MM with XSharedPreferences not working - Xposed Framework Development

MM with XSharedPreferences not working - Xposed Framework Development

I want my xposed hook class to read the package's Shared Preferences so it it only hooks the methods that are enabled by the user. The problem is that every time I try to read the SharedPrefs via XSharedPreference Class, It fails to read it but only on marshmallow. Im assuming it's because of permission/SELinux. Other things I check is that the path to the shared preferences is fine (because it works fine with KitKat), I made all places where I write to it "WORLD_READABLE" and still doesn't work. I tried looking at other dev's module that have MM support but can't find anything significant in terms of reading the sharedprefs that I dont have. I have been trying for ages and believe Im overthinking it. I also tried putting the reading code in initZygote and handleLoadPackage and both fail as well
Could someone please help or provide guidance. Thanks.
Source Code: https://github.com/pbombnz/ANZGoMoneyNZMods/blob/master/app/src/main/java/nz/pbomb/xposed/anzmods/SuperKiwiHooker.java
EDIT: Possible Workaround found. Will leave here for others going through same issue... https://github.com/rovo89/XposedBridge/issues/74

Related

Trouble with my Asus MyPal A626

Hello!
I recently bricked my MyPal A626. In the last weeks I tried several things but until now I weren't able to figure out how to fix this thing.
I know that you can flash the ROM via the USBLoader.exe over USB. But I need a .nb0 file for this.
Perhaps there is someone in this board who can help me out with this file?
You should be able to dump the rom with the itsutils over RAPI.
http://wiki.xda-developers.com/index.php?pagename=XdaUtils
It should be something like this:
1) pdocread -t
2) pdocread -l
3) pdocread 0x0 xxxxxx nk.nb0
One of the first commands gives you the length of the ROM.
I can't test it by myself because my device is bricked.
Perhaps it would be enough if somebody with an A626 can execute the first and second commands and post the output here.
It would be very great if somebody can help me!
BTW:
I have got a Backup... But the bootloader doesn't want this. It reads everything from USB but it isn't flashed. And I have absolutely no idea why.
I can upload this file to rapidshare if somebody wants to look at it.

I really hate to ressurect an old thread, but I am having the exact same problem. ASUS tech support has been rather less than helpful. They won't provide a NB0 file to end users, nor any fix tools that would work with the encrypted image or anything like that either. They told me I have to RMA the thing after passing me back and forth and giving me the runaround for about an hour or more even. Only, I STILL haven't gotten a response from the RMA department even... The person I tried to do this update for REALLY needs her PDA back already and I find this whole situation to be quite unacceptable. I only had to attempt to use the update in the first place because they made a screweup that makes the SD card inaccessable without reinserting after pressing the power button... A pretty big screwup IMO considering that good PDA practices really requires one to run as much as possible from the SD card for the sake of wasting less resources in a device that already has all too few resources to begin with... (Then again, MS still hasn't caught on to the fact that minimizing rather than closing programs on a device that has so little memory is rather less than ideal, so I guess there's nothing new in that area.) The funniest thing of all is that I wasn't trying to modify it or anything like that, I just did the update right by the manual needing only to get the SD card fix and it STILL went wrong (especially I find it annoying that the update process did a checksum on the update.img file and reported that the file was actually correct, then it fails AFTER completely flashing and doesn't bother to make any kind of recovery.
If anyone could help me out with a NB0 for this thing, I'd REALLY appreciate it. I just want to get it up and running again so she can use her PDA for getting organized as she has been desperately needing for so long.
BTW, should the OP ever read this, I have noticed that if you send the right things, it WILL try to flash. I once sent the update.dat file in the hopes that it might include information needed to make the flash work (it was my hope that the process was a little smart and that it would, therefore, use the DAT file for information on the flash and then include the needed image.) The device actually did make a flash with this file. Of course, the flash obviously didn't work, but the point is that it can do a flash through this method if you send what it's looking for.

GOOGLE this A696_dump_wm5_eng.rar

No good. All two links Google finds are dead (I see two different posts in two different forums, but actually each link to the same links and these are both dead.) I did see a reference to a "A696_dump_wm6_2_eng.rar" but it too is dead. (One of those two forums was this one, I see, surprisingly enough considering that the first thing I did was run a search as is evidenced by finding an old thread -- but then I must admit that I was searching for A626, not A696...) The next closest I can find through this search is a Russian dump for an A636N. I don't have an A636N and I can't read a word of Russian. That link is still alive, but I'm not even going to try it since even if it were actually compatible with the A626 (and I'm betting it's not) it still would be as good as a brick to me still.
But anyway, is the A696 ROM actually directly compatible with an A626 system?
EDIT: I stand corrected! The link for the 6.2 update on the A696 isn't dead after all. When I tried last night it would just spend a REALLY long time trying to load and eventually either time out or produce a database error. When I tried today though, it did sucessfully download. Looks like it does work. Thank goodness because the PDA's owner really needs a working PDA, and ASUS seems rather less than helpful...

Nazo said:
But anyway, is the A696 ROM actually directly compatible with an A626 system?
EDIT: I stand corrected! The link for the 6.2 update on the A696 isn't dead after all. When I tried last night it would just spend a REALLY long time trying to load and eventually either time out or produce a database error. When I tried today though, it did sucessfully download. Looks like it does work. Thank goodness because the PDA's owner really needs a working PDA, and ASUS seems rather less than helpful...
Click to expand...
Click to collapse
626,686,696 are same series.. aka. asus 6x6 or the cannes. if you go to asus website. there is a single rom for these 3 models.
what's the 6.2 update you are talking about ? anyway.. let me know if you still want the 6x6 wm5 dump file. I can upload it to somewhere..

Well, I went ahead and flashed despite worrying about model compatibility. I figured they were the same basic hardware, but I figured that it was always possible that there could be important differences such as memory latencies or such that could make it incompatible perhaps even to the point of danger. But, it's just the software end of things more than anything else, so I figured that it couldn't brick the PDA any worse than it was already bricked and went ahead. As you say though, I have noticed that you are correct that they do use the same ROM for all three models on the official site anyway, so it works 100%.
As for the 6.2, it's in the link I provided to a topic here on this forum. The only other result you'll find on google is just a site in Russian or whatever where they repeat the exact same links for each of the files so you might just as well use this one. It's hosted on MediaFire which was really screwed up when I posted that it was a dead link, but it seems to have recovered and I was able to download that updated ROM from there. I think that you may have to look on the previous page from the link I gave though.
I must say though, I'm glad to have found that one. I HAD to do the update. You see, it was more than just an update to WM6.2. It also included a lot of bugfixes. The most notable being that the system would no longer recognize the SD card after a suspend for a while (or several suspends -- I never was sure just which was the culprit.) Resetting or ejecting and reinserting fixes it, but she was having troubles with this because she isn't exactly the most technosavvy person I have ever known. The SD card dissapearing bug was a fatal flaw because she must load up things such as books and such via SD card and all of it together adds up to well over what can fit safely in internal memory and the file storage combined (but which easily fit an a 2GB SD card) and I needed that update, so if I had to get the WM5 ROM again I'd have to just update again and again as many times as it took to get past the bricking. This way I needed only load up the ROM once and that was it. ASUS really needs to create a tool that can load the encrypted ROM from a PC like HP has done (I've bricked my h1945 PDA while attempting to update it once before and was able to fix it quite easily just as soon as I figured out how to get into the so called "parrot mode.") and such so we don't have to resort to such means to fix them...
Anyway, now I need to get started on loading up all of the stuff she needs.

I just bricked my A363N - WM5.0->6.0 upgrade failed (SD card read error).
Now I'm trying to make it work again.
Russian WM5.0 doesn't work - stops on the calendar screen.
I wonder if I can try to upload update.dat file from the Asus wwe.rar
with SD card inserted and containing Update.img.
Is the update.dat file in .nb0 format ?

Is the A636 actually the same series? If not that post belongs in an appropriate thread instead. If it is, why are you trying to use the Russian update? Just use the plain English one. Here, it's in this post on this site: http://forum.xda-developers.com/showpost.php?p=1495484&postcount=126 I checked and the link is still alive right now.

Yeah, very cool.
I remembered this post 10 minutes ago.
I will try the 696 firmware... Lets see if we can get this ****ing machine running the moon
Meanwhile i tried several things with the update.img file. The "Encryption" is a simple xoring with 0xd0 ^^
But even if you xor the whole file with this value you still don't have a valid nb0. I tried it many times to cut out the firmware with an hex editor on the obvious places in the file (go and see yourself if interested) but all this didn't work.
edit:
It doesn't seem to work for me... The file gets flashed and the device reboots.
After that it still gets stuck at the blue asus screen but it is recognized by the computer as a RNDIS device.
another edit:
WOAH... I tried it again and now it works.
It seems that the battery was empty because of all the previous tries.

Unsuccesfull rom flash
Hello,
I bricked my 696 asus, trying to do un update from the asus site.
Can you tell me some methods to repair it, using the sd card, because the method with usbloader.exe and nk.nb0 is not working ("USB pipe opening error", I tried on several computer and many usb ports).
Also, how can I transform the nk.nb0 flashing image into a *.dio image (I understand the last one can be used to boot and repair automatically from the SD card, it is real???).
10x a lot

Still not working
any new idea to reflash rom foa a696 ?

Hello to you
any news about how to make rom upgrade foa asus a696 ?

[APP] Windows Mobile SenseTimeTracker

On CodePlex I have published my app for tracking working time.
It is based on the SenseUI SDK.
SenseTimeTracker
For furter feature development either this thread can be used or the discussions in CodePlex.
After getting some feedback according to installation problems, I figured out, that the deployed .cab file does not contain the SQL Server Compact 3.5.
This has to be installed manually until I do not provide a msi-setup.
Explanation on how to install the .NET Compact Framwork 3.5 and/or the SQL Server Compact 3.5 has been added on the CodePlex page.
Version history:
Version 1.3
* Length checking of input fields
* Bug fixed with reports when first time card has date in january
* Issue with localization fixed
* Category edit form localized
* Creating new category did throw an excexption
* Default category is hidden in category list
Version 1.2
* cab file now creates a shortcut
* new version detection added
Version 1.1
* Initial release after UI redesign

Installation Procedure
Hi, Could you explain the Installation procedure, other than download and install is there any other additional requirement to get this program up and running?
Thanks

Download the cab file, copy to your mobile device and run it from there.
This shall install SenseTimeTracker on you mobile device.
Let me know if it doesn't, since it is my first publishing. I only installed it on my device or the emulator.

Test
OK! I downloaded you app, installed and found the following problem, btw I am on a Blackstone using G10 Dusk Ultimate 2 v 8.31
1) There is no icon present for your apps in the programs menu.
I went to programs found the your app and try starting it from there, I got the following error

Ok, SQL server was not deployed. I will try to fix this and provide an update.
On my devices there has been SQLCE installed, so I didn't recognize it.
Thanks for the hint.

wesch00 said:
Ok, SQL server was not deployed. I will try to fix this and provide an update.
On my devices there has been SQLCE installed, so I didn't recognize it.
Thanks for the hint.
Click to expand...
Click to collapse
No problem was glad to help, I was looking for a program like that for sometime now , I will test again when you update

You have to install the SQL Server Compact manually, sorry.
See my explanation in CodePlex.

zjxpot said:
OK! I downloaded you app, installed and found the following problem, btw I am on a Blackstone using G10 Dusk Ultimate 2 v 8.31
1) There is no icon present for your apps in the programs menu.
I went to programs found the your app and try starting it from there, I got the following error
Click to expand...
Click to collapse
wesch00 said:
You have to install the SQL Server Compact manually, sorry.
See my explanation in CodePlex.
Click to expand...
Click to collapse
Hi I downloaded and follow your instructions regarding the installation process and got the top half of the error I posted above when I tried starting the apps also no icon was installed in programs menu I tried it on G10 Ultimate 2 v8.40 release today

The icon issue I couldn't check yesterday, will do that asap. Did a lot of research how to deploy SQL Server Compact.
But could you run the app?

wesch00 said:
The icon issue I couldn't check yesterday, will do that asap. Did a lot of research how to deploy SQL Server Compact.
But could you run the app?
Click to expand...
Click to collapse
No, its not running, when I try runnunig it I get the same error box but only the top half of the message the bottom half is gone.

That makes no sense since allways an explanation of the exception is displayed.
If you installed the SQL Server Compact, can you try to delete the whole SenseTimeTracker folder in the program as well as in the documents directory (if there is one) and reinstall the cab again.
I checked this yesterday on a clean emulator and it worked. So without any further hints I cannot guess the problem.
Are you familar with developing smart device aps. Then I can send you the project for visual studio and you can try to deploy it from within VS. That shall work. Let me know.
I suggest to contact me via pm, I will help you to fix your problem.

wesch00 said:
That makes no sense since allways an explanation of the exception is displayed.
If you installed the SQL Server Compact, can you try to delete the whole SenseTimeTracker folder in the program as well as in the documents directory (if there is one) and reinstall the cab again.
I checked this yesterday on a clean emulator and it worked. So without any further hints I cannot guess the problem.
Are you familar with developing smart device aps. Then I can send you the project for visual studio and you can try to deploy it from within VS. That shall work. Let me know.
I suggest to contact me via pm, I will help you to fix your problem.
Click to expand...
Click to collapse
Hi, I flashed an orginal HD rom, installed net, sql and then your apps went to programs and started timetracker and it worked, I reflashed a cooked rom did the installation and it also worked I tried entering some information I got some error that require me to restart timetracker one of the error is attached, I will flash G10 rom again as this is my rom of choice and I will let you know how that went
I must say thanks for what I have seen so far if I get it working on G10 rom I will do some more in dept testing.
Thanks again for sharing

Ok, I see, it has nothing to do with your ROM.
I think there is a bug with the categories which only occurs on an empty/fresh database. On my tests I've had everytome a filled one, since I implemented category support later on.
I had some minutes to try it on a fresh installtion. Unfortunatly I cannot reproduce this bug. Can you plz provide more info, what in which order you entered for getting this error. I first created a user which is mandatory. Then created a client, then a project for that client and then a task for that project. Now entering a timecard did work, since the default category ("unknown") was used. The error you've got is a key violation between task and category. This should not occour, but I need to know in what order you entered the data.

wesch00 said:
Ok, I see, it has nothing to do with your ROM.
I think there is a bug with the categories which only occurs on an empty/fresh database. On my tests I've had everytome a filled one, since I implemented category support later on.
I had some minutes to try it on a fresh installtion. Unfortunatly I cannot reproduce this bug. Can you plz provide more info, what in which order you entered for getting this error. I first created a user which is mandatory. Then created a client, then a project for that client and then a task for that project. Now entering a timecard did work, since the default category ("unknown") was used. The error you've got is a key violation between task and category. This should not occour, but I need to know in what order you entered the data.
Click to expand...
Click to collapse
Sorry for not replying sooner, I was trying some other roms but no luck getting this app to work on those other roms that I flash, for me its only working on stock and Energy GTX I am presently downloading a 6.5 rom to test all others has been 6.5.x.
I have been able to reproduce the error again and again, try this
Go to category select new and create a new category everything should be ok, create another one and it should crash, also I am unable to edit the category "unknown"

More Crashes
Hi, I did some more test and I got more errors I have attach one picture, let me try to explain
1) If I try to copy the TimCard it crashes
2) TaskName is to long it crahes
I got a couple more crashes but I forgot where in the apps they occour however it seems that is not handling user input error well maybe a dialog box should appear and tell the user that the TaskName is to long or something like that I also think you should try and test if all but most of the option like copy, remove, edit, maybe it my rom related but you could still check just to be sure.

Thx again for the responses.
Couls get it allready run with the other ROMs? I have no opinion about these ROMs. I do not use any special functiuons, it is only .Net-code. The only explanation I have would be that there are problems with drawing. Bit this is done by the SenseUI framework which I cannot modify or debug.
Now to the issues.
The Category issue I could allready fix for me, will update it soon. Dont use categores for the mean while, use only "Unknow". You can change it later when it works. The "Unknow" category should not be editable, I will hide it in the next release.
The issue with the task names beeing too long is a bit more difficult to fix, I'll try to find a solution (need a common one since this will be happen with all inputs).
For the issue with copying a time card, I need a screendum of the error. I use copying of time cards allmost every day and never had problems. So it should be some special in your entries. If I have the error output, I hope to have an idea.

wesch00 said:
Thx again for the responses.
Couls get it allready run with the other ROMs? I have no opinion about these ROMs. I do not use any special functiuons, it is only .Net-code. The only explanation I have would be that there are problems with drawing. Bit this is done by the SenseUI framework which I cannot modify or debug.
Now to the issues.
The Category issue I could allready fix for me, will update it soon. Dont use categores for the mean while, use only "Unknow". You can change it later when it works. The "Unknow" category should not be editable, I will hide it in the next release.
The issue with the task names beeing too long is a bit more difficult to fix, I'll try to find a solution (need a common one since this will be happen with all inputs).
For the issue with copying a time card, I need a screendum of the error. I use copying of time cards allmost every day and never had problems. So it should be some special in your entries. If I have the error output, I hope to have an idea.
Click to expand...
Click to collapse
Hi, I have flashed back to my rom of choice as I need it for work, I also used an apps name Pocket Time, I was hoping to get your working as your is mor mordern and has more options, anyway I will be able to test your program again this weekend and I its working for me I will change my rom and start using your apps I like it.
I have attach the detail section or the Task Name error for you to look at also I have attach the error and the error detail section of G10 rom maybe from those pictures you can figrue why it dosent start
The last five is from G10
Thanks

Thx for the dumps.
As I allready wrote, the problem with the length of the description is a common problem. I did know, that it wasn't checked. I will release a new version today (1.3) which supports those checks.
The other problem has something to do with the serialisation/deserialisation of the user settings. These are stored in an XML-file in the application directory. And it seems, that the existing date time format has problems.
Is the language of your G10 ROM a different than the default ROM? I assume, you have created the XML the first time with on ROM and now trying to read it with another on. And the DateTime format of both are different and cannot be parsed.
Try to delete the xml-file in the app directory and start the app again with the G10 ROM. Let me know, if this solved the problem. May be I can then find a solution therefor. If you delete the xml-File, you will be asked for selecting a user. Select you previous eneterd user. If you navigate away from the user panel, you will be asked for the password you entered previously.
If you not allready entered sensitive data, you can send my the database (sdf-file) and the xml-file. Then I can try to debug it. I've had a lokk into the xml-file and saw there are only two time fields where the time is entered as 8:00:00 and 17:00:00. If this format is not valid on your ROM due to another culture, then this may cause the error you posted. What is the usual time format on your country?
Then I have a question according this ROM. The error occurs in Deserialize while reading a DateTime value. I have a try-parse in the deserializing section. So no exception should be thrown by the app. If there is an error in the XML file, defaults are used. I did try this on my device and ti worked that way. So I really do not know, why the exception is thrown. Ist there any special in your ROM handling exceptions?

wesch00 said:
Thx for the dumps.
As I allready wrote, the problem with the length of the description is a common problem. I did know, that it wasn't checked. I will release a new version today (1.3) which supports those checks.
The other problem has something to do with the serialisation/deserialisation of the user settings. These are stored in an XML-file in the application directory. And it seems, that the existing date time format has problems.
Is the language of your G10 ROM a different than the default ROM? I assume, you have created the XML the first time with on ROM and now trying to read it with another on. And the DateTime format of both are different and cannot be parsed.
Try to delete the xml-file in the app directory and start the app again with the G10 ROM. Let me know, if this solved the problem. May be I can then find a solution therefor. If you delete the xml-File, you will be asked for selecting a user. Select you previous eneterd user. If you navigate away from the user panel, you will be asked for the password you entered previously.
If you not allready entered sensitive data, you can send my the database (sdf-file) and the xml-file. Then I can try to debug it. I've had a lokk into the xml-file and saw there are only two time fields where the time is entered as 8:00:00 and 17:00:00. If this format is not valid on your ROM due to another culture, then this may cause the error you posted. What is the usual time format on your country?
Then I have a question according this ROM. The error occurs in Deserialize while reading a DateTime value. I have a try-parse in the deserializing section. So no exception should be thrown by the app. If there is an error in the XML file, defaults are used. I did try this on my device and ti worked that way. So I really do not know, why the exception is thrown. Ist there any special in your ROM handling exceptions?
Click to expand...
Click to collapse
Hi, I am using the original G10 WWE Ultimate 2 v8.31 rom out of the box in fact all the ROM I have tried this app on has been out of the box, will try flashing and trying your app again this weekend.
Are you using your app on an original stock rom or a cooked rom?

I'm using the app on the updated but original HTC ROM. But it did also work on the nonupdated.
The description of you exception shows me, that the problem has something to do with the localized date time format. What localizaion do you use. And I think you've got it allready running with another ROM. What localization do you have there?
What I totally do not understand, in my opinion there should not be thrown an exception, since serialization is done within a try/catch block. If there is an deserialization error, it should be catched and defaults should be used, which I have testet.

[Q] Compiling CM on a Mac

Okay, so recently I got a wild hair to try compiling CM on my MBP, and proceeded to pull and install all of the various items described by the CM wiki here:
http://wiki.cyanogen...dible_(Mac)
I realize that it says the wiki hasn't been tested, and that it's for CM6 and OSX 10.6.5, but I figured / hoped that not too much had changed... which is apparently wrong. So here's what happens: I've got everything installed correctly as far as I can tell- Java for Mac update 4 (most current), the most current MacPorts (1.9.2), I've built a little disc image workspace (15gb, as suggested by the wiki). I've pulled down the repo, ADB'd the proprietary files from the Inc, etc. etc., all with success (i.e. no error messages and it looks clean).
Everything LOOKS okay, right? I should be able to just build this puppy and keep it movin', right? Wrong.
I follow all of the wiki instructions *exactly*, the build runs for about 20+ minutes, gives me an assertion error, and then returns me to command line (no .zip file created). No other errors anywhere that I can see- lots and lots of warnings (is that normal?) but no ERRORs. So, I figure maybe I'll try these boards and see if someone with more experience in this area has any suggestions. I briefly consulted Slayher about it and he was saying that he remembers something about Macs and "elf.h" not playing nice with Linux kernels... but things I've found by Googling say that those issues SHOULD be corrected by the most recent MacPorts.
So, again, I've followed the wiki instructions to a "T"... Twice, if you can believe that- I thought maybe I'd done something wrong the first time so I trashed my workspace and started over from scratch. Same result, the compile runs, looks the same, and then there's no "finishing message" or .zip in the /inc folder. Anyway, here is a link to the pastebin of the compile, if anyone wanted to take a look. Directly after the last line that is posted to this pastebin, it returned me to command line- I just didn't post my command line for privacy's sake. If you look at this link, line 2496 (and those above and below it) look to be of particular interest, but what do I know...
http://pastebin.com/CFRyh8ue
Anyone have any thoughts on compiling CM7 with a Mac running 10.6.6/7? Any help would be much appreciated. I'm working on getting access to an Ubuntu laptop, but again I'd really like to be able to do this on my MBP if I can.
Thanks for reading.
-x-
**EDIT: I've tried looking for help on this, including (as I mentioned) some pretty learned people (Slayher, CUViper, etc.) but I don't want to continually bug them... and my google / XDA searches haven't come up with anything so far. Again, any help would be appreciated... there's gotta be someone out there compiling CM7 on a Mac, right? Maybe?

Slyfer - Old Firmware Downloader for Samsung Mobiles

Hello,
i have made a Firmware Downloader that had the availability to download all Samsung Mobile Fimrwares, but since march this year samsung changed the server, and is using a new system for getting the data. However this tool could help someone who maybe find the new way to download firmwares, it has already access to the old server, only the firmwares are all transfered to the neofus server.
It could help someone, maybe, because i am not allowed to do anything here, cause i am new, i will try to support the new developers.
It is developed in C# .net 4 and you will need kies installed, or the fuscryptlib registered, found in the kies folder or in the app folder.
regsvr32 %Path%/fuscrypt.dll

Should i explain that this downloader had the availability to download also android fw and so on? maybe there is someone who can made it.
It was before march the ultimate tool to get every fw from the server. I tried at my own to make a new one, the my developer mentor tried it, we failed due to lack of time.

Just downloaded the "Slyfer300" app. The UI is superb. Just a pity Samsung has changed the server to their firmwares and we cannot use this tool for now. Let's hope and pray someone comes up and lend a hand to complete this wonderful app. So that we can easily download and flash firmwares manually without the need for kies.
I included a screenshot of this superb app below for the eyes only (until it becomes a fully functional app)

The App worked a half year, samsung changed the servers since March 2011, i was before here @badanation.de and developed it in the past. The app was secret and we offered for everyone free Firmwares of their desire, the only rule was only for badanation members.
I puplished it, cause maybe someone here @xda could make it work with the new server that was a cool time when you start the app and you can download any firmware you want.
The old system was based on a PL/SQL query over PHP, i have found a bug in the system and could request the whole Database from the Firmwares, you can see in advanced mode what was possible.
Also user names and their ... was visible, but i newer wonted to damage samsung i always wanted to help other users with the firmware problems we all have.
The new System is a little bit tricky signatures and so on no more php
As i know here was some nice developers @xda that could maybe improve it. Let us see what the feature brings to us.

Hi, nice tool. Unfortunately it's not working with the new servers. I have made a tool that can download the latest firmware from samsungs new servers, but it still requires an old firmware as input. I have not found any way to browse all firmwares like you could on the old server. A lot have chenged in the way you request firmwares and it unfortunately no possible to reuse this tool on the new server.

Yes, it was not simple to find out the right PL/SQL commands for oracle, it was more a doing by trying thing. But as i saw it on keys the listening method still exists on new server, it is the same database, only with a new system. I have done some Kies 2 researches but than give up, cause of lack of time. I had a tool that can download with the new request system.
Only what you need is to pass through the right PL/SQL command, in Kies you find an CarrierTestMode and ServiceCenterMode, one of this two can listen the whole Phonebinary databases, the code is to huge, i havent done a lot since the half year slyfer worked.
Its in a case simply only need to find out the right command, also what is neccessary to find a security whole on new server, on the old server, it was prohibited to execute SQL statements except of predefined calls, but i found a way as you see, it was more an oracle bug, how you can get anyway in and become the whole database information with dictionary commands out, it was at least so easy to get everything out of there. Then i have done some facelifting and made for me an advanced mode to be prepared of changes, but at the near end it doesnt worked any more.
I think you can get in like kies withouth authentification, as before, cause there is no username or password needet if the table is accessable by everyone, its like free to air.
If you need some tips, how i have found out the way in, i can help you. i dont know how to encrypt the new way, but i know that the answer is in the FusCipherUtil.dll it hink it is named so, dont know it exactle, kies is like an open book as you also seems to know.

Forgotten one thing, if you try to send SQL command that listen whole database, then you will get in timeout, cause oracle needs time to collect all the data, i had problems to recieve simple sized calls from it, so you must limit them that you can recieve the data in time everything over an minuete dont works as i remember.
1250 rows around was for my requests the maximum, everything above, througn a server timeout.

larioteo said:
Forgotten one thing, if you try to send SQL command that listen whole database, then you will get in timeout, cause oracle needs time to collect all the data, i had problems to recieve simple sized calls from it, so you must limit them that you can recieve the data in time everything over an minuete dont works as i remember.
1250 rows around was for my requests the maximum, everything above, througn a server timeout.
Click to expand...
Click to collapse
Your program its more power full then CheckFus.
Advanced mode verry great. Verry frustrated, cant use it for now.

hello larioteo are u still working on the new Kies app ?

Uconnect 8.4 ver 17.11.07 trying to "root"

I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
devmihkel said:
For good or for bad NOT everything appears correct, except the running 17.x version... As of now neither the "commercial jailbreak" supports new versions (well yes they were using exactly the same file to start with Also 16.51.x or newer appears to be no go: uconnect-8-4-8-4an-update
EDIT: haven't got 17.09.07 to try, but on 17.11.07 manifest.lua has changed and the last block/ search keyword is "ota_update" instead. Otherwise all the same, image valid after the edit and script.sh gets fired - at least on 16.33.29 that is @HanJ67 Did you actually try to mount installer.iso after the edit and checked /etc/manifest.lua for the end result before?
Click to expand...
Click to collapse
devmihkel said:
Yeah, 2nd attempt is much better as last lua block is correctly terminated and your script might actually run, but unfortunately no successful 17.x runs have been reported so far SWF scripts are not involved in update/jail-breaking run, these ones become relevant only once you are in (and need to enable some app or wifi or navi features etc). Afaik 17.x blocks ethernet dongle usage as well, but let's see if even the USB driver/link gets activated at all?
Click to expand...
Click to collapse
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.

Do You have an idea how to connect by USB2LAN adapter to uConnect ?
Do You know if there is an UART pins on the mainboard ?

itsJRod said:
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Click to expand...
Click to collapse
Hello, any news about it?

hi,
can you explain how to change SSH key in "ifs-cmc.bin" file?
thanks a lot
itsJRod said:
I was posting some questions in the "Rooted Jeep Cherokee '14 Uconnect" thread but I've started this new thread for the 17.xx versions because the methods (if we are able to identify them) aren't the same as the 16.33.29 and earlier firmwares...
I am still trying to crack into that unit with the 17.11.07 software. I have a D-Link USB Ethernet but its a HW revision D and I believe I would need a B if we can get ethernet enabled at all.
Also, if we can get Ethernet enabled we will still need to get SSH password or key.
Do you have a 16.33.29 version I can try this on? I'm wondering if it will get me far enough to execute the "manifest.lua HD_Update" hack you and @HanJ67 were discussing.
I've used the 17.43.01, then finally found a 17.11.07 and had no luck there either.
In my latest attempts on the 17.11.07, I was able to hex edit the "ifs-cmc.bin" on the UPD and replaced the SSH-RSA key with my own. I think this bin will be flashed to the MMC during an update.
That SWDL.UPD got past the initial check and rebooted into update mode, but then it fails the second ISO check and loops. I had to use an unmodified image to finish the update and get back up and running.
I keep reading about making changes only after the 2048 Byte mark in the older versions with the "S" at 0x80. Is this still relevant
in later ISO/UPD images and to the second ISO check?
Right now, I'm looking to find a way to disable that check so that my modified .bin will be written to disk? I think this route would work to also modifying and getting WiFi enabled after a flash of the edited image.
If I had I 16.33.29 or similar older UPD version to attempt the HD_UPDATE hack in the Manifest.lua file I would give that a shot to be thorough.
Click to expand...
Click to collapse

sofro1988 said:
Hello, any news about it?
Click to expand...
Click to collapse
I have not had had much time to work on this.
I actually had an idea last week that brought me back to this. I plan to use a custom flash drive to present an unmodified ISO for verification, then swap nand to an identical image that has been he's edited to enable usb Ethernet and add a custom key for ssh access.
I thought to stack a NAND on top of the original on a is flash drive, then breakout the Chip Enable pin to a switch. I've seen this done for with guys modifying game consoles to be able to run modified firmware.
Once the 2nd NAND is in place I will restore an image of the original nand containing the unmodified update, then hex edit the required portions to allow access after updating.
If this method works, I should be able to pass the verification with the original nand chip, then switch it (hopefully there's a big enough window to do this by hand) then present the modified nand before it begins the flash procedure.
Hopefully someone more intimately familiar with the update scripts can verify I'm not missing anything in the process

Tajadela said:
hi,
can you explain how to change SSH key in "ifs-cmc.bin" file?
thanks a lot
Click to expand...
Click to collapse
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.

itsJRod said:
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
Click to expand...
Click to collapse
thanks for answer.
I saw an ssh key with the hex editor, but I would like to see exactly what you have replaced.
if it's not too much trouble, it would be interesting to see with some screenshots the changes you've made.
So we could work on two fronts. The idea of the double nand is good, but not very simple to make ...

Just thinking out loud here, when you say it passes the initial check, does it then give you any confirmation of that or any message on the screen before rebooting to upgrade mode?
Sent from my CLT-L09 using Tapatalk

SquithyX said:
Just thinking out loud here, when you say it passes the initial check, does it then give you any confirmation of that or any message on the screen before rebooting to upgrade mode?
Sent from my CLT-L09 using Tapatalk
Click to expand...
Click to collapse
I tried much the same thing -- the swdl.upd is another CDROM filesystem:
martinb$ file swdl.upd
swdl.upd: ISO 9660 CD-ROM filesystem data 'CDROM'
It contains three more .iso files : installer.iso, primary.iso, and secondary.iso
installer.iso is a CDROM image, but is not mountable on my linux system
primary.iso is a CDROM image, and has the usual /bin, /etc/, and /usr filesystem for an install
the /bin directory has one file - update_nand
the /etc directory has the usual mfgVersiontxt, nand_partion.txt, system_etfs_postinstall.txt, system_mmc_postinstall.txt and version.txt
the /usr/share directory is all the firmware for various components - EQ, HD_FIRMWARE, IFS, MMC_IFS_EXTENSION,OTA,SIERRA_WIRELESS,V850, and XM_FIRMWARE
What's interesting to me is that they did update the SIERRA_WIRELESS firmware -- and have done some housecleaning:
Code:
#---------------------------------
# sierra_wireless_disable_flowcontrol.file
# \d == 1 second delay
SAY " Send AT \n"
'' AT\r
OK \d
SAY "Disable flow control\n"
'' at+ifc=0,0\r
OK \d
SAY "Send SMS command CNMI\n"
'' at+cnmi=2,1,0,1,0\r
OK \d
SAY "Clear emergency number list\n"
'' AT!NVENUM=0\r
OK \d
SAY "Set emergency number to 911\n"
'' AT!NVENUM=1,"911"\r
OK \d
SAY "Save Setting\n"
'' at&w\r
OK \d
#---------------------------------
Also in the IFS directory, when you hexedit the ifs-cmc.bin file it reveals another little treat... an SSH root public key ( not as nice as a private key, but hey )
(Sorry about the formatting, this is cut/paste right out of the hex editor)
Code:
ssh-rsa [email protected]
2E..IwU.Q....njle8r9nrJ7h8atg4WfqswU0C0Rk/Ezs/sQs5ZA6ES82MQONjHBd7mw
uo8h0xfj3KeeSHMXCEBpmU26guNE4EqfvdioLFCDUxtvMYswlUZjsvd/NYz9lnUZg2hy
pwzFQjXgSzmHVrHjkKKvq7Rak/85vGZrJKxlvHnowA8JIl1tVNVQjPMNgDDJabaETtfw
LL1KlvAzI81cKOG/3IRn9lU6qyYqyG+zYoza0nN\..7/AtxdL481k81Go5c3NQTnkl2U
68lbu8CpnwrYCU098owLmxdI4kF5UOL4R61ItJuwz30JSESgT..!8RDgM6XEiHUpK9yW
vvRg+vbGWT/oQn0GQ== [email protected]
in /usr/share/MMC_IFS_EXTENSION/bin/cisco.sh and dlink.sh there's another good hint - what adapter you need for USB ethernet
Code:
#!/bin/sh
# Handle an Ethernet connection via the CISCO Linksys USB300M adapter
or
Code:
#!/bin/sh
# Handle an Ethernet connection via the D-Link DUB-E100 adapter
The static IP it brings up if no DHCP is offered is : 192.168.6.1
There's tons more in there -- like the V850 chip has access to the Sierra Wireless CDMA modem, but can configure it for voice calls through the car speakers:
"AT!AVSETPROFILE=8,1,1,0,5" ( embedded in the cmcioc.bin update file )
secondary.iso is a CDROM image and only has /etc/ and /usr
the /etc/ directory has speech_mmc_preinstall.txt and xlets_mmc1_preinstall.txt
the /usr/ directory has /usr/share/speech and /usr/share/xlets ( tons of information about sensors in the car, etc in xlets )

martinbogo1 said:
I tried much the same thing -- the swdl.upd is another CDROM filesystem:
martinb$ file swdl.upd
swdl.upd: ISO 9660 CD-ROM filesystem data 'CDROM'
It contains three more .iso files : installer.iso, primary.iso, and secondary.iso
installer.iso is a CDROM image, but is not mountable on my linux system
primary.iso is a CDROM image, and has the usual /bin, /etc/, and /usr filesystem for an install
the /bin directory has one file - update_nand
the /etc directory has the usual mfgVersiontxt, nand_partion.txt, system_etfs_postinstall.txt, system_mmc_postinstall.txt and version.txt
the /usr/share directory is all the firmware for various components - EQ, HD_FIRMWARE, IFS, MMC_IFS_EXTENSION,OTA,SIERRA_WIRELESS,V850, and XM_FIRMWARE
What's interesting to me is that they did update the SIERRA_WIRELESS firmware -- and have done some housecleaning:
Code:
#---------------------------------
# sierra_wireless_disable_flowcontrol.file
# \d == 1 second delay
SAY " Send AT \n"
'' AT\r
OK \d
SAY "Disable flow control\n"
'' at+ifc=0,0\r
OK \d
SAY "Send SMS command CNMI\n"
'' at+cnmi=2,1,0,1,0\r
OK \d
SAY "Clear emergency number list\n"
'' AT!NVENUM=0\r
OK \d
SAY "Set emergency number to 911\n"
'' AT!NVENUM=1,"911"\r
OK \d
SAY "Save Setting\n"
'' at&w\r
OK \d
#---------------------------------
Also in the IFS directory, when you hexedit the ifs-cmc.bin file it reveals another little treat... an SSH root public key ( not as nice as a private key, but hey )
(Sorry about the formatting, this is cut/paste right out of the hex editor)
Code:
ssh-rsa [email protected]
2E..IwU.Q....njle8r9nrJ7h8atg4WfqswU0C0Rk/Ezs/sQs5ZA6ES82MQONjHBd7mw
uo8h0xfj3KeeSHMXCEBpmU26guNE4EqfvdioLFCDUxtvMYswlUZjsvd/NYz9lnUZg2hy
pwzFQjXgSzmHVrHjkKKvq7Rak/85vGZrJKxlvHnowA8JIl1tVNVQjPMNgDDJabaETtfw
LL1KlvAzI81cKOG/3IRn9lU6qyYqyG+zYoza0nN\..7/AtxdL481k81Go5c3NQTnkl2U
68lbu8CpnwrYCU098owLmxdI4kF5UOL4R61ItJuwz30JSESgT..!8RDgM6XEiHUpK9yW
vvRg+vbGWT/oQn0GQ== [email protected]
in /usr/share/MMC_IFS_EXTENSION/bin/cisco.sh and dlink.sh there's another good hint - what adapter you need for USB ethernet
Code:
#!/bin/sh
# Handle an Ethernet connection via the CISCO Linksys USB300M adapter
or
Code:
#!/bin/sh
# Handle an Ethernet connection via the D-Link DUB-E100 adapter
The static IP it brings up if no DHCP is offered is : 192.168.6.1
There's tons more in there -- like the V850 chip has access to the Sierra Wireless CDMA modem, but can configure it for voice calls through the car speakers:
"AT!AVSETPROFILE=8,1,1,0,5" ( embedded in the cmcioc.bin update file )
secondary.iso is a CDROM image and only has /etc/ and /usr
the /etc/ directory has speech_mmc_preinstall.txt and xlets_mmc1_preinstall.txt
the /usr/ directory has /usr/share/speech and /usr/share/xlets ( tons of information about sensors in the car, etc in xlets )
Click to expand...
Click to collapse
Have you tried connecting to it?
Sent from my iPhone using Tapatalk

sofro1988 said:
Have you tried connecting to it?
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
I managed to connect with the cisco adapter (usb / ethernet), but I don't know the root password. is the problem at the moment insurmountable ..

Using a cisco connector, I have gotten the ethernet to come up, but that's it. At the moment, there doesn't seem to be anything I can connect to.
@Tajadela - sounds like you at least were able to either SSH or telnet in to a port... I'm on software version 17.43.01 .. which are you on, and what year vehicle? ( Jeep Grand Cherokee, 2015, Uconnect 8.4AN with the 3G Sierra Aircard modem for Sprint )

martinbogo1 said:
Using a cisco connector, I have gotten the ethernet to come up, but that's it. At the moment, there doesn't seem to be anything I can connect to.
@Tajadela - sounds like you at least were able to either SSH or telnet in to a port... I'm on software version 17.43.01 .. which are you on, and what year vehicle? ( Jeep Grand Cherokee, 2015, Uconnect 8.4AN with the 3G Sierra Aircard modem for Sprint )
Click to expand...
Click to collapse
I connected in telnet on a uconnect 6.5 with firmware 15.xx.xx. You can connect to Uconnect with static IP it brings up if no DHCP is offered is: 192.168.6.1

itsJRod said:
I used a hex editor to find the Ssh RSA key and replace it. This passed the initial check to reboot into update mode, but wouldn't pass the full check in update mode. I'm hoping my attempt below will pass that check and still update with the modifications.
Click to expand...
Click to collapse
after rsa key replaced, do you have recalculate the checksum of UPD file?
have you replaced the first 64 bytes of the file?
thanks

@itsJRod, isn't it that you would like to explain the procedure to replace the RSA key in the swdl file? thank you

Hello,
have you made any progress? I am a bit lost. I put the EU uconnect MY15 to US dodge charger MY16 and Perf Pages were working fine even on 16.16.13, although after upgrade to 17.x (17.46.0.1 right now) I am meeting the problem of expired subscription (which is not possible to have on EU radio).
I am considering basically three solutions:
a) going back to US radio, but modify the language pack/nav/FM frequencies (it is doable, but I do not know how, although I can pay for it relatively less than time invested)
b) downgrade to 16.16.13 - I have no clue how to do it, I tried to put swdl.upd with swdl.iso as and installer.iso with no luck of course.
c) take xlets from KIM2/ of 16.16.13 to KIM23 of 17.46.0.1 secondary.iso - this is probably preferred way but I do not know how to make it to pass ISO validation.
Of course root on uconnect is extremely nice to have but I will be fully satisfied with Perf Pages working again.

Hello.
I'm hoping the community can help me out. I have a RAM 1500 with the RA4 (was running the 17.11.07 software that I got pushed to me OTS style a couple years ago. Since them problems, radio turn on delay, no GPS and cellular phone warning popup.
I was told to do the 18.45 update which I got from driveuconnect.com, but this has essentially bricked my radio with the "bolo update failed" error and it is looping continuously
I have tried many ways to modify the update software's manifest.lua script to try to get rid of the sierra wireless portion by manually editing, hex editing, etc but always get the "please insert the USB card" screen.
Uconnect is obviously completely worthless to help me and the dealer wants me to pay them money to tell me what I already know. I know I can pay 300 and send my radio to infotainemnt.com to get it repaired, but I would like to solve this on my own is possible, because I would like to further modify the software to make it more custom and unique.
From my reading the 17x version keeps you from downgrading to a version that can be hacked easily.
Everything seems like it should be pretty straight forward as I have a lot of experience in programming and embedded devices.
It seems they are validating the ISOs using some mechanism, I believe I have tried all of tricks/methods
I have searched the code to see if I can find the iso MD5 or SHA256 hashes that ioc_check is probably using to figure out I changed somethign but nothing work.
I have even tried the swapping the flash drives after validation but it seems they are using the ISos they already copied to continue the process, I then end u getting some invalid errors or the update just crashes out
I got other updates from the link: http://www.mydrive.ch/
http://www.mydrive.ch/http://www.mydrive.ch/
username: [email protected]
Password: gasolio
Havent tried all of them yet, but pretty sure they wont work, due to the 17x security changes.
Any help would be appreciated grealty, I really dont want to shell out any cash for something a company told me to to and due to their screw up with bricking modems, this is now bricking my radio.
Thanks to all in advance !!!

djmjr77 said:
Hello.
I'm hoping the community can help me out. I have a RAM 1500 with the RA4 (was running the 17.11.07 software that I got pushed to me OTS style a couple years ago. Since them problems, radio turn on delay, no GPS and cellular phone warning popup.
I was told to do the 18.45 update which I got from driveuconnect.com, but this has essentially bricked my radio with the "bolo update failed" error and it is looping continuously
I have tried many ways to modify the update software's manifest.lua script to try to get rid of the sierra wireless portion by manually editing, hex editing, etc but always get the "please insert the USB card" screen.
Uconnect is obviously completely worthless to help me and the dealer wants me to pay them money to tell me what I already know. I know I can pay 300 and send my radio to infotainemnt.com to get it repaired, but I would like to solve this on my own is possible, because I would like to further modify the software to make it more custom and unique.
From my reading the 17x version keeps you from downgrading to a version that can be hacked easily.
Everything seems like it should be pretty straight forward as I have a lot of experience in programming and embedded devices.
It seems they are validating the ISOs using some mechanism, I believe I have tried all of tricks/methods
I have searched the code to see if I can find the iso MD5 or SHA256 hashes that ioc_check is probably using to figure out I changed somethign but nothing work.
I have even tried the swapping the flash drives after validation but it seems they are using the ISos they already copied to continue the process, I then end u getting some invalid errors or the update just crashes out
I got other updates from the link: http://www.mydrive.ch/
http://www.mydrive.ch/http://www.mydrive.ch/
username: [email protected]
Password: gasolio
Havent tried all of them yet, but pretty sure they wont work, due to the 17x security changes.
Any help would be appreciated grealty, I really dont want to shell out any cash for something a company told me to to and due to their screw up with bricking modems, this is now bricking my radio.
Thanks to all in advance !!!
Click to expand...
Click to collapse
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!

djmjr77 said:
Just to follow up for anyone who reads this in the future.
I was able to get my uconnect working again a few minutes ago.
As my previous post stated I got stuck in the "bolo update failed" loop.
I downloaded the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in my previous comment.
I did the S Byte HEX Mod to the swdl.iso file, loaded it and the swdl.upd file on a thumb drive. Used Hxd on windows. Followed the section in the Uconnect exploitation PDF:
https://www.google.com/url?sa=t&source=web&rct=j&url=http://illmatics.com/Remote%2520Car%2520Hacking.pdf&ved=2ahUKEwjZsOGNl5nyAhWhGVkFHZy2AnAQFnoECAcQAg&usg=AOvVaw0NAi3a1eh-IRd3n1VHv-ys
When I plugged it in, it started with the update process, after the first unit, the screen said the Uconnect had to restart, please wait..
And whalaa my radio worked again!!! It even says it has the 18.45 firmware on it.. go figure.. Navigation still does not work, but thats most likely because the sierra wireless card is bad.
I cannot say for sure the S Byte thing did anything, because I'm not messing with this anymore, almost had to buy a new radio.
I would say try it with out, then with it if it doesn't work.
This could also be a fluke with my particular unit, but at least its something else to try than pay 600+ dollars!!
Good luck to anyone else who goes through this mess!!!
Click to expand...
Click to collapse
I created an account just to reply to this and All I have to say is you're literally an absolute life saver. I've been working on this every day for two weeks now, trying every trick people said, trying every USB, every format, every version and nothing ever worked from me. Uconnect support was absolutely no help and it was a lot of back-and-forth finger pointing and no you need to reach out to this person between them and the dealership. Dealership tried to charge me for a Proxy Alignment when I asked to just update my damn radio stuck in this loop.
I have a 2015 Jeep Cherokee 8.4AN VP4 NA Head Unit 68238619AJ. I was updating from 17.11.07 to 18.45.01 and got stuck at the step 11 1% and would get a failed sierra wireless every time and then got in that "bolo update failed" loop..Well to fix it just now all I did was download the UCONNECT_8.4AN_RA4_16.33.29_MY16.exe update from the url posted in the previous comment and quick format to FAT32 on a 16GB Micro Center USB extracted the files from 16.33.29 to the USB with 7ZIP, plugged in like normal and BOOM it ran the first step restarted and I had a working radio again showing update 18.45.01.
(So i'm assuming you don't have to do the S Byte thing I didn't even mess with it I just used the 16.33.29 to bypass step 11 since that version only has 14 steps and 18.45.01 was already preloaded from attempting before. My navigation still is the wrong address but I don't care about all that just thankful to have my radio back before my wife killed me for trying to update it by myself. )
I hope this helps someone else one day because it took some deep research and hours on hours of forum hoping to finally find the solution. <3

Develop Bugs

welcome