Hack Your Navi Summarized! (Change pics and remove nag screen)

Closed Thread Subscribe

Thread Tools

Search this Thread

01-17-2006, 12:05 PM

#41

dhartung02

Intermediate

Join Date: Dec 2005

Age: 42

Posts: 49

Likes: 0

Received 0 Likes on 0 Posts

Ok, im getting to the right file offset area and i see code there, but i dont think im disassembling it right because when i hex edit it i only get random code, letters, and symbols. What do i save it as or how do i export it out of IDA so that i can open it up in my hex editor?

01-17-2006, 12:12 PM

#42

Toronto-TL

Instructor

Join Date: Aug 2005

Location: Toronto

Age: 65

Posts: 221

Likes: 0

Received 0 Likes on 0 Posts

I have no idea what you guys are talking about but keep it up!!!! We need a fix for the OK button.

01-17-2006, 12:23 PM

#43

dhartung02

Intermediate

Join Date: Dec 2005

Age: 42

Posts: 49

Likes: 0

Received 0 Likes on 0 Posts

When i load the Navi.exe into IDA i see what looks like code. Although within this "code" i connot find the text of any of the screens displayed on the screen.

When i hit save it saves the (Disassembled?) file as navi.idb

When i open this file with my hexeditor its shows a bunch of random crap, am i missing a step???

01-17-2006, 12:33 PM

#44

TerminaderTL

Team Anthracite Member

Join Date: Nov 2004

Location: The OC

Posts: 334

Likes: 10

Received 2 Likes on 2 Posts

Quote:

Originally Posted by MeltdowN

Actually, 0x0900 is the opcode for the 'NOP' instruction in the SH4 instruction set. Finding which instruction to patch in the disassembly is the hard part. I found 2 places in the disassembly where replacing a 'BRA' or 'BSR' (BRAnch and Branch SubRoutine) with a NOP might do the trick. I'll have to try it when I get back home. I think the SH4 is being driven in little endian mode (like in dreamcast), so 0x0900 will actually translate to the bytes 09 00 in hex.

MeltdowN - you are on the right track. We need to find the 'wait for OK button to be pressed' logic statement and replace it with a NO-OP (0x0900) so the Navi doesn't wait for a keypress.

I reviewed the code myself, but didn't find it yet.

01-17-2006, 01:09 PM

#45

MeltdowN

Instructor

Join Date: Jun 2005

Location: NM

Age: 44

Posts: 115

Likes: 0

Received 0 Likes on 0 Posts

Quote:

Originally Posted by dhartung02

Hexediting is the last step after you decide what instruction or set of instructions to patch and at what offsets they occur in the executable, not in the .idb file. It is the .exe that gets hexedited not the .idb file. Typically, you might end up using 2 programs, one for disassembling and another for hexediting.

01-17-2006, 01:16 PM

#46

dhartung02

Intermediate

Join Date: Dec 2005

Age: 42

Posts: 49

Likes: 0

Received 0 Likes on 0 Posts

Meltdown....can you recommend a hex editor
Im using UltraEdit-32 and when i open the exe to edit it....some of the text is English, alot of it is just symbols and random stuff

01-17-2006, 01:16 PM

#47

MeltdowN

Instructor

Join Date: Jun 2005

Location: NM

Age: 44

Posts: 115

Likes: 0

Received 0 Likes on 0 Posts

Quote:

Originally Posted by TerminaderTL

Yup, but IMO, it's easier to find the function that gets called to display the nag screen and then find where it gets called from and then patch it right there at the root, so it never gets called.

01-17-2006, 01:52 PM

#48

dhartung02

Intermediate

Join Date: Dec 2005

Age: 42

Posts: 49

Likes: 0

Received 0 Likes on 0 Posts

MeltdowN are you having any luck deciphering the navi.exe code and finding the execution code that calls up the nag routine?

01-18-2006, 09:13 AM

#49

apnar

Intermediate

Join Date: Oct 2005

Age: 47

Posts: 48

Likes: 0

Received 0 Likes on 0 Posts

Quote:

Originally Posted by MeltdowN

Meltdown,

Oddly enough I think we both may be correct. I decided to go back and reread some of the old posts and I found this one by zax123:

Quote:

Originally Posted by zax123

I'm working on the nag screen fix right now. I found the place to modify the instruction using a hex editor. Just set address 0x0900 to 90h. When I save the file, it's the same size as the uncompressed file extracted from the BIN but when dumpnavi.exe tries to put it back into the BIN, the compressed size is 2 bytes bigger and I don't know why. I even tried the same thing with the TSX bin (BNHN404A.BIN) and it also compresses to two bytes more. That's where I'm stuck right now. If someone has figured this out, PLEASE HELP. Thanks!

I'm still reading through to see if there were any other hints.

-apnar

01-18-2006, 10:48 AM

#50

MeltdowN

Instructor

Join Date: Jun 2005

Location: NM

Age: 44

Posts: 115

Likes: 0

Received 0 Likes on 0 Posts

Quote:

Originally Posted by zax123

Originally Posted by zax123
I'm working on the nag screen fix right now. I found the place to modify the instruction using a hex editor. Just set address 0x0900 to 90h. When I save the file, it's the same size as the uncompressed file extracted from the BIN but when dumpnavi.exe tries to put it back into the BIN, the compressed size is 2 bytes bigger and I don't know why. I even tried the same thing with the TSX bin (BNHN404A.BIN) and it also compresses to two bytes more. That's where I'm stuck right now. If someone has figured this out, PLEASE HELP. Thanks!

-apnar

Compression can be increased by replacing some strings with the same character. For example, by replacing the first line of text in the nag screen with white spaces (0x20), you'll end up getting sufficient compression that you can update the .exe in the .bin file. That's what I ended up doing.

Anyway, my first attempted patch was unsuccessfull, will have to reset my nav later this evening

01-18-2006, 02:41 PM

#51

lumpydog

Instructor

Join Date: May 2005

Age: 56

Posts: 127

Likes: 0

Received 1 Like on 1 Post

Getting closer????

Quote:

Originally Posted by MeltdowN

Anyway, my first attempted patch was unsuccessfull, will have to reset my nav later this evening

What went wrong? Just a blank screen? I'm working for a software company and am going to see if one of the developers that works here can help me sort out the clues left by others....

Let me know if there is anything specific that I can ask him to help us out.

Lumpy

P.S. Sucks that the only way to undo is the battery ground

01-18-2006, 04:33 PM

#52

gt1

` . ' . SUV haterrr

Join Date: Mar 2005

Location: MD

Age: 57

Posts: 553

Likes: 4

Received 0 Likes on 0 Posts

Just a note- there is a company in Germany which makes SH4 based PCs for development purposes, but they are expensive

01-18-2006, 07:28 PM

#53

lumpydog

Instructor

Join Date: May 2005

Age: 56

Posts: 127

Likes: 0

Received 1 Like on 1 Post

There a several SH4 processor-based products that run Windows CE:

Nintendo Dreamcast
Hitachi Pocket PC: Hitachi HPW 600-ETM
Our Acura TL Navigation System

01-19-2006, 09:40 AM

#54

gt1

` . ' . SUV haterrr

Join Date: Mar 2005

Location: MD

Age: 57

Posts: 553

Likes: 4

Received 0 Likes on 0 Posts

Hitachi is old and hard to find (none on ebay), other two don't have keyboards and not suitable for programming.

01-19-2006, 10:56 AM

#55

MeltdowN

Instructor

Join Date: Jun 2005

Location: NM

Age: 44

Posts: 115

Likes: 0

Received 0 Likes on 0 Posts

Battery or Fuse box?

Does anyone know if it is possible to juse pull the navigation's fuse and have the navigation reset itself or is it necessary to disconnect the battery? Also, where is the navigation fuse?

I've never disconnected the TL's battery but I'm guessing it is as simple as removing the cover and unplugging the negative terminal, right?

To lumpydog:
I got the startup image and then the navi app kept restarting, coz I guess it crashed or something.

To dhartung02:
Any hexeditor shoud suffice.

01-19-2006, 11:27 AM

#56

convenientstore

Intermediate

Join Date: Oct 2005

Posts: 45

Likes: 0

Received 0 Likes on 0 Posts

can someone come up with the hack that allows GIF instead of BMP so that we can have moving GIF...... I tried to search for moving BMP file but no luck

01-19-2006, 09:54 PM

#57

datmrman

Safety Car

Thread Starter

Join Date: Jan 2006

Location: San Diego, CA

Age: 42

Posts: 4,171

Likes: 1

Received 39 Likes on 15 Posts

Quote:

Originally Posted by convenientstore

can someone come up with the hack that allows GIF instead of BMP so that we can have moving GIF...... I tried to search for moving BMP file but no luck

There is no such thing as an animated BMP.. or JPG for that matter. I highly doubt anyone will come out with an animated GIF hack (it would require the system to support a totally different picture format), so just stick with a nice BMP.

01-19-2006, 10:05 PM

#58

TerminaderTL

Team Anthracite Member

Join Date: Nov 2004

Location: The OC

Posts: 334

Likes: 10

Received 2 Likes on 2 Posts

Quote:

Originally Posted by MeltdowN

I got the startup image and then the navi app kept restarting, coz I guess it crashed or something.

Keep it up - sounds like your first try was close!

01-20-2006, 01:04 AM

#59

datmrman

Safety Car

Thread Starter

Join Date: Jan 2006

Location: San Diego, CA

Age: 42

Posts: 4,171

Likes: 1

Received 39 Likes on 15 Posts

BMP Thread

A thread has been started just for posting navi splash images. Check it out!

https://acurazine.com/forums/ramblings-12/i-have-video-camera-college-campus-my-disposal-129948/

I have posted a few that I have managed to collect. Thanks to mod vp911 for providing the web space! I will continue to collect and post there.

01-20-2006, 09:54 AM

#60

urbaita1

Instructor

Join Date: Nov 2004

Posts: 117

Likes: 0

Received 1 Like on 1 Post

Quote:

Originally Posted by MeltdowN

I haven't tried this, but to revert to the OEM screen, why can't we just enter the maintence mode, and hit load disc, with the OEM navi disc still in the drive? Has anyone tried this and what happens??

01-20-2006, 10:28 AM

#61

MeltdowN

Instructor

Join Date: Jun 2005

Location: NM

Age: 44

Posts: 115

Likes: 0

Received 0 Likes on 0 Posts

Quote:

Originally Posted by urbaita1

You can't reach maintenance mode coz the program that is the maintenance mode doesn't get a chance to load. The navi.exe was causing the navi to restart before loading any of the other programs. Anyway I disconnected my battery (-ve lead/ground) for about a minute or so and the navi reinstalled the software from the DVD. FYI, I didn't lose any of my other settings like my past destinations, etc. I did however lose my radio presets.

01-20-2006, 11:52 AM

#62

convenientstore

Intermediate

Join Date: Oct 2005

Posts: 45

Likes: 0

Received 0 Likes on 0 Posts

Are these steps necessary for just swapping the initial boot screen? I think not.. rite? can someone plesae confirm? Also, burning the cd as just data should do it.. rite?

dumpnavi BNHH401A.BIN update navi.exe navi-nonag.exe
dumpnavi BNHH401A.BIN update Diag.exe

01-20-2006, 12:03 PM

#63

drdamian

FOR SALE - BM

Join Date: Nov 2005

Location: Philadelphia, PA

Age: 46

Posts: 1,503

Likes: 0

Received 0 Likes on 0 Posts

what are the best DVD to use... i wanna try this when i get home

01-20-2006, 12:19 PM

#64

lumpydog

Instructor

Join Date: May 2005

Age: 56

Posts: 127

Likes: 0

Received 1 Like on 1 Post

Quote:

Originally Posted by gt1

Hitachi is old and hard to find (none on ebay), other two don't have keyboards and not suitable for programming.

Yes - but I'm wondering if there are emulators for either... That run on a PC. If yes, I'm wondering if they could be used to test changes to Navi.exe.

I think Ive seen dreamcast emulators around. Also, I'm wondering if a pocket pc emulator would to the trick.

Lumpy

01-20-2006, 12:38 PM

#65

jastor3759

Instructor

Join Date: Apr 2004

Location: Canton, OH

Age: 46

Posts: 133

Likes: 0

Received 1 Like on 1 Post

Quote:

Originally Posted by urbaita1

Works exactly like you think.

01-20-2006, 12:41 PM

#66

convenientstore

Intermediate

Join Date: Oct 2005

Posts: 45

Likes: 0

Received 0 Likes on 0 Posts

someone plesae answer.. can u just burn the cd as data??

01-20-2006, 12:50 PM

#67

datmrman

Safety Car

Thread Starter

Join Date: Jan 2006

Location: San Diego, CA

Age: 42

Posts: 4,171

Likes: 1

Received 39 Likes on 15 Posts

Quote:

Originally Posted by convenientstore

Sorry if this wasn't clear. If you plan on JUST changing the splash screen, you will ONLY use the first command (something like dumpnavi BNHH401A.BIN update Back.bmp)

Quote:

Originally Posted by convenientstore

can u just burn the cd as data??

Yes, you need to burn the 9 bin files onto a CD/DVD as data. CDR/CDRW/DVDR works, so I've heard. I, myself, have used TDK CDR and CDRW without problems.

01-20-2006, 12:59 PM

#68

convenientstore

Intermediate

Join Date: Oct 2005

Posts: 45

Likes: 0

Received 0 Likes on 0 Posts

oki.. another question for datmrman then, I just burned as data of 9 files(which I retracted them out to make sure new bin file contains the new back.bmp file).. however I reduced(someone did it for me to) 48k not 110k.... and now my startup screen just shows blank.. would it get effected if file size is smaller than 110k?

01-20-2006, 01:20 PM

#69

jastor3759

Instructor

Join Date: Apr 2004

Location: Canton, OH

Age: 46

Posts: 133

Likes: 0

Received 1 Like on 1 Post

Quote:

Originally Posted by convenientstore

Your saying the file size went from 110 to 48? Sounds like your image either changed dimensions or had compression used against it. You cannot use compressed bitmaps on the TL. The only thing I know you can do to make a file smaller is reduce the number of colors that make up the bitmap.

01-20-2006, 01:57 PM

#70

MeltdowN

Instructor

Join Date: Jun 2005

Location: NM

Age: 44

Posts: 115

Likes: 0

Received 0 Likes on 0 Posts

Quote:

Originally Posted by jastor3759

Looks like you (convenientstore) enabled compression, if you're using photoshop, you need to make sure that RLE compression is not selected. You can probably just open the image and re-save it with compression disabled.

01-20-2006, 02:27 PM

#71

convenientstore

Intermediate

Join Date: Oct 2005

Posts: 45

Likes: 0

Received 0 Likes on 0 Posts

i dont have that kind of option to resave with compression disabled... batman logo worked(one that was posted already ) but not my creation(probably because of what u r talking about but not sure how to take away the compression)

01-20-2006, 03:22 PM

#72

datmrman

Safety Car

Thread Starter

Join Date: Jan 2006

Location: San Diego, CA

Age: 42

Posts: 4,171

Likes: 1

Received 39 Likes on 15 Posts

Quote:

Originally Posted by convenientstore

i dont have that kind of option to resave with compression disabled...

What photo editor are you using to create your images?

01-20-2006, 05:29 PM

#73

convenientstore

Intermediate

Join Date: Oct 2005

Posts: 45

Likes: 0

Received 0 Likes on 0 Posts

it's this pic

http://www.animelab.com/anime.manga/...0/lain02_1.jpg

also, from the bitmap list we have, one with matrix with ACURA logo is bigger than 100k.. and it's not working either

01-20-2006, 05:57 PM

#74

datmrman

Safety Car

Thread Starter

Join Date: Jan 2006

Location: San Diego, CA

Age: 42

Posts: 4,171

Likes: 1

Received 39 Likes on 15 Posts

I was refering to what program you are using to create the new splash images (i.e. Photoshop, Paint, etc)

01-20-2006, 06:07 PM

#75

JustinZ

Instructor

Join Date: Nov 2005

Age: 39

Posts: 233

Likes: 10

Received 20 Likes on 7 Posts

Quote:

Originally Posted by lumpydog

There a several SH4 processor-based products that run Windows CE:

Nintendo Dreamcast
Hitachi Pocket PC: Hitachi HPW 600-ETM
Our Acura TL Navigation System

SEGA Dreamcast

01-20-2006, 08:00 PM

#76

convenientstore

Intermediate

Join Date: Oct 2005

Posts: 45

Likes: 0

Received 0 Likes on 0 Posts

photoshop i am using

01-20-2006, 09:15 PM

#77

datmrman

Safety Car

Thread Starter

Join Date: Jan 2006

Location: San Diego, CA

Age: 42

Posts: 4,171

Likes: 1

Received 39 Likes on 15 Posts

Quote:

Originally Posted by convenientstore

photoshop i am using...
(from other thread) I noticed that matrix with ACURA logo dont' work. It has 300+k size.. how do we shrink that?

In Photoshop, open the image. Image > Mode > Indexed Color > Local Peceptual with 173 colors. Save as BMP. That should do it!

01-20-2006, 10:29 PM

#78

convenientstore

Intermediate

Join Date: Oct 2005

Posts: 45

Likes: 0

Received 0 Likes on 0 Posts

i have done that.. but when i update the file with that one.. navi shows blank at the startup for some reason

01-20-2006, 11:39 PM

#79

MeltdowN

Instructor

Join Date: Jun 2005

Location: NM

Age: 44

Posts: 115

Likes: 0

Received 0 Likes on 0 Posts

Quote:

Originally Posted by convenientstore

i have done that.. but when i update the file with that one.. navi shows blank at the startup for some reason

What is the size of the resulting image? Also when you do 'File'->'Save As' after converting it to Indexed color mode. Remember to select 'File Format->Windows', 'Depth->8 bit' and not to select 'Compress RLE' or 'Flip row order'.

01-21-2006, 12:36 AM

#80

theactivist

Oakland Team Nighthawker

Join Date: Dec 2004

Location: Oakland, CA

Age: 53

Posts: 76

Likes: 0

Received 0 Likes on 0 Posts

please keep trying

ok, i'm good at the work i do, but it's far from this. so, on behalf of those of us who barely understand what the heck y'all are talking about: keep trying. The rest of us are depending on you.

Closed Thread Share

First
Prev
2 / 7
Next
Last