Updating the inbuilt Mib2 Satnav / Mib2 tricks and Mib1

[sharifgh1]

I have a 2013 FR Seat Leon.

I have SD card nav v2 5F0919866C

Unfortunately I went to update the card, not reading the lack of UK mapcare. Hence lost my original data.

What is way forward to get the nav back ? Would one off eBay with same version and serial number work?


Sent from my iPhone using Tapatalk

 

[zeffania]

I have a 2013 FR Seat Leon.

I have SD card nav v2 5F0919866C

Unfortunately I went to update the card, not reading the lack of UK mapcare. Hence lost my original data.

What is way forward to get the nav back ? Would one off eBay with same version and serial number work?


Sent from my iPhone using Tapatalk

Can you reload your backup?

 

[sharifgh1]

Can you reload your backup?

That is it, I didn’t do a back up...


Sent from my iPhone using Tapatalk

 

[Gappa]

I’ve just updated my SEAT Ibiza FRs MIB2 Navigation to 0820 .
Simple to do, follow this advice if you wish to save yourself from the stealers money-making!
It was from a post on the page hope it helps someone as much as it helped me!

PLUS I found the Postcode button that seemed to be missing!

Now just for the actual MIB Update software .. the hunt continues (0359 for MIB2 if anyone has it )

Joshua

Hello friends,
I have bad news. I tried it too. But there is one big BUT. The described trik looks like working. I change my original sd card MIB2 (6P0) version 635 to 820 and later to 915 and navi system works without any trouble. It looks working but everybody can check the navi system uses still the same data. I studied original manual too and there is written the navi database update proces takes about 2 hours. It means that data from new card is copied to some internal memory (disk) of navi system. And sd card is after "data instalation" used as key only. So by my present knowledge - if I use card with proper CID number and I put on this card original file OVERALL.NDS the system will work with original database, does not matter about rest of sd card contens. No data update is there.
Let we can move ahead we need to decrypt file OVERALL.NDS or to find out way for pairing new sd card with navi system.

 

[jpopelewis]

I’ve just updated my SEAT Ibiza FRs MIB2 Navigation to 0820 .

Simple to do, follow this advice if you wish to save yourself from the stealers money-making!

It was from a post on the page hope it helps someone as much as it helped me!



PLUS I found the Postcode button that seemed to be missing!



Now just for the actual MIB Update software .. the hunt continues (0359 for MIB2 if anyone has it )



Joshua

Hello friends,

I have bad news. I tried it too. But there is one big BUT. The described trik looks like working. I change my original sd card MIB2 (6P0) version 635 to 820 and later to 915 and navi system works without any trouble. It looks working but everybody can check the navi system uses still the same data. I studied original manual too and there is written the navi database update proces takes about 2 hours. It means that data from new card is copied to some internal memory (disk) of navi system. And sd card is after "data instalation" used as key only. So by my present knowledge - if I use card with proper CID number and I put on this card original file OVERALL.NDS the system will work with original database, does not matter about rest of sd card contens. No data update is there.

Let we can move ahead we need to decrypt file OVERALL.NDS or to find out way for pairing new sd card with navi system.

Hello,
I’ve updated my maps and the updates worked (new roads added etc).
My system shows the new Navi database numbers and all is sweet on the scans..I’m unsure what you are on about?
It would be lovely if you could decrypt and edit the Overall.Nds to work automatically without messing around but it doesn’t seem necessary?

The update taking 2 hours? Maybe if it was transferring it to the MIB2HIGH SSD, then possibly mine took 2 seconds to read my card and all is good, my card is my database, nothing’s transferred to the console?

Thanks
Joshua


Sent from my iPhone using Tapatalk

 

[Gappa]

My system shows new version too and works without any time gap too. This 2 hours are mentioned in written manual as time for upgrading system with newer sd card - but for mapcare owners only. So I can not check it because I have no possibility for mapcare servise and local seat dealers are absolutely stupid and their knowledge about update procedure is limity approaches zero. I have no accessible disk in navi unit but my navi system has to have some internal memory due to possibility to upload some POIs, radio logos etc.

 

[jpopelewis]

All Navis have an internal storage, mine 16GB but that’s used for Software, my Maps aren’t transferred to it at all, my POIs and Radio Logos are, not the maps..even with MapCare this would be the case unless you have the MIB2HIGH with the internal SSD, standard MIB2 just uses the data from the cafd


Sent from my iPhone using Tapatalk

 

[Tell]

I have to agree with the previous poster. The two hour business is an estimate of how long it will take you to download it off their servers (It's variable). The standard Mib2 download is not so larger as the SSD one which is close to 32gb. Then as far as the standard Mib2 is concerned it resides on the SD card in the unit, only for the SSD unit is it copied across which takes an hour or so.

User POIs are copied into the unit, also destination etc. On the step list above for the standard based 6f system you need a step 0, backup, you don't need step 4.

The 2013 system mentioned twice above isn't Mib2, I'm not too sure whether it's even Mib1. I looked for library copies on the vw site but drew a blank. It was once shown as a link but vw have changed the link. The documentation was going on about copying to DVD so that's pretty historic. Mib2 trick of playing with the NDS file wasnt something you could do with Mib1. I think it was unclear how some people bought Mib1 cards and it worked and others found it didn't work. That was the only gamble that people had with Mib1 standard systems. It's back in the thread.

Moral behind all of this is always take a backup copy of the card before deleting the contents since if you haven't got a backup you may be stuck if there isn't a good workable upgrade path. Only Mib2 has this.

 

[explorer]

Hi, I have unit without original navi card but I know that unit is paired with card 5f0919866C. I need data from this card. If someone have dump from this card please send me pm. I have dump from 5F0919866K but this card is not working. No mapcare in my unit.

 

[Gappa]

So maybe sentence about 2 hours is translate error. I can not check it because I do not know anybody who did update officiall way.

 

[Gappa]

Hi, I have unit without original navi card but I know that unit is paired with card 5f0919866C. I need data from this card. If someone have dump from this card please send me pm. I have dump from 5F0919866K but this card is not working. No mapcare in my unit.

This number is description of map data version. It is not enough let you to make functional copy of sd card. The navi system unit is paired with sd card CID number. So if you have not original sd card you will must to pay autorized dealer. It can paired another card with your unit by using official update procedure. This is valid for MIB2 version.
But you have MIB1 version - it is not so strictly protected. There is some hopeful post about MIB1 system a few pages ago- maybe there is some way how to solve it.

 

[jpopelewis]

So maybe sentence about 2 hours is translate error. I can not check it because I do not know anybody who did update officiall way.

The 2 hours (as mentioned above) is in relation to downloading the package and then installing it, for my download I have SuperSpeed Fibre and it took 30 mins (poor connection from the server..no surprise there), then sorted the SD card, plugged in and it worked.

The other system with the SSD (as also mentioned above) Can then take an hour to install it onto the MIB.

Which rounds it up nicely to 2 hours


Sent from my iPhone using Tapatalk

 

[explorer]

This number is description of map data version. It is not enough let you to make functional copy of sd card. The navi system unit is paired with sd card CID number. So if you have not original sd card you will must to pay autorized dealer. It can paired another card with your unit by using official update procedure. This is valid for MIB2 version.
But you have MIB1 version - it is not so strictly protected. There is some hopeful post about MIB1 system a few pages ago- maybe there is some way how to solve it.

Hi, thanks for info but I think that CID is checked only partialy. My card is correctly detected as navi card BUT after 20 seconds widget with info "please check data" is showed so I want to try old navi data from 5F0919866C card because there is timestamp in files and navi module can check file timestamp and refuse new navigation data.

 

[Titchy]

Err no. It's an SSD not hard disk. The update is protected by asn.1 signature so you can't hack the upload package. You can put the unit in developers mode and update everything other than the NavDB database. If you copy that across it disables navigation until you restore the year that corresponds to the release that was installed on it or before. You can update the other files, eggnog, truffles and voice. I believe truffles are the built in Poi's. It all works after you do a partial upgrade but it isn't for the faint hearted. You won't get any road updates. Mapcare can't be post purchased and isn't sold in some countries like the UK. Without Mapcare the unit will not see the SD for a normal update. In short Mapcare protects the NavDB part of the system but not the rest in the update. See post 699.

So from this you are saying don’t get the navi plus? As there is no way to upgrade the nav db? Or am I misunderstanding something.



Sent from my iPhone using Tapatalk

 

[Stevan]

It's weird that the Seat download site for MIB2 SD Card hasn't been updated yet, since it's clearly been on the Skoda site and VW site for quite a while...

 

[Tell]

So from this you are saying don’t get the navi plus? As there is no way to upgrade the nav db? Or am I misunderstanding something.

If you had mapcare you can fully update the SSD version. In post 699 I gave a workaround that does everything other than the roads if you haven't got Mapcare. So built in Poi's and voice is updated. I get increased warning on road turnings with this updated version, she speaks a lot clearer to me (the voice file increased in size). Entirely stupid that Seat don't offer Mapcare across all regions. With digital dash it will be more of an issue with the investment.

I get the impression that the SD units are less reliable, I read more people having issues than with the SSD units. SD units don't execute the digital dash as well as the full spec SSD unit where the central unit stops showing the map on the SD based unit, either one or the other but both together on the SSD based unit... so I've read unless this is fixed when in comes to Seat. You have the speed of operation where the SSD unit has a faster processor.

It's a consideration to me since I'd like to shuffle my car round to be bigger SUV brother to the Ateca in a years time but it's an issue if they don't roll out Mapcare to the UK. Wait and see on that one. Perhaps Seat will see the light.

 

[explorer]

Hi all, I have very BAD news. After some research I think thath MIB1 map card is better protected as mib2 . All map files in MIB1 card are signed. Map files contains identificator and mib1 headunit without map care is paired with this id. Because map files are signed it isnt possible to patch files because after patching signature is invalid and because we havent private key we cant to generate new signature. At the moment I am finding where is located public key for validating signature but If public key which is used for validating signature is outside the card it isnt possible "hack" new maps for pairing with car without mapcare. But I think that there are only two protection phases in MIB1.
First is checking of the CID, if there is unknow cid on the card, card is refused.
If card cid is ok then unit check map data on the card.
If mapcare isnt activated unit compare map version card vs unit.
If ok navigation data are loaded
Otherwise message with text "bla bla ..... Please check data ..... ".

So I think that If original card is lost. You can buy used card but with SIMILAR APPLICATION VERSION in DBinfo as your lost card or copy data with similar version to some card with valid cid.

 

[Tell]

The signature protects the metainfo2.txt file from being edited since it contains effectively a descriptor of its character contents. Within metainfo2.txt file there are checks that the files that it's accessing contain the same byte size. The mib2 SD workaround passes the checks and the rest is a programming fluke on how the database files are indexed.

Post 700 contains the public keys. The public keys are just used to do a very fast check. You can't create the signature if you haven't got the private key. I've yet to find the private keys for vag cars on the internet (No surprise there although they might be burried somewhere). A Russian website provides for all VAG car public keys. They are mostly all the same across brand except for the firware in some instances. A lot of people want to crack that one so they can change the firmware in the units. What this means is there is one closely guarded private key that matches the public key, they come in pairs. Two private keys if you include the firmware. I recall Seat public keys are the same for the firmware.

In post 700 on the Pro unit I reported that public keys had been found in the unit, that is they but they are also published elsewhere on that Russian site. Somebody was going to update with their own public key having manufactured their own private key to create a signature. That plan seems to have been dashed as the key they found is populated from a prom chip on boot up so without changing the chip no further ahead. It's just they managed to read the public key on their Pro unit via wifi connection and telnet. The SD based units obviously have these built in.

For Mib1 I recall the success in changing the SD cards may have hung on the firmware in the unit, you have to go back 18 months in the thread and carefully read what people were saying, some had success others didn't. A number of posters found out that after spending £35 on a new card it didn't work. Then there are the card shark retailers. You see these in old threads on Mib1 across the net.

We live in hope.

 

[explorer]

The signature protects the metainfo2.txt file from being edited since it contains effectively a descriptor of its character contents. Within metainfo2.txt file there are checks that the files that it's accessing contain the same byte size. The mib2 SD workaround passes the checks and the rest is a programming fluke on how the database files are indexed.

Post 700 contains the public keys. The public keys are just used to do a very fast check. You can't create the signature if you haven't got the private key. I've yet to find the private keys for vag cars on the internet (No surprise there although they might be burried somewhere). A Russian website provides for all VAG car public keys. They are mostly all the same across brand except for the firware in some instances. A lot of people want to crack that one so they can change the firmware in the units. What this means is there is one closely guarded private key that matches the public key, they come in pairs. Two private keys if you include the firmware. I recall Seat public keys are the same for the firmware.

In post 700 on the Pro unit I reported that public keys had been found in the unit, that is they but they are also published elsewhere on that Russian site. Somebody was going to update with their own public key having manufactured their own private key to create a signature. That plan seems to have been dashed as the key they found is populated from a prom chip on boot up so without changing the chip no further ahead. It's just they managed to read the public key on their Pro unit via wifi connection and telnet. The SD based units obviously have these built in.

For Mib1 I recall the success in changing the SD cards may have hung on the firmware in the unit, you have to go back 18 months in the thread and carefully read what people were saying, some had success others didn't. A number of posters found out that after spending £35 on a new card it didn't work. Then there are the card shark retailers. You see these in old threads on Mib1 across the net.

We live in hope.

I know about I am talking. You are writing about SWAP keys but I am writing about MAP keys. SWAP keys (like metainfo.key) are similar for all mib1 units. Its easy extract public keys from fw update but private keys are stored only in vw. Principaly threre is no different between mib1 and mib2 SWAP keys only difference is another key pair. Problem is ROOT key. Public part is in NOR flash but private part is in vw and SWAP keys are protected by root key signature so changing only swap keys dont have effect.

MIB1 map keypair is DIFFERENT! from SWAP keys and I think that public key is in FW so create working map card without fw modification is impossible.

 

[Tell]

I'm writing about the whole lot... and mostly the map keys .

You will find a file in this thread (post 28 dated 2015) which are (said to be) the public keys for all VAG cars by each area and this is where you will see the firmware public keys as well as the rest.

http://turbo-quattro.com/archive/index.php/t-19874.html

For Seat they are all the same.... least last time I looked. The FEC is the SWAP. Metafile2.txt keys once decoded and processed are the same as the one on post 700 read off a unit and that's the one I used to test the reversing engineering methodology on Metafile2.txt map files and it works, but of no use if you haven't got the primary key since you can't sign anything you edit. An older version of the VAG firmware is suppose to ignore these signatures. Some people try / do to move back to the older release. These are Audi people with older DVD based systems.

I used Hex Editor Neo to look at file linked above. It gives the DataKey. FECKey and MetaInfoKey. All public keys. For Seat you get this bank of codes back for each of them as I recall:

9a 49 9b 04 8b ae bf ac 83 3f de 81 ba 80 30 93
05 b6 6f ed 54 59 c3 8f 60 f6 10 a9 aa 5a 19 10
05 17 05 8f ea 49 d3 75 e3 f9 e1 54 4e 17 ee c9
c3 c1 dd 7d 30 16 de b1 55 45 fd 9e 18 00 51 22
d6 a1 33 10 95 c0 dd cf 43 a1 c2 fe c0 bc aa 1c
fe 48 49 25 89 9e dd 71 b0 d4 08 cf 16 bf 10 e2
e1 bc 70 a3 52 f2 e6 54 0b 60 05 5a a7 52 ec 4a
83 65 f7 68 19 66 f4 d5 46 c7 38 b1 6b 5a 1f 13
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03
1e 0b 93 73 dc b4 93 b6 12 ce 09 c4 03 e9 21 fc
9b 4e 97 ce 55 c5 b4 c0 80 ad 17 2d ca 91 4d c1
87 45 52 ca 4a 95 96 9e 61 ff c3 24 a5 91 5b d1
83 80 85 90 8f 99 8f 76 ba 5f b2 09 86 db 86 c1
b5 89 b9 58 75 4e d5 d5 aa 08 af 2f 16 3e 33 a6
c6 46 77 dd 32 e0 98 f0 ec f9 14 6b af 35 05 3c
23 aa 8b a8 76 fb 2d 0c 6e d7 2f 0b b3 dc 77 6e
b8 74 14 1c 95 c1 6f ff 0c bb 4a e9 ee 70 a2 3c

Basically if you are so inclined you can take those keys plus any download file in any of those areas run it through to validate using the reversing engineering methodology in post 700. So you can test the public keys. It doesn't get you any further forward thou it just carries out the procedure that would be executed in the unit to validate the signature.

Your best bet is to read the thread from 2.5 years ago onto June 2017 to work out why some people had MIB1 success with buying a new SD card off ebay and others didn't. It's probably there somewhere and also MIB1 cards stopped being able to be updated as well last June for some people you will see that. Whatever the old card MIB1 workaround was it doesn't work for everyone and it also stops working for some people. There are a lot of silent people on this thread that pop up from time to time looking for a MIB1 solution but haven't got one. MIB2 card one does exist thou.