After reading lots on this I figured I should at least make a quick blog entry for people to be able to find. It appears there is not a lot of support out there for our tablet and with Lenovo switching to a 64-bit version for the newer tablets these are essentially being forgotten about. Of course I titled this for my intent, dual-booting, however you could also choose to remove Windows 8 entirely and make the device linux only.
You CAN get Ubuntu to boot on them, you just need a little extra work to prepare your image. First off, get yourself an ubuntu iso from their website. I used ubuntu-14.10-desktop-amd64.iso in the following example.
You’ll also need a 32-bit EFI bootloader, I’ve compiled it for my own use and figured I might as well make it available to those that need it:
Let’s say you have a 8gb USB drive that when you plug into an existing ubuntu machine it comes up on /dev/sdb. Follow these commands to build a working boot disk:
sgdisk --zap-all /dev/sdb
sgdisk --new=1:0:0 --typecode=1:ef00 /dev/sdb
mkfs.vfat -F32 /dev/sdb1
mount -t vfat /dev/sdb1 /mnt
7z x ubuntu-14.10-desktop-amd64.iso -o/mnt/
cp bootia32.efi /mnt/EFI/BOOT/
Enjoy, I might create another post as I work on getting the hardware fully working.
So now that I had a little more time I moved a little further into this (also a friendly forum member loaned me a release 5.1 DVD which happens to have a difference firmware). I’ve found that the “Program Block’s” within the hardware modules have a 32bit checksum as the last 4 bytes of each block. So if you patch changes you’d need to update the checksum to convince the NAV to accept them…
Now to try and find the section the factory override uses to open up full control!
foglem@sixcore:~/kiwi/U20 5.1/out$ md5sum *
Now that I know a little more what I’m looking for with the CRC of the program blocks but failing to find a checksum for the MIUT blocks I’ve googled around a bit more with actual strings from the unknown blocks and found some more reading material. Linking here:
I purchased a used Lexus not terribly long ago with Factory navigation. I also had a Mitsubishi which had it. And both apparently used the same Navigation software, done by Denso. The lockouts and nag screen have finally pushed me to the edge of starting to dig into the mechanisms by which these work. I will update this posting with new details as I find them, so feel free to watch this post if interested.
First off I did my due diligence and Googled around. There have been a few hacks on this over the years, but no major advancements into how it works that are openly disclosed. On the Misubishi front the most successful of these attempts actually accomplishes all my objective goals, however the author sells his exploit and thus I suspect I might not get much information from him. Regardless I have sent an email requesting some pushes in the right direction.
The primary target file which these units use is the file “loading.kwi” which appears to contain firmware for the hardware of the various cars. In most cases this file seems to include multiple similar firmware modules (embedded) for slightly different hardware that would utilize the same Nav DVD. I’ve found the original python script by Bert (http://biot.com/blog/navigation-dvd-hacking) and with a small bug fix it properly parses these newer files.
So far I have now identified that the U25 (10.1) and U27 (12.1) releases have identical firmware modules for the 4 hardware iterations embedded in them:
foglem@sixcore:~/kiwi/U25 10.1/out$ md5sum *
foglem@sixcore:~/kiwi/U27 12.1/out$ md5sum *
This of course indicates the hybrid discs (Google if you don’t understand what this is) for release 12.1 are just as effective as the 10.1. I’d be curious about testing previous releases of loading.kwi if anyone has them to split into these files. I wonder when the changes (if any) actually occured.
Next up is looking for the loading address and entry points to load this up in IDA and start working out what is what.
In addition I’ve seen references to indicate the firmware files are most likely checksum’d or hashed so that the Nav can validate the software. I’ll have to perform some tests to confirm.
So I finally picked up a Windows tablet to try one out. I refused to even consider a RT device as what good is a windows computer that can’t run backwards compatible windows applications without source to port to a new cpu!? As a result I got a Acer W510 32gb tablet with Windows 8 full version. I can’t fault the hardware, the tablet is decent and runs quite quickly.
The software however is another story. Yes it’s true, this is a real windows computer that can essentially run any windows app ever. However the tablet functionality is horrid at best. Even with the start menu and windows tablet native apps it’s just a horrible experience compared to any other tablet I’ve ever used. I have to honestly wonder, did Microsoft developers on this project ever actually USE a iPad or Android tablet? The usefulness is just terrible. From buggy and glitchy software scrolling to almost nagging procedures needed to accomplish basic tasks for a tablet this is just less useful as a tablet while being more useful as a notebook. If only it had a keyboard. Essentially I would rate this as a excellent travel computer if you plan to use a dock and keyboard and mouse. If you need a tablet, look elsewhere and you’ll be much happier.
So before I get started on my rant I’m sure someone will argue “Why not just buy MP3’s?” Honestly, because I CARE about sound quality and I want the lossless music a CD would have.
I’ve been looking for several weeks now to purchase a copy of The Birthday Massacre’s Pins and Needles album. If you add “flac” into the search instead of finding ANY vendor at all willing to sell you a copy of the digital lossless album you find nothing but piracy links… It’s so difficult to actually pay for music in the media formats we want yet the piracy is easy to find… No wonder the music industry is failing as they know it…
Would anyone like to offer to sell FLAC formatted music besides Bandcamp (excellent organization, too bad they don’t have the music I’m after)…
So I got a little bored with Android lately and decided to play with a iPhone 4 on verizon since I haven’t seen it yet. First impressions, I liked it, though it’s quite small. Thats not really a problem, I’m just ready for a 4 or 4.3″ screen since I’ve had a 3.7 for over a year now.
But now that I’ve had a few days and tried to customize it a bit let me just put this out there:
HOW THE HECK DOES APPLE NOT REALIZE AFTER OVER 3 YEARS THAT PEOPLE JUST MIGHT WANT TO BE ABLE TO CHANGE THE DARN NOTIFICATION SOUNDS FOR SMS/EMAIL!???!! I mean this is NOT rocket science. It’s the most common thing imaginable and they STILL don’t support it. How do they expect to be able to conquer the market when they can’t even get a BASIC feature taken care of? More to come later…
So recently it appears Trend Micro has rated this website as “hacking” which I don’t argue with. And a sub-rating of “dangerous” thus blocking it in their AV program. This is needless to say quite annoying. Lets see. Have we ever in the history of this site tried to trick and/or hack a user? No. We provide information only. And recently not much is even active hacks!
It seems to me if you want a good AV that actually looks into the information they are trying to protect/block then you should stay away from Trend Micro. Any recommendations on “good” products which do their research first?
As of last night HTC posted on twitter and facebook that they intend to open up the bootloader for all future devices. It remains to be seen if this will be retroactive to current new devices and/or soon to be released (already designed) devices. Unrevoked may soon be obsoleted with respect to HTC at least and we are thankful to them. Everyone let them know, this is the RIGHT thing to do!
Of course this makes the current poll obsolete, I will replace it when I decide what to put up next…