Products > Embedded Computing

Extracting firmware from generic chinese car headunit.

(1/6) > >>

Crawlie69:
Hey everyone - Long story short: I want to extract the firmware from my generic chinese headunit. I've done something similar in the past (Well someone smarter than me did it LOL). I've already dumped the firmware from the headunit, and been examining the firmware by the ways i know of.

- I've ran DMDE on it (No results)
- Ran binwalk on it (Gave a lot of interesting results)
- Searched for filesystems (There is definitly one or more of them)
- Looked for clues as to what kind of partitions there might be (No results)

What i know so far is: The operating system appears to be 'eCos'
I'm not entirely sure, because the processor's identification has been washed away, but my guess is, that it is some type of ARM processor.
I've found boot sections, uImage headers, and lots of LZMA compressed data.

Ultimately the end goal is to replace the boot logo (I've already extracted some photos from the firmware, that i've never seen when using the unit itself, but i haven't found the boot logo so far), but i'd love to extract the firmware totally and have fun browsing around and exploring  :D

Hopefully someone in here, can help me on my way.

Thanks!

(I've attached the firmware below.)

: I have to attach the firmware this way, because the file is too large otherwise :

https://easyupload.io/mgdsr0

fzabkar:
Attached are the JPEGs that I was able to extract with JPEGSnoop.

Image #12 is a welcome screen.

Offset 0xB30000 appears to be the beginning of a JFFS2 flash file system. It appears to have 56 files.

These appear to be the magic numbers:

85 19 01 e0 - 56 hits (file name & attributes)
85 19 03 20 - 26 hits (64K boundary)
85 19 02 e0 - 257 hits (file segments)
After carving it out, you should be able to mount the JFFS2 image in Linux.

Crawlie69:
Hey fzabkar - Thanks for taking a look at it  :D

I managed to extract those images as well using binwalk, but what's so odd is that i've never seen any of the images, when using the headunit in the car, and the boot image is the exact one that my previous headunit had (if you remember that), so why and where that welcome screen comes from is really weird.  :o

Great stuff with the JFFS2 flash file system - I'll do my best to carve it out, and mount it if i'm able to. Thanks!

coromonadalix:
what is the radio model ?  the cpu model and or the mcu version   in the systems infos

some radios have hidden menus with configurable boot menus / logos

you can find some help on XDA forums / android head units

Crawlie69:
I'd love to know as well, but unfortunately there doesnt appear to be any such information within the user interface of the radio, and upon disassembling it, i found that the main processing unit has had it identification washed away. My guess is that this is done to make it harder to tamper with or replicate, by other manufacturers. The model number on the radio says 7013, but theres a dozen different models sharing that model number. Sorry  :D

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version