Please make sure you read Rules! and DO NOT upload/post any illegal softwares or Pirated Material , Thank you for understanding :)
  1. AutoHex II

  2. FemtoEVO



BMW CIC PATCHER v2 - GENERATE YOUR OWN RETROFIT FSC CERTS
03-04-2017, 18:32 PM, (This post was last modified: 17-09-2018, 08:03 AM by intel123.)
Post: #1
XZBMW  BMW CIC PATCHER v2 - GENERATE YOUR OWN RETROFIT FSC CERTS
*** RELEASED ***


BMW CIC PATCHER v2
GENERATE YOUR RETROFIT FSC CERTIFICATES


Forget about emulators, script activations, hard map updates...

This is better enhanced version of what is selling / floating around these days.



[*] NO BOOTLOADER MODE
[*] DONE IN 10 SECONDS!
[*] NO BRICKING


SUPPORTS ONLY US AND ECE LATEST VERSIONS OF SOFTWARE, SO IF YOU HAVE US or ECE CAR, UPDATE YOUR CIC SOFTWARE AND ENJOY THE PATCH!


here is short howto which is included in the archive too:
Quote:BMW CIC CK V2
-----------------
created by intel123 -

This is patcher for BMW CIC Professional Navigation, it patches binary file
and replaces root certificate what enables you to sign your own FSC certificates
from within FSTOOL or E-SYS like OEM. After patching, Self-generated certificates
will be accepted as OEM ones.

Pre request

1) This is ONLY for US (United States) and ECE (Central Europe) software versions!
2) You should update your CIC software to the latest before applying the patch!


Unlike other patches floating around, this one is done in 10 seconds or less. There is no need
for multiple reboots, or hang in "Bootloader" mode which exposes the system to bricking or failure.


HOW TO USE IT

1) Format USB drive with fat32 filesystem
2) copy file 01_PATCHER\USB_AUTORUN\copie_scr.sh to empty USB drive
3) Insert USB drive into CIC, wait until reboot and you're done!

(if CIC will not reboot in 20 seconds, it means that there is software incompatibility or already patched, read pre requests)

After cic has been patched and it restarted you can fire-up E-SYS or FSTOOL. If you go ahead and check status of FSC you will see that
CIC has been virginized and only root certificate is accepted. Key you should use for signing FSC certificates is 00_PRIVATEKEYS\fscs.der
other two private keys (root.der and sigs.der) you will have no use for, they are included just so the cert chain is complete.

To make certificates for your VIN you can use files in folder 03_FSC_TEMPLATES from archive,
load them in E-SYS (FSC Editor) or FSTOOL, change ONLY VIN, sign them and save as.

** VERY IMPORTANT: If you do not know what you are doing, when modifying template certificates, change only VIN to match yours,
do not edit other fields including date of issue.

After making all certificates you will need for your retrofit you can install them normally via FSTOOL or ESYS, other needed certificates
as SIGs and FSCs cert you can find in folder 02_CERTS from this archive.

*** PLEASE NOTE, AFTER PATCHING CIC IS VIRGINIZED AND MAY SHOW THAT
FSCS AND SIG CERTS ARE REJECTED, AND ROOT ACCEPTED. THIS IS NOT A
PROBLEM AS YOU WILL OVERWRITE IT WITH PROVIDED CERTS VIA FSTOOL
OR E-SYS. ******************************************************

Source code of the CK and all relevant data will be published on CarTechnology.co.uk forum

Quote:0017 - Voice control
0019 - Navigation system Professional
001B - Navigation system Professional
00XX - LifeTime Map Code
006F – Satellite Tuner
009B – Arabian Language
009C - BMW Apps

Full set for BMW CIC.
for E-Series: use FSTOOL
for F-Series: use E-SYS
same procedure as with OEM certificates,



Quote:Q: How does it work ?
Well not to go too much into detail as i plan to document whole procedure and publish along with the source code, but here it is. BMW CIC is based on QNX 6.3.2 running on Renesas SH4 CPU. There are two main binaries on the system running in "Normal" mode: CicHichEceUsaRoot and CicHighEceUsaSecond (names for ECE and US models) First binary resides in IFS and second one on EFS. To cut this short, SWT functions reside in *Second binary. After bare inspection of binary it is noticable that root certificate is being checked for several things including the check which compares root certificate to its copy residing in IoC (v850 CPU), additionally there is a string which says something like "Unable to read rcert from IoC, trying from flash" which was more than enough for start. After disassembly and locating function responsible for checking root certificate in IoC it was only the matter of changing two bytes and now we have program which will read and accept root certificate (if it is created properly with all correct names and parameters) from flash /mnt/HBpersistence/rcert.swt file.
[Image: 31bde5bdfe70cd32df8f3cdc3200b8b3.jpg]
Ok so, since i did not need to make any kind of hooking or add code it will be enough just to change bytes in current EFS image on flash. Replace (if any) rcert in /mnt/HBpersistance with our own, virginize the CIC (delete /mnt/hbdebug/data0? and generalPersistencyData_DiagnosticSWTController) and reboot. After reboot, using E-SYS or FSTOOL we can see that our root certificate is accepted and we can upload the rest using one of tools mentioned (SIGs, FSCS, and FSC certificates).


- HOWTO BY SweetBMW ADDED TO ATTACHMENTS! (Thanks SweetBMW)


Attached Files
CIC FSC PATCH v2 by intel123.txt
File Type: .txt
Downloaded: 2,314 times
Size: 70 bytes

Howto by SweetBMW.txt
File Type: .txt
Downloaded: 5,757 times
Size: 70 bytes


[Image: 18.08.44-17.09.18.gif]
BlackBOX Sistemi, Automotive   
Reputation: +203 - volavka [+2] , ruben_17non [+1] , Jartsa [+1] , tururu33 [+1] , Fx82 [+1] , gvitkis [+1] , lynxbmw [+1] , tste1982 [+1] , DNK76 [+1] , Mizta Insane [+1] , Czozen [+1] , pshoey [+1] , inspi1981 [+1] , Loliceman [+1] , RocketSurgeon [+1] , mksa [+1] , bgpavlp [+1] , petkowo [+1] , B1257 [+1] , ATC [+1] , Gatsby79 [+1] , acolt [+1] , mprezes [+1] , fumantwo [+1] , myfirst1er [+1] , cryptocar [+1] , DJenka [+1] , Twoone [+1] , Joe2 [+1] , larshutten [+1] , hulahans [+1] , BhdR [+1] , BMWzone [+1] , brunoman [+1] , BMW888 [+1] , BusyBox [+1] , atomantmk [+1] , txalkie [+1] , arno2 [+1] , danyro [+1] , Erikv [+1] , Sabreace [+1] , beemered [+1] , nino17 [+1] , SrdjanM [+1] , emhtuning [+1] , carlosgaros [+1] , RReader [+1] , wlemi [+1] , sbc55 [+1] , neni [+1] , TomoR [+1] , vierchatura [+1] , BaggieMatt [+1] , BmwMerc [+1] , shintake [+1] , sacaman [+1] , syrus [+1] , demon68 [+1] , ivoo [+1] , BMWdriva [+1] , szymoncobo [+1] , tunning-gsm [+1] , umutbulut [+1] , tohmc [+1] , rabihfiras [+1] , _villi_ [+1] , bmm-71 [+1] , larrybml [+1] , hipolitogt [+1] , emerer [+1] , yarickoff [+1] , paw2000 [+1] , zfrepairtm [+1] , relax1980 [+1] , hamzettin [+1] , KEEEN [+1] , srki7 [+1] , lazuri-53 [+1] , julijan [+1] , pesona [+1] , mixx0108 [+1] , bmwcoupè [+1] , pulik [+1] , bmwcars1968 [+1] , Paul [+1] , gaintp [+1] , ROD-BENDERS [+1] , ahmedmph [+1] , edtech [+1] , puiu [+1] , uragan1987 [+1] , tortu25 [+1] , Mrg0721 [+1] , bmwbmw [+1] , krzysiek80r [+1] , Studie [+1] , GoldRush [+1] , t1tan1 [+1] , evaldazj [+1] , nama [+1] , max72 [+1] , Vojno [+1] , kregiel [+1] , Roo [+1] , jogi8850 [+1] , mdma666 [+1] , Morbak [+1] , redliner [+1] , tutuianu_daniel [+1] , dong627758497 [+1] , NeRkO20 [+1] , JarsaR [+1] , fussel86 [+1] , benzbmb [+1] , @Loui [+1] , wrstlfrx [+1] , michalkow [+1] , 4433modic [+1] , Tombo [+1] , bawareca [+1] , EagleOne [+1] , paskuale [+1] , Schmidti [+1] , Nixer [+1] , Hoborg [+1] , navin [+1] , blacklisted [+1] , qeen [+1] , khaled [+1] , shouldube [+1] , fengyonghua21 [+1] , starprog [+1] , psya [+1] , tomushas [+1] , domdel [+1] , jimvou [+1] , fabio67 [+1] , ILDIRA [+1] , sergiompais [+1] , deliciouscars [+1] , Jack79 [+1] , Martynasd [+1] , Rik [+1] , yuko [+1] , Rawediag [+1] , Moto_Mike [+1] , cursor [+1] , jasiek77 [+1] , juergen8850 [+1] , Batje [+1] , BigNode [+1] , beta59 [+1] , bubu [+1] , Iangiulu [+1] , BAV07 [+1] , _Ynblpb_ [+1] , destroyer [+1] , m5proud [+1] , Tobi_82 [+1] , sobi [+1] , metaller43 [+1] , ionut.ciuca [+1] , TaliT [+1] , dziongas [+1] , bobdinro [+1] , bumek [+1] , bursuc [+1] , Geneticar [+1] , mmihai82 [+1] , weby [+1] , roma5000 [+1] , rickynguyen [+1] , nhoc_haycuoi [+1] , BMWS1000RR [+1] , schmitz41999 [+1] , slivovica [+1] , masculine [+1] , illmaze1 [+1] , os1968 [+1] , gpdriver [+1] , kfs1260 [+1] , jimi [+1] , zaweel [+1] , karlihuber [+1] , Sergey.Moscow [+1] , bulletvip [+1] , flanker78 [+1] , Lux [+1] , danyparis [+1] , shiftcontrol [+1] , tekrami [+1] , dj_jormi [+1] , Maxis [+1] , bmw_coder_09 [+1] , palmiexcom [+1] , Shorty [+1] , ThomBmw330xd [+1] , zoranmadzar [+1] , cinellu [+1] , wejet [+1] , scanzed [+1]
Visit this user's website
Quote this message in a reply
[+] 505 users say Thank You to intel123 for this post
03-04-2017, 19:26 PM,
Post: #2
RE: FREE BMW CIC FSC RETROFIT CERTIFICATES
Well, we can generate own root certs and generate FSCs using FSTool signed with these root certs, right?

But how about map update codes? 1B FSC contains 1024-bit key or somethin' like that and I don't know how to generate it.
Quote this message in a reply
03-04-2017, 20:50 PM,
Post: #3
RE: FREE BMW CIC FSC RETROFIT CERTIFICATES
(03-04-2017, 19:26 PM)inotherwords Wrote:  Well, we can generate own root certs and generate FSCs using FSTool signed with these root certs, right?

But how about map update codes? 1B FSC contains 1024-bit key or somethin' like that and I don't know how to generate it.

I think it is simple, after you activate CIC, you will download 1B file by SWID_Reader and generate map key as always by generator smile
Quote this message in a reply
[+] 2 users say Thank You to Czozen for this post
04-04-2017, 04:59 AM,
Post: #4
RE: FREE BMW CIC FSC RETROFIT CERTIFICATES
I believe NBT should be similar method...?
Quote this message in a reply
04-04-2017, 06:35 AM,
Post: #5
RE: FREE BMW CIC FSC RETROFIT CERTIFICATES
(03-04-2017, 20:50 PM)Czozen Wrote:  I think it is simple, after you activate CIC, you will download 1B file by SWID_Reader and generate map key as always by generator smile

Yes, but it will be code that differs from code generated using original 1B.
Quote this message in a reply
04-04-2017, 07:51 AM, (This post was last modified: 09-05-2017, 09:56 AM by emhtuning.)
Post: #6
RE: FREE BMW CIC FSC RETROFIT CERTIFICATES
Please don't spoil the thread by discussing how to read and generate map update FSC .

the OP is talking about more advanced project than just simple 1B or DE FSC generating .
Reputation: +1 - intel123 [+1]
Quote this message in a reply
[+] 9 users say Thank You to emhtuning for this post
04-04-2017, 21:41 PM, (This post was last modified: 04-04-2017, 21:49 PM by inotherwords.)
Post: #7
RE: FREE BMW CIC FSC RETROFIT CERTIFICATES
(04-04-2017, 07:51 AM)ehssan Wrote:  Please don't spoil the thread by discussing how to read and generate map update FSC .

the OP is talking about more advanced project that simple 1B or DE FSC generating .

No, we are not talking about generating update code. 001B code contains 1024-bit key which is used to check map update code generated. We need to know how to generate this key to make right self-signed FSC package. This information should be useful for this thread.
Quote this message in a reply
04-04-2017, 22:07 PM,
Post: #8
RE: FREE BMW CIC FSC RETROFIT CERTIFICATES
(04-04-2017, 21:41 PM)inotherwords Wrote:  No, we are not talking about generating update code. 001B code contains 1024-bit key which is used to check map update code generated. We need to know how to generate this key to make right self-signed FSC package. This information should be useful for this thread.

open 1b file in e-sys fsc editor or fstool>enabling codes>load>edit

extension record,type 12 is key used to generate short fsc

[Image: 18.08.44-17.09.18.gif]
BlackBOX Sistemi, Automotive   
Visit this user's website
Quote this message in a reply
04-04-2017, 22:12 PM,
Post: #9
RE: FREE BMW CIC FSC RETROFIT CERTIFICATES
(04-04-2017, 22:07 PM)intel123 Wrote:  open 1b file in e-sys fsc editor or fstool>enabling codes>load>edit

extension record,type 12 is key used to generate short fsc

Yes, but how generate it for own VIN? Just random 1024-bit key?
Quote this message in a reply
04-04-2017, 22:15 PM, (This post was last modified: 04-04-2017, 22:16 PM by intel123.)
Post: #10
RE: FREE BMW CIC FSC RETROFIT CERTIFICATES
No need to match it with vin in any way as its already matched by signing fsc with fscs private key, short fsc should match with that key only, thats why generators ask for 1b file

[Image: 18.08.44-17.09.18.gif]
BlackBOX Sistemi, Automotive   
Visit this user's website
Quote this message in a reply
[+] 1 user says Thank You to intel123 for this post


Possibly Related Threads...
Thread Author Replies Views Last Post
XZBMW Help BMW F-Series NBT -> NBT_evo /NBT2 Retrofit hitmanre 2 267 19 minutes ago
Last Post: hitmanre
XZBMW Which controller for NBT Evo Retrofit in F10? thstorm 8 369 Today, 08:04 AM
Last Post: thstorm
XZBMW NBT EVO retrofit in F10 - Issue with Camera thstorm 3 189 Today, 05:51 AM
Last Post: maxwell4321
  2018 F20 cruise control retrofit bmwcoder75 9 250 Yesterday, 19:56 PM
Last Post: Lpapp
  i3 SAS retrofit problem Oreon 2 192 19-07-2019, 09:33 AM
Last Post: Oreon
XZBMW G30 Active cruise controle retrofit KillerBeePT 3 397 17-07-2019, 19:52 PM
Last Post: sguzzel
  Solved ✔ R56 comfort access retrofit, can’t lock/unlock doors larshutten 1 102 17-07-2019, 14:46 PM
Last Post: larshutten
XZBMW Bmw f30 retrofit SLI error front collision Pedrom92 1 131 17-07-2019, 06:43 AM
Last Post: Fx82
XZBMW F15 Tow Hitch Retrofit Coding atomantmk 7 398 16-07-2019, 18:11 PM
Last Post: atomantmk
  Help F10 2015 High Beam Assist Retrofit (Xenon Only) dncomputech 32 1,421 16-07-2019, 03:36 AM
Last Post: dncomputech

Forum Jump:


Users browsing this thread:
2 Guest(s)

Return to TopReturn to Content