Photo of the head unit , with "Hacked by greenluigi1" in the center of the UI

Hacking A Hyundai Ioniq’s Infotainment System Again After Security Fixes

June 8, 2023 by Maya Posch 15 Comments

These days modern cars are nothing if not a grouping of networked software held together by bits of hardware. This is reflected not only in the rapidly increasing number of ECUs, but also infotainment systems and all-glass cockpits. For better or worse, this offers many exciting hacking possibilities, which [greenluigi1] was more than happy to explore with their new 2021 Hyundai Ioniq SEL last year. Naturally, Hyundai then proceeded to ‘fix’ these vulnerabilities, offering the exciting chance to test the Hyundai engineers’ homework, and proceed to bypass it again.

When we last left off in [greenluigi1]’s adventures, the Hyundai D-Audio 2V Linux-based infotainment system (formally called in-vehicle entertainment, or IVI) in question had been convinced to run custom applications after a fair bit of effort to get root access via the Engineering Menu and some firmware image hacking. Joyous hacking and exploration of the car’s CAN network and RPC messaging system ensued. Then Hyundai released a new firmware image, after months of silence and all old firmware images pulled from the download page.

In this new firmware image, big changes were visible right off the bat, with two different ZIP files instead of the single one from before. One of these ZIP files also couldn’t be decrypted any more with the old key. Unfortunately for Hyundai, the curse of backwards compatibility with older IVIs meant that the ZIP targeting headunits running the older firmware also contained the key for the new ZIP file.

Other changes included some further obfuscation to this key and the public key used for firmware hash verification, which also involved using a Micom RPC call via the CAN bus to obtain some vehicle specific information. Unfortunately, this is where Hyundai’s engineers seemed to have stopped copying reference code samples, and used a unique RSA private key to sign firmware images with. Fortunately, they did not bother to check whether the updater actually always verifies the signature, allowing for unsigned code to be installed.

All in all, a fascinating bit of reverse-engineering and sheer stubborn persistence, just so that the IVI that’s in your car can run the applications which you developed. We’re looking forward to the next installments in this series as the ball is once again firmly in Hyundai’s court.

Hyundai To Lead US Market For Hydrogen Fuel Cell Trucks

December 13, 2022 by Lewin Day 96 Comments

Hydrogen has long been touted as a potential fuel of the future. While it’s failed to catch on in cars as batteries have taken a strong lead, it still holds great promise for larger vehicles like trucks.

Hyundai have been working diligently in this space over the last few years, with its Xcient line of fuel-cell powered trucks. It’s set to dominate the world of hydrogen trucking in the US as it brings a fleet of vehicles to California next year.

Continue reading “Hyundai To Lead US Market For Hydrogen Fuel Cell Trucks” →

Hacker Liberates Hyundai Head Unit, Writes Custom Apps

July 18, 2022 by Arya Voronova 39 Comments

[greenluigi1] bought a Hyundai Ioniq car, and then, to our astonishment, absolutely demolished the Linux-based head unit firmware. By that, we mean that he bypassed all of the firmware update authentication mechanisms, reverse-engineered the firmware updates, and created subversive update files that gave him a root shell on his own unit. Then, he reverse-engineered the app framework running the dash and created his own app. Not just for show – after hooking into the APIs available to the dash and accessible through header files, he was able to monitor car state from his app, and even lock/unlock doors. In the end, the dash got completely conquered – and he even wrote a tutorial showing how anyone can compile their own apps for the Hyundai Ionic D-Audio 2V dash.

In this series of write-ups [greenluigi1] put together for us, he walks us through the entire hacking process — and they’re a real treat to read. He covers a wide variety of things: breaking encryption of .zip files, reprogramming efused MAC addresses on USB-Ethernet dongles, locating keys for encrypted firmware files, carefully placing backdoors into a Linux system, fighting cryptic C++ compilation errors and flag combinations while cross-compiling the software for the head unit, making plugins for proprietary undocumented frameworks; and many other reverse-engineering aspects that we will encounter when domesticating consumer hardware.

This marks a hacker’s victory over yet another computer in our life that we aren’t meant to modify, and a meticulously documented victory at that — helping each one of us fight back against “unmodifiable” gadgets like these. After reading these tutorials, you’ll leave with a good few new techniques under your belt. We’ve covered head units hacks like these before, for instance, for Subaru and Nissan, and each time it was a journey to behold.

Hyundai Makes Push Towards Fuel Cell Trucking

July 16, 2020 by Lewin Day 102 Comments

Hyundai has begun shipping fuel-cell based heavy duty trucks to face off against battery-electric trucks in the commercial hauling market.

Battery electric vehicles, more commonly known as electric cars, have finally begun to take on the world in real numbers. However, they’re not the only game in town when it comes to green transportation. Fuel cells that use tanks of hydrogen to generate electricity with H₂O as the main byproduct have long promised to take the pollution out of getting around, without the frustrating charge times. Thus far though, they’ve failed to make a major impact. Hyundai still think there’s value in the idea, however, and have developed their XCIENT Fuel Cell truck to further the cause. Continue reading “Hyundai Makes Push Towards Fuel Cell Trucking” →

How To Build Your Own Convertible (For Under $500)

June 19, 2017 by Lewin Day 44 Comments

It’s a common sight in the farming areas of the world — a group of enterprising automotive hackers take a humble economy car, and saw the roof off, building a convertible the cheapest way possible. Being the city dwelling type, I always looked on at these paddock bashing antics with awe, wishing that I too could engage in such automotive buffoonery. This year, my time would come — I was granted a hatchback for the princely sum of $100, and the private property on which to thrash it.

However, I wasn’t simply keen to recreate what had come before. I wanted to take this opportunity to build a solution for those who had suffered like me, growing up in the confines of suburbia. Surrounded by houses and with police on patrol, it simply isn’t possible to cut the roof off a car and drive it down to the beach without getting yourself in altogether too much trouble. But then again, maybe there’s a way.

The goal was to build the car in such a way that its roof could be cut off, but remain attached by removable brackets. This would allow the car to be driven around with the roof still attached, without raising too much suspicion from passing glances. For reasons of legality and safety, our build and test would be conducted entirely on private property, but it was about seeing what could be done that mattered.

Continue reading “How To Build Your Own Convertible (For Under $500)” →

The Folly Of Adding An Auxiliary Audio Input To A Hyundai Sonata

November 4, 2011 by Mike Szczys 48 Comments

Why auxiliary audio inputs haven’t been standard on automotive head units for decades is beyond us. But you can bet that if you’re looking at a low-priced sedan you’ll need to buy an entire upgrade package just to get an audio jack on the dash. [Jon W’s] Hyundai Sonata didn’t have that bells-and-whistles upgrade so he decided to pop his stereo out and add his own aux port.

A big portion of this hack is just getting the head unit out of the dash. This is made difficult on purpose as an anti-theft feature, but [Jon’s] judicious use of a butter knife seemed to do the trick. He lost some small bits along the way which were recovered with a Shish Kebab skewer with double-stick tape on the end.

With the head unit out, he opened the case and plied his professional Electrical Engineering skills to adding the input. Well, he meant to, but it turns out there’s no magic bullet here. The setup inside the unit offered no easy way to solder up an input that would work. Having done all of the disassembly he wasn’t going to let it go to waste. [Jon] grabbed a nice FM transmitter setup. He wired it up inside the dash and mounted the interface parts in the glove box as seen here.

It’s nice to know we’re not the only ones who sometimes fail at achieving our seemingly simple hacking goals. At least [Jon] was able to rally and end up with the functionality he was looking for.