Jump to content
AVIC411.com

F310BT hack is real


Recommended Posts

  • Replies 116
  • Created
  • Last Reply

Top Posters In This Topic

ok started a new thread in the hopes that we can condense all the learnings of this for make benefit of all on this board... ;)

 

http://avic411.com/i...psnav-launcher/

 

Pionara,

thanks for the apps dll hack. Its the one bit I was still missing. It means I don't now have to replace tel.exe with iGO.

The only bit left now is to find out how to control whether it boots to the AVIC-APPS or standard NAVI rather than it automatically booting to the NAVI when you exit the AVIC-APPS application.

 

Somniac.

Link to post
Share on other sites

here's the key:

when the unit starts up, HMIManager.exe checks if this file exists:

\My Flash Disk\System\AppsLib\Apps.dat

If so, he executes this file in app-mode, if not, he launches navi.exe

the file looks like this, and can be changed with a hex-editor.


0000000: aaaa aaaa 4100 5600 4900 4300 2d00 4100  ....A.V.I.C.-.A.
0000010: 5000 5000 5300 5c00 4c00 6100 7500 6e00  P.P.S.\.L.a.u.n.
0000020: 6300 6800 6500 7200 5c00 4c00 6100 7500  c.h.e.r.\.L.a.u.
0000030: 6e00 6300 6800 6500 7200 2e00 6500 7800  n.c.h.e.r...e.x.
0000040: 6500                                     e.

 

I think this file is deleted by HMIManager.exe as soon as the app is launched, so that when it exits, it goes back into navi.exe mode after reboot.

 

The trick that I'm doing is that I have setup my launcher.mscr in such a way that I detect that the com port isnt the way that I want it, make those changes, copy my own Apps.dat (pointing to launcher.exe again), and reboot... this way, i know that I will run at least one more time.

When the com port is right, I launch igo (runwait), and when he exits, I change the com port back, then reset - but dont update apps.dat, so that we boot back to navi (stock mode).

 

This could be modified any way you want.. Put a menu in before or after asking user if he wants to go back to stock mode, etc. MortScript "menu" to choose other apps.

 

I have also a way to extend the Applications menu in the stock, so you can launch anything from stock navi.exe...

Just need to make the AVIC-APPS folder look like the others, and then the key is to edit \AVIC-APPS\Applist.dat.. I just copied and extended the existing sections in there with hex-editor, carefully replacing name and path...

Link to post
Share on other sites

Pionara,

I've now got 2 additional apps running from the stock navi "Applications" screen with appropriate icons - Explorer and iGO8 and everything is working fine until the unit goes into suspense (when I switch the car off). Before I replaced appslib.dll with the hacked one it would resume exactly where it was when it went into suspense when I restart the car.

However, now, as soon as it resumes it does a warm boot back to the stock navi even when I have been running one of the stock apps like Visual Clock (no mortscript in the middle).

Does your U310BT do the same ? Any ideas ?

Link to post
Share on other sites

Pionara,

I've now got 2 additional apps running from the stock navi "Applications" screen with appropriate icons - Explorer and iGO8 and everything is working fine until the unit goes into suspense (when I switch the car off). Before I replaced appslib.dll with the hacked one it would resume exactly where it was when it went into suspense when I restart the car.

However, now, as soon as it resumes it does a warm boot back to the stock navi even when I have been running one of the stock apps like Visual Clock (no mortscript in the middle).

Does your U310BT do the same ? Any ideas ?

 

Its definately the hacked appslib.dll causing the reboot when resuming from a suspend. If I replace it with the original then the stock apps resume from suspence and don't reboot (but I can't run my own apps).

It could be because my version of the stock nav software is the original F320BT and the hacked appslib.dll is from the U/F310BT. It could be incompatible with my rmimanager.exe.

Pionara, could you tell me how you hacked the appslib.dll please ? If I do the same to my original then maybe I can avoid the reboot problem and it will also be available for other F320BT owners.

Thanks for your help so far !

Link to post
Share on other sites

I actually patched 3 compare/branches... but i was just hitting it with a hammer.. i think some of these may be unecessary, or messing with other parts of the lib.. I'll undo them one by one to see if i can remove the unncessary stuff and see if that makes a difference... in the mean time, can you check md5 hash of your original appslib.dll?

for comparison, the original from u310bt 2.001 update:

 

642709826e85b2afc8bc2623d7c9f864 QI_037_CNSD_130FM/Update/USER/PRG/APL/AppsLib.dll

 

If it's different, maybe you can send it to me

Link to post
Share on other sites

hi somniac... turns out the 1st of 3 edits was unecessary (i think). So i reduced to just last two edits.) i updated my other thread. see the new appslib.dll on it...

http://avic411.com/i...t-f310bt-f320bt

 

give this one a try!

 

 

edit:

also, here are the resulting edits i did (first one is original, second is edited dll)

 


diff -u <(xxd Update/USER/PRG/APL/AppsLib.dll) <(xxd AppsLib.dll )
--- /dev/fd/63 2011-12-10 11:02:57.000000000 -0600
+++ /dev/fd/62 2011-12-10 11:02:57.000000000 -0600
@@ -679,7 +679,7 @@
0002a60: 0234 85e0 0124 86e0 3d62 5be5 3182 5be5  .4...$..=b[.1.[.
0002a70: 0344 80e0 0b0c e0e3 3700 20e2 0000 8be0  .D......7. .....
0002a80: 0254 8ee0 0b1c e0e3 cb10 21e2 0110 8be0  .T........!.....
-0002a90: 0fe0 a0e1 07f0 a0e1 0400 50e1 3f00 000a  ..........P.?...
+0002a90: 0fe0 a0e1 07f0 a0e1 0000 50e1 3f00 000a  ..........P.?...
0002aa0: 0100 a0e3 64fa ffeb b43b 9fe5 dc00 e0e3  ....d....;......
0002ab0: 8001 a0e1 0000 8be0 0fe0 a0e1 00f0 93e5  ................
0002ac0: b04b 9fe5 a83b 9fe5 0b0c e0e3 3700 20e2  .K...;......7. .
@@ -697,7 +697,7 @@
0002b80: ec3a 9fe5 d200 e0e3 8001 a0e1 0000 8be0  .:..............
0002b90: 9826 0be5 0fe0 a0e1 00f0 93e5 36fd ffea  .&..........6...
0002ba0: 0b0c e0e3 cb00 20e2 0000 8be0 8cfb ffeb  ...... .........
-0002bb0: 0500 50e1 3f00 000a 0100 a0e3 1efa ffeb  ..P.?...........
+0002bb0: 0000 50e1 3f00 000a 0100 a0e3 1efa ffeb  ..P.?...........
0002bc0: 9c3a 9fe5 dc00 e0e3 8001 a0e1 0000 8be0  .:..............
0002bd0: 0fe0 a0e1 00f0 93e5 984a 9fe5 903a 9fe5  .........J...:..
0002be0: 0b0c e0e3 3700 20e2 0000 8be0 0020 94e5  ....7. ...... ..

Edited by pionara
Link to post
Share on other sites

hi somniac... turns out the 1st of 3 edits was unecessary (i think). So i reduced to just last two edits.) i updated my other thread. see the new appslib.dll on it...

http://avic411.com/i...t-f310bt-f320bt

 

give this one a try!

 

 

edit:

also, here are the resulting edits i did (first one is original, second is edited dll)

 


diff -u <(xxd Update/USER/PRG/APL/AppsLib.dll) <(xxd AppsLib.dll )
--- /dev/fd/63 2011-12-10 11:02:57.000000000 -0600
+++ /dev/fd/62 2011-12-10 11:02:57.000000000 -0600
@@ -679,7 +679,7 @@
0002a60: 0234 85e0 0124 86e0 3d62 5be5 3182 5be5  .4...$..=b[.1.[.
0002a70: 0344 80e0 0b0c e0e3 3700 20e2 0000 8be0  .D......7. .....
0002a80: 0254 8ee0 0b1c e0e3 cb10 21e2 0110 8be0  .T........!.....
-0002a90: 0fe0 a0e1 07f0 a0e1 0400 50e1 3f00 000a  ..........P.?...
+0002a90: 0fe0 a0e1 07f0 a0e1 0000 50e1 3f00 000a  ..........P.?...
0002aa0: 0100 a0e3 64fa ffeb b43b 9fe5 dc00 e0e3  ....d....;......
0002ab0: 8001 a0e1 0000 8be0 0fe0 a0e1 00f0 93e5  ................
0002ac0: b04b 9fe5 a83b 9fe5 0b0c e0e3 3700 20e2  .K...;......7. .
@@ -697,7 +697,7 @@
0002b80: ec3a 9fe5 d200 e0e3 8001 a0e1 0000 8be0  .:..............
0002b90: 9826 0be5 0fe0 a0e1 00f0 93e5 36fd ffea  .&..........6...
0002ba0: 0b0c e0e3 cb00 20e2 0000 8be0 8cfb ffeb  ...... .........
-0002bb0: 0500 50e1 3f00 000a 0100 a0e3 1efa ffeb  ..P.?...........
+0002bb0: 0000 50e1 3f00 000a 0100 a0e3 1efa ffeb  ..P.?...........
0002bc0: 9c3a 9fe5 dc00 e0e3 8001 a0e1 0000 8be0  .:..............
0002bd0: 0fe0 a0e1 00f0 93e5 984a 9fe5 903a 9fe5  .........J...:..
0002be0: 0b0c e0e3 3700 20e2 0000 8be0 0020 94e5  ....7. ...... ..

Pionara, Thanks for this but I'm afraid your new appslib.dll still doesn't work for me.I checked the MD5 signiture of my stock appslib.dll on the F320BT and it was different to yours so I edited it in the same way as you showed above and now the standard apps (VisualClock and Photo Viewer) both work OK and the unit doesn't reboot after a suspend.But, my custom apps (Explorer and iGO8) start OK from the navi apps menu but the unit reboots when it resumes from suspense when either app is running. So I experimented ..................I copied the VisualClock.exe and its .pwd and .enc files to my AVIC-APPS\Explorer directory and renamed them to Explorer.exe etc.When I ran "Explorer" from the navi apps menu it started VisualClock and it didn't reboot after a suspend.However if I replaced the .pwd file with the original Explorer.pwd file (your original launcher.pwd) and restart the Explorer (VisualClock) app then it does reboot after a suspend.So it seems that something (appslib.dll ?) is still checking the .pwd file and closing down the started app after a resume from suspense if it doesn't like the contents.Could you let me have the third edit you originally made to appslib.dll so I can manually apply it to my version please ?Thanks, we'll get there in the end !!
Link to post
Share on other sites

Can you just take the .enc and .pwd from another working app and rename/use for your new app? Does that work?

My .enc/.pwd were from the Visual Clock, but on my model. Any valid .enc/.pwd combo for your platform should work (it's just not checked against validity for current .exe any more.)

 

It will probably be another day or two before i can get back in and see which function it was that i patched, and with this in mind, take a look and see if there was anything else missed.

 

Can you provide me a copy of your appslib.dll so i can disassemble and compare against my disassembled appslib ?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...



×
×
  • Create New...