Hi,
FYI. A list of all the AT commands the I9000 can handle.
AT&H
#, &A, &B, &C, &D, &E, &F, &H, &I, &K, &M, &R, &S, &V,
&W, &Y, A, B, E, H, I, L, M, O, P, Q, S0, S10, S12,
S19, S2, S3, S4, S5, S6, S7, S8, T, V, X, Z, \Q,
+BINP, +BLDN, +BRSF, +BVRA, +CACM, +CAEMLPP, +CALA,
+CALD, +CALM, +CAMM, +CAOC, +CBC, +CBST, +CCFC, +CCHC,
+CCHO, +CCID, +CCLK, +CCUG, +CCWA, +CCWE, +CEER, +CFUN,
+CGACT, +CGANS, +CGATT, +CGAUTO, +CGCLASS, +CGCMOD,
+CGDATA, +CGDCONT, +CGDSCONT, +CGED, +CGEQMIN, +CGEQNEG,
+CGEQREQ, +CGEREP, +CGLA, +CGMI, +CGMM, +CGMR, +CGPADDR,
+CGQMIN, +CGQREQ, +CGREG, +CGSMS, +CGSN, +CGTFT, +CHLD,
+CHUP, +CIMI, +CIND, +CLAC, +CLAN, +CLCC, +CLCK, +CLIP,
+CLIR, +CLVL, +CMEC, +CMEE, +CMER, +CMGC, +CMGD, +CMGF,
+CMGL, +CMGR, +CMGS, +CMGW, +CMMS, +CMOD, +CMSS, +CMUT,
+CMUX, +CNAP, +CNMA, +CNMI, +COLP, +COLR, +COPN, +COPS,
+CPAS, +CPIN, +CPLS, +CPMS, +CPOL, +CPUC, +CPWD, +CPWROFF,
+CR, +CRC, +CREG, +CRES, +CRLA, +CRLP, +CRSL, +CRSM,
+CSAS, +CSCA, +CSCB, +CSCS, +CSDH, +CSGT, +CSIM, +CSMP,
+CSMS, +CSQ, +CSSN, +CSTA, +CTFR, +C
+CUSD, +CUUS1, +FCLASS, +FDR, +FDT, +FKS, +FMR, +GCAP,
+GMI, +GMM, +GMR, +GSN, +ICF, +IFC, +IPR, +NREC, +SATE,
+SATR, +STKENV, +STKLBR, +STKPRO, +STKPROF, +STKTR,
+TRACE, +VGM, +VGR, +VGS, +VGT, +VTD, +VTS, +WS46, +XACT,
+XADDTRACE, +XALS, +XALSBLOCK, +XAPOXI, +XAPP, +XAUTOPLMNSEL,
+XBANDSEL, +XBARRPW, +XCALLREFUSE, +XCALLSTAT, +XCAOC,
+XCBS, +XCCBS, +XCEER, +XCELLINFO, +XCFC, +XCGCLASS,
+XCGEDPAGE, +XCHNSIM, +XCIND, +XCIPH, +XCONFIG, +XCOPS,
+XCOREDUMP, +XCRSM, +XCSIM, +XCSP, +XCSPAGING, +XCSSMS,
+XCTMDR, +XCTMS, +XDATACHANNEL, +XDEV, +XDEVICE, +XDIAG,
+XDNS, +XDRXSET, +XDTMF, +XEMC, +XEONS, +XETFT, +XGAUTH,
+XGCNTRD, +XGCNTSET, +XGENDATA, +XGPRSERRMAP, +XHANDSFREE,
+XHOMEZR, +XHSDUPA, +XIMS, +XL1SET, +XLCAPS, +XLGASSIST,
+XLGCPL, +XLGINFO, +XLGLOGLEV, +XLGMODE, +XLGNAV, +XLGNMEA,
+XLGNVRAM, +XLGPOS, +XLGTEST, +XLGTIME, +XLIN, +XLOG,
+XLOOPBACK, +XLQOS, +XLRMT, +XLRSUPL, +XLRTA, +XLRV,
+XLSR, +XLSRSTOP, +XMAGETBLOCK, +XMAGETKEY, +XMER, +XMULT
+XMUX, +XNMI, +XPIN, +XPINCNT, +XPOW, +XPPP, +XPROGRESS,
+XPWROFFDELAY, +XQNEG, +XRAT, +XREDIAL, +XREG, +XREL,
+XREMFPLMN, +XRFS, +XRLCSET, +XRRSET, +XSCELLLOCK, +XSECSTATE,
+XSELFRXSTAT, +XSERVICE, +XSIMCHG, +XSIMLG, +XSIMLOOPBACK,
+XSIMSTATE, +XSIMVALID, +XSIO, +XSLN, +XSMS, +XSTK,
+XSYSERR, +XTDEV, +XTERM, +XTESM, +XTFILTER, +XTOS,
+XTRACECONFIG, +XTRACEIP, +XTRACESYSTIME, +XUICC, +XUSBFLASH,
+XVTS
OK
I9000 modem access
I'm trying to access /dev/ttygs0 and test an AT command
with all possible serial speeds directly from a root console , but
modem seems dead... i cannot find informations how to enable it
Hi guys,
I have following problem with I9000 - when new SMS arrives there is no notification to serial port.
With command AT+CNMI=2,3,0,1,0 there should be such notifications, but they don't arrive to the serial port.
Can you advice me someting?
For people who have asked me.
I accessed the AT commands by putting the I9000 phone PDA/MODEM setting on MODEM and then connect a USB cable. The phone causes new COM/tty ports to appear on the PC when running Linux.
sending AT commands to my Galaxy S
Hi there,
Im trying to access my My Galaxy S (Android 2.3.4 XXJVQ) as a GSM modem and send it AT commands.
Im using Windows 7, I cant seem to get this to work, whether through a cable or Bluetooth i can see in the phone in devices & printers dialog and it does list its modem as a feature and tells me on which port its connected, for USB its COM4 for BT its COM6.
However if i use Hyperterminal it wont let me type anything into the textbox, it just doesnt respond.
I also wrote a small C# app based on code samples i found online but it never seems to respond to the commands i send to it. If i use COM3 for my "Thinkpad Modem Adapter" and i type into my console app: "AT" or "AT+GMM" for example i get a response back. if i use the port for the phone (COM4) i get nothing back...
I tried the trick with setting the phone from PDA to Modem using *#7284# but then when i connect the phone to the PC it wont recognize it and in the device manager it shows me a device called 7CDCs which it cannot find a driver for.
Ive also tried PDANet, i got the computer and phone connected together but i still cant issue an AT command at the modem...
Not sure whats the problem here...
If anyone can help me with id really appreciate it.
thanks!
Yoav.
You need linux to make it work.
You might be able to find a windows driver for it, but i don't have windows so i can't help there.
Can't test this just now as I'm at work, I did get through to the modem on windows 7 via usb. I'm sure I had to issue a reset command before I could do anything else.... ATZ maybe? I'll check it out when I get home.
Yeah, with the phone in Kies mode for usb connection and using PuTTY instead of hyperterminal (no longer provided with Win7) I got through to the modem on COM3. Whether the phone responds to all commands as expected seems to be another matter.
Thanks fahzat,
Ill give it a try again with Putty but i did try Putty yesterday as well as Hyperterminal and got to the same situation where it seems to be connected to the phone over the port but then it wont allow me to type anything into the command prompt... You chose the "Serial" type connection in the Putty initial screen right?
Correct, serial connection on COM3 (obviously your port may differ) with speed at 921600 (9600 seemed to work too). In the "Terminal" section set "Local echo" to "Force on" or you won't see what you're typing, only the response.
fahzat said:
Correct, serial connection on COM3 (obviously your port may differ) with speed at 921600 (9600 seemed to work too). In the "Terminal" section set "Local echo" to "Force on" or you won't see what you're typing, only the response.
Click to expand...
Click to collapse
Or make the first command you type ATE1
Thanks guys, it works. now im able to send commands to my Galaxy S.
What i really wanted to do was to manage to send SMS messages and see incoming messages but following the commands shown on a few tutorials dont seem to work with my phone.
Wondering if anyone knows how to do that with the SGS (I9000)???
[EDIT]
All info moved to here: http://forum.xda-developers.com/showthread.php?t=1471241
Thanks.
Achieve AT Command from Android
Hi All
I read that is not possible use directly in Android AT Command to debug the modem, but I was thinking to write an APP that using the USB Serial Virtual port in Android could send the AT Command directly to the modem. I read about external API to use serial communication.
Do you think this is possible??
alextreme said:
I read that is not possible use directly in Android AT Command to debug the modem,
Click to expand...
Click to collapse
ATdebug.apk is the answer : http://forum.xda-developers.com/showpost.php?p=19485757&postcount=1
mai77 said:
ATdebug.apk is the answer : http://forum.xda-developers.com/showpost.php?p=19485757&postcount=1
Click to expand...
Click to collapse
I know this...but it s not working with Samsung phones. Should I change the ROM with a Cyanogenmod version??
All you need to know here:
How to talk to the Modem with AT commands:
http://forum.xda-developers.com/showthread.php?t=1471241
how can we put the phone in modem mode?
thanks in advance
midas5 said:
For people who have asked me.
I accessed the AT commands by putting the I9000 phone PDA/MODEM setting on MODEM and then connect a USB cable. The phone causes new COM/tty ports to appear on the PC when running Linux.
Click to expand...
Click to collapse
Hi Midas5,
Could you be more specific?
a) So you set it to use: UART as MODEM and USB as MODEM??
(Those PhoneUtils settings are confusing!)
b) Which exact devices/ports appeared on your local machine?
c) Which exact devices/ports appeared on your phone?
d) Can you say anything about the device driver that you're using?
Thanks.
---------- Post added at 07:20 PM ---------- Previous post was at 07:14 PM ----------
yoavniran said:
If i use COM3 for my "Thinkpad Modem Adapter" and i type into my console app: "AT" or "AT+GMM" for example i get a response back. if i use the port for the phone (COM4) i get nothing back...
Click to expand...
Click to collapse
This is probably the wrong modem. It's most likely your laptop's built-in FAX/modem!
I tried the trick with setting the phone from PDA to Modem using *#7284# but then when i connect the phone to the PC it wont recognize it and in the device manager it shows me a device called 7CDCs which it cannot find a driver for.
Click to expand...
Click to collapse
This is THE problem!!
a) What (PC/linux) drivers to use when using your phone in "modem mode"?
b) How to send AT command from your phone terminal/shell? (I.e. what device is the right one(s)?
Ok Devs-
(ALSO sync owners, don't update your sync systems anymore by ford, we are getting close to unlock it, and they will put out updates to bork our hack).
I need some help please. I need to modify this POS sync. You can't do anything with it. I want to get navigation running or bluestacks to run android.
I got the official ford , usb reboot file I have attached it here. It has the signed files that we need.
I was able to tigger the install event with those files. And I believe this is our key to Jailbreak the system.
The best part is that you can run stacked commands on those install scripts. https://www.coalfire.com/The-Coalfire-Blog/October-2014-(1)/Reverse-Shells-and-Your-Car?feed=blogs
I have been struggling to get it it to execute, presumably, I don't know anything about win CE.
I have the win CE cmd.exe on my usb. Place it into the system, it recognizes and initiates upload. What the code below is trying to do is piggy back on the copy via stacked code to upload cmd.exe to the system then execute it. UNless there is another way to get a shell, once we get the shell, WE OWN THEM.
This is what my path is listed on my autoinstall.1st file -
Open1 = DelayedReboot.cab; cmd.exe \tmp\cmd.exe; \tmp\cmd.exe
the cab is required as it is signed by microsoft and bypasses the lock to load additional code.
Changing the semi colon to & makes it error out, so the semi colon is correct, just dunno if I have the paths right. Normally, it would be something like for linux /fs/usb0/etc...... but I am not sure about CE lists the usb device path...again I am win CE retarded. UNless there is a way to % to the paths, but I dunno much about win.
Sync, recognizes and executes with no errors. If I change my code a little, it will not work and say error.
SO what am I missing to get the cmd to run? Or is it already? I was expecting a shell to pop up?
If someone can point me in the right direction, or to point what file I can call to execute the onboard navigation, that would be awesome as well.
Even if we can't get a shell, I'd like to be able to execute a file, then I can run MIOpocket on this thing and ditch sync for android apps.
I have also attached the sync app developer guide link. With programming commands for apps.
https://developer.ford.com/uploads/DevConf%20-%20Track%205%20-%20Best%20Practices.pdf
Here is a link to the windows 7 automotive guide on how the system operates, kernel info, driver info, and stuff.
http://download.microsoft.com/download/0/A/1/0A1E07D6-7562-4566-AACF-E04DF4FF8879/A%20Technical%20Companion%20to%20Windows%20Embedded%20Automotive%207%20(final).pdf
UPDATE: 04/19/2015 -
While it is not a software hack, IT IS possible to unlock the navigation only portion of the MFT 8", if you have it without nav.
IF YOU DO THIS, YOUR CAR WARRANTY IS VOID. You've been warned.
It will cost a little money, but not set you back $1000 like nav tv and lockpick are charging. Maybe $100 or so.
Here is what you need to do, if you can't wait for us to unlock the bootloader.....
1 - Get a used APIM only part with the numbers DS7T in it. (aluminum only part with the fins, you DO NOT need the screen)
2 - Get the VIN# of the car it came out of and check the VIN to see if it was enabled with factory NAV. There are internet sites that will check the VIN for you. Must be a unit with NAV enabled.
http://researchmaniacs.com/VIN-Number-Lookup/WindowSticker/Ford.html
3. Install the APIM only to the back of your LCD.
4. The system will reboot and reset.
5. The system will them ask you to insert the NAV sd card, do that. (obviously, you have to buy a nav card from ebay as well, but those are $10)
6. Enjoy factory NAV for about $100
This is the only workaround for now. THE APIM is separate from the sync system and only interfaces with it. So, you will retain all your OEM VIN# locked stuff and it will survive reboots and updates. The nac actually just unlocks on that APIM portion, believe it or not. This method doesn't tie into the file system software, it merely accesses it.
Now.... if someone would be so kind as to just rip the NAND chip from one of those units and post it, so that we can just flash over our existing equipment, we can do this for FREE!!!!!!
Still working on the video bypass.... It would be nice if our Russian friends can start chiming in for that one please.....
DON"T FALL FOR THE EBAY GUY CHARGING $600 to $700 for this. Let's put him out of business.... Your help is needed.
PROPS TO rahrena8690 for the find.
WORKING FILE LINKS - FOR DEVELOPERS ONLY
Delayed Reboot project
https://mega.co.nz/#!m0BEWSrA!qrdgIRYTvccH52794ktdpRfrulI_pSdY3g-iiCyhaFs
awesome work
kthejoker20 said:
Ok Devs-
(ALSO sync owners, don't update your sync systems anymore by ford, we are getting close to unlock it, and they will put out updates to bork our hack).
I need some help please. I need to modify this POS sync. You can't do anything with it. I want to get navigation running or bluestacks to run android.
I got the official ford , usb reboot file I have attached it here. It has the signed files that we need.
I was able to tigger the install event with those files. And I believe this is our key to Jailbreak the system.
The best part is that you can run stacked commands on those install scripts. https://www.coalfire.com/The-Coalfire-Blog/October-2014-(1)/Reverse-Shells-and-Your-Car?feed=blogs
I have been struggling to get it it to execute, presumably, I don't know anything about win CE.
I have the win CE cmd.exe on my usb. Place it into the system, it recognizes and initiates upload. What the code below is trying to do is piggy back on the copy via stacked code to upload cmd.exe to the system then execute it. UNless there is another way to get a shell, once we get the shell, WE OWN THEM.
This is what my path is listed on my autoinstall.1st file -
Open1 = DelayedReboot.cab; cmd.exe \tmp\cmd.exe; \tmp\cmd.exe
the cab is required as it is signed by microsoft and bypasses the lock to load additional code.
Changing the semi colon to & makes it error out, so the semi colon is correct, just dunno if I have the paths right. Normally, it would be something like for linux /fs/usb0/etc...... but I am not sure about CE lists the usb device path...again I am win CE retarded. UNless there is a way to % to the paths, but I dunno much about win.
Sync, recognizes and executes with no errors. If I change my code a little, it will not work and say error.
SO what am I missing to get the cmd to run? Or is it already? I was expecting a shell to pop up?
If someone can point me in the right direction, or to point what file I can call to execute the onboard navigation, that would be awesome as well.
Even if we can't get a shell, I'd like to be able to execute a file, then I can run MIOpocket on this thing and ditch sync for android apps.
I have also attached the sync app developer guide link. With programming commands for apps.
https://developer.ford.com/uploads/DevConf%20-%20Track%205%20-%20Best%20Practices.pdf
Here is a link to the windows 7 automotive guide on how the system operates, kernel info, driver info, and stuff.
http://download.microsoft.com/download/0/A/1/0A1E07D6-7562-4566-AACF-E04DF4FF8879/A%20Technical%20Companion%20to%20Windows%20Embedded%20Automotive%207%20(final).pdf
Click to expand...
Click to collapse
I have been wanting to get into this system since the day I got my truck. All ford has succeeded in doing is piss me off with "updates" that didn't amount to much. I would be happy if they would at least allow applink on the touch systems, as that would at least give us some options to add our own work.
I would love to help, but don't have much experience with "rooting", Windows CE, etc. But looking at what you have so far, I will offer some thoughts that came to mind:
It seems to me that you are working at the bootloader level, not the OS level. I may be way off here, but this could be why cmd won't work, as the OS is not loaded, so a traditional shell is not yet possible.
If you are indeed at the OS level, I wonder since you didn't get any errors when trying to launch cmd, if it was indeed actually running. I know on windows systems, if you manage to launch a process as "system", you typically can't interact with it (security issue). I don't know CE at all, but wonder if PsExec would work if it is launching your exe, but as system...
If it is executing your exe as system, perhaps a script or small app that writes some info about the system to a file on the usb drive would help. IE, have it list the folder structure for example.
I know we are not alone on people wanting to work on this. It looks to me that with Sync 3 dumping MSFT, we may be left in the dust with no further updates, although, this guy has found some signs that it might still get some useful updates:
http://www.reddit.com/r/Ford/comments/2rf2cc/ford_may_announce_updates_to_sync_gen2_myford/
Thanks
kthejoker20 said:
Ok Devs-
(ALSO sync owners, don't update your sync systems anymore by ford, we are getting close to unlock it, and they will put out updates to bork our hack).
I need some help please. I need to modify this POS sync. You can't do anything with it. I want to get navigation running or bluestacks to run android.
I got the official ford , usb reboot file I have attached it here. It has the signed files that we need.
I was able to tigger the install event with those files. And I believe this is our key to Jailbreak the system.
The best part is that you can run stacked commands on those install scripts. https://www.coalfire.com/The-Coalfire-Blog/October-2014-(1)/Reverse-Shells-and-Your-Car?feed=blogs
I have been struggling to get it it to execute, presumably, I don't know anything about win CE.
I have the win CE cmd.exe on my usb. Place it into the system, it recognizes and initiates upload. What the code below is trying to do is piggy back on the copy via stacked code to upload cmd.exe to the system then execute it. UNless there is another way to get a shell, once we get the shell, WE OWN THEM.
This is what my path is listed on my autoinstall.1st file -
Open1 = DelayedReboot.cab; cmd.exe \tmp\cmd.exe; \tmp\cmd.exe
the cab is required as it is signed by microsoft and bypasses the lock to load additional code.
Changing the semi colon to & makes it error out, so the semi colon is correct, just dunno if I have the paths right. Normally, it would be something like for linux /fs/usb0/etc...... but I am not sure about CE lists the usb device path...again I am win CE retarded. UNless there is a way to % to the paths, but I dunno much about win.
Sync, recognizes and executes with no errors. If I change my code a little, it will not work and say error.
SO what am I missing to get the cmd to run? Or is it already? I was expecting a shell to pop up?
If someone can point me in the right direction, or to point what file I can call to execute the onboard navigation, that would be awesome as well.
Even if we can't get a shell, I'd like to be able to execute a file, then I can run MIOpocket on this thing and ditch sync for android apps.
I have also attached the sync app developer guide link. With programming commands for apps.
https://developer.ford.com/uploads/DevConf%20-%20Track%205%20-%20Best%20Practices.pdf
Here is a link to the windows 7 automotive guide on how the system operates, kernel info, driver info, and stuff.
http://download.microsoft.com/download/0/A/1/0A1E07D6-7562-4566-AACF-E04DF4FF8879/A%20Technical%20Companion%20to%20Windows%20Embedded%20Automotive%207%20(final).pdf
Click to expand...
Click to collapse
Thanks Pro. any new updates. Actually i just purchase Lincoln MKZ 2014, although i know it is hardware capable to run navigation since i get latitude and longitude, but unfortunately no navigation from the factory. i just play with My Lincoln Touch and on the sittings there is a tab for installing apps. so can we install and windows CE app?
Nothing yet.
Sync updates are rolled out every 6 months.
Rumor was that we are all getting blackberry upgrade from Microsoft.
Update is expected Feb 2015 or so.
We are sitting on the sidelines waiting to see what Ford will do, before we start porting over. There may be no need for our work if we get port link to the new system. I think Ford is on our side, as they don't want us open sourcing the system and have to deal with warranty claims.
kthejoker20 said:
Nothing yet.
Sync updates are rolled out every 6 months.
Rumor was that we are all getting blackberry upgrade from Microsoft.
Update is expected Feb 2015 or so.
We are sitting on the sidelines waiting to see what Ford will do, before we start porting over. There may be no need for our work if we get port link to the new system. I think Ford is on our side, as they don't want us open sourcing the system and have to deal with warranty claims.
Click to expand...
Click to collapse
i don't think so. we will not get the QNX update. I think it is a different system with different architecture and requirements. but i hope they unlock the FMT or LMT so we can install any windows ce app.
Please don't reply to this thread with comments or requests.
I'd like to keep it clean to only development comments.
Based on what I'm reading around the page 26 mark (bootloaders section of the windows embedded 7 pdf), it sounds like we need to attempt to give the IPL boot arguments to get into update or development mode and from there we could have a chance of pushing our own files. I would think update mode looks for a signature but dev mode might let anything in.
Way ahead if you. The attached file has the signature. I was able to successfully run stacked commands by modifying the attached reboot file. Problem, the command doesn't stick on reboot.
kthejoker20 said:
Way ahead if you. The attached file has the signature. I was able to successfully run stacked commands by modifying the attached reboot file. Problem, the command doesn't stick on reboot.
Click to expand...
Click to collapse
So you were able to launch a command prompt via the delayed reboot zip? I wonder if it would be possible to hack a sync update and then use this to push it.
I need a zip please... I can induce an update no command prompt yet
I can only run commands stacked, but I need to run a script on the sync side, but I can't figure out how to push the script to the sync
kthejoker20 said:
I need a zip please... I can induce an update no command prompt yet
I can only run commands stacked, but I need to run a script on the sync side, but I can't figure out how to push the script to the sync
Click to expand...
Click to collapse
This the latest myford touch update Gen2-V3.7.11
http://www.mediafire.com/?79v3d0d8972sy44
Here is the Delayed Reboot zip
http://outofmytouch.com/assets/delayed_reboot.zip
So some very quick looking tonight and I found EA5T-14D546-ATD contains the master patch. Decompiling some of the shockwave files I have found some interesting code. These would most likely be the files to hack to change factory behavior. Getting them flashed to a vehicle might be a whole other issue though.
Edit: After more browsing I think we need to target a master patch for an older version of Sync. I was looking at the master patch for the most current so there are going to be less files patched. I will have a peek at those later.
For some reason, the coalfire site took down it's information regarding the reverse shell of the infotainment system.
Here is what I am talking about with the command on the delayed reboot file. I have conveniently located the stacked command image and attached it for your viewing pleasure.
If we can patch the files, this is how we push them to the chip. Otherwise, I may have to PHYSICALLY pull the system files through JTAG tap... sigh... not really wanting to do that though...
If we can push them, we would have to unlock the bootloader to bypass the sigs... This is where my brain is staring to hurt....
Obviously, these commands do not apply to what we are doing, as that is QNX. Plus, I don't want any noobs spunking their system with our fashizzle yet...until we test it.
Just a final thought, as a plan B, we could reverse shell with the USB exploit as well... just saying.. might be easier
An integer overflow might work as well, but I have never experiemented on an embedded chip. Stacked command invoking an integer overflow, might give us write access to the system.
Has any thought gone into rewriting one of the dll's included in the latest patch to include some sort of backdoor? It seems it'd be easy (maybe I'm missing something here) to just modify the latest patch's install files to install our new dll.
I haven't had time yet, but I am going to try to USB otg pull.... I'm sure I can probably at least disable the vss lock.
kthejoker20 said:
I haven't had time yet, but I am going to try to USB otg pull.... I'm sure I can probably at least disable the vss lock.
Click to expand...
Click to collapse
When you tried running the cmd prompt with the stacked command approach did get any indications of the program running? I was thinking about adding some arguments to the end of the command to write a random file to the root of an available drive (like you said, who knows how the thumb drive is recognized).
Also, what type of processor does the system run on?
---------- Post added at 11:51 PM ---------- Previous post was at 11:30 PM ----------
duckboy81 said:
When you tried running the cmd prompt with the stacked command approach did get any indications of the program running? I was thinking about adding some arguments to the end of the command to write a random file to the root of an available drive (like you said, who knows how the thumb drive is recognized).
Also, what type of processor does the system run on?
Click to expand...
Click to collapse
I think I answered one of the questions. From the PDF you posted "A Technical Companion..." it's a Freescale IMX35 processor.
freescale.com/webapp/sps/site/taxonomy.jsp?code=IMX35_FAMILY&cof=0&am=0
Looking forward to following the progress of this thread! I hope that you all will discover a new solution to our these outdated systems! Good luck guys, I am rooting for you!
duckboy81 said:
When you tried running the cmd prompt with the stacked command approach did get any indications of the program running? I was thinking about adding some arguments to the end of the command to write a random file to the root of an available drive (like you said, who knows how the thumb drive is recognized).
Also, what type of processor does the system run on?
---------- Post added at 11:51 PM ---------- Previous post was at 11:30 PM ----------
I think I answered one of the questions. From the PDF you posted "A Technical Companion..." it's a Freescale IMX35 processor.
freescale.com/webapp/sps/site/taxonomy.jsp?code=IMX35_FAMILY&cof=0&am=0
Click to expand...
Click to collapse
Actually I am pretty sure the MyFord Touch processor is an I.MX51 acccording to a Ford PDF I found. Unfortunately I am new to posting here and it won't let me post links.
I work on the almost identical I.MX53 processor at work doing Linux kernel, u-boot boot loader, and Linux application software, so I might be able to help.
Most of the I.MX processors have built in ROM code that allows booting to a USB or Serial downloaded mode. This allows loading any software you want into any RAM address and then booting from it. Then you run completely out of RAM (like a live CD). Depending on how Ford setup the I.MX51 e-fuse settings, there may be an external pin that could be used to enter this serial downloaded mode. Freescale provides a tool called the MfgTool to load software using the serial download mode. Then you could load Linux, Android, or whatever. The e-fuses also allow you to lock out JTAG, serial downloaded mode, and enable boot time signature checking, but I am not sure if Ford used any of these to lock the system down.
Do we know where the processor is located in the fusion?