Having the GPS on the windscreen and so far away, thanks to the weird dashboard, that you can't reach it is bad.
Voice control at speeds over 60 just does not work in this car either ROFL
The "brand" is Eincar - LOL
Fold up 7" touchscreen, motorised of course but not designed to be removed.
Apart from that claiming to run on Android 10 and having 16/32GB of memory.
And of course lots of video in and outputs available....
Surpisingly the GPS not just worked flawless with the totally outdated maps but even with the reeiver sitting on the glove box and coverd with stuff - I was impressed.
Installing an app to check the installed hardware and OS though got me my first disappointment.
Just 2GB or RAM instead 16, but at least the 32GB for the user were confirmed.
Made me suspicious already and sure enough the OS info the app provided revealed Oreo, 8.1 and not 10.
Ebay and the seller are rather uncooperative in terms of retunring the crap and getting my money back.
For some reason a faked system info the OS provides is seen a accurate while not a single testing app reporting more than Oreo is seen as a flaw in the app ROFL
And although even the included system info clearly shows just 2GB it is no problem as it won't afect anything ROFL
Time to fix some of the issues - or at least try....
Those head units claiming to run on Android 9 or 10 usually won't give you any access to the developer options.
Not even to the general Android system settings.
Like Android TV you get what the manufacturer deems fit and nothing more.
But since the apps already reported some sort of root is enabled and the firmware installend with "test keys" in the title......
A little app called "dev options" provides a directly link to te actual developer options on the device - without a need to find some password or tricky ingition key combo...
Unsurprisingly for a use release firmware the bootloader can be unlocked in these developer options - plus a ton of more things.
Quite a lot what they pack into these head units running on Allwinner CPU's....
Flipping the switch came with the usual wipe
In hindsight it would have been a good idea to connect the laptop for ADB first and to set it all up for testing...
Would have been gone after the unlocking but still...
Despite the firmware info stating it is an engeneering release with test key and in ENGLISH the unit of course fired up in Chinese....
Ever tried to useyour phones fance online translotor to translate pictures from a small screen ?
Let's just say I had to power off the hard way a few times until I clicked all popping up boxes the right way to get the thing back to english.
Did a factory reset before but that did just start back with the pre-selected english...
Time to install some apps again and to check if unlocking the bootloader was enough to trigger the seemingly pre-existing root.
While most confirmed the device is rooted they could not gain any root access due to an incompatible SU on the device.
Just a problem of installing the right superuser app then ?
Firstly Chainfires SU is no longer maintained - he sold it off and the new company has no interest and prefers clickbait.
None of the available rooting apps you find in the playstore or outside work either.
They are designed for phones and tablets but neither for tV's, nor car head units with heavily changed OS things.
Leaves only good old Magisk....
Magisk is a great rooting tool but it requires you to have the bootloader for your device!
Good luck getting one for these head units that is a match, same for a full firmware.
But with an unlocked bootloader is is no problem to use DD in the shell to create a dump of the boot partition....
At least not on a normal Android system
All the nice ways to get the partition info through ADB failed on this "Eincar" system.
And so I started some manual digging starting from the usual places and working my way through folders and files.
Go nowhere fast because it seems these China gadgets fake literally everything.
Or DO THEY ?
The more I tried to dig the more doubles and other conflicting things I found.
Especially once checking the vendor stuff to be installed when a firmware updates or is reset.
Time to check on Eincar on the web...
They do have a website showing some of their products but of couse not mine.
Either way they do not offer any downloads other than a few manuals either.
Same for showing older products or their possible firmware upgrades.
And all the info for their head untis is rather genereic as well.
BUT they do not offer anything on their offical website with more than Android 9 on it....
So I probably got a fake of fake here LOL
Apart from wholesale listing using a translator for Chinese search engines only provided one old hit for instructions.
Was a Eincar system running on Android 6 to be upgraded to 7.
The firmware file had to be unpacked on the computer.
Than you get some chinese text file with instructions, an app and some encrypet firmware file.
The app formats a USB stick and transfers the firmware to it.
Appearently nothing on the stick shows up on a Windows or Mac computer and both systems claiming it has to be formatted to be used...
When the head unit is turned into update mode it exceputes whatever is on the stick and in the pics it did not look like any Android update I have ever seen.
The unit rebooted 5 times with various quickly disappearing popups until finally booting into the usually inital setup screen.
My suspicion at this point is that these systems use a generic firmware that might not even differ for the installed ram on a device.
Like some custom roms offer the installation of various features you can select the Chinaman might have done a very similar thing.
Check the protected and hidden build prop that states what really is in the device, take what it should get from the faked build prop and a script installs what is required without actually flashing anything.
A simple wipe and copy except for the bootloader itself - it that would require an update for a minor firmware upgrade.
Attempting to lock or unlock the bootloader through fastboot provides an error stating that this action is not authorised but no option to enter a password or disable it.
Similar story for trying to use ADB over Wifi.
Why a generic firmware and how?
Many TV's like those from TCL for example, already use this generic approch for a few years and through the Andoid versions.
One firmware fits most if not all models within a range, sometimes even across models.
What is easier for the manufacturer can be a total nightmare for the prospecting root hacker.
Most of the detection is done through scripts.
Which means that if you are not carefully and have messed with your TV already you might get the wrong features or region stuff installed.
Quite bad if you are in Europe and need your scart connector but no longer have support for it in the new firmware you hcaked onto it.
For a head unit things are much worse though.
Even if you are lucky and the thing still somehow boots up with the wrong firmware you might not be able to do anything with it.
Different touchscreen interface, buttons assigned to non matching functions or worse those that are not supported at all and cause a crash.
Can it be rooted somehow?
Magisk is basically the only real thing left out there that works if you exclude costom roms.
Every new Android or just security patch brings new problems for rooting a device or modifying it on a root level a bit.
Semi rooted but without full access to the vital scripts in the system folders you can't even manually install a supersuer thingy even you had one working on head units.
If I find some time and energy this weekend I will try to locate a few more scripts on the device to check things work during boot up, recover and updates.
To tinker and create means to be alive.
Bringing the long lost back means history comes alive again.
Once done and clean again I put a video on the head unit and started to play around a bit with ADB on the laptop.
Unlocking the bootloader was stright forward but the result a bit confusing.
I expected to be able to use the ADB shell as normal to get access to the device.
After a bit of trying I realised I can only acess the emulated SD card and the USB stick I plugged in.
And funny enough the folder for the cracked IGO app on the system drive....
Trying to get root access through ADB failed, same for the shell.
When I tried some of the usual mount points for Android I was able to find the system pratition but of course access to it through this way was denied as well.
Trying to reboot and using fastboot failed, seems as if it is not even supported at all.
Rebooting into recovery....
Straight forward - right???
Well, on any Android I tinkered with so far it was, even on the Samsung ones.
This Eincar head unit though.....
My laptop popped up a bunch of windows trying to find suitable drivers.
Needless tosay nothing was found.
So I tried again but once the unit turned off I disconnected the laptop.
Instead of getting some sort of recovery environment I only got a screen telling me to insert the USB drive with the updater.
O the head unit itself you have two options for a factory reset.
a: Factory reset with all user data deleted.
b: Factory reset with installing the O from scratch.
After a did not show anything significant other than a nice screen letting me know me device is prepared I tried option b....
For this to work you would expect that the unit boots into recovery, grabs the firmware file stored somewhere and to see it installing it.
Took just seconds to get back to fresh looking Android....
Means this thing uses two partitions instead of the usual one for these cheap china knock offs...
The unit being rather slow to respond and telling me I have to leave the ignition on until the shutdown is completed confirmed this.
After switching to a clean OS the device installs the firmware fresh on the other partition.....
What about TWRP and Magisk then?
Tried several Allwinner TWRP recoveries but none of them worked when trying to boot from them without flashing them.
Looked at them and they all used different mount points and such.
Without being able to pull the relevant data from the unit making a request for a custom TWRP is pretty much useless.
Pulling the bootloader should work now that it is unlocked but if the partition is secured DD won't beable to access it.
Apart from the problem of locating it first and finding out the right block sizes and entry points to extract a working image.
Ebay is always a problem when it comes to electrnics not working as advertised.
In my particual case the seller has no objections to provide my with a RMA ticket to send the unit to the manufacturer for checking or replacement if faulty.
Sadly though the return address is not in AU but in the US of A and the seller not accepting to have it send back to him.
Asked for a firmware upadte or the currently installed firmware with the installer and instructions in english.
From that message on it seems the seller lost the ability to understand english as I only get the same response over and over again.
Tried various searches for the firmware stirngs and other things from the system info but could not find the exact firmware running on it.
Found some with only having a difference in the release date in this string but of course no pictures coming with it to identify the unit.
Not even a clue on the installed RAM.
Downloaded on anyway, which took a few hours to find the archive password protected and with no clue on the webiste about a password LOL
But a short Chinese video from another unit showed that the installer puts a binary file and some encrypted file on the stick.
Magisk has the problem that it is working rather generic.
A ton of devices are now considered but for "unknown" ones this is pretty much limited to the bootloader and whatever info can be taken from it.
Patching a bootloader that you are not 100% certain would work fine without patching is risky.
Takes only a slight mistake with the extraction or creating the image and Magisk might patch correctly but the bootloader itself is unable to boot.
Then there is the problem of intalling Magisk properly on the device...
Either you have to put it in the recovery - no option with this sub-standard one.
Or you have to place it all into the system partition.
With a A/B configuration and very little room to wiggle left this can be very tricky.
Magisk might be powerful but if it fials to make sure the original recovery won't just restore and overwrite the modifed system partition the rooting has to be re-done every time you need root access as it won't survive a reboot.
Will try again next weekend to locate the bootloader on the device and to somehow dump it.
If that shall fail I try to make a full dump of the device and hope I am able to cut this into the right chunks to get the partitions I need.
Out of the firmware modding game for a few years now and refreshing old memories is hard if everything is totally different LOL
If you happen to have one of these Eincar single din units with a 7" screen that comes out then please reply with some info on your unit!
I turned off the automatic OTA firmware updates for now hoping I can intercept the next one if it ever is published.
Would be great if you happen to have a firmware update your seller supplied and that you already installed.
Please upload it or if it still has a valid download link then just post it here
To tinker and create means to be alive.
Bringing the long lost back means history comes alive again.
Users browsing this forum: No registered users and 0 guests