Legault

Hey all;

I've inadvertently resurrected one of my projects from the dead: hacking/decompiling the Navigation software.

What I want to do is use an Arduino to communicate on the BCan/FCan lines so that I can operate parts of the car from the Arduino. Unfortunately, there is a lot of talk on the lines and thus it is rather difficult to decipher what address is what (leaving the door open results in a multitude of codes not making it abundantly clear which door is open, etc.)

Anyway, I thought that I might get some insight from the Can Drivers in the Navi software. They seem to be packed in the 09Touch.bin file which will not be decompressed/extracted using the current tools available.

My question: Does anyone have a decompressed version of 09Touch.bin containing all the DLLs or know how to get one?

OR

Does anyone have a copy of the OLD navi .bins? (the ones that could be hacked). I haven't gotten a chance to work on those but I imagine that they will be able to be decompressed as this was before they knew people were out there hacking the OK button.

Thanks!

Legault

Okay, as a second question, does anyone know what happens if you load a bad image into the navi? will it automatically look on the disk to update itself? I want to know if I can mess with the firmware file without it becoming irrecoverable.

Vlad_Type_S

iTrader: (3)

I'm in love with your idea. Though my understanding of .dll files is that you can't rebuild them unless you have the source code. What would you do with the .dll files if you had access to them? (I compile C++ on almost a weekly basis, but never had to reverse engineer software.)

Legault

A .dll is the same as an .exe. They can be disassembled. They also have listings of which functions are exported by the DLL as well as imported. I assumed that somewhere, they must have a function that can turn something like "increase_volume(int amount)" into a CAN command. It's possible (actually probable) that the navi doesn't talk on the B-Can, but it certainly talks on the F-Can (to retrieve engine codes).
Audio/HVAC stuff MIGHT be on the GA-NET (IEBus) but as there's no drop in chip for that yet, I haven't written a decoder/talker.

It would be nice if there was a sort of manual that had a code database in it (for either of the CANs)

The idea was to throw a GSM shield on the Arduino and then you could control stuff via text message like putting up the windows if it was gonna rain.

It would also be a good place to start for a drop in replacement navi carputer

Vlad_Type_S

iTrader: (3)

Haha! That's why I'm in love with your idea. If you had access to both CAN busses and a library of commands, there's almost nothing you can't do. Even the dashboard indicators are operated by a control module using CAN. I'm totally about this. If the GSM shield supports data, you can even write an android app to control it.

Maybe the only answer is to put a data sniffer on the bus. Then give do stuff and observe the data to collect a command list.

Legault

Yeah, I've done that already. It's just not so clear... For instance, I did two key unlocks a while back First with key one, waited a while, then did it again. Then I did the same with key 2. These are the messages I got. Was hoping to find a difference between key one and two in the data bits but no luck.

Columns are:

Time|Family Id (0)|DeviceID|RTR(is it Requesting data?)|Extended Frame(1)|# of data bits| Data Bits

Sorry about the gaps between lines, fixed that but didn't retake.
Family IDs are all 0 because I masked over them so Device ID has all the info.

Anyone have thoughts as to what the least noisy device might be to test?