API tools faq
paste
Advertisement
Guest User

smeg hack via telnet

a guest
Apr 4th, 2019
324
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.47 KB | None | 0 0
raw download clone embed print report
  1. You should make on your mobile phone app JuiceSSH, android device preferred. Put to your USB in car empty pendrive.
  2.  
  3. Details are on the russian forum:
  4.  
  5. http://www.c4-sedan.ru/forum/viewtopic.php?f=61&t=3349
  6.  
  7. Via this method, you can activate a lot of functions, for example, buttons, rear camera etc, without diagbox and tokens.
  8.  
  9. Run SMEG, go to bluetooth pairing and edit profile of your phone - select internet sharing via bluetooth.
  10. Also on your mobile phone you should enable internet sharing via bluetooth.
  11. After that, your car should put information, that internet connection is enabled.
  12.  
  13. Now, run JuiceSSH or any different telnet/ssh client on your phone and make Quick connection (thunderstorm icon), type of connection: local device, click OK.
  14.  
  15. Then put in console command:
  16.  
  17. ip neighbor
  18.  
  19. you should see a list of connected devices. Remember address IP of bluetooth connection (in my case, address of smeg was 192.168.44.200 or 192.168.44.2).
  20.  
  21. Then, simply telnet to this address
  22.  
  23. telnet 192.168.44.200
  24.  
  25. Connection should be done.
  26.  
  27. Now, you are logged in to your SMEG
  28. You need to copy files from SMEG to your usb device.
  29.  
  30. put this command:
  31.  
  32. cp "/USER_DATA/user_data/sqlite/*","/bd0"
  33.  
  34. this command will copy all relevant data to your USB stick.
  35.  
  36. Next, go to your PC. You will see some sqlite files and inf files.
  37. open sqlite file via 7zip and unpack file. Then, open it in, for example, DB Browser - its an editor for SQLite DB.
  38.  
  39. Themes are stored in up_config.sqlite
  40.  
  41. For 308 T9, you have only 4 available themes:
  42.  
  43. Section Name Type Idx IntValue
  44. "display" "Harm_1" "2" "0" "0"
  45. "display" "Harm_2" "2" "0" "0"
  46. "display" "Harm_3" "2" "0" "0"
  47. "display" "Harm_4" "2" "0" "1"
  48. "display" "Harm_5" "2" "0" "0"
  49. "display" "Harm_6" "2" "0" "1"
  50. "display" "Harm_7" "2" "0" "0"
  51. "display" "Harm_8" "2" "0" "0"
  52. "display" "Harm_9" "2" "0" "0"
  53. "display" "Harm_10" "2" "0" "0"
  54. "display" "Harm_11" "2" "0" "0"
  55. "display" "Harm_12" "2" "0" "0"
  56.  
  57. 4 and 6 are standard themes. If you need to have a GTI style theme - red one, please activate it:
  58.  
  59. "display" "Harm_8" "2" "0" "1"
  60.  
  61. As I know, for 308 also Harm_9 can be used (so, in summary, we have 4 themes for 308).
  62.  
  63. save your file and now, you should make a checksum of your modified file. Other themes comes from Citroen, so, if you enable it, you can have some troubles (non exist buttons etc - be careful).
  64.  
  65. You should use for it RTXcrc.exe and put them to inf file. Open in file editor up_config.sqlite.inf
  66.  
  67. You will see something like below:
  68.  
  69. 914a0000
  70. CRC_UNCOMPRESSED:28a7
  71. USIZE:33792
  72. SIZE:0
  73.  
  74. First:
  75. generated with command:
  76. RTXcrc.exe -v up_config.sqlite
  77.  
  78. in result you will see 4 digits and put the result in:
  79. CRC_UNCOMPRESSED:
  80.  
  81.  
  82. second:
  83. please generate it with command:
  84. RTXcrc.exe -v -i up_config.sqlite
  85. in result you will see 4 digits - replace 914a with this digits.
  86.  
  87.  
  88.  
  89. USIZE is a size of file. Please check it and replace if is different.
  90.  
  91. Now, please create gzip archive of your file and change the name of file to up_config.sqlite
  92.  
  93. Copy your new file to usb stick, go to car, connect it like on step one (enable internet), open juicessh, connect via telnet to your car, connect usb stick, and put command:
  94.  
  95. cp "/bd0/*","/USER_DATA/user_data/sqlite"
  96.  
  97. if everything is OK, on your mobile phone, you will see a list of copied files.
  98.  
  99. Now, put "reboot" command. Your SMEG will be rebooted.
  100. If checksums are OK, new config will be available.
  101.  
  102.  
  103. What can be changed with this method- depends on smeg version - for example:
  104. - bluetooth name of car
  105. - themes
  106. - you can add rear camera and configure lines
  107. - add buttons for example tire pressure control (of course, if you dont have module it will not work but button will be active on your SMEG)
  108. - activation of carplay/mirror
  109. - deactivation of AM radio
  110. - activation of DAB
  111. - many more features.
  112.  
  113. What is not possible:
  114. - vin change - is stored in two form - one is a ascii notation, second one is encrypted. If you change it in ascii, after some restarts, old vin will be loaded again.
  115. - this method is not working, if you have SMEG +I / IV2 with firmware 6.2 or higher - option internet sharing via bluetooth is disabled.
  116.  
  117.  
  118. There are some rules:
  119. 1. BACKUP YOUR FIRST INITIAL CONFIG!
  120. 2. ALL STEPS YOU ARE DOING AT YOUR RISK!
  121. 3. DO NOT EDIT BLUETOOTH PARAMETERS (only name of bluetooth can be edited). IF YOU EDIT THEM, BLUETOOTH CAN BE DAMAGED.
  122.  
  123.  
  124. If you have any question, please ask me.
  125.  
  126. For example, in SMEG + (without navi), there are only 8 themes.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!