So has anyone tried to hack the entertainment system on a car

Kinja'd!!! "Lemonhead" (lemonhead)
09/09/2013 at 14:23 • Filed to: None

Kinja'd!!!1 Kinja'd!!! 9

When I bought my Altima, I said to myself: "Self, you are a software guy. That entertainment/bluetooth system is just software. It sure would be nice if it had more features. Why don't you try and upgrade it". So I got to wondering if anyone had tried to install new firmware on a stock entertainment/bluetooth/rear camera system.

Thought I would put it out to the Oppo crowd. Would be an interesting project. It has a display and is software driven. Ignore questions of warranty violations, since I'm not ready to start pulling things apart just yet.


DISCUSSION (9)


Kinja'd!!! Dogapult > Lemonhead
09/09/2013 at 14:29

Kinja'd!!!0

I would love to see that.


Kinja'd!!! JasonStern911 > Lemonhead
09/10/2013 at 12:03

Kinja'd!!!0

Hate to be a Debby Downer, but as a software engineer, I can say it is really, really difficult and not worth the effort. You're better off buying/building/integrating a Linux/Android car PC, with which your future modding options are near limitless.


Kinja'd!!! Lemonhead > JasonStern911
09/10/2013 at 13:10

Kinja'd!!!0

Yeah, I'm also a software engineer, but I thought I would ask. If it didn't involve working on my brand new car, I might pull one apart and start poking around.

There's always pick-n-pull....


Kinja'd!!! Lemonhead > JasonStern911
09/10/2013 at 13:11

Kinja'd!!!0

But you do bring up a decent alternative. Make use of the display and build a Linux box to drive it. That gets the customization along with the stock appearance.


Kinja'd!!! JasonStern911 > Lemonhead
09/10/2013 at 22:12

Kinja'd!!!0

If you're a software engineer, then you shouldn't need to ask. But since you did...

You'll need to take apart the display and figure out what microcontroller or microprocessor the display uses. You'll then need a mapping of the binary values to the MCU/CPU's instructions. If the MCU/CPU is something custom, you're likely screwed. Otherwise, you'll likely need to find the BIOS, which is likely in a PROM/EPROM, extract that, and then dump its contents. Then, using the instruction map, you'll need to decode the PROM into assembly, then take the reverse engineered assembly and figure out what exactly the MCU/CPU is doing and what I/O operations or memory mappings are used to control all of the display's peripherals. Once you have those, you can hopefully disassemble the peripherals and determine what controllers are interfacing to the MCU/CPU and then acquire spec sheets for them so that you know how to program the peripherals. However, if the peripherals use custom controllers that you cannot acquire spec sheets for, then you are likely screwed unless you have access to the hardware tools necessary to trace all of the lines going from the MCU/CPU into the peripheral. If you do, then you can log those and try to determine a pattern that matches the peripheral's behavior. Presuming you figure that out or ideally could find the spec sheet, you can then write your replacement code for the display and its peripherals. Then, you just need a replacement EPROM with the same timing specifications as the original that you can program and replace the original with, and you should be good to go. Do note that modern displays tend to be quite a bit more advanced than a single PROM, so you might be looking at potentially gigabytes of flash memory to try to decipher. Likewise, modern displays are complicated enough that they may run entire kernels such as Unix/Linux, which unless the manufacturer gave you access to their SDK, you would have to be able to reverse engineer. And, if you get that far, there might be security measures in place - likely something simple like a CRC/checksum but potentially something as pain-in-the-ass as a SHA-1/MD5 style hash that is executed over at least the launcher's PROM that you will need to either physically bypass or somehow modify your resulting code to generate the accepted hash so that the display will actually execute your modified launcher. I'm sure I'm missing a lot, but that should be at least enough to start with.

So, while it's technically possible, the days of the average hobbyist reverse engineering modern embedded systems is probably over. And given the availability of cheap, open platforms and operating systems, it makes little sense from a hobbyist standpoint either.


Kinja'd!!! Lemonhead > JasonStern911
09/11/2013 at 00:21

Kinja'd!!!0

While you went into quite a lot of detail, you were going down the same path I was thinking it would have to go. I wasn't asking the "how", I was asking if anyone had already done it.


Kinja'd!!! JasonStern911 > Lemonhead
09/11/2013 at 21:59

Kinja'd!!!0

Then no. Everyone goes with a Linux/Android setup because it's cheaper and ridiculously easier. Plus you can get USB/Bluetooth OBD-II readers and easily integrate some cool telemetry data into your setup. :)


Kinja'd!!! Lemonhead > JasonStern911
09/11/2013 at 22:12

Kinja'd!!!0

Thanks for the info.


Kinja'd!!! JasonStern911 > Lemonhead
09/11/2013 at 22:19

Kinja'd!!!0

If you go either route, please keep us informed and make sure to take plenty of pictures.