To get green menu, you need root. After that, it's easy to install proxy to get connected to local 127.0.0.1 ip
Interesting, did you manage to get root? I think I've found a hack but it will only work for versions with a HUD (head up display). My ID4 doesnt have one ... So here's the very first public exploit for an ID4 car (hopefully LOL), only for versions with a HUD unfortunately.
So the vulnerability is in "ar_run.sh" file. BTW, "AR" probably stands for "Augmented Reality", which of course is what a HUD does, it shows stuff on your drivers window, so augmenting 'reality'. So this script actually contains a part that copies and extracts a tar file, to update the current AR driver !!
# Update AR
update_AR()
{
BACKUP_DIR="$AR_CONTROL_DIR/AR_backup";
if [ -f $AR_CONTROL_DIR/ARCtrl_Update_SW ] ; then
echo "Updating AR_Creator ....";
if [ -d $BACKUP_DIR ] ; then
rm -rf $BACKUP_DIR;
fi
mkdir $BACKUP_DIR;
mv AR_Creator $BACKUP_DIR;
mv ar_run.sh $BACKUP_DIR;
mv $ARCREATOR_DATA/caar_data $BACKUP_DIR;
cp -R $AR_CONTROL_DIR/AR_SW/ARC_Update.tar.gz ./;
tar -xzf ./ARC_Update.tar.gz;
rm ./ARC_Update.tar.gz;
# copy files to proper location
cp -R ./lge/app_ro/ar_creator/* ./; # valid only for updating by USB
cp -R ./data/lge/ar_creator/* ./data/; # valid only for updating by USB
cp -R ./data/lge/ar_creator/* $ARCREATOR_DATA; # valid only for updating by USB
chmod 755 AR_Creator;
chmod 755 ar_run.sh;
# To indicater updating AR_Creator is done
./AR_Creator -a;
elif [ -f $AR_CONTROL_DIR/ARCtrl_Update_ASSET ] ; then
echo "Updating Asset ....";
mv $ARCREATOR_DATA/caar_data/assets.zip $BACKUP_DIR/b_assets.zip;
cp $AR_CONTROL_DIR/ASSET/assets.zip $ARCREATOR_DATA/caar_data/assets.zip;
fi
}
As you can see, it copies and extracts an ARC_Update.tar.gz file from USB if certain conditions are met. Obviously if this executes we could copy any file/script and have it executed! And then we'll own the car
If anyone with a HUD, who is on version 1516 (might also work on later version), you can try with this file:
Filebin | 20dfreq7vrznt78j
It's just a directory with the contents of the original AR directory in the 1516 firmware in the included tar file, together with the directories and files that the script checks for, so it won't change anything in your system just yet LOL.
Extract the contents to the root of an USB stick (so that you'll see the "ARCreatorCtrl" directory in the root of your USB stick) and insert it into the car and let it process.
If it worked, it will just have copied the original files to the ARCreatorCtrl/AR_backup on the USB. So check if that directory has any files after you've inserted the USB for a while. If it does contain files, then script indeed executed which means we then have our way in
Not 100% sure when this script executes though, might need to hard reboot the media unit (remove that yellow jumper below the steering wheel for a few seconds), while having the USB inserted.
Also don't remove the USB too quickly, if you remove it while it's extracting the update file, this might mess up your files and you might have to do a whole new firmware installation of the 1516 files to get your HUD working again. So don't remove the drive too quickly. I'd suggest to let the USB stick connected for at least a minute (so starting to count when the whole media system in the car has booted, just to be on the safe side)
Hoping someone with a HUD is brave enough to try
If it actually worked (and indeed copied files to the USB drive) then the next step is of course to create our own scripts and put them into the tar file.
BTW for reference the whole original script:
Filebin | f0lo3t9b8vomui48 so people can verify if I did everything right.
