerades ad-hoc ssid with (*) prefix
* sets mode 1 (ad-hoc) if the ssid is for IBSS
* permits the supplicant to select an IBSS when associating to a given ssid
Click to expand...
Click to collapse
patch: http://szym.net/android/wpa_supplicant-ibss.patch
The only thing I did was to apply the patch compile it for froyo and supply a signed update zip with the modified wpa_supplicant, work was done by szym.
Flash the attached wpa_adhoc-signed.zip in recovery and your done .
a3e00f284ddff04804ba8d59364712b1 wpa_adhoc-signed.zip (v0.5.11)
Works with:
- Froyo/Eclair roms on HTC Hero (confirmed)
- roms using wpa_supplicant v0.5.x
Attention:
- It _seems_ like some rom using wpa_supplicant v0.6.x do not work! take care (e.g HTC Desire). Please report back.
you may check this post: http://forum.xda-developers.com/showpost.php?p=7716862&postcount=24
Always do a nandroid backup!!
Downloaded and will have a try. It will be great if it works. Thanks.
The hero can detect the ad-hoc mode with a (*)before the name. It can be connected but can't access the internet. My laptop can access internet through this ad-hoc wifi. Didn't know why?
It works! Beautiful. I used my old G1 to make an ad-hoc wireless network and my Desire saw it right away and connected without any problem. See my signature for the ROM I'm using (if it really matters).
Would anyone provide "ad-hoc support in wep" in a signed update zip? Thanks.
yamchung said:
Would anyone provide "ad-hoc support in wep" in a signed update zip? Thanks.
Click to expand...
Click to collapse
it is already look at the first post.
The patch didn't work for me at first. I got "Error" while trying to turn my wi-fi on.
But when I restored the original /system/etc/wifi/tiwlan.ini and /data/misc/wifi/wpa_supplicant.conf back in the phone, it started detecting ad-hoc networks.
So the patch worked after all.
Thanks.
[EDIT]
Did not work after I rebooted my phone.
HTC Hero Brown
Running: FroydVillain 1.2.2
Kernel: [email protected] #302
Operator: Airtel India
what does this allow me to do ? will i be able to transfer files between phones?
Hi all, I just got my SGS yesterday. How can I flash this patch. I renamed file to update.zip, downloaded into my SGS /sdcard, and used ABD to install the update.zip. However it gave me a waring 'Installation Aborted'' . I may just doing something wrong here. ...any suggestion? Thanks a lot!
Thanks a lot, works on Magic 32b but only for non password protected connections
Able to see the connections on Desire, but unable to connect, gets stuck on Obtaining IP adress.....
Running on Cyanogen 6.0.0 RC1 on Magic, and LeeDroid 1.8c on Desire
will this work on a stock rooted 2.1 Vibrant??
Just flash via ROM Manager?
Did the update and now my wifi wont turn on. You can actually watch it on settings screen turn and off. It is stuck in this loop and eventually comes up with a force close!
Anyone have any ideas?
So will this let me ad-hoc to my netbook which is also wfi-tethered to the phone?
the update zip is only for froyo!!
blackplatypus said:
Heya,
Unfortunately android, to be precisely wpa_supplicant does not show ad-hoc networks, the following modified wpa_supplicant shows them, haven't seen it before so I posted it .
all credits go to szym (http://szym.net/android/adhoc-wpa-supp.html)
patch: http://szym.net/android/wpa_supplicant-ibss.patch
The only thing I did was to apply the patch compile it for froyo and supply a signed update zip with the modified wpa_supplicant, work was done by szym.
Flash the attached wpa_adhoc-signed.zip in recovery and your done .
a3e00f284ddff04804ba8d59364712b1 wpa_adhoc-signed.zip
Click to expand...
Click to collapse
You can do the same work for corporate APN with request for
authentication?
THANKS
Nexus
I have Nexus one with cyanogen 6.0 RC3 installed on it.
I have flashed this zip file but my phone still doesn't see the adhoc network on my laptop. i don't know if there is a fault in my PC settings or this is a compatibility issue for cyanogen. can anyone please shed light on my situation? it is very important for me.
that's great!! i Have a nexus one with android 2.2 FRF91 and it worked for me too. i just flashed the zip from the recovery. tnz a lot man, i've been waiting for this
@blackplatypus - will this work with unrooted HTC Desire froyo?
Do I need to do anything special with the file wpa_adhoc-signed.zip other than renaming it to update.zip and flashing in recovery?
I'm getting verification failed message
Please help - Android Noob
works great on desire. thanks
Esofron- would you mind sharing how you managed to do it on your desire? Thanks!
Sent from my HTC Desire using XDA App
Works Great !!!
With Enomther's Rom !
Thank you
Hi everybody. I've bought my A100 one month ago and i've rooted and added ad-hoc patch for it in order to have internet through wm cellphone.
i've rooted with this guide
androidforums.com/iconia-tab-a100-all-things-root/401598-rooting-a100.html
and added ad-hoc with this one:
batista70phone.com/2011/05/supporto-per-reti-ad-hoc-su-acer-iconia-a500/ (is in italian, if you need english tell me, I can translate it)
To avoid problems open the page from the tablet and copy/paste the commands, and remeber to SWITCH OFF WIFI AS SOON AS POSSIBLE before playing with the wifi files!!
I've also added to my winmo phone ( diamond ) WMWifiRouter in orde to share the connection from 3g on the phone to wi-fi on the tablet.
Everything works. You have only to start WMWiFiRouter on diamond or other wm6 device and than looking in the wifi list on tablet for the wireless just created ( Office Lan....etc ).
For convenience activate on cellphone "wifi always on" also if "display is off" trough Diamond Tweaks.
I hope this can be useful for someone else ;-)
English guide for enabling ad-hoc
I would greatly appreciate it if you would translate the guide for enabling ad-hoc capabilities for the a100. I can't seem to find a guide anywhere else and, alas, I don't speak Italian. Thank you so much!
-Sean
EDIT: if it is easier, you can send it to my E-mail ([email protected])
Sean Foster said:
I would greatly appreciate it if you would translate the guide for enabling ad-hoc capabilities for the a100. I can't seem to find a guide anywhere else and, alas, I don't speak Italian. Thank you so much!
-Sean
EDIT: if it is easier, you can send it to my E-mail ([email protected])
Click to expand...
Click to collapse
I used this site to translate it to English.
http://translate.googleusercontent....033314&usg=ALkJrhhTGzTt752dLWUy168U5FSsyzNFZA
It pointed back to an XDA thread that pointed back to this post. http://forum.xda-developers.com/showthread.php?t=1033314
It should be enough to get you going.
Edit:
I am not going to spoon feed and send it to your email.
still having problems with ad hoc access
i followed the instructions to root the tablet. this worked fine. i then followed instructions to replace the wpa_supplicant file with the one found on this forum for the motorola xoom that is meant to give ad hoc capabilities. i know the file replaced fine as the way the a100 behaves with regards wireless has changed. before there seemed to be a bug that it would always turn off the wireless when the screen went off no matter what the wireless behavior settings were. now it never turns off wireless even if the screen goes off.
if i set up a wireless network from my laptop using the intel My Wifi software if connects fine with WPA, it did this out the box. however if i set up an ad hoc netork on my laptop it will not connect correctly.
1. If I use WPA it just keeps saying connecing ---disconncted repeatedly
2. If I use WEP or no encryption it gets to the point of obtaining an ip address but never gets any further.
I have only tried with DHCP
Also with the ad hoc network it seems to make multiple networks in the wireless networks on the tab.
I was hoping someone could give me some specific help on this and maybe some up to date advice on the usbb host issue.
Thanks in advance.
thanks for your help yes it seems i am the only one who is still having problems! i am working on a ship now and maybe the server here is causing issues. i will be home tomorrow and can try then.
when you set up your ad hoc in windows do you select WPA or WEP, funny I thought ad hoc only had WEP security. why does w7 offer WPA on ad hoc?
thanks andy
thanks I tested at home. Still can't connect with adhoc on my laptop with wep wpa or no authentication but works fine on my huwei e585 which is a bit of a mystery I will try and fine another laptop to test it with.....thanks for your support though.......do you know any solution to the USB host issue on the a100?
hi there is another issue with the a100 i was hoping to solve. you cannot mount a usb device like a thumb drive on it. the a500 had a standard pc type usb port and you could mount a usb drive on it. although you can get a mini usb male to ubs female 'usb on the go' cable apparently it wont work on the a100. i have seen some feedback regarding this on blogs but no solutions. any ideas? Andy
ad hoc again
hi again...have juts discovered that my huwei e585 modem actually provides infrastructure not ad hoc which is why my a100 tablet works with it. i think i still have a problem with ad hoc on my a100. i went through the process of getting the new wpa_supplicant file in /system/bin and i checked it has the same permisions as the original file but still no luck...can anyone help? I still cant connect my a100 to an ad hoc network provided by my laptop.
yes, i used root explorer to copy the wpa_supplicant and I made sure I had the airplane mode on and wireless off when I did it.I just tried the whole process again and the same result. my a100 has android 3.2. I also made sure the permissions are exactly the same as the original file.
Andy
Hello. I am an Android newb. I have been trying to correct this issue for over a week to no avail. Please advice.
I've tried rooting my A100 by inputting (copy/paste) the proper commands on the a100 itself in a terminal emulator, but have had no success. The commands cause no obvious response when entered into the terminal, but when I checked xbin for su, it's there. I've installed the superuser apk, but busybox install fails due to lack of root. Repeating the process doesn't change anything.
I've also tried rooting via the ADB method. The results are the same. su is in xbin folder; however, I cannot install busybox because I am not rooted.
The last bit of info I can provide about my situation is this. I have root checker installed on my A100. I do not get the same result each time I click "verify root". Sometimes it tells me that I'm rooted and sometimes it tells me that I'm not rooted????
Please let me know if I can provide any additional information. I need some help please.
JusThinK said:
Execute the commands fropm terminal emulation.
/system/bin/cmdclient ec_micswitch '`mount -o remount,rw /system`'
/system/bin/cmdclient ec_micswitch '`cat /mnt/sdcard/su >/system/xbin/su`'
/system/bin/cmdclient ec_micswitch '`chmod 6755 /system/xbin/su`'
NOTE: You must have to copy moded su to your sd card , /mnt/sdcard
@Sent from My Acer Iconia A100
Click to expand...
Click to collapse
These are the same commands that I have previously entered via terminal emulator and I tried again via ADB method. I have tried multiple times.
I'm not sure what you mean by "You must have to copy moded su to your sd card , /mnt/sdcard". Are you referring to the su file in my xbin folder? If so, I cannot copy it because I am not rooted. Every time I execute the aforementioned commands, the su file in my xbin folder gets modified. The size of the su file in my xbin folder is 0.00K, is this normal?
Thanks for responding, please offer further guidance if you can.
hi i am no expert but i got the root to work fine with these instructions. as long as you copied the new su file to your xbin folder the third command on the list should take care of everything.
then you have to do the busybox and super user thing
Step 6: Install BusyBox from the Market
Step 7: Install SuperUser from the market, this is the APK version this time. This is going to update the SU file and install the SuperUser app.
thanks i got it now
Hi,
I just brought my new acer iconia a100 model 3 weeks ago.I want to ask if it is ok to use the 3g connection of samsung galaxy y in the iconia.Also i want a english translation for the ad hoc for easy understanding.can you email me at [email protected] for the answer.I'll wait for your answer.
Thank you.
andreagragnato said:
Hi everybody. I've bought my A100 one month ago and i've rooted and added ad-hoc patch for it in order to have internet through wm cellphone.
i've rooted with this guide
androidforums.com/iconia-tab-a100-all-things-root/401598-rooting-a100.html
and added ad-hoc with this one:
batista70phone.com/2011/05/supporto-per-reti-ad-hoc-su-acer-iconia-a500/ (is in italian, if you need english tell me, I can translate it)
To avoid problems open the page from the tablet and copy/paste the commands, and remeber to SWITCH OFF WIFI AS SOON AS POSSIBLE before playing with the wifi files!!
I've also added to my winmo phone ( diamond ) WMWifiRouter in orde to share the connection from 3g on the phone to wi-fi on the tablet.
Everything works. You have only to start WMWiFiRouter on diamond or other wm6 device and than looking in the wifi list on tablet for the wireless just created ( Office Lan....etc ).
For convenience activate on cellphone "wifi always on" also if "display is off" trough Diamond Tweaks.
I hope this can be useful for someone else ;-)
Click to expand...
Click to collapse
will this still work with ics?
Sent from my SCH-I500 using xda premium
I tried the opening poster's ad-hoc fix on my iconia a100 ICS leak, and it worked great. This is where the instructions are (in italian, but translated by google, it was understandable) Now I can get wifi from my jailbroken iphone 3gs with mywi app.
batista70phone.com/2011/05/supporto-per-reti-ad-hoc-su-acer-iconia-a500/
I did notice that the status bar icon that shows wifi doesn't seem to be showing signal strength properly.
marcusjbid said:
I did notice that the status bar icon that shows wifi doesn't seem to be showing signal strength properly.
Click to expand...
Click to collapse
Yeah, personally I have solved this issue with this wpa_supplicant, extracted from taboonay a500 rom.. I hope it can be usefull!
mugna91 said:
Yeah, personally I have solved this issue with this wpa_supplicant, extracted from taboonay a500 rom.. I hope it can be usefull!
Click to expand...
Click to collapse
Hey, thanks works great
Sent from my A100 using XDA
Anyone have another supplicant file I could try? After the latest upgrade OTA, I can't connect to my iPhone's ad-hoc anymore.
Sent from my A100 using XDA
Never mind, its working now.
Sent from my A100 using XDA
For a while now I have been wanting to run aircrack on my galaxy nexus so as to have a mobile pentesting device.
So, I finally got it working and thought I would post how. This is not a task for the terminally challenged.
Install Backtrack 5 ARM. The latter is a linux environment designed for pentesting. On a mobile device the easiest way to install it is by chrooting to the mounted img, running on top of the mobile devices kernel.
Since most people seem to think aircrack is unusable on a mobile arm device, it is not included in the BackTrack 5 linux distro above, so you will need to download it manually once you have BackTrack up and running.
Here are the commands to do so:
#!/bin/bash
# Aircrack-ng installer for BackTrack 5 on Android
# By Justin Barrick aka th3p4tri0t
# install dependency for libssl-dev
apt-get install zlib1g-dev
# install libssl-dev
wget http://launchpadlibrarian.net/64412492/libssl-dev_0.9.8k-7ubuntu8.6_armel.deb
dpkg --install libssl-dev_0.9.8k-7ubuntu8.6_armel.deb
rm libssl-dev_0.9.8k-7ubuntu8.6_armel.deb
# get and install aircrack-ng
apt-get install source-aircrack-ng
cd /var/backtrack/sources/aircrack-ng/1.1/bt9/upstream-sources/
tar -xzf aircrack-ng.tar.gz
cd aircrack-ng/
make
make install
# set path variable
echo "export PATH=$PATH:/usr/local/sbin" >> ~/.bashrc
export PATH=$PATH:/usr/local/sbin
Now, the hard part. Or at least the part that took me forever to discover. You need the drivers for the AWUS036H to be insmod'ed into the kernel. You can accomplish this by obtaining your kernel source and the driver source, which is part of the compat-wireless package, more specifically the AWUS036H uses the rtl8187 chipset. Then, you cross compile those two sources to obtain rtl8187.ko, eeprom_93cx6.ko, and mac80211.ko. Then insmod those kernel modules into your kernel (insmod rtl8187.ko). The process is explained here. One can also recompile the enitre kernel, instead, and include the modules as built-in drivers. However, compiling kernel drivers can be difficult (toolchains, kernel source, etc), so luckily, I found a Galaxy Nexus kernel that already has the modules built-in, it is franco.Kernel R140 with modules added.
***Update:farcno.Kernel R200 with RTL8187 modules added, and R248 for JellyBean 4.1.1 with RTL8187 drivers
, so Aircrack-ng is now compatible with JellyBean! Also, R140 is no longer available but R200 is and has the modules needed
Beware, the kernel R200 needs ICS 4.0.4 installed to work properly, and R248 is built for JB 4.1.1.
***Update 04/11/2013:
I couldn't find any kernels with the RTL8187 drivers for JB 4.2.2, so, I built one my self. The kernel is a modified franco.Kernel R370. I didn't package it into a flashable zip, because I find it just as easy to hook my phone to my computer and use fastboot (fastboot flash boot bootJB422-RTL8187.img). The kernel image is attached below. I have been running it for about 4 days now without issue. I actually find it is the stablest version yet. I was able to play N64oid, while running airodump-ng and aireplay-ng. File attached below.
***Update 04/15/2013:
I looked into getting more of the aireplay-ng attacks to work proper with the RTL8187 drivers. There had been some complaints about fragementation attack not working and negative one always being returned as the channel for mon0. So, I found two patches for those issues on the aircrack-ng site and applied them to the franco.Kernl r370 with RTL8187 and recompiled. Now, we have fully functional aircrack-ng RTL8187 driver.
Once you flash the kernel, using the flashable zip and cwm or fastboot flash, then backtrack will be able to recognize the attached wifi adapter.... once you mount the usb bus in BackTrack. And, of course, this needs a OTG USB host cable.
The final step before learning how to use aircrack-ng is:
1. Open a terminal and load BT5, you can load the 'ui' and use an vnc to connect the the xserver desktop if you want. But, I have found it is easier to just use the chroot shell in the android terminal emulator.
2. open another android terminal window, and type:
su
mkdir -p /data/local/bt/dev/bus/usb
mount -o bind /dev/bus/usb /data/local/bt/dev/bus/usb
3. In the new android terminal window, start the BT5 shell (startbt), then type:
lsusb
You should see atleast one device, the usb root, and whatever device you have plugged in to the otg cable, if any.
A note to remember: I re-performed this guide after formatting my phone and got stuck here. lsusb didn't list anything. I rebooted my phone and tried to start BT5 and mount the usb again and it worked. I rebooted, started BT5, tried lsusb without binding usb and was blank as should be, bound usb back in another terminal window, returned to BT5, tried lsusb and root hub displayed.
Now, plug in the AWUS036H and type: airmon-ng
And you should see the device listed.
Read here for how to run aircrack, or view here.
Essentially the commands are:
lshw -disable dmi
(this should list the attached wifi card under NETWORK, my RTL8187 was wlan1)
ifconfig
(you should see wlan1 listed, if not the type "ifconfig wlan1 up" and retype "ifconfig")
airmon-ng start wlan1
airodump-ng mon0
copy BSSID and CHANNEL
New android terminal with BT5 shell (startbt): airodump-ng -w wep -c CHANNEL --bssid BSSID mon0
New android terminal with BT5 shell (startbt): aireplay-ng -1 0 -a BSSID mon0
New android terminal with BT5 shell (startbt): aireplay-ng -3 -b BSSID mon0
After ~50,000 packets collected:
New android terminal with BT5 shell (startbt): aircrack-ng wep-01.cap
To the purpose, with this, if your friend or mom or just some complete stranger forgets their wep key to their network, all they need to do is call you and you can just drive by, plug your wifi adapter into your phone, chroot to BT5 and aircrack their password for them, in a matter of 5 to 10 minutes.
WARNING!!!: In my intial aircrack run on my galaxy nexus, I cracked a wep key in about 5-10 minutes. I was happy, happy, happy. Then, a ruinous moment occurred. Almost the very second aircrack-ng finished cracking the key, my phone came up with a low battery warning, I was using a awus036h wifi adapter and it was draining my battery fast, I had about 50% to begin and had the 14% warning hit me about 10 minutes in, funny thing is the warning is usually 14%, but this time was 13%, go figure? Anyway seconds after the warning my phone just blanks, turns off. I plug it in and reboot and the battery is at 0% and stuck there, so a word of warning:
An external wifi adapter my require more usb host juice then the battery can safely supply. I have seen people using powered hubs to circumvent draining the phone battery, I would defintiely recommend the practice.
UPDATE: I plugged the phone into an AC charger and the battery finally charged (phew). For some reason, it wouldn't recharge on the USB cable after being so drained.
Is there a compatible wifi device that has the same chip set but with its own power supply (cord or battery)? If so that should help. I'm interested if someone can find one.
Sent from my Galaxy Nexus using xda premium
This is amazing work. I used to do some network pen testing as part of my old job and there's a lot of work that goes into making a mobile setup even with a laptop involved. The fact you got this all working coherently on a phone is mind blowing to me. Huge props.
I have no experience with this manufacturer or ebay seller but through some googling I did find this product:
http://www.ebay.com/itm/Solar-Power...970998?pt=PDA_Accessories&hash=item20b72a86b6
USB hubs in theory do not identify as normal USB devices and allow for pass through communication between connected devices. This one supplies external power as well. In other words, you may be able to connect both devices to this as it provides external power, and they can communicate without you having to rewrite any drivers.
However, be careful because some USB chipsets get confused if you try to use them as USB host but supply external power at the same time. So you may want to verify that is safe on the GNEX USB chipset.
Anyone willing to order that hub and test it?
Sent from my Galaxy Nexus using xda premium
Wow just found that and will be testing it at home tonight.
I flashed the V140 kernel via recovery and I can't locate rtl8187.ko anywhere to move it to /data/local/modules
Where is it located once the kernel flashed?
Thanks!
Once you install the R140 kernel mentioned, there is no need to insmod rtl8187.ko. The rtl8187 chipset support is compiled into the kernel boot.img.
I use this external battery pack, and I spliced a spare USB cord with the cord from my wifi adapter, so it only draws juice from the battery pack.
When you cut open a usb cord there are four wires: red, black, green, and white.
Green and white are data, connect them to the cord going to the galaxy nexus.
Red is +5V, connect it to the +5 V or red cord going to the battery pack.
Black is common, connect it to both usb cords.
So, on the cord going to the battery pack, green and white are loose, and on the cord going to the gnex, red is loose.
Or, you could use the solar powered hub mentioned above. You will still need the modified kernel, as the hub will show up as an attached device, but so will whatever is connected to it. You can't communicate with a device, without the appropriate drivers.
I did the bt5 development for the xoom. Reaver works too for h4xRing wps. I make a module pack with about 100 modules for xoom. If this is something the gnex community is interested in ill see what a can do.
bigrushdog, to be honest, during my trek to get this working, I nearly gave up and bought a XOOM, after seeing how well developed it was.
bigrushdog said:
I did the bt5 development for the xoom. Reaver works too for h4xRing wps. I make a module pack with about 100 modules for xoom. If this is something the gnex community is interested in ill see what a can do.
Click to expand...
Click to collapse
Of course I would be interested!!!
Aircrack is working now with my rtl8187!
Great job. However I noticed that this kernel is draining the battery much quicker than the latest Franciscofranco kernel in Android with a normal everyday usage.
You could download the franco.Kernel updater, it lets you set options in the franco.Kernel, like the "Generic Hotplug" option which saves battery by turning off one cpu core when the phone screen is off and allows you to set undervolt settings. It also has a Power Mode setting with Full Power, Balanced, and Power Save options. Full Power is default, which makes your phone faster, but at the expense of battery power.
Be sure not to upgrade the kernel to the current nightly though. The franco.Kernel I listed is specially modified, the rtl8187 drivers aren't normally found in the franco.Kernel.
bigrushdog said:
I did the bt5 development for the xoom. Reaver works too for h4xRing wps. I make a module pack with about 100 modules for xoom. If this is something the gnex community is interested in ill see what a can do.
Click to expand...
Click to collapse
Yes, please! I'd be interested.
Sent from my Galaxy Nexus using xda premium
michaelmotes said:
You could download the franco.Kernel updater, it lets you set options in the franco.Kernel, like the "Generic Hotplug" option which saves battery by turning off one cpu core when the phone screen is off and allows you to set undervolt settings. It also has a Power Mode setting with Full Power, Balanced, and Power Save options. Full Power is default, which makes your phone faster, but at the expense of battery power.
Be sure not to upgrade the kernel to the current nightly though. The franco.Kernel I listed is specially modified, the rtl8187 drivers aren't normally found in the franco.Kernel.
Click to expand...
Click to collapse
I will try the settings as I already have the app! Huge thanks!
Wow I tried to get rtl8187 working since 2 weeks, but never was able to crosscompile the kernel modules.. And you found a kernel, that has these modules already intergrated thank you very very much
It was brought to my attention that the patches for the compat wireless drivers from aircrack-ng haven't been applied to the driver in the kernel I provided. Nonetheless, aircrack-ng, aireplay-ng, airmon-ng, and airodump-ng still work. The only one that might give you a problem is aireplay-ng because it uses the patches to get the channel of the bssid from the driver, which without the patch just returns -1. I was able to get around it by using the command line option --ignore-negative-one when using aireplay and the ARP request replay attack (attack 3) and fake authentication (attack 1) still worked.
Also, a word to the wise, I overheated my cpu while running airodump, aireplay ARP request replay, and aircrack all at once and caused a kernel panic and emergency shutdown. So, I would advise only running airodump and aireplay, then waiting until you have lots of packets, stopping airepaly and airodump, and then running aircrack. Or, maybe even underclocking the cpu while running in backtrack.
michaelmotes said:
It was brought to my attention that the patches for the compat wireless drivers from aircrack-ng haven't been applied to the driver in the kernel I provided. Nonetheless, aircrack-ng, aireplay-ng, airmon-ng, and airodump-ng still work. The only one that might give you a problem is aireplay-ng because it uses the patches to get the channel of the bssid from the driver, which without the patch just returns -1. I was able to get around it by using the command line option --ignore-negative-one when using aireplay and the ARP request replay attack (attack 3) and fake authentication (attack 1) still worked.
Also, a word to the wise, I overheated my cpu while running airodump, aireplay ARP request replay, and aircrack all at once and caused a kernel panic and emergency shutdown. So, I would advise only running airodump and aireplay, then waiting until you have lots of packets, stopping airepaly and airodump, and then running aircrack. Or, maybe even underclocking the cpu while running in backtrack.
Click to expand...
Click to collapse
Could we patch it manually? We would need to download the kernel source somewhere in the chroot session and modify the makefile then?
You can patch it manually. But, like I said, I'm happy with it, I can crack wep keys and that is what I wanted to do, still as an academic exercise, or academic triathlon, you can patch it manually. To start, I would try getting the kernel source for the gnex, or maybe from Kernel-XP I linked. He might give it to you if you asked. Then, I would recompile the kernel with not changes.
The kernel must be recompiled using the arm gcc toolchain, you can get it like:
$ git clone https://android.googlesource.com/platform/prebuilt
$ export PATH=$(pwd)/prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin:$PATH
I would install all the necessaries on a regular desktop and follow the instructions for building kernels here: http://source.android.com/source/building-kernels.html.
Once you get the kernel rebuilt and it works, look into patching the compat-wireless source here: http://www.aircrack-ng.org/doku.php?id=compat-wireless
And then take a look here: http://stackoverflow.com/questions/4849063/cross-compile-lkm-module-for-android-platform. It says how to setup a makefile in the driver source directory to make it cross-compile with the android kernel source.
Nice!
Cool and thanks for all the steps. Last link was the key I was missing for many weeks!
So right now WPA2 won't be working right?
What do you mean "WPA2 wont be working"?
I believe you can still caputre handshakes, and try to brute force the password. All you need is to run airodump to capture the handshake on the wpa router and run aireplay with attack 0 (deauthication) to cause a client to handshake.WPA cracking is slow though, and only possible if the router has password less then or equal to 7 characters, I think after that the odds of cracking it become worse then hitting the lottery after that. There is no way to recover a WPA key without guessing it.
Capturing the handshake just allows one to guess rapidly without the router knowing or being able to ban your mac for repeated auth attempts.
Hi,
I've been trying to install Kali on my Note 2 (N7100, Firmware: N7100XXUFNE1, Android 4.4.2, rooted) with Linux Deploy 2.02-224, but when i press start I get the following errors:
starting extra/dbus ... fail
starting extra/ssh ... fail
starting graphics/vnc . fail
Android VNC, JuiceSSH and busybox is installed.
In the settings at PATH variable i have set /system/xbin und have updated the ENV.
On the SD ( 32gb, FAT32 ) is enough Space available (more than 10 gb after downloading the image).
When I push the status button , the program said i have an armv71. In the properties i have set armhf, Is this right?
when I start androidVNC it can't connect with the following error message:
VNC connection failed!
failed to connect to localost/127.0.0.1 (port 5900):connect
failed: ECONNREFUSED (connection refused)
Can someone please help me to configure this correctly to run kali on my Phone ?
If you need to know something, just ask.
thx
Bro.. I have same problem. I search google youtube.. no one cant help this problem.. im using s2 android 4.1.2 extra dbus fail vnc fail
The error occuring becuase of kernel version is very old. Try install older versions of ubuntu distrubiton. As ubuntu 12 Precise Pangorin. I tried it with kernel verson 3.0.X and worked good. You need linux kernel version 3.2.X ( I dont know totally) or later for latest version of linux distrubtions.
It works with Xenial (14.04) but doesn't work with Arch Linux (which is abrolling distro).
The failure is with dbus, ssh and vnc.
I have exactly the same issue, but my kernel version is 4.1.18
---------- Post added at 06:04 PM ---------- Previous post was at 05:55 PM ----------
m4estr001 said:
I have exactly the same issue, but my kernel version is 4.1.18
Click to expand...
Click to collapse
UPDATE:
I have solved my problem running "Configure". Hope i help You.
m4estr001 said:
I have exactly the same issue, but my kernel version is 4.1.18
---------- Post added at 06:04 PM ---------- Previous post was at 05:55 PM ----------
UPDATE:
I have solved my problem running "Configure". Hope i help You.
Click to expand...
Click to collapse
Nope.
If I try to install Arch, I always get this error:
Code:
starting extra/dbus ... fail
starting extra/ssh ... fail
starting graphics/vnc . fail
Configuration is done at the end of installation.
I also tried to run it manually with no extra luck.
The kernel version should be as new as possible under Arch.
Both Debian and Ubuntu work. But Archlinux doesn't.
I start thinking it's a bug in Archlinux for aarch64.
I think it could be an issue with the networking (but I'm not sure about the dbus).
Uqbar said:
Nope.
If I try to install Arch, I always get this error:
Code:
starting extra/dbus ... fail
starting extra/ssh ... fail
starting graphics/vnc . fail
Configuration is done at the end of installation.
I also tried to run it manually with no extra luck.
The kernel version should be as new as possible under Arch.
Both Debian and Ubuntu work. But Archlinux doesn't.
I start thinking it's a bug in Archlinux for aarch64.
I think it could be an issue with the networking (but I'm not sure about the dbus).
Click to expand...
Click to collapse
I am interested but i dont know much, let me know how you fix your problem. And good luck.
For ArchLinux there's a bug fix that will be released with the next version: there's a missing library in the installation.
I've been told by the devs to "just wait" for the new release.
I also have the same issue with my android I have tried everything but it is not working out for me please I need help this is my gmail ID [email protected] contact me if u have a solution for me thanks alot
Calex360 said:
I also have the same issue with my android I have tried everything but it is not working out for me please I need help this is my gmail ID [email protected] contact me if u have a solution for me thanks alot
Click to expand...
Click to collapse
Get the latest package from here.
IGNORE THE FAILS - JUST LEAVE IT RUNNING IT WILL INSTALL SOME TIME LATER TRUST ME I had same problems, vnc fail and dbus fail, i gave up while was looking around online....anyway i looked back at my device and about 10 mins later it was installing/retrieving Kali packages have faith...and patience it takes a while
I have Pixel C and I too was getting these errors. One usually find people in such sites or forums telling others to do some learning. But these errors are not due to bad learning. After downloading different distributions of Ubuntu and Debain almost 25-30 times. Finally I downloaded one which had no error while downloading. Yes I made sure that each line pass by without error. Even with this one when I touched Start, I got some errors relating to 'tightvnc'. Vnc veieer was again giving connection problem. I selected Configure. I ran some some lines and finally when I touched Start I got no problem and vnc viewer started LXDE (and fearing to be not called some idiot, even LXDE gave an error message, but it was resolved itself next time). I think the location from which linuxdeploy download these files is very unstable or I don't know if linuxdeploy do some intermediate processing which may be making these downloading unstable.
Only some minor alterations like, keep screen, WiFi and cpu active in Setting. I used second last Version 2.5.1-257 of Linux Deploy.. I don't think these alterations made any difference if the .img file downloaded is corrupt.
Is it resolved and does it work? Since days I try to get it running on a Fire HD tate with 14.1 LineOS with 3.0.7 kernel rooted.
If I don't get those fail errors I get chroot errors like permissions denied or no such file /bin/su/ (it's /system/bin/ in the tablet)
Try to run Debian buster or stretch. Is it possible? Any help would be greatly appreciated
I resolved the issue by remounting system to read/write.
I fixed this issue by changing architecture to arm64 (s7 edge)
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
devmihkel said:
For good or for bad NOT everything appears correct, except the running 17.x version... As of now neither the "commercial jailbreak" supports new versions (well yes they were using exactly the same file to start with Also 16.51.x or newer appears to be no go: uconnect-8-4-8-4an-update
EDIT: haven't got 17.09.07 to try, but on 17.11.07 manifest.lua has changed and the last block/ search keyword is "ota_update" instead. Otherwise all the same, image valid after the edit and script.sh gets fired - at least on 16.33.29 that is @HanJ67 Did you actually try to mount installer.iso after the edit and checked /etc/manifest.lua for the end result before?
Click to expand...
Click to collapse
devmihkel said:
Yeah, 2nd attempt is much better as last lua block is correctly terminated and your script might actually run, but unfortunately no successful 17.x runs have been reported so far SWF scripts are not involved in update/jail-breaking run, these ones become relevant only once you are in (and need to enable some app or wifi or navi features etc). Afaik 17.x blocks ethernet dongle usage as well, but let's see if even the USB driver/link gets activated at all?
Click to expand...
Click to collapse
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Do You have an idea how to connect by USB2LAN adapter to uConnect ?
Do You know if there is an UART pins on the mainboard ?
itsJRod said:
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Click to expand...
Click to collapse
Hello, any news about it?
hi,
can you explain how to change SSH key in "ifs-cmc.bin" file?
thanks a lot
itsJRod said:
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Click to expand...
Click to collapse
sofro1988 said:
Hello, any news about it?
Click to expand...
Click to collapse
I have not had had much time to work on this.
I actually had an idea last week that brought me back to this. I plan to use a custom flash drive to present an unmodified ISO for verification, then swap nand to an identical image that has been he's edited to enable usb Ethernet and add a custom key for ssh access.
I thought to stack a NAND on top of the original on a is flash drive, then breakout the Chip Enable pin to a switch. I've seen this done for with guys modifying game consoles to be able to run modified firmware.
Once the 2nd NAND is in place I will restore an image of the original nand containing the unmodified update, then hex edit the required portions to allow access after updating.
If this method works, I should be able to pass the verification with the original nand chip, then switch it (hopefully there's a big enough window to do this by hand) then present the modified nand before it begins the flash procedure.
Hopefully someone more intimately familiar with the update scripts can verify I'm not missing anything in the process
Tajadela said:
hi,
can you explain how to change SSH key in "ifs-cmc.bin" file?
thanks a lot
Click to expand...
Click to collapse
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
itsJRod said:
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
Click to expand...
Click to collapse
thanks for answer.
I saw an ssh key with the hex editor, but I would like to see exactly what you have replaced.
if it's not too much trouble, it would be interesting to see with some screenshots the changes you've made.
So we could work on two fronts. The idea of the double nand is good, but not very simple to make ...
Just thinking out loud here, when you say it passes the initial check, does it then give you any confirmation of that or any message on the screen before rebooting to upgrade mode?
Sent from my CLT-L09 using Tapatalk
SquithyX said:
Just thinking out loud here, when you say it passes the initial check, does it then give you any confirmation of that or any message on the screen before rebooting to upgrade mode?
Sent from my CLT-L09 using Tapatalk
Click to expand...
Click to collapse
I tried much the same thing -- the swdl.upd is another CDROM filesystem:
martinb$ file swdl.upd
swdl.upd: ISO 9660 CD-ROM filesystem data 'CDROM'
It contains three more .iso files : installer.iso, primary.iso, and secondary.iso
installer.iso is a CDROM image, but is not mountable on my linux system
primary.iso is a CDROM image, and has the usual /bin, /etc/, and /usr filesystem for an install
the /bin directory has one file - update_nand
the /etc directory has the usual mfgVersiontxt, nand_partion.txt, system_etfs_postinstall.txt, system_mmc_postinstall.txt and version.txt
the /usr/share directory is all the firmware for various components - EQ, HD_FIRMWARE, IFS, MMC_IFS_EXTENSION,OTA,SIERRA_WIRELESS,V850, and XM_FIRMWARE
What's interesting to me is that they did update the SIERRA_WIRELESS firmware -- and have done some housecleaning:
Code:
#---------------------------------
# sierra_wireless_disable_flowcontrol.file
# \d == 1 second delay
SAY " Send AT \n"
'' AT\r
OK \d
SAY "Disable flow control\n"
'' at+ifc=0,0\r
OK \d
SAY "Send SMS command CNMI\n"
'' at+cnmi=2,1,0,1,0\r
OK \d
SAY "Clear emergency number list\n"
'' AT!NVENUM=0\r
OK \d
SAY "Set emergency number to 911\n"
'' AT!NVENUM=1,"911"\r
OK \d
SAY "Save Setting\n"
'' at&w\r
OK \d
#---------------------------------
Also in the IFS directory, when you hexedit the ifs-cmc.bin file it reveals another little treat... an SSH root public key ( not as nice as a private key, but hey )
(Sorry about the formatting, this is cut/paste right out of the hex editor)
Code:
ssh-rsa [email protected]
2E..IwU.Q....njle8r9nrJ7h8atg4WfqswU0C0Rk/Ezs/sQs5ZA6ES82MQONjHBd7mw
uo8h0xfj3KeeSHMXCEBpmU26guNE4EqfvdioLFCDUxtvMYswlUZjsvd/NYz9lnUZg2hy
pwzFQjXgSzmHVrHjkKKvq7Rak/85vGZrJKxlvHnowA8JIl1tVNVQjPMNgDDJabaETtfw
LL1KlvAzI81cKOG/3IRn9lU6qyYqyG+zYoza0nN\..7/AtxdL481k81Go5c3NQTnkl2U
68lbu8CpnwrYCU098owLmxdI4kF5UOL4R61ItJuwz30JSESgT..!8RDgM6XEiHUpK9yW
vvRg+vbGWT/oQn0GQ== [email protected]
in /usr/share/MMC_IFS_EXTENSION/bin/cisco.sh and dlink.sh there's another good hint - what adapter you need for USB ethernet
Code:
#!/bin/sh
# Handle an Ethernet connection via the CISCO Linksys USB300M adapter
or
Code:
#!/bin/sh
# Handle an Ethernet connection via the D-Link DUB-E100 adapter
The static IP it brings up if no DHCP is offered is : 192.168.6.1
There's tons more in there -- like the V850 chip has access to the Sierra Wireless CDMA modem, but can configure it for voice calls through the car speakers:
"AT!AVSETPROFILE=8,1,1,0,5" ( embedded in the cmcioc.bin update file )
secondary.iso is a CDROM image and only has /etc/ and /usr
the /etc/ directory has speech_mmc_preinstall.txt and xlets_mmc1_preinstall.txt
the /usr/ directory has /usr/share/speech and /usr/share/xlets ( tons of information about sensors in the car, etc in xlets )
martinbogo1 said:
I tried much the same thing -- the swdl.upd is another CDROM filesystem:
martinb$ file swdl.upd
swdl.upd: ISO 9660 CD-ROM filesystem data 'CDROM'
It contains three more .iso files : installer.iso, primary.iso, and secondary.iso
installer.iso is a CDROM image, but is not mountable on my linux system
primary.iso is a CDROM image, and has the usual /bin, /etc/, and /usr filesystem for an install
the /bin directory has one file - update_nand
the /etc directory has the usual mfgVersiontxt, nand_partion.txt, system_etfs_postinstall.txt, system_mmc_postinstall.txt and version.txt
the /usr/share directory is all the firmware for various components - EQ, HD_FIRMWARE, IFS, MMC_IFS_EXTENSION,OTA,SIERRA_WIRELESS,V850, and XM_FIRMWARE
What's interesting to me is that they did update the SIERRA_WIRELESS firmware -- and have done some housecleaning:
Code:
#---------------------------------
# sierra_wireless_disable_flowcontrol.file
# \d == 1 second delay
SAY " Send AT \n"
'' AT\r
OK \d
SAY "Disable flow control\n"
'' at+ifc=0,0\r
OK \d
SAY "Send SMS command CNMI\n"
'' at+cnmi=2,1,0,1,0\r
OK \d
SAY "Clear emergency number list\n"
'' AT!NVENUM=0\r
OK \d
SAY "Set emergency number to 911\n"
'' AT!NVENUM=1,"911"\r
OK \d
SAY "Save Setting\n"
'' at&w\r
OK \d
#---------------------------------
Also in the IFS directory, when you hexedit the ifs-cmc.bin file it reveals another little treat... an SSH root public key ( not as nice as a private key, but hey )
(Sorry about the formatting, this is cut/paste right out of the hex editor)
Code:
ssh-rsa [email protected]
2E..IwU.Q....njle8r9nrJ7h8atg4WfqswU0C0Rk/Ezs/sQs5ZA6ES82MQONjHBd7mw
uo8h0xfj3KeeSHMXCEBpmU26guNE4EqfvdioLFCDUxtvMYswlUZjsvd/NYz9lnUZg2hy
pwzFQjXgSzmHVrHjkKKvq7Rak/85vGZrJKxlvHnowA8JIl1tVNVQjPMNgDDJabaETtfw
LL1KlvAzI81cKOG/3IRn9lU6qyYqyG+zYoza0nN\..7/AtxdL481k81Go5c3NQTnkl2U
68lbu8CpnwrYCU098owLmxdI4kF5UOL4R61ItJuwz30JSESgT..!8RDgM6XEiHUpK9yW
vvRg+vbGWT/oQn0GQ== [email protected]
in /usr/share/MMC_IFS_EXTENSION/bin/cisco.sh and dlink.sh there's another good hint - what adapter you need for USB ethernet
Code:
#!/bin/sh
# Handle an Ethernet connection via the CISCO Linksys USB300M adapter
or
Code:
#!/bin/sh
# Handle an Ethernet connection via the D-Link DUB-E100 adapter
The static IP it brings up if no DHCP is offered is : 192.168.6.1
There's tons more in there -- like the V850 chip has access to the Sierra Wireless CDMA modem, but can configure it for voice calls through the car speakers:
"AT!AVSETPROFILE=8,1,1,0,5" ( embedded in the cmcioc.bin update file )
secondary.iso is a CDROM image and only has /etc/ and /usr
the /etc/ directory has speech_mmc_preinstall.txt and xlets_mmc1_preinstall.txt
the /usr/ directory has /usr/share/speech and /usr/share/xlets ( tons of information about sensors in the car, etc in xlets )
Click to expand...
Click to collapse
Have you tried connecting to it?
Sent from my iPhone using Tapatalk
sofro1988 said:
Have you tried connecting to it?
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
I managed to connect with the cisco adapter (usb / ethernet), but I don't know the root password. is the problem at the moment insurmountable ..
Using a cisco connector, I have gotten the ethernet to come up, but that's it. At the moment, there doesn't seem to be anything I can connect to.
@Tajadela - sounds like you at least were able to either SSH or telnet in to a port... I'm on software version 17.43.01 .. which are you on, and what year vehicle? ( Jeep Grand Cherokee, 2015, Uconnect 8.4AN with the 3G Sierra Aircard modem for Sprint )
martinbogo1 said:
Using a cisco connector, I have gotten the ethernet to come up, but that's it. At the moment, there doesn't seem to be anything I can connect to.
@Tajadela - sounds like you at least were able to either SSH or telnet in to a port... I'm on software version 17.43.01 .. which are you on, and what year vehicle? ( Jeep Grand Cherokee, 2015, Uconnect 8.4AN with the 3G Sierra Aircard modem for Sprint )
Click to expand...
Click to collapse
I connected in telnet on a uconnect 6.5 with firmware 15.xx.xx. You can connect to Uconnect with static IP it brings up if no DHCP is offered is: 192.168.6.1
itsJRod said:
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
Click to expand...
Click to collapse
after rsa key replaced, do you have recalculate the checksum of UPD file?
have you replaced the first 64 bytes of the file?
thanks
@itsJRod, isn't it that you would like to explain the procedure to replace the RSA key in the swdl file? thank you
Hello,
have you made any progress? I am a bit lost. I put the EU uconnect MY15 to US dodge charger MY16 and Perf Pages were working fine even on 16.16.13, although after upgrade to 17.x (17.46.0.1 right now) I am meeting the problem of expired subscription (which is not possible to have on EU radio).
I am considering basically three solutions:
a) going back to US radio, but modify the language pack/nav/FM frequencies (it is doable, but I do not know how, although I can pay for it relatively less than time invested)
b) downgrade to 16.16.13 - I have no clue how to do it, I tried to put swdl.upd with swdl.iso as and installer.iso with no luck of course.
c) take xlets from KIM2/ of 16.16.13 to KIM23 of 17.46.0.1 secondary.iso - this is probably preferred way but I do not know how to make it to pass ISO validation.
Of course root on uconnect is extremely nice to have but I will be fully satisfied with Perf Pages working again.
Hello.
I'm hoping the community can help me out. I have a RAM 1500 with the RA4 (was running the 17.11.07 software that I got pushed to me OTS style a couple years ago. Since them problems, radio turn on delay, no GPS and cellular phone warning popup.
I was told to do the 18.45 update which I got from driveuconnect.com, but this has essentially bricked my radio with the "bolo update failed" error and it is looping continuously
I have tried many ways to modify the update software's manifest.lua script to try to get rid of the sierra wireless portion by manually editing, hex editing, etc but always get the "please insert the USB card" screen.
Uconnect is obviously completely worthless to help me and the dealer wants me to pay them money to tell me what I already know. I know I can pay 300 and send my radio to infotainemnt.com to get it repaired, but I would like to solve this on my own is possible, because I would like to further modify the software to make it more custom and unique.
From my reading the 17x version keeps you from downgrading to a version that can be hacked easily.
Everything seems like it should be pretty straight forward as I have a lot of experience in programming and embedded devices.
It seems they are validating the ISOs using some mechanism, I believe I have tried all of tricks/methods
I have searched the code to see if I can find the iso MD5 or SHA256 hashes that ioc_check is probably using to figure out I changed somethign but nothing work.
I have even tried the swapping the flash drives after validation but it seems they are using the ISos they already copied to continue the process, I then end u getting some invalid errors or the update just crashes out
I got other updates from the link: http://www.mydrive.ch/
http://www.mydrive.ch/http://www.mydrive.ch/
username: [email protected]
Password: gasolio
Havent tried all of them yet, but pretty sure they wont work, due to the 17x security changes.
Any help would be appreciated grealty, I really dont want to shell out any cash for something a company told me to to and due to their screw up with bricking modems, this is now bricking my radio.
Thanks to all in advance !!!
djmjr77 said:
Hello.
I'm hoping the community can help me out. I have a RAM 1500 with the RA4 (was running the 17.11.07 software that I got pushed to me OTS style a couple years ago. Since them problems, radio turn on delay, no GPS and cellular phone warning popup.
I was told to do the 18.45 update which I got from driveuconnect.com, but this has essentially bricked my radio with the "bolo update failed" error and it is looping continuously
I have tried many ways to modify the update software's manifest.lua script to try to get rid of the sierra wireless portion by manually editing, hex editing, etc but always get the "please insert the USB card" screen.
Uconnect is obviously completely worthless to help me and the dealer wants me to pay them money to tell me what I already know. I know I can pay 300 and send my radio to infotainemnt.com to get it repaired, but I would like to solve this on my own is possible, because I would like to further modify the software to make it more custom and unique.
From my reading the 17x version keeps you from downgrading to a version that can be hacked easily.
Everything seems like it should be pretty straight forward as I have a lot of experience in programming and embedded devices.
It seems they are validating the ISOs using some mechanism, I believe I have tried all of tricks/methods
I have searched the code to see if I can find the iso MD5 or SHA256 hashes that ioc_check is probably using to figure out I changed somethign but nothing work.
I have even tried the swapping the flash drives after validation but it seems they are using the ISos they already copied to continue the process, I then end u getting some invalid errors or the update just crashes out
I got other updates from the link: http://www.mydrive.ch/
http://www.mydrive.ch/http://www.mydrive.ch/
username: [email protected]
Password: gasolio
Havent tried all of them yet, but pretty sure they wont work, due to the 17x security changes.
Any help would be appreciated grealty, I really dont want to shell out any cash for something a company told me to to and due to their screw up with bricking modems, this is now bricking my radio.
Thanks to all in advance !!!
Click to expand...
Click to collapse
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
djmjr77 said:
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
Click to expand...
Click to collapse
I created an account just to reply to this and All I have to say is you're literally an absolute life saver. I've been working on this every day for two weeks now, trying every trick people said, trying every USB, every format, every version and nothing ever worked from me. Uconnect support was absolutely no help and it was a lot of back-and-forth finger pointing and no you need to reach out to this person between them and the dealership. Dealership tried to charge me for a Proxy Alignment when I asked to just update my damn radio stuck in this loop.
I have a 2015 Jeep Cherokee 8.4AN VP4 NA Head Unit 68238619AJ. I was updating from 17.11.07 to 18.45.01 and got stuck at the step 11 1% and would get a failed sierra wireless every time and then got in that "bolo update failed" loop..Well to fix it just now all I did was download the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in the previous comment and quick format to FAT32 on a 16GB Micro Center USB extracted the files from 16.33.29 to the USB with 7ZIP, plugged in like normal and BOOM it ran the first step restarted and I had a working radio again showing update 18.45.01.
(So i'm assuming you don't have to do the S Byte thing I didn't even mess with it I just used the 16.33.29 to bypass step 11 since that version only has 14 steps and 18.45.01 was already preloaded from attempting before. My navigation still is the wrong address but I don't care about all that just thankful to have my radio back before my wife killed me for trying to update it by myself. )
I hope this helps someone else one day because it took some deep research and hours on hours of forum hoping to finally find the solution. <3
djmjr77 said:
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
Click to expand...
Click to collapse
Do you have another link to download the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe files? I am trying to help a friend of mine they way this helped me. Thank you again for this!