Create CIC script from A to Z

Deler

New Member
Oct 25, 2017
9
6
0
Ride
BMW
In this thread I will try to do my best and explain how to create CIC script from the first step to the last.
I know many of you may already know how to do that, but I decided I will post this thread for anyone wants to know from where to start.
let's start

1- Install QNX
For installing QNX both QNX Software Development Platform and QNX Neutrino RTOS (VMWare), you can follow this thread "Setting up development environment" thanks to "Deadknight". I want to add only one different step about license/key, I used a KeyGen for QNX found it here (download) so in this case you don't need to have windows 7 as developer platform you can install QNX Development Platform on your machine no need for another VM.
Please Note: you can use the same KeyGen for "QNX Software Development Platform" and "QNX Neutrino RTOS (VMWare)" it works for both 6.3.0 and 6.3.2 (tried on both).

Keygen.PNG

2- Write a script
I will not go in detail how to use QNX Development Platform, you will find this information by yourself (use Dr. Google)

I have created an example it will help us to continue with the rest of the thread. This example (script) will read 1B from your CIC "I know this script is already online on some other sites, but I have done my own script to do the same work".

Script code:
Code:
#include <cstdlib>
#include <iostream>
#include <fstream>
#include <stdio.h>
#include <sstream>
#include <algorithm>
#include <vector>
#include <sys/sysmgr.h>

std::size_t size;

bool _file_exist (const char * _filename) {
    if (FILE *file = fopen(_filename, "r")) {
        fclose(file);
        return true;
    } else {
        return false;
    }   
}

bool _remove_file (const char * _filename) {
    return !remove(_filename);
}

void _copy_file( const char* srce_file, const char* dest_file )
{
    std::ifstream srce( srce_file, std::ios::binary ) ;
    std::ofstream dest( dest_file, std::ios::binary ) ;
    dest << srce.rdbuf() ;
    srce.close();
    dest.close();
}

char* _read_file(const char* _fileanme){

    //Read the file
    std::ifstream fileIn(_fileanme);
    std::filebuf* pbuf = fileIn.rdbuf();
    size = pbuf->pubseekoff (0,fileIn.end,fileIn.in);
    char* cbuffer = new char[size];
    pbuf->pubseekpos (0,fileIn.in);
    pbuf->sgetn (cbuffer,size);
    fileIn.close();
    return cbuffer;
}
void _parse_file(const char* _data, const char* _outfilepath){
    const int searchArray[] = { 1, 1, 0, 27 };//01 01 00 1B
    std::vector<int> vbuffer;
    std::vector<int>::iterator it;
    int position = -1;
    unsigned int size_of_1b = 0;
    std::stringstream s;
    ofstream ofs;
    char* outarray;
    //Convert char array to vector<int> for finding the match of 01 01 00 1B
    for(unsigned int i=0; i<size; ++i){
        vbuffer.push_back((int)_data[i]);
    }
    //Search for the match
    it = std::search(vbuffer.begin(), vbuffer.end(), searchArray, searchArray+4);
    if (it != vbuffer.end())//If found a match
    {
        position = (it-vbuffer.begin());
        std::cout << "Found at position " << position << std::endl;
        //Check the size of 1b (it is located before 01 01 00 1B)
        s << std::hex << (int)_data[position-3];
        s << std::hex << (int)_data[position-4];
        s >> size_of_1b;
        std::cout << "Size (hex)" << s.str() << std::endl;
        std::cout << "Size (int)" << size_of_1b << std::endl;
        //Init out array
        outarray = new char[size_of_1b];
          
           for(unsigned int i=position; i<position+size_of_1b; ++i){
            outarray[i-position] = _data[i];
        }
        //Start to write to out file
        if(_file_exist(_outfilepath))
            _remove_file(_outfilepath);
        ofs.open( _outfilepath, std::ios::out );
        ofs.write( outarray, 319 );   
        ofs.close();
    }
}
int main(int argc, char *argv[]) {
    const char* _orginalFilePath = "/HBpersistence/normal/generalPersistencyData_DiagnosticSWTController";
    const char* _workFilePath = "/fs/usb0/DiagnosticSWTController";
    const char* _outFilePath = "/fs/usb0/1b.hex";
    if(!_file_exist(_orginalFilePath))
    {
        std::cout << "File not exist (" << _orginalFilePath << ")" << std::endl;
        return EXIT_SUCCESS;
    }
    if(_file_exist(_workFilePath))
    {
        std::cout << "Work file already exist, file will be removed" << std::endl;
        if(_remove_file(_workFilePath))
            std::cout << "Work file removed" << std::endl;
        else{
            std::cout << "Could not remove work file" << std::endl;
            return EXIT_SUCCESS;
        }
            
    }
    _copy_file(_orginalFilePath, _workFilePath);
    std::cout << "Copy done" << std::endl;
    _parse_file(_read_file(_workFilePath), _outFilePath);
    std::cout << "Done..." << std::endl;
    //Reboot
    //sysmgr_reboot();// this will make QNX system reboot, be careful it will reboot your QNX VMWare system
    return EXIT_SUCCESS;
}

This script will read generalPersistencyData_DiagnosticSWTController from your CIC and do a copy of it on USB driver and then read that copy and try to extract 1B.
Please read all comment in the code it will help you to undrestand how the script is working, and if you have any question just leave a post on the thread and I will try my best to answer it :):)

after you are done from writing the script and test it on you machine it is time to move to the next step.
3- Prepare the script for CIC
I want to use here one file script method (it means I will put only one script on the USB driver it will content the shell command to run the script and the script it self), you need to follow the following steps:
A) Convert script binary file to octet data. To do that I have create a same application will help you to do this conversion, both the application and the source code (C#) are in the attachment.
to run the application you need to use the following command
Code:
BinToOct.exe [Bin File Path] [Output File Path]

ex: BinToOct.exe myscrip myscrip.txt

After running the command you will end up with a file content all your script as Oct, the file will look like this (it maybe a big file depends on you script size)
BinToOct_result.JPG

Please Note: the file will be only one line don't change it.

B) Create the shell script
Now it is time to create our auto run shell script which we will run it on CIC, to do that create a file and name it as copie_scr.sh you can't name it what ever you want (only copie_scr.sh). Then write the following in copie_scr.sh
Code:
#!/bin/ksh
echo -n '\0177\0105\.......0143\00' > /tmp/Get1b
chmod 755 /tmp/Get1b
/tmp/Get1b
sleep 2
rm /tmp/Get1b
Replace "\0177\0105\.......0143\00" with your script octet output (from BinToOct)
/tmp/Get1b --> the path for your script on CIC (I prefer to put it in tmp folder)
NOTE: Use any text editor support Unix end line (LF) don't use any other editor

C) Encrypt the shell script
The last step will be to encrypt the shell script so CIC will be able to read it, and for that I have created another application (Note: it is not my code, search online and you will find it :blush:), again both the application and the source code (C++) in the attachment
to run the application use the following command:

Code:
EncDecSH.exe [Input file] [Output file]

ex: EncDecSH.exe copie_scr.sh ANY_PATH\copie_scr.sh

After all copy the out file from EncDecSH to a USB driver (format: fat) and inserted in your CIC USB slot, wait around 1 min and put usb back in your computer you will be able to see the 1B.hex file and also a copy of your generalPersistencyData_DiagnosticSWTController.

At the end I hope every thing is clear, and sorry for my bad English :disrelieved::smile::smile:
If you have any question please ask.




 

Attachments

  • Applications and Source code.zip
    2.9 MB · Views: 271

mmx

New Member
Sep 1, 2018
2
3
0
Montreal, QC
Ride
08 535xi
Hi, any chance for a reupload of the keygen? I've misplaced my copy, and the current URL no longer works. Thank you in advance.
 

Undecided

New Member
Apr 30, 2020
4
1
0
hi, please check messages. Happy to send some beer money over if someone can put together this script for me (that saves generalPersistencyData_DiagnosticSWTController to the usb stick and leaves it there whilst also creating 1b.hex file). thanks
 
  • Like
Reactions: Boorda

jockyw2001

Lurker
Aug 4, 2020
21
5
0
hey Undecided, I am happy to check this out for you if you could drop me a url to the kgen. Thx!
 

jockyw2001

Lurker
Aug 4, 2020
21
5
0
hi, please check messages. Happy to send some beer money over if someone can put together this script for me (that saves generalPersistencyData_DiagnosticSWTController to the usb stick and leaves it there whilst also creating 1b.hex file). thanks
I got it to work. Copy the attached script to a fat32 formatted usb stick and plug it. After about a minute you find the files DiagnosticSWTController and a.hex as requested.
 

Attachments

  • copie_scr.zip
    666.3 KB · Views: 29

veso266

New Member
Nov 19, 2020
2
1
0
For some reason the keygen download link expired so if somene has it, I would love to get it as well :)
 
Last edited: