Anyone thought of building a connected drive server?

[dolphin78]

So I've managed to connect to the graphics driver and actually draw an image on the screen. It's very slow and works only 10% of the time at the moment - a lot more research needed. But what's interesting is that it's possible to inject graphics to existing layers. So it's possible to, for example, replace just the navigation.

P.S. It's just an image I used for testing - it's not actually running Windows 95

@emoRaivis, how did you connect to the graphics driver? I installed QNX 6.3.2 Momentics IDE and was able to compile and run a simple 'hello world' console app but no graphics so far.

 

[dolphin78]

Under the BMW General section there is now a new section at the top called BMW Technical. I've given the active users of this thread privileges to view that section, it is not visible to anyone else without explicit permission and is excluded from the sitemap and indexing.

@doublespaces, can I get access too please?

 

[doublespaces]

@doublespaces, can I get access too please?

Done

 

[doublespaces]

For anyone else poking around this thread, here is something @dolphin78 has produced:

 

[Blackarrow335i]

That's a good read right there nice work guys keep it up

 

[dolphin78]

@Xer0449 & @BLACKHAT I'm not sure if you guys are still interested, but I found the source code to the CIC! Granted, it's the source code for the CIC-High (NBT) BUT, at the very least, they are quite similar in their code structures and will probably give you an idea of how the CIC system is coded/works in general. So have fun and download here: https://github.com/edent/BMW-OpenSource

Was going through this thread again and decided to reply to this as this info is very misleading.

This code in GitHub is quite useless to us as:

• It contains only open source libraries which BMW is using as @emoRaivis already stated. All the apps BMW created including UI (called HMI) are not there. All you can get from compiling them is open source libraries which were already available and to which BMW made some fixes improvements.
  
• BMW i3 software is NOT CIC-High (NBT). It's way different from CIC and
  NBT and runs on Linux unlike CIC and NBT. The UI looks similar but it's way different at the back end.

 

[ATL-IS-N54]

Yea, no problem.
It'll be separate instructions for guys that had connected drive and guys that have a combox but never had the feature. The latter being a bit more involved. I finally got my new car pc this morning so I can finish my CIC input diy but will work on this as well.

I still hate you guys for ignoring me on page 1 tho

i have one car in each situation... 2011 335is comm yes, con drive - NO, 13 135i have them and use connected for what little stuff it allows... something is still getting traffic info and id like (i know this is small) but to be able to use the cell phone apps thru my 3 series like i do on the 1, ie pandora etc

 

[rhodesman]

I posted this in @doublespaces Combox thread but in the interest in keeping the data centralized so others don't have to search around for everything:

Yesterday I stumbled across an article from 2013 about BMW telemetrics being hacked because they use standard HTTP protocol for transferring data to the car (for unlocking doors, turning on AC, finding location, etc.). They have since patched that requiring HTTPS but that too is not foolproof. However, this was a HUGE help for me to know what to sniff for on the network when the car is attempting to communicate with BMW and also verify's my findings about BMW only using a Proxy server as their means of "securing" the connection. (I have those credentials to BMWs proxy servers and even confirmed they are still alive via my computer connecting and communicating with them!)

I'm going to fire up wireshark and use my laptop as the router between my car and my internet connection. Now that I have some idea of what to look for, I should be able to capture my car's communication data so I know how the hell it's transmitting that data and what that data looks like! (The article said it was being sent in plain text!!!! )

 

[NRG]

Hey guys,

I just read the whole 11 pages, very interesting facts! I'm interested in modifying the CIC, too. Can I get access to the new thread?

 

[doublespaces]

Hey guys,

I just read the whole 11 pages, very interesting facts! I'm interested in modifying the CIC, too. Can I get access to the new thread?

Check now

 

[AlexNaoumov]

I've read all the 11 pages and I'm also interested in this. I've got *nix experience and have used FreeBSD alot back in the days. Also compiled kernels and even studied application development for a year. I have got a factory CIC Professional system that I expanded with a combox and multiple FSC's that I created by loading hacked certs on the CIC unit. So I hope I can help you guys out. Can I get access to the new thread please?

 

[doublespaces]

I've read all the 11 pages and I'm also interested in this. I've got *nix experience and have used FreeBSD alot back in the days. Also compiled kernels and even studied application development for a year. I have got a factory CIC Professional system that I expanded with a combox and multiple FSC's that I created by loading hacked certs on the CIC unit. So I hope I can help you guys out. Can I get access to the new thread please?

Please check

 

[toxx]

Hi mates, can i also have access to the private thread ? I am interested to contribute in this project, as i now started to dig the CIC software and i'd love to learn more from you and also contribute with what i can.

Thanks !

 

[doublespaces]

Hi mates, can i also have access to the private thread ? I am interested to contribute in this project, as i now started to dig the CIC software and i'd love to learn more from you and also contribute with what i can.

Thanks !

Done

 

[toxx]

Wow, thanks doublespaces, you are really fast

 

[Deler]

Hi Guys,

First post here. This is the only place so far where I've found someone else trying to hack the CIC, so I thought I'd share some of my progress and observations.

So the CIC computer is running QNX operating system (version 6.3.2). The processor on this thing is some weird, hardly known Hitachi SuperH (sh4) - the same one used in Sega Dreamcast. You can download the QNX 6.3.2 SDK from their site, but good luck getting a License - the 30 day eval version they offer is only for version 7.0. With a bit of tinkering I did manage to get the compiler working and successfully compiled a hello world console app and ran it on the CIC. I'm now trying to figure out the graphics library to actually display something on the display. I'm not sure what my goal is yet, but I would like to make it run CarPlay/Android Auto or something like that.

If anyone is good with assembly, you could disassemble and take a look at the two main binaries:
* /usr/Hmi/bin/HmiMain (the main UI and entertainment features)
* /usr/HBproject/CicHighEceUsaSecond (larger binary that I belive is responsible for background services, logic, etc.)

Unfortunately, because the processor is so uncommon, the only usable reverse engineering tool is IDA Pro (which costs a lot of money)

As for the source code on GitHub that was mentioned earlier, it's only the open source parts the BMW uses in their code - it doesn't actually contain any of their proprietary code, so the repository is quite useless.

Btw, does anyone have the dvdinmotion binary file? I would love to take a look at it.

Hello,

I was not able to find this 2 files in my CIC
/usr/Hmi/bin/HmiMain
/usr/HBproject/CicHighEceUsaSecond

I am connecting to the CIC using FTP, do you thing the FTP is the problem?

 

[Deler]

@doublespaces, can I have access too please?

thank you in advance

 

[doublespaces]

@doublespaces, can I have access too please?

thank you in advance

I already gave it to you

 

[Deler]

I already gave it to you

Thank you

 

[eddie1976]

@doublespaces, I am also interested about this topic.
Thank you!