Merge with MIB2-high toolbox? about mib2std-toolbox HOT 10 OPEN

No success yet...

BTW, have you seen this line?
# VMOPTIONS="$VMOPTIONS -Dde.vw.mib.asl.internal.exlap.overrideSWaP"
Not sure if it's interesting at all but the overrideSWaP got me excited 😃

from mib2std-toolbox.

Hi,
Sure! Seams like a great idea!

I'm just starting to figure out how to safely access filesystem of my MIB2Std. And since I don't have recovery tools for it yet - it's baby steps really.

You are far more experienced coder/hacker than I am. I'm not even sure which Variant number relates to 5F unit in my car. I believe that you also have better access to test devices (though MQB-C&R) and testers (though community around your toolbox).

By all means - if you see any value in what I have created, please use it as if it was your own. I'll be more than happy to see mib2-toolbox to be merged with mib2std-toolbox.

from mib2std-toolbox.

❤️

Did you find a succesful way to install the custom .esd on the unit through the POI update?

On MIB2-high there are a few vulnerabilities that make it possible:

• POI update allows writing of ANY file onto the unit, by using the payload feature. However, they cannot be a script, because the copied file will not be executable (and there's no way to do chmod 777 during SWDL)
• leftovers from the development team: there's a script that imports files from a folder on SD, and does CHMOD 777 to each of the copied files.
• Green Engineering Menu can point to scripts in older folders than just the engdefs/scripts folder, which allows us to run anything that has been copied by the leftover script :-)

And then, on MIB1 High there was a vulnerability that allowed us to escape the POI folders by path traversal, with ../../ as path names for files. 😆 That was fixed on MIB2High, but not sure if it's still there on the STD ones.

from mib2std-toolbox.

hmm that is looking interesting!! :-)

from mib2std-toolbox.

For Technisat StdNav units there's a backdoor through onlineservices update. Works the same way as Jille's payload in MHI2 Toolbox. With some tweaking this could be a solution to enter these units. Unfortunately works only on nav units, doesn't work on StdPlus units.

from mib2std-toolbox.

Any new news on this

from mib2std-toolbox.

I offer myself to test on a MIB STD2 5QA 035 846 A if there's a chance

from mib2std-toolbox.

No success yet...

BTW, have you seen this line?
# VMOPTIONS="$VMOPTIONS -Dde.vw.mib.asl.internal.exlap.overrideSWaP"
Not sure if it's interesting at all but the overrideSWaP got me excited

Any luck with this

from mib2std-toolbox.

No success yet...
BTW, have you seen this line?
# VMOPTIONS="$VMOPTIONS -Dde.vw.mib.asl.internal.exlap.overrideSWaP"
Not sure if it's interesting at all but the overrideSWaP got me excited

Any luck with this

Not exactly. I believe that there are two ways of forcing MIB to accept FECs.

1. Replace FecContainer.fec with custom one and patch MIBRoot to skip signature validation of the file.
2. Insert /tsd/etc/slist/signed_exception_list.txt and patch tsd.mibstd2.system.swap to skip signature validation of the file.
   For MIB2HIGH the file is /HBpersistence/FEC/Exceptionlist.txt

AFAIK the second method is using a mechanism developed to test SWaP features without valid FECs. Features will work but in hidden menu SWaP codes will remain not present at all.

from mib2std-toolbox.

No success yet...
BTW, have you seen this line?
# VMOPTIONS="$VMOPTIONS -Dde.vw.mib.asl.internal.exlap.overrideSWaP"
Not sure if it's interesting at all but the overrideSWaP got me excited

Any luck with this

Not exactly. I believe that there are two ways of forcing MIB to accept FECs.

1. Replace FecContainer.fec with custom one and patch MIBRoot to skip signature validation of the file.
2. Insert /tsd/etc/slist/signed_exception_list.txt and patch tsd.mibstd2.system.swap to skip signature validation of the file.
   For MIB2HIGH the file is /HBpersistence/FEC/Exceptionlist.txt

AFAIK the second method is using a mechanism developed to test SWaP features without valid FECs. Features will work but in hidden menu SWaP codes will remain not present at all.

What's file contents of signed_exception_list.txt?

from mib2std-toolbox.