[__fred__]

Quote:

Originally Posted by nomorebigideas

Fred - you're a hero! Congrats on achieving what was thought to be impossible! I'll send you a photo shortly - really appreciate it.

You may have to tell people with non 10.35" screens how to update the MCU, as 8.8" users don't have an onboard SD card reader. The USB method just hangs constantly.

No, it won't hang if you have the right MCU update. The exact string (up until the date field) must match with your unit, then it will work. If you run logcat through adb and monitor for messages, you will see why it failed. Most likely because the car ID does not match. They don't clean up the UI, so the process seems to hang. It doesn't hang, it just failed.

[__fred__]

Quote:

Originally Posted by amfgray

Dear Fred, what do You think - is it possible to reassign actions on idrive buttons or to make actions for idrive buttons which are not used by default for some reason? Thx

This is something I will be working on next. After I've cleaned up and patched al the MCU's around.

[__fred__]

OK, patches are here:

https://github.com/chinesebmwheadunits/mcu

In case anyone has another MCU update (different hardware string), i'd be very interested.

[antonius2018]

Quote:

Originally Posted by __fred__

OK, patches are here:

https://github.com/chinesebmwheadunits/mcu

In case anyone has another MCU update (different hardware string), i'd be very interested.

Sorry if this is a stuppid question or a repetition of previous questions, but I'm a newbie here and I'm still trying to understand what's happening here.

I have the MCU version on the photo (AVIN USA PX6 bought last month).
If I do the MCU update you published what can I expect new from my unit? It doesn't dims anymore, is that so?
Thanks, and sorry for the question!

[__fred__]

Quote:

Originally Posted by antonius2018

Sorry if this is a stuppid question or a repetition of previous questions, but I'm a newbie here and I'm still trying to understand what's happening here.

I have the MCU version on the photo (AVIN USA PX6 bought last month).
If I do the MCU update you published what can I expect new from my unit? It doesn't dims anymore, is that so?
Thanks, and sorry for the question!

That is correct! More information about the different versions and the procedure is here: https://github.com/chinesebmwheaduni.../wiki/Software
Let me know if it works BTW.

[antonius2018]

Quote:

Originally Posted by __fred__

That is correct! More information about the different versions and the procedure is here: https://github.com/chinesebmwheaduni.../wiki/Software

Thank you!
I'm a little afraid I'll do something wrong, but let's see if get the courage to do it.

[koutsouk]

Quote:

Originally Posted by __fred__

That is correct! More information about the different versions and the procedure is here: https://github.com/chinesebmwheaduni.../wiki/Software
Let me know if it works BTW.

As you said in your unit you had different first letters code.
How you managed to install the new MCU file since it compares with that id?
My unit has in the MCU field 035243bYC-CCC-HW8-180921
Can i use any of these MCU files or it will not install???

[amfgray]

Quote:

Originally Posted by __fred__

That is correct! More information about the different versions and the procedure is here: https://github.com/chinesebmwheaduni.../wiki/Software
Let me know if it works BTW.

I'm interested if Units with android 7 and 8 versions have the same MCU hardware or not. Wondering about it because firmware are different and android 8 has one zip file and nobody has separate MCU file update for android 8 Head units.
As I understand You are dealing with MCU of android 7 HU, will it be suitable to use with HU8?

[__fred__]

I found something in the firmware that is interesting and unusual. Almost all development of embedded microcontrollers is done in good old C. A C compiler is almost always available and in case the chip does not run a full OS, the toolchain of the microcontroller manufacturer or something similar is used. It's almost always an assembler and C toolchain.
Almost all C compilers use null terminated strings. You can recognize a function like strlen (which calculates the length of a string) in assembly from a mile away because it needs to look for a NULL character in the string to find its length. When strings are passed between functions, the stack can be used in C as well.
In the firmware from these units, the compiled code uses length prefixed strings where the length of the string is stored before the first character. These are called Pascal-strings because Pascal is a major language that stores it's strings in Length-prefixed format. They are also always pointers to the heap. Never stack allocated.

So I started looking for Pascal compilers that are available for STM32 microcontrollers and it turns out that there is only ONE compiler (apart from open source) available: https://www.mikroe.com/mikropascal-arm

I'm pretty sure that this is the IDE + toolkit that was used to assemble our firmware. I'm planning on downloading and installing the IDE as it has more than 1200 library functions. It might be that it's easier to recognize functions based on the source code.

It seemed strange to me that I could not really recognize any of the initialization code in the firmware, based on the initialization code that ST provides itself. When you compile the example code from ST to initialize the clock etc. it's really different from our MCU code). This could be a logical explanation. TBC....

[__fred__]

Quote:

Originally Posted by amfgray

I'm interested if Units with android 7 and 8 versions have the same MCU hardware or not. Wondering about it because firmware are different and android 8 has one zip file and nobody has separate MCU file update for android 8 Head units.
As I understand You are dealing with MCU of android 7 HU, will it be suitable to use with HU8?

I think so, as the MCU updates I got from the PX6 versions seem pretty similar and have exactly the same car type codes.

To be safe, only install 2019 version in the MCU repository. These come from PX6, android 8 units.

[amfgray]

Quote:

Originally Posted by __fred__

I think so, as the MCU updates I got from the PX6 versions seem pretty similar and have exactly the same car type codes.

To be safe, only install 2019 version in the MCU repository. These come from PX6, android 8 units.

Thx, and what do You think about different manufacturers: mine is 045247bXHCN, and Your is 023042bGS. Looks completely different Your thought about interchangeability

[__fred__]

Definitely not Compatible. You could ask the seller for an mcu upgrade file. I will patch it for you

[nomorebigideas]

Quote:

Originally Posted by __fred__

No, it won't hang if you have the right MCU update. The exact string (up until the date field) must match with your unit, then it will work. If you run logcat through adb and monitor for messages, you will see why it failed. Most likely because the car ID does not match. They don't clean up the UI, so the process seems to hang. It doesn't hang, it just failed.

Photo attached - thanks so much @_fred_!!!

[inzonetv]

Can someone post latest px3 7.1 software? I have something from january and thought is there something newer.

[__fred__]

Quote:

Originally Posted by nomorebigideas

Photo attached - thanks so much @_fred_!!!

Hmmm, that is a bit sad. I don't seem to have your version string yet (012042bJLY-CIC-HW7). Any chance you've found an mcuupdate.bin somewhere from someone with the same unit? I'll search for it myself as well.

Update: I was not able to find any other MCU updates, although there are certainly a few vendor strings like "ALS", "JLY" and "XHCN". There seems to be only one option: exploiting the firmware to be able to dump them. Now I said at first glance that it isn't easily exploited and that still stands, but there are pieces of code that I've seen that look as a target for things like buffer overflows. And now that i have a test unit with debuggable firmware, I can fuzz and test a lot faster. So please continue to send me MCU updates, but I will also try and exploit the firmware so we can dump the contents of the MCU flash memory.

[nomorebigideas]

Quote:

Originally Posted by __fred__

Hmmm, that is a bit sad. I don't seem to have your version string yet (012042bJLY-CIC-HW7). Any chance you've found an mcuupdate.bin somewhere from someone with the same unit? I'll search for it myself as well.

Update: I was not able to find any other MCU updates, although there are certainly a few vendor strings like "ALS", "JLY" and "XHCN". There seems to be only one option: exploiting the firmware to be able to dump them. Now I said at first glance that it isn't easily exploited and that still stands, but there are pieces of code that I've seen that look as a target for things like buffer overflows. And now that i have a test unit with debuggable firmware, I can fuzz and test a lot faster. So please continue to send me MCU updates, but I will also try and exploit the firmware so we can dump the contents of the MCU flash memory.

Any of these any good?

https://drive.google.com/folderview?id=1paJ2cyavcRH9KMQ_l5buQ2v-OB2cYFgE

[nomorebigideas]

Quote:

Originally Posted by nomorebigideas

Any of these any good?

https://drive.google.com/folderview?id=1paJ2cyavcRH9KMQ_l5buQ2v-OB2cYFgE

Or this?

https://drive.google.com/file/d/1gKy9DhOWXxb5RqqJXgjGqunaKVca_tnh/view?usp=drivesdk

[__fred__]

First link I already have, second I asked permission. It’s not public.

[nomorebigideas]

Quote:

Originally Posted by __fred__

First link I already have, second I asked permission. It’s not public.

Just given - sorry about the permissions issue

[__fred__]

Quote:

Originally Posted by nomorebigideas

Just given - sorry about the permissions issue

Yes, you sent me the correct file. It was 012042bJLY-CIC-HW7. I patched it. You can download it from here:

https://github.com/chinesebmwheaduni...ming%20patched

I drove to work this morning and the difference is night and day. ;-)

[__fred__]

So koutsouk was so kind to send me firmware 035242bYC-CCC-HW8-190525, which is the most recent firmware I have. There is something interesting with this firmware:



They have introduced a setting to control the auto dimming feature. That means it can be enabled and disabled from android. A part of the update_settings routine writes the setting:




It's actually a frame that can be sent from android with hex bytes 0x70 and 0x13 and then 0x00 to enable or 0x01 to disable auto dimming.

There must be a corresponding settings apk somewhere in a ROM that controls the setting. This means that the Chinese do listen to their customers ;-)

I still patched the firmware for everyone who doesn't have the corresponding settings apk.

They made a mistake though. If you disable the auto dimming while your lights are on, the brightness will never return to 100%. (as night_enabled is never processed anymore). So if you have a new unit with the setting in the settings app: Do not turn off auto dimming while the lights are ON.

[nomorebigideas]

Quote:

Originally Posted by __fred__

Yes, you sent me the correct file. It was 012042bJLY-CIC-HW7. I patched it. You can download it from here:

https://github.com/chinesebmwheaduni...ming%20patched

I drove to work this morning and the difference is night and day. ;-)

Best Day Ever! Ty for all your hard work!

Just to check filepath for correct install:

Format FAT32

oem/mcupdate.bin

Is that right?