| ▲ | librick 7 hours ago | ||||||||||||||||
To update 10th-gen Honda Civics, Honda ships updates on specially-formatted USB drives. They're essentially Android 4.2.2rc1-era recovery packages with some Honda-added version checks (which can be spoofed). The packages are signed with the publicly-known AOSP test key, so with physical access to the front USB port you can sign and flash your own package for arbitrary code execution on the headunit. This doesn't require root/su. I've run it end-to-end on my own 2021 Civic and separately confirmed an official EU update file carries the AOSP test-key signature. Tooling and writeup in the post. | |||||||||||||||||
| ▲ | Alive-in-2025 2 hours ago | parent | next [-] | ||||||||||||||||
Thanks so much for your analysis. This kind of investigation and exposure of lazy work is the reason I love hacker news. | |||||||||||||||||
| ▲ | DANmode 4 hours ago | parent | prev | next [-] | ||||||||||||||||
> AOSP Android Open Source Project for those outside the bubble! | |||||||||||||||||
| |||||||||||||||||
| ▲ | vel0city 5 hours ago | parent | prev [-] | ||||||||||||||||
A number of other cars' infotainment systems are also based on ASOP. I remember downloading updates for my Hyundai which were also essentially Android images | |||||||||||||||||
| |||||||||||||||||