Can't read release info

[javigody]

When i try to install this on mi unit, the updater give an error, "can't open/read release info" SEAT MIB High with SW 1308

[hxigor]

Another few hours spent, nothing works with this damn unit. I did a complete reflash again with SW 1440, still doesn't work. Unfortunately I don't know the root pw for SW 1440, I just can read the log. Just the SD card inserting is logged with MEDIUM_UNKNOWN -> MEDIUM_INSERTED, but the update start or error is not logged.

@jilleb I attached the Putty log, maybe anything useful for you? putty.log

[jilleb]

I'll have a look. Can you maybe try to install the toolbox SD by enabling SWDL Ignore region/variant from green menu?

I'll look for a pass so you can install the toolbox manually.

[DejanBukovec]

@jilleb just to be clear we normaly install this update by holding menu button for around 5 seconds until it open yellow menu(Service mode) and select first option for software update(Software update/versions)? Or we must normaly install this toolbox from some other option(SWDL in Testmode menu)? Or somewhere in green menu?

Does this file help you? AllVersionInfo.txt

[hxigor]

@jilleb Unfortunately there's no "Ignore region/variant" checkbox in GEM of this unit. The GEM version is 4.12st, there is only one entry "User Defined SWDL" in the production/rcc_prod/swdl_prod menu. @DejanBukovec I think it should be the same, SWDL in Testmode just redirect you to the update screen. The difference ist that going through Testmode you can enable "Software download manual download".

[peterbensch]

Skoda Octavia 5E Build date : 5.12.2017 GPS up to date (2019/2020)

Tried with Skoda Kodiaq too, same FW (1163), without success

AllVersionInfo.txt

[turboblade]

@hxigor I am also on GEM 4.12st in a 2018 A5 B9. MIB version is MHI2Q_ER_AUG22_P4212 with MU software 1177. It appears this is a newer qualcomm chip which replaced the old nvidia.

When attempting to load the update from the SD card, I was faced with the following error:

A variant conflict has occurred! Main Unit version: FMQ-P-TNDL-EU-AU-MLE. Release metainfo version ...........

It appears the skipCheckSignatureAndVariant tag in the metainfo2.txt file is being ignored.

[jilleb]

Variant MIB2P wasn't supported, but in my most recent commit I included the variant for P as well.

[turboblade]

@jilleb Thanks. I need to download the latest version then. I'll post back with my results.

[DejanBukovec]

My unit in green mode show also in left top corner GEM 4.12st ...

[turboblade]

@jilleb so re-downloaded all files to include the latest commit. I am now faced with metainfo2.txt signature is not correct error.

Should I have "User Defined SWDL" enabled in the production/rcc_prod/swdl_prod menu?

[yanqemil]

Another few hours spent, nothing works with this damn unit. I did a complete reflash again with SW 1440, still doesn't work. Unfortunately I don't know the root pw for SW 1440, I just can read the log. Just the SD card inserting is logged with MEDIUM_UNKNOWN -> MEDIUM_INSERTED, but the update start or error is not logged.

@jilleb I attached the Putty log, maybe anything useful for you? putty.log

Please do you share 1440 firmware?

[jilleb]

Let's bring a little more structure into this topic, and please don't ask for firmware here. Drop me a message on facebook if you need anything.

Signature is not correct error: Can you check the metainfo has checksum cb48da84e8eb0a4f99e3c89e9a2c1e911eadd7ff inside it?

We tested on MIB2P with this metainfo, and it allows installation of the new files. The only thing that doesn't seem to go well is the placement of new scripts after install, but that's something we will investigate.

@jilleb Unfortunately there's no "Ignore region/variant" checkbox in GEM of this unit. The GEM version is 4.12st, there is only one entry "User Defined SWDL" in the production/rcc_prod/swdl_prod menu.

The GEM version doesn't determine what's available and what's not. The ESD-files in the engdefs folder determine what's there. Please try User Defined SWDL, and report back 👍

[magna413]

SW Train Version: MHI2_ER_SEG11_P4708 SW MU Version: 1409 Partnumber: 5F0035020H HW-Version: 5F0035020

Address 5F: Information Electr. (J794) Labels:* None Part No SW: 5F0 035 020 H HW: 5F0 035 020 Component: MU-H-ND-EU H54 1409
Serial number: Coding: 04738001FF0A00001111110100890A232F0102F401200400BE

[R0bbieJ]

With Jillie's help i updated my VW infortainment to 1367 but sadly still same metainfo2.txt error 😥

[hxigor]

@jilleb I tried checking User defined SWDL in GEM, didn't help. I compared the AllVersionInfo.txt files posted by people who have problem with my AllVersionInfo and I can't find any relation. What's somewhat interesting that I have a Skoda unit and my branch is rel/CLU8_SEAT, @peterbensch has also Skoda unit but his branch is rel/CLU8 and finally @DejanBukovec has a Seat unit with a branch rel/CLU8_AU. What's interesting, people who report a problem have H54 units, so I have a bad feeling that our problem could be hardware specific? Is there any successful installation of the toolbox on a H54 unit?

Added after another hour or two: I was playing with metainfo2.txt from the latest commit. It seems the problem is with the latest entry containing the payload. When I removed it completely, I got no error and I can choose the MQB Coding Toolbox V2. As I like to play, I continued and have found out that the problem is in the destination! When I change the Destination value to (obviously stupid) /net/mmx/mnt/navdb/PersonalPOI/mqbcoding.esd, I get no error! Changing back to default /net/mmx/mnt/app/eso/hmi/engdefs/mqbcoding.esd brings the error back. So the question is, what's wrong with this destination path?

[jilleb]

The issue is not with the H54 units, because my own unit is one of them.... 😏

Good research on the path. Let's try one with path traversal,

/net/mmx/mnt/navdb/PersonalPOI/../../../../../../../../../../../../../../../net/mmx/mnt/app/eso/hmi/engdefs/mqbcoding.esd

[hxigor]

Sooo... It was a great idea with the path traversal! A small step for a man but a giant step for a mankind! But we're still not at the finish line, the payload update fails with error 131 :-(

[jilleb]

Okay, that's something. I've seen error 131 before. Can you retry in manual swdl mode and select the poi update and payload? And we could do with less /.. / I guess haha

[hxigor]

Same error with manual checked and just personal poi with payload selected

[turboblade]

I can confirm that checksum is as described. Tried with custom swdl on and off.

[jilleb]

We tested some more, and it turns out that the following is happening:

If you update the io controller to the latest version, it's working. If you use an old version, metainfo error. So I guess updating firmware doesn't update ioc... I'll look some more into this.

[DejanBukovec]

Is possible update io controller by same methode as fw(by sd card)? Or dealer must do this?

[yanqemil]

How is possible update io controller? if is possible to update send me files i will try I want to try with the latest fw 1440 but not find anyware

[turboblade]

Regarding the signature not correct error, can you please advise how the checksum is calculated? Perhaps the calculation is different for my version. Thanks

[jilleb]

Signature is something other than checksum.

Checksum is calculated over entire metainfo, excluding the line with checksum

[turboblade]

@jilleb OK, I understand. so it appears this version ignores the skipCheckSignatureAndVariant = "true", requiring the file to contain the proper signature. I am guessing this is impossible without the private key.

[hxigor]

@jilleb The question is how to update the IO controller... I did a complete SW 1440 flash with everything checked and if this didn't update the IOC, then there must be some other way. Just an idea I'm going to try this evening: Modify the original 1440 update, add skipCheckSignatureAndVariant and skipMetaCRC properties to metainfo so the changes in files would be accepted. Then modify the finalscript to copy the payload.sh to /net/mmx/mnt/app/eso/hmi/engdefs/mqbcoding.esd? I'm just curious about the finalscript, it's calling DisableGEM for disabling GEM? I wish I had a root pass for 1440... @DejanBukovec The dealers can make updates the same way as we do - through SD card. They are not skilled enough to do it other way.

[hxigor]

I played with the original script round and round and when I changed the payload destination to previously mentioned bad location/net/mmx/mnt/navdb/PersonalPOI, the script finished succesfully. It seems to me as the /net/mmx/mnt/app/eso/hmi/engdefs directory is not writable or something like that :-( Regarding the IOC, I checked the SW 1440 and there are IOC files for MQB V850, app version is 8863 while the bootloader is version 210. I compared the update list of succesfully finished complete SW 1440 update, and both app and bolo match the version from the update package...

[yanqemil]

I played with the original script round and round and when I changed the payload destination Regarding the IOC, I checked the SW 1440 and there are IOC files for MQB V850, app version is 8863 while the bootloader is version 210. I compared the update list of succesfully finished complete SW 1440 update, and both app and bolo match the version from the update package...

Is possible to contact me please at " yanqemil (at) gmail.com " about this? Tnx. Not find any possiblity to personal message.

[yanqemil]

I have updated from 1240 to 1382 and i have same IOC info, app 8863 , bootloader 210. You have newer 1440 with same old IOC

[turboblade]

Does anyone know the root telnet password mhi2q_er_aug22_p4212, or even the hash, and I will try to use hashcat to reverse engineer it. I would like to try an alternative method for installation.

[specularius]

Not Working on: Model: VW mk7 (Discover Pro, 3G0 035 021 D) Sw: H51 0814
Issue: can't read metainfo2.txt

[jilleb]

Installing new IO controller can be done from the console. But maybe it can be done by doing Manual SWDL from the dev menu, and selecting MUNIC and IOC stuff

[hxigor]

@jilleb For Skoda the latest SW is 1440 and this contains the old IOC (8863+210). Updating through manual update should work, we just need the new version files. Is it possible to extract it from other e.g. VW update? Bypassing signature check we should be able to flash it I hope. IMHO the pass for 1440 would be better :-P

[medenkass]

Not working on: Seat Leon 5F MIB2 high BJ 2016 VAG Nr. SW: 5F0035020B
HW: 5F0035020
SW Version 0355 Issue: can't read metainfo2.txt

[turboblade]

@hxigor How do you go about bypassing signature check? skipCheckSignatureAndVariant appears to be ignored in my version, or am I missing something?

[hxigor]

@turboblade I was thinking about using the skipCheckSignatureAndVariant setting in metainfo. If it will work, then we just need to extract the IOC + MUNIC update from other SW (btw who has the latest, VW, Audi or Seat?) and then force update to units with older versions and we should be complatible with M2T. I had no time to do more tests, I was busy at work and later busy at home building a two deck Lego garage with my kids :-)

[turboblade]

@hxigor Let me know how that goes. On my version, even when skipCheckSignatureAndVariant is used, update still fails on signature.

[hxigor]

@turboblade Unfortunately it seems the skipCheckSignatureAndVariant setting doesn't exist or is ignored. I searched all skip* strings in the MIBRoot and found just these: skipSaveMuVersion skipSaveTrainName skipCRC skipCBConsistencyCheck skipCBConsistencyRccCheck skipCBConsistencyMmxCheck skipCheckVariant skipCheckRegion skipMetaCRC skipMetaChecksum skipRollback skipChecksum skipScriptCRC skipScriptChecksum skipMostPopup skipFileCopyCrc skipFileCopyChecksum skipInvalidateTransactionImageByMmx skipCheckConsitencyImages skipRccInMmxDependencyError skipCheckMmxEmergencyValid skipEraseOrphanedEfsHeaders skipEraseOrphanedImageHeaders skipFile skipResolve skipResolveFiles skipRestore skipRestoreFiles skipSendErase skipReceivedErased skipSendData skipReceivedData skipSendTransferDataExit skipReceiveTransferDataExit skipSendCrc skipReceiveCrc skipBehaviourAvail skipDir skipDirection skipScope skipRequest There's no trace of skipCheckSignatureAndVariant .

@jilleb Can you please share information what is the minimum version of IOC we need? I have ordered another MIB unit, this time 565 035 021 D with H55 and SW 1382 and we'll see. Don't ask me how many MIB units I have and in any case don't tell my wife 😇

[hxigor]

@jilleb: I have another incompatible unit :-( SW Train Version: MHI2_ER_VWG11_K0261 SW MU Version: 1100 Original part number: 3G0035043 H33 with SW 0078 After update to latest available version: 3G0035043 H33 with SW 1100, IOC version is 146 BOLO and 3205 APP

[magna413]

SW Train Version: MHI2_ER_SEG11_P4708 SW MU Version: 1409 Partnumber: 5F0035020H HW-Version: 5F0035020

Address 5F: Information Electr. (J794) Labels:* None Part No SW: 5F0 035 020 H HW: 5F0 035 020 Component: MU-H-ND-EU H54 1409 Serial number: Coding: 04738001FF0A00001111110100890A232F0102F401200400BE

Today I had success with a VW MIB2.5 unit. And was unsuccessful with different MIB2.5 unit.

Successful: Part No SW: 5NA 035 043 C HW: 5NA 035 032 Component: MU-H-N-EU 055 1161
Application Version: 16909592 Bootloader Version: 210 Application Version: 8763

Unsuccessful: Part No SW: 5NA 035 043 A HW: 5NA 035 043 Component: MU-H-N-EU H54 1161
Application Version: 16909592 Bootloader Version: 210 Application Version: 8863

My SEAT unit Unsuccessful:

Part No SW: 5F0 035 020 H HW: 5F0 035 020 Component: MU-H-ND-EU H54 1409 Application Version: 16909592 Bootloader Version: 210 Application Version: 8863

Could it be that newer IUC application doesn't support this script?

[jilleb]

That sounds very very plausible, Thanks for the analytical research @magna413.

Let's see if we can make a list of application versions that do and do not support the toolkit.

[jilleb]

okay... new idea, I just need someone to test it ;-)

@hxigor , can you test if the following works:

• remove the payload stuff from the metainfo2.txt
• change the [PersonalPOI\InfoFile\0\default\File] section so the destination goes from /net/mmx/mnt/navdb/PersonalPOI/Update.txt to /net/mmx/mnt/app/eso/hmi/engdefs/mqbcoding.esd
• recalculate metainfo checksum
• retry installing

Maaaaaybe we don't need the payload, but we can use the copy mechanism from the Update file ;-)

[peterbensch]

@jilleb Maybe you could open a test branch with those modifications ?

[jilleb]

Good idea. I'll have to see(tomorrow) how that works with git, but let's try :-)

[magna413]

I tried above method, but doesn't work. Soon as the destination is changed doesn't work. With just payload removed(And checksum ofc) metainfo is read, but when destination is changed, doesn't work.

[olli991]

SW Train Version: MHI2_ER_SEG11_P4705 SW MU Version: 1338 Partnumber: 5F0035020G HW-Version: 5F0035020 SW-Version: H29.344.49_HIGH2_EU

For the list:

• I ran on Seat FW 1338 with an already installed IOC App 8863 from factory which wasn't compatible.
• Updated to 1409 with no problems. IOC App still is 8863.

8863 seems to be a newer version than 1409 comes with so there is no downgrade option. like listed above, 8763 is the compatible version for this. I think we have to find a way down or there maybe is a even never IOC-Version which brings back the backdoor (unlikely).

[hxigor]

@hxigor , can you test if the following works:

* remove the payload stuff from the metainfo2.txt

* change the [PersonalPOI\InfoFile\0\default\File] section so the destination goes from /net/mmx/mnt/navdb/PersonalPOI/Update.txt to /net/mmx/mnt/app/eso/hmi/engdefs/mqbcoding.esd

* recalculate metainfo checksum

* retry installing

I tried it with 3G0035043 H33 SW 1100, IOC version 146 BOLO and 3205 APP - no luck :-(

[magna413]

Although not a solution waited for, but for me I got Android Auto patched running the script from shell.

Could it be maybe possible to install toolbox also from shell?

[jilleb]

Although not a solution waited for, but for me I got Android Auto patched running the script from shell.

that's great news :-)

Could it be maybe possible to install toolbox also from shell?

Yes. Copy the payload.sh to /net/mmx/mnt/app/eso/hmi/engdefs/mqbcoding.esd Then go to the green menu, you will find a new menu: mqbcoding. Install the scripts from SD-card by running the script button. Done :-)