Activity Stream
147,539 MEMBERS
1195 ONLINE
GPSurl On YouTube Subscribe to our Newsletter GPSurl On Twitter GPSurl On Facebook GPSurl On Google+

Page 19 of 61 FirstFirst ... 9171819202129 ... LastLast
Results 181 to 190 of 606
  1.    Cracking <2010 devices that connect through MyDrive rather than TTHome   Cracking <2010 devices that connect through MyDrive rather than TTHome Cracking <2010 devices that connect through MyDrive rather than TTHome
    #181
    GPS Contributor
    Advisor
    Helper
    basflt's Avatar
    Cracking <2010 devices that connect through MyDrive rather than TTHome

    Quote:
    Only the registered members can see the QUOTE Contents. Please Login OR Register.


    thanks for additional info

    [Login or Register to remove this advertisement]

    im curious what the 12.030 for GO looks like

  2.    Cracking <2010 devices that connect through MyDrive rather than TTHome   Cracking <2010 devices that connect through MyDrive rather than TTHome Cracking <2010 devices that connect through MyDrive rather than TTHome
    #182
    GPS Contributor
    Advisor
    Helper
    basflt's Avatar
    Cracking <2010 devices that connect through MyDrive rather than TTHome

    latest truck map , but not guaranteed

    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.

  3. The Following 2 Users Say Thank You to basflt For This Useful Post:
    [ Click To Expand ]

    biggerdave (5th June 2012),daniele57 (6th June 2012)

  4.    Cracking <2010 devices that connect through MyDrive rather than TTHome   Cracking <2010 devices that connect through MyDrive rather than TTHome Cracking <2010 devices that connect through MyDrive rather than TTHome
    #183
    GPS Contributor
    Advisor
    Helper
    basflt's Avatar
    Cracking <2010 devices that connect through MyDrive rather than TTHome

    hey Rusigor , are you there ?
    i just teared apart my dock
    here is whats inside
    maybe it can be of use for you


  5.    Cracking <2010 devices that connect through MyDrive rather than TTHome   Cracking <2010 devices that connect through MyDrive rather than TTHome Cracking <2010 devices that connect through MyDrive rather than TTHome
    #184
    TomTom Master
    rusigor's Avatar


    Cracking <2010 devices that connect through MyDrive rather than TTHome

    Thanks basflt, let's see what we can get from that

  6.    Cracking <2010 devices that connect through MyDrive rather than TTHome   Cracking <2010 devices that connect through MyDrive rather than TTHome Cracking <2010 devices that connect through MyDrive rather than TTHome
    #185
    GPS Contributor
    Advisor
    Helper
    basflt's Avatar
    Cracking <2010 devices that connect through MyDrive rather than TTHome

    the business tool ...

    any tomtom user out there with knowledge of JAVA ?

    i would like to know how to use the "FileDrop Tool"
    i recon it has a purpose , they dont put it in for nothing

    i can drop anything in it , .... but then what ?
    how execute it ?

  7.    Cracking <2010 devices that connect through MyDrive rather than TTHome   Cracking <2010 devices that connect through MyDrive rather than TTHome Cracking <2010 devices that connect through MyDrive rather than TTHome
    #186
    GPS Contributor
    Advisor
    Helper
    basflt's Avatar
    Cracking <2010 devices that connect through MyDrive rather than TTHome

    somewhere above was the link to business tool
    bastards a TT blocked it , so i re-up
    grab while it lasts

    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.


    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.

  8. The Following 3 Users Say Thank You to basflt For This Useful Post:
    [ Click To Expand ]

    baltac (24th August 2012),daniele57 (10th June 2012),R@me$h (20th June 2012)

  9.    Cracking <2010 devices that connect through MyDrive rather than TTHome   Cracking <2010 devices that connect through MyDrive rather than TTHome Cracking <2010 devices that connect through MyDrive rather than TTHome
    #187

    Default Via 160 and the way of the noob hacker ;)

    I've tried everything that ic could find on the net to bring together in one package.
    Since I have neither the time nor the desire was to work with 3 different languages, I leave everything in english, please do not blame them because most of it comes either from Opentom (english) or TomTom Heaven (in French).

    Collected info's from all all over the net:
    Special credits to the guys at Opentom!

    I try to collect the things that are available so that there is one place with most of the available informations together.


    About the firmware (Navcore):
    When you install MyTomTom at your PC in C:\Documents and Settings\User\Local Settings\Application Data\TomTom\HOME3\cache you have a file like "content1. This is an upgrade.
    This file includes 20 extra bytes for every 100Kb of data. With this simple script I've managed to remove it and extract the files:

    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.


    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.


    After running this, you can unpack it from linux by "cpio -i -d < dest.dat". You can check if all the files are OK by checking the SHA1SUMs included in the file called "files":

    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.


    Then you can extract the squashed root file system with "unsquashfs" or mount it.

    SSH Dropbear
    When you connect TomTom to PC. We have another ethernet over usb. At this connection there is open 3 ports: - ftp/21 - ssh/22 - http/80
    When you connect via ssh, it need authentication certificate. It is c:\Program Files\My TomTom3\Resources\TT_root_sign_cert crt.dat.
    You can connect with your TomTom Start 20 by shh from linux. This file can be added as identity file to SSH via the -i switch. The passphrase for the connection is however unknown.


    HTTP Server
    I look deeper to http connection and i see that work only:

    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.


    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.


    Connecting to Linux:
    When plugged into an Ubuntu 10:04 laptop, is identified as a usb based network interface (dwc_otg_pcd). The Linux desktop acquires an auto-configuration IP address, and the TomTom another on the same range. for example:

    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.


    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.


    If usb0 interface doesn't show up in ifconfig output automatically, check that cdc_ether kernel module is loaded and try to run as root "ifconfig usb0 up" followed by "dhcpcd usb0" or "dhclient usb0". Afterwards ifconfig output should be similar to one provided above.
    In this example the TomTom gets an IP address of 169.254.255.1. Portscanning the device shows the following:
    Code:

    Starting Nmap 5.00 at 2011-04-18 19:28 BST



    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.



    Nmap done: 1 IP address (1 host up) scanned in 1.51 seconds


    Attempting an ssh connection reveals that the device uses authentication by key:


    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.



    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.



    Apparently the publickey is contained in a file named "TT_root_sign_cert crt.dat" (Mac OS X) that can be found within MyTomTom's installation folder. This file can be added as identity file to SSH via the -i switch. The passphrase for the connection is however unknown.


    Hi, I appreciate your work, but I have some comments and notes. First, to complete the list of opened ports, there is another port 3129 opened in the device. It's http/https proxy.
    I'd advise you to stop bothering with vmware/windows combination (both sucks). Try ubuntu on USB or some other live distribution - it's much much better.
    I think, the installed software doesn't have any kind of library for SSH, the certificate is IMHO only for SSL encryption - there is only one place in the TomTomSupporterProxy.dll, which uses this file - as a certificate for SSL using QtNetwork library.


    Either there should be some communication to allow stealing of the correct certificate, or someone has to steal the certificate at TomTom's side.


    Here's piece of dissassembled code of the TomTomSupporterProxy.dll


    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.



    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.








    Translations from tomtomheaven about the Go1000 but problems are the same:

    A friend ... I was told that it was not bad shielded, but that nothing was impossible a few details:

    1) the tomtom connects directly to the PC using the network 169.254.255.1 (tomtom) -> 169.254.255.2 (PC)
    a few xml messages are exchanged at that time ... Hello, Id tomtom ... etc..

    2) Obviously, the tomtom is coming and the resident program seems MyTomTom relay information on the website of TomTom (also for s announce) certificate,
    secure connection, etc. ...

    3) The tomtom check itself for possible update ... this way ... the status being relayed between machines via xml ... progress, processing ...
    In other words, if you planned to see something through these exchanges http ... it's only ads, the status of progress ... etc., not very informative .. well ...
    Trying to access tomtom directly to: ssh or scp or another ... the tomtom responds, of course,
    but dropbear is configured so that only holders of the private key can connect ... (authorized_key only ) for the common man was just right to
    RSA Key fingerprint is 69:40: bf: 99 ... and a permission denied (publickey) ... even after he should have the passphrase.


    Hello,
    I have been very recently a model VIA 125 and the problem of clamping MyTomTom is identical.
    After some analysis I could find some parameters that are exchanged between the software and GPS MyTomTom.
    However, I am quite interested in a list of certificates that nobody has talked on the web currently.
    At the url:
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.

    It is an XML file containing all the device parameters (version, serial number) but also an extensive list of certificates (There are 22) in this form:
    <Certificate id = "15e7406e-f8a4-47da-BF10-7506ae0b786a" certdata = "BQAAAFArBe64iHvg ....." /> (Truncated because too long)
    Do you have an idea what these certificates could match?
    A year after the release of these models, it is surprising that no one was more advanced on the subject.




    Hello,
    I share this information which I am sure you will make a difference:


    This info for access to the file system TT Live 1005. I was able to decode the files Maj (ttpkg) downloaded from the site of TT. Example: the file "content1" MyTomTom downloaded on my computer is the file 00000000-0074-0011-0310-008604472528_system-update.ttpkg
    This file looks like a tar or cpio, but if you try to do a cpio above it does not work because TT has garbage characters inserted inside it must remove before making a cpio to extract all files in this container. The solution is here: See the shell script at the bottom of the page:
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.

    Once you can execute without a bp to cpio and get the following files:
    - Files
    - Files.sig
    - System-update_860447_bcm4760-current.ipk
    - A folder "system-update_860447_bcm4760-current_data" containing:
    rootfs.img.new
    zImage


    Now that the extraction is done, we must look at the file rootfs.img.new
    The first 4 characters of this file are "hsqs" indicating that this is a squashfs file format.
    To access the contents simply mount it on a Unix mount point with the following command:

    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.



    Then just browse to the folder / mnt to approach the holy grail. The hierarchy:
    Quote:
    Only the registered members can see the QUOTE Contents. Please Login OR Register.


    The contents of / etc / passwd for example gives us:


    Quote:
    Only the registered members can see the QUOTE Contents. Please Login OR Register.



    Details of all modules installed on the TT is placed in / usr / lib / opkg / status, indicates that:
    Embedded processor in the TomTom Go Live 1005 is a BCM4760 home Broadband:
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.

    The SSH server: dropbear "SSH-2.0-dropbear_0.52". The ssh server is available for free download at TT at: @
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.
    533054.tar.bz2
    The embedded Linux is a version 2.6.28 for BCM4760
    The web server is: Mongoose web server:
    Ftp: obxftpd


    Response from Cyph:
    Not bad actually ...
    While AC have long pass in / etc / passwd shadow ... are not really used, such as ... (in any case, this can give ideas to login ...)
    After performing a port scan service it turns out that only 22 and 80 are visible.
    22 for ssh
    80 for http
    I was interested in a feat ftp (the coup obexftpd) but it is grated since everything boils down to the ssh ...
    I see a trail: attempt a feat of mongoose 3.1 ... there is clearly a BufferOverflow on a PUT ... that would execute arbitrary code.
    It is not yet won to execute our own code ... but not despair ... (especially since the interest is just to bring you the plugins ... and THAT IT!)
    We would have to talk a little in private tracks ... Any takers I am available on pure_lucif@hotmail.com


    I searched a bit ... I like our friend searched as Anonymous


    You can also unpack your files, it helps to understand the system.


    rootfs.img.new would not be difficult to create, as said before: it is a compressed filesystem type squashfs.


    What about other files around it?


    File contents "files"
    d6d371cb99337b06b0101598a760a91fcb610b87 system-update_890538_bcm4760-current_data/rootfs.img.new
    cc868428833cf658c1a0d651d3a68d05bb2b750a system-update_890538_bcm4760-current_data/zImage
    e3984cdb0a658808c82468ea25d9d6e71ecc835f update_890538_bcm4760-system-current.ipk


    It therefore lists the files in the package, and obviously, there is already a first calculation:
    What does
    d6d371cb99337b06b0101598a760a91fcb610b87
    ?


    I will say that it strongly resembles a calculation "digest" type SHA/SHA1.
    I'm just guessing, of course.




    The file Files.sig
    Probably a signature file to ensure that does not change the file Files
    No idea of ??his generation.


    The file-system-update_890538_bcm4760 current.ipk
    This is a tar.gz which itself contains three files
    Control.tar.gz
    Data.tar.gz
    Debian-binary


    Control the file is an ASCII file containing the following information:


    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.



    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.



    Source: rootfs / / depot-open/mcl/branch/navx10.2/branch/baarn/branch/rennes/main / ... @ 890538; riaf-mcl-navx10-2-stimpy-nlbld13; root @ nl- bld-13.intra.local; Wed, March 21, 2012 11:51:49 0100; Linux nl-bld-2.6.18-13.intra.local 274.el5 # 1 SMP Fri Jul 8 5:36:59 p.m. EDT 2011 x86_64 x86_64 x86_64 GNU / Linux gcc version 4.3.3 (TomTom CipherWizardry 2009q1_203-474426)
    Priority: major
    Description: System update
    TT-Package-ID: 00000000-0074-0011-0350-008905383010




    Go, I go back.


    I'll dig this:
    var
    tmp
    sys
    proc
    content
    usr
    root
    mnt
    media
    init ->sbin/init
    home
    dev
    opt
    sbin
    etc
    lib
    bin


    We begin by the webserver, some information was known, but some are quite fresh and have never been disclosed!


    Looking in the file service_webserver.conf you find a lot of information about mount points made ??before launching the webserver (the one who answers when you load a POI file, cursor on your tomtom ...)


    Already

    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.



    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.



    the root directory of the webserver is / var / run /


    Suddenly, everything under / var / run can potentially be accessed:


    Here's everything I could find ...

    / Var / run / PCMI =>
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.
    = The main page that everyone knows
    / Var / run / dump =>
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.
    = page to get her screenshots
    / Var / run / personal =>
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.
    = page to see everything you have loaded the tomtom
    / Var / run / pcmi_tmp =>
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.
    = Mystery! (Let's not open up / tmp to the webserver), we'll dig this stuff ...
    / Var / run / gpslogs / =>
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.
    = It's all in the name logs and GPS, it does not seem to me that someone had referred
    / Var / run / cprid / =>
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.
    = Connection reset by peer, digging ... # Ensure There Is access to the the timestamp for the last upload CPR.
    / Var / run / factorydata =>
    Link URL:
    Only the registered members can see the Link URLs. Please Login OR Register.
    = information on your tomtom


    I feel that this information will be taken over, after all ... it is for this.


    What can we do with that in your opinion?


    1178 January 15, 2011 tt_rootfs_dev_pubkey.dsa
    1192 January 15, 2011 tt_rootfs_dev_privkey.dsa
    1178 January 15, 2011 tt_loopfs_prod_pubkey.dsa
    2576 January 15, 2011 tt_loopfs_prod_privkey.dsa.gpg
    1178 January 15, 2011 tt_loopfs_dev_pubkey.dsa
    1192 January 15, 2011 tt_loopfs_dev_privkey.dsa
    1178 January 15, 2011 tt_kernel_prod_pubkey.dsa
    1291 January 15, 2011 tt_kernel_prod_privkey.dsa
    1178 January 15, 2011 tt_kernel_dev_pubkey.dsa
    1192 January 15, 2011 tt_kernel_dev_privkey.dsa
    1192 January 15, 2011 tt_factory_dev_privkey.dsa
    given by a friend who wishes us well ... without telling me if we can do something.


    > Gpg tt_loopfs_prod_privkey.dsa.gpg


    gpg: encrypted with ELG-E key, ID 18BBCF3F
    gpg: encrypted with ELG-E key, ID CD70EBC0
    gpg: encrypted with 2048 bit key ELG-E, ID 76C5C5C6, created on 2009-11-26
    "Axx Bxxxxxxxx <axx.bxxxxxxxxx@tomtom.com>"
    gpg: decryption failed: secret key not available


    It is not forbidden to search for its culture? I just want to learn.


    I tried with putty after conversion of key ...
    Refused the server your keys.


    I think these keys are used, but elsewhere.
    Signatures of packages such ...


    Furthermore, I confirm this:
    dgst-openssl sha1 ./system-update_890538_bcm4760-current_data/rootfs.img.new
    SHA1 (./system-update_890538_bcm4760-current_data/rootfs.img.new) = d6d371cb99337b06b0101598a760a91fcb610b87


    Which means I can generate the files


    I still find files.sig .... and and and ... Exactly ...


    I think our key for this. I continue.

    Well I obviously also a tool for signature:
    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.


    Hop, I found another source on the signing:

    Code:
    Only the registered members can see the CODE Contents. Please Login OR Register.

  10. The Following 8 Users Say Thank You to ggggghhh For This Useful Post:
    [ Click To Expand ]

    arie0510 (18th November 2013),Bitchkilla (25th June 2012),cheapo (22nd June 2012),daniele57 (21st June 2012),fylli (24th June 2012),gps4 (6th September 2012),Mobile_Guru (24th June 2012),WhiteRabbit (21st June 2012)

  11.   Advertisements

  12.    Cracking &lt;2010 devices that connect through MyDrive rather than TTHome   Cracking &lt;2010 devices that connect through MyDrive rather than TTHome Cracking &lt;2010 devices that connect through MyDrive rather than TTHome
    #188

    I took a look at the business tool, and here's my understanding of what happens:

    - You select a TomTom package file (ttpkg) and select "Install"
    - The tool has an embedded web server that uses https. The device itself also has an embedded web server that uses plain http
    - The file you selected is added to a list of files that are to be served by the https web server
    - A call is made to the device's web server, more specifically to the /mpnd/trigger URL
    - This will cause the device in it's turn to contact the embedded https server which will serve the ttpkg file

    It would be pretty easy to create such a tool yourself, since the certificates for the embedded https server are in the .jar file.

    I don't have a TomTom of the latest generation so I can't test it, but can't you just use this business tool to upload the latest maps?

  13.    Cracking &lt;2010 devices that connect through MyDrive rather than TTHome   Cracking &lt;2010 devices that connect through MyDrive rather than TTHome Cracking &lt;2010 devices that connect through MyDrive rather than TTHome
    #189
    GPS Contributor
    Advisor
    Helper
    basflt's Avatar
    Cracking &lt;2010 devices that connect through MyDrive rather than TTHome

    Quote:
    Only the registered members can see the QUOTE Contents. Please Login OR Register.


    yes , it installs the map without problem , except :...its not activated ( thats where the connection w TTserver comes in , to sent activation key to device )
    various navcore updates also can be installed , other then official

    and , more "funny" ;... no way to remove the map
    MyTomtom does not remove it either , unless there is not enough disk-space for official map

    btw
    besides http the tool also uses ssh

    for those who do have a device ;
    use WireShark to see what is happening

  14.    Cracking &lt;2010 devices that connect through MyDrive rather than TTHome   Cracking &lt;2010 devices that connect through MyDrive rather than TTHome Cracking &lt;2010 devices that connect through MyDrive rather than TTHome
    #190

    I looked at the tool and it seems to use SSH in 2 cases:
    1. To perform a "rescue" operation. It uploads an ipk file and then executes the command "opkg-cl -conf /etc/opkg.conf -o /content -p /bin install /content/pacakge.ipk; reboot"
    2. To reboot the device (this is simply and /sbin/reboot).

    It logs in with user "root" and password "dummy" for both operations.

    I don't see anything involving maps activation. When you say "the connection w TTserver", is it the device that connects to the TTserver or is it your computer?

Page 19 of 61 FirstFirst ... 9171819202129 ... LastLast

Similar Threads

  1. Replies: 1
    Last Post: 4th February 2015, 10:20 PM
  2. NAV3 devices that use v10-v14 navcore and MyTomTom/MyDrive connection
    By biggerdave in forum TomTom Models Listing
    Replies: 0
    Last Post: 8th May 2012, 03:32 PM
  3. Replies: 0
    Last Post: 31st March 2011, 03:30 PM
  4. Garmin CHINA City Navigator NT 2010.32
    By HULK in forum Garmin Maps
    Replies: 0
    Last Post: 5th March 2011, 01:32 AM
  5. City Navigator Singapore/Malaysia NT 2010.40
    By HULK in forum Garmin Maps
    Replies: 0
    Last Post: 5th March 2011, 01:22 AM

Tags for this Thread

Amount:

Enter a message for the receiver:
BE SOCIAL
Cracking &lt;2010 devices that connect through MyDrive rather than TTHome Cracking &lt;2010 devices that connect through MyDrive rather than TTHome Cracking &lt;2010 devices that connect through MyDrive rather than TTHome GPSurl On Facebook Cracking &lt;2010 devices that connect through MyDrive rather than TTHome