2004 to 2016 Mazda 3 Forum and Mazdaspeed 3 Forums banner

1 - 20 of 180 Posts

·
Treveloper
Joined
·
528 Posts
Discussion Starter #1 (Edited)
Hi everyone,
Recently a new version of he infotainment system FW v70.00.335-C NA was found to have as part of its update process a highly unnecessary, destructive little script called "neutralizeid7" which DIRECTLY TARGETS ITS USERS BY PREFORMING THE UNDESIRABLE ACTION OF REMOVING THE RECOVERY THAT WE USE TO KEEP OUR SYSTEMS OPEN, CUSTOMIZEABLE AND WELL... OURS!!! This incredibly destructive script once again acts kind of like ransomware without the ransom and it wipes out all the recovery files, not that they would work after the update anyways for even the mechanism that would run those files during system boot time is also removed, and just locks you out so completely even connecting to the serial port will no longer work. As of right now, this new FW is only available online for NA region AFAIK and I haven't heard of anyone being updated to it by their dealership yet so even though I am extremely busy these days I took the time to think about how to stay one step ahead and I rewrote the recovery scripts so that the update will think it removed the recovery but really the new recovery slips them right back in there and will even add the required lines of code back to certain files to make the whole thing work again. Early awareness of all this will help minimize the amount of users that loose access to their systems but THIS WILL ONLY WORK IF YOU INSTALL IT BEFORE UPDATING, IF YOU UPDATE TO V70.00.335+ WITHOUT THIS RECOVERY INSTALLED THERE IS NO CHANCE OF EVER TWEAKING YOUR SYSTEM AGAIN, SERIAL CONNECTION WILL NOT EVEN WORK ANYMORE!

So here is the new ID7_V2 recovery but I need a brave soul to test one thing about it. Insofar as the main functionality of these scripts which is to run the tweaks installer for FW v59.00.502+ it works perfectly and exactly the same as the previous id7 recovery. Also, updating to any FW below v70.00.335 will also work as expected but updating to v70.00.335 is right now untested and that is the part I need someone to confirm for me.
So just to reiterate if you want to install this go ahead, it is safe and works exactly like the old version but unless you are that brave tester I am seeking I would wait to update to v70.00.335+ until the test is confirmed. I will update this post after that happens. UPDATE: https://mazda3revolution.com/forums/2014-2018-mazda-3-skyactiv-audio-electronics/234619-id7-recovery-v2.html#post2453907
Happy Hacking My Friends,
~Trez
U
 

·
Registered
Joined
·
300 Posts
Great news. I just got a AIO enabled bench system running and updated to 70...100NA using parts from several crashed cars.
Heading out on a road trip and when we return I'll try your revised script with 335.
 

·
Registered
Joined
·
538 Posts
This is kind of a BFD and the title should read as such cuz the next thread will be, my AIO tweaks don't work anymore.

I need to take my car in for the wiper module recall and will definitely be heavily taping the USB ports along with a do not update note as a just in case.
 

·
Treveloper
Joined
·
528 Posts
Discussion Starter #4
Great news. I just got a AIO enabled bench system running and updated to 70...100NA using parts from several crashed cars.
Heading out on a road trip and when we return I'll try your revised script with 335.
Yes thats awesome, I have been testing this for about a week on my bench-top CMU and also in my car before I released it, just making sure all the normal functionalities work as expected and stuff buuuuut my bench unit is an EU version and the only 335 available right now is for NA but I am not ready to update my car to that version yet so that would be very helpful if you tested it for me. It should work, I tested deleting autorun and that triggers the scripts to regenerate autorun and all the other parts of the recovery but I don't know if maybe something funky might happen during the update to stop it from working... That is why we must always test!
 

·
Registered
Joined
·
14 Posts
Many thanks from over here in Abarth 124 Spiderland! I've been running 70.00.100A NA with AIO tweaks for months. Was waiting for the fix to the "gift" the Mazda engineers so "nicely" added to .335C. Figured if it was possible, you'd be on it. Hope the final test works OK. Cheers!
 

·
Registered
Joined
·
35 Posts
Is it necessary to remove id7 v1 first or can you just install the v2 over it?
(Unfortunately I can not test it yet, because I have also EU FW).
 

·
Registered
Joined
·
300 Posts
@Trezdog44
Steps taken
- 70.00.100 NA with old recovery and tweaks,
- updated to new V2 recovery (and confirmed the new files were there through SSH),
- Updated to 335-C NA, tweaks gone of course


Put a selection of Tweaks on USB, CMU sees USB drive but tweaks do not run. Serial port cmu logon and passwords of old do not work.


Sorry man.
 

·
Treveloper
Joined
·
528 Posts
Discussion Starter #10
@Trezdog44
Here is the data streamed from the serial port when the tweaks USB drive is inserted. It is reading it for sure but not executing the cmd_line.
Good luck!
OK I need a little bit of help then. It is very difficult to determine what part of the recovery failed without being able to examine any of the files so we need to find a way to do that. My guess is that it is the part that adds the lines of missing code back to start_normal_mode.sh but it is possible that another part failed. I will have to look at it and see if I can figure this out without really knowing what happened, in the meantime I am sorry that your bench unit is now stuck on .335 but you can try downgrading and see what happens there. Unfortunately that update is the first one to forcefully update the passwd file so it will still be difficult to access the system via serial connection because the user "user" will be missing BUT if the part that regenerated autorun worked and the other part didn't then the downgrade will actually run autorun because that code will be present so yea try downgrading and see if that works. If it does then we are still in good shape.
 

·
Registered
Joined
·
300 Posts
Reverted to 100NA but USB acts the same with no tweaks install. Serial data also looks the same. Now reverting to 59.00.546. What earlier version did they include a password update in so I can try to get serial access back?


Also it seems weird when reverting to do order in reverse -reinstall/failsafe since you are forced to reboot at end of reinstall because the system is not running to take you back into the jci 99 dialog. Rebooting gives old reinstall and newer failsafe and then you revert the failsafe. but it works ----- so far. also 546 does not have an older password file set. Guess I'll expand a few fw versions first to look for one.
 

·
Registered
Joined
·
14 Posts
It never fails to amaze me how vendors put out mediocre products, and then, when users make enhancements, instead of appreciating and incorporating those changes, they respond by giving the middle finger to users and attempting to lock them out. Linksys tried this approach with their routers years ago...it crashed and burned spectacularly. This is why people do these hacks. Sad to see, and hope y'all get this figured out and let us have FREE ACCESS to systems we've bought and paid for!
 

·
Registered
Joined
·
8 Posts
Laughingly, I bet the EULA probably states you own the hardware and they own the firmware and you are granted the right to use it as if the hardware has value without the firmware.

Sent from my SM-G960U1 using Tapatalk
 

·
Linux Dude
Joined
·
65 Posts
Laughingly, I bet the EULA probably states you own the hardware and they own the firmware and you are granted the right to use it as if the hardware has value without the firmware.
How would that work? There's never any EULA presented at any point to accept.
 

·
Registered
Joined
·
14 Posts
Reverted to 100NA but USB acts the same with no tweaks install. Serial data also looks the same. Now reverting to 59.00.546. What earlier version did they include a password update in so I can try to get serial access back?


Also it seems weird when reverting to do order in reverse -reinstall/failsafe since you are forced to reboot at end of reinstall because the system is not running to take you back into the jci 99 dialog. Rebooting gives old reinstall and newer failsafe and then you revert the failsafe. but it works ----- so far. also 546 does not have an older password file set. Guess I'll expand a few fw versions first to look for one.
Don't know for sure, but the lockouts for Fiat began when they updated from 56.00.xx to 59.00.xx in mid 2018. Serial access without id7 was still possible in the FCA 59.00.xx releases, but that's when they killed USB access if id7 was not installed. It might be worth it to see if you can get a copy of 56.00.xx and try that one or compare 56 and 59..
 

·
Registered
Joined
·
300 Posts
Don't know for sure, but the lockouts for Fiat began when they updated from 56.00.xx to 59.00.xx in mid 2018. Serial access without id7 was still possible in the FCA 59.00.xx releases, but that's when they killed USB access if id7 was not installed. It might be worth it to see if you can get a copy of 56.00.xx and try that one or compare 56 and 59..
Was able to regain serial logon access with 59.00.502NA. There may be something higher but I went in large steps due to time. Passed info onto @Trezdog44 also along with some debug output from serial port. Going on the road for a week so bench testing at a pause at the moment.
 

·
Registered
Joined
·
7 Posts
Was able to regain serial logon access with 59.00.502NA. There may be something higher but I went in large steps due to time. Passed info onto @Trezdog44 also along with some debug output from serial port. Going on the road for a week so bench testing at a pause at the moment.
Cool! So we have a way to go back from 335 and re-test. I'm confident between that you and Trezdog44, you'll figure out a working solution soon!
 

·
Registered
Joined
·
300 Posts
Actually 59.00.502NA gave serial & normal USB hack access back (I had installed ID7 back on the old pre-59.xx firmware before I started all of this). I've jumped back and forth a couple of times from 502 to 70.00.100 & 335 and installed hacks on 502 & 70.00.100 with no problem. I've also used ID7V2 so that may be making access still work after I revert from 335.
 
1 - 20 of 180 Posts
Top