• Welcome to CivicXI.com everyone!

    If you're joining us from CivicX.com, then you may already have an account here!

    As long as you were registered on CivicX.com as of May 24, 2020 or earlier, then you can simply login here with the same username and password!

Honda Hack / Root: 11th Gen - Work In Progress Discoveries

Jamieden

Member
First Name
James
Joined
Aug 5, 2022
Threads
0
Messages
39
Reaction score
9
Location
Florida
Vehicle(s)
2022 Honda Civic Touring
this is essentially where things were left on page 2. No progress has been made since, as we are unable to authorize the device on the HU itself like android typically lets you do.

https://www.civicxi.com/forum/threa...ork-in-progress-discoveries.49933/post-823444

To my knowledge, the vendor keys are set on the HU (server) not the client. So either there’s a setting somewhere we need to unlock to enable a true adb connection, or there is a software method to enable it (boot loader scripts perhaps like with the Chinese software update scripts have done, or a special apk authorized by Honda).
You think we could use the system reboot option in one of the hidden menus to force the HU to boot into recovery/bootloader/fastboot upon bootup?
 

Jamieden

Member
First Name
James
Joined
Aug 5, 2022
Threads
0
Messages
39
Reaction score
9
Location
Florida
Vehicle(s)
2022 Honda Civic Touring
You think we could use the system reboot option in one of the hidden menus to force the HU to boot into recovery/bootloader/fastboot upon bootup?
Maybe there is even a button combination to access the normal Android recovery environments. After all, there has to be a reason the system reboot option is hidden so deep in the hidden settings, and there is NO way they sacrificed the little amount of comfort they had with their tools for security, no matter how secure they want it to be. Anything that is 100% secure has little to no comfort, and to many people, that is bad design. There has to be something we can find.
 

iLLNESS

Member
Joined
Sep 10, 2016
Threads
0
Messages
27
Reaction score
1
Location
Ontario, Canada
Vehicle(s)
1993 EG k20a2, 2017 Civic Touring
You think we could use the system reboot option in one of the hidden menus to force the HU to boot into recovery/bootloader/fastboot upon bootup?
There is an option to enable rebooting into bootloader inside the dev options as I recall. From there it’s a matter of making a compatible USB stick and having the right startup.sh to accomplish the tasks you want.
I believe the 10th gen civic thread for Honda hack has some info about this process (related to the Chinese firmware) on XDA forums.
 

Jamieden

Member
First Name
James
Joined
Aug 5, 2022
Threads
0
Messages
39
Reaction score
9
Location
Florida
Vehicle(s)
2022 Honda Civic Touring
There is an option to enable rebooting into bootloader inside the dev options as I recall. From there it’s a matter of making a compatible USB stick and having the right startup.sh to accomplish the tasks you want.
I believe the 10th gen civic thread for Honda hack has some info about this process (related to the Chinese firmware) on XDA forums.
You wouldn’t happen to have the link, would you? Also, the only option I saw was OEM Bootloader Unlocking. I couldn’t find a way to boot straight into the bootloader. Will the HU run a startup.sh file on a USB automatically on reboot?
 


Jamieden

Member
First Name
James
Joined
Aug 5, 2022
Threads
0
Messages
39
Reaction score
9
Location
Florida
Vehicle(s)
2022 Honda Civic Touring
Also, side note, I googled what came up on the device manager when in ADB mode, and it seems this system is running a Qualcomm Snapdragon 820.
 

Jamieden

Member
First Name
James
Joined
Aug 5, 2022
Threads
0
Messages
39
Reaction score
9
Location
Florida
Vehicle(s)
2022 Honda Civic Touring
Shot in the dark, I'm going to try to use the Dirtyc0w exploit to gain escalated privileges.
 

iLLNESS

Member
Joined
Sep 10, 2016
Threads
0
Messages
27
Reaction score
1
Location
Ontario, Canada
Vehicle(s)
1993 EG k20a2, 2017 Civic Touring
You wouldn’t happen to have the link, would you? Also, the only option I saw was OEM Bootloader Unlocking. I couldn’t find a way to boot straight into the bootloader. Will the HU run a startup.sh file on a USB automatically on reboot?
I misremembered. The .sh bootloader script was something else, but related to the Civic (but I can't seem to remember where I saw it).

This was the Chinese method to get a browser installed on the Civic. I highly suggest you do not do this as the Android versions are not similar and you could potentially mess your HU up.
 

Jamieden

Member
First Name
James
Joined
Aug 5, 2022
Threads
0
Messages
39
Reaction score
9
Location
Florida
Vehicle(s)
2022 Honda Civic Touring
I misremembered. The .sh bootloader script was something else, but related to the Civic (but I can't seem to remember where I saw it).

This was the Chinese method to get a browser installed on the Civic. I highly suggest you do not do this as the Android versions are not similar and you could potentially mess your HU up.
Might be the old CLI version of HondaHack. But what we can try to do is use cheeky workarounds, like using a steganography attack to force the system to execute code out of a photo, since we can upload images to use as wallpaper.
 

Jamieden

Member
First Name
James
Joined
Aug 5, 2022
Threads
0
Messages
39
Reaction score
9
Location
Florida
Vehicle(s)
2022 Honda Civic Touring
Does anyone have any experience with exploiting vulnerabilities for Android? The version on the HU is 8.1.0. If we can find a vulnerability, we can exploit it to either execute code, or to bypass certain things, or to escalate privileges.
 


Jamieden

Member
First Name
James
Joined
Aug 5, 2022
Threads
0
Messages
39
Reaction score
9
Location
Florida
Vehicle(s)
2022 Honda Civic Touring

Jamieden

Member
First Name
James
Joined
Aug 5, 2022
Threads
0
Messages
39
Reaction score
9
Location
Florida
Vehicle(s)
2022 Honda Civic Touring
1. Just a thought… is the head unit separate from the info cluster?
2. I haven’t tried any of the exploits I found yet, but I’m planning on it
3. Is there a way to modify the info cluster?
 
 




Top