Boot sector

2025-06-10 08:53:26 +02:00 · 2025-06-10 08:53:26 +02:00 · 353633a251
commit 353633a251
parent 3a0b731bad
26 changed files with 96 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,18 @@
 # BMW NBT EVO ID6 (SW 18-03) System Dump
-This repository contains a full filesystem and binary dump from a BMW NBT EVO ID6 infotainment unit running software version **18-03**. Originaly it is the ID4 unit with 2GB RAM that was flashed to ID6 software. The dump was created for reverse engineering and research purposes, with potential applications in embedded systems analysis, car hacking, and infotainment platform security.
+This repository contains a full filesystem and binary dump from a BMW NBT EVO ID6 infotainment unit running software version **18-03**. The unit was originally a BMW NBT EVO **ID4 with 2GB RAM**, later **flashed and upgraded to ID6 software**.
 The dump includes extracted system files, startup scripts, native binaries, and configuration artifacts. It was created for reverse engineering and research purposes, with applications in embedded systems analysis, automotive forensics, infotainment reverse engineering, and car hacking.
 ---
 ## 📁 Filesystem Layout Notes
 - The root filesystem (`/`) is composed **entirely of symlinks to `/fs/sda0`**, except for the `/boot` folder
 - The `/boot` directory is a standalone structure (included) and represents early-boot kernel and init components
 - System runs a hybrid stack based on **QNX** and **Linux-style init/service structure**
 This is useful for studying boot sequences, partition roles, and filesystem overlays in embedded automotive environments.
 ---
@ -13,7 +25,7 @@ This dataset has been **manually reviewed** to exclude any user-identifiable dat
 - Bluetooth or WiFi credentials
 - Voice input data
-System-level configuration files (e.g. `/etc/passwd`, `/etc/shadow`) are preserved for research.
+System-level configuration files (e.g. `/etc/passwd`, `/etc/shadow`) are preserved for research and auditing purposes.
 ---
@ -25,4 +37,4 @@ This repository is shared for:
 - Embedded Linux/QNX system studies
 - Analysis of BMW's NBT software architecture
-All content is provided strictly for non-commercial, research, and educational purposes.
+All content is provided strictly for non-commercial, research, and educational purposes.
--- a/boot/bin/bootinfo
+++ b/boot/bin/bootinfo
--- a/boot/bin/devb-sdmmc-omap5evm
+++ b/boot/bin/devb-sdmmc-omap5evm
--- a/boot/bin/devc-seromap
+++ b/boot/bin/devc-seromap
--- a/boot/bin/dumper
+++ b/boot/bin/dumper
--- a/boot/bin/gs
+++ b/boot/bin/gs
--- a/boot/bin/if-bolo
+++ b/boot/bin/if-bolo
--- a/boot/bin/ksh
+++ b/boot/bin/ksh
--- a/boot/bin/ktb_alloc
+++ b/boot/bin/ktb_alloc
--- a/boot/bin/memcpy_utility.out
+++ b/boot/bin/memcpy_utility.out
--- a/boot/bin/out32
+++ b/boot/bin/out32
--- a/boot/bin/slogger
+++ b/boot/bin/slogger
--- a/boot/bin/sloginterceptor
+++ b/boot/bin/sloginterceptor
--- a/boot/bin/sysinit
+++ b/boot/bin/sysinit
--- a/boot/bin/tracelogger
+++ b/boot/bin/tracelogger
--- a/boot/bin/v850commander
+++ b/boot/bin/v850commander
--- a/boot/bin/v850commander.sh
+++ b/boot/bin/v850commander.sh
@ -0,0 +1,80 @@
 #!/bin/sh
 ONOFF_IPC_CHANNEL=/dev/ipc/ipc2
 log_msg()
 {
 	echo "$0: $1"
   echo "$0: $1" > /dev/console
 }
 if [[ $HOSTNAME == "hu-omap" ]]; then
   OMAP=1
   JACINTO_NODE=hu-jacinto
 elif [[ $HOSTNAME == "rse-omap" ]]; then
   OMAP=1
   JACINTO_NODE=rse-jacinto
 else
   OMAP=0
 fi
 if [[ $OMAP -eq 1 ]]; then
   ONOFF_IPC_CHANNEL=/net/${JACINTO_NODE}$ONOFF_IPC_CHANNEL
 fi
 # Make sure that OnOff IPC channel is open...
 if [[ ! -e $ONOFF_IPC_CHANNEL ]]; then
   log_msg "OnOff IPC channel $ONOFF_IPC_CHANNEL not available!"
   log_msg "Starting OnOff IPC channel first..."
   # Start appropriate resource manager. Concrete choice depends on IPC Protocol Version used by V850.
   whence ipc-version-check > /dev/null
   if [[ $? -ne 0 ]]; then
      log_msg "Failed to locate ipc-version-check!"
      exit 1
   fi
   ipc-version-check   
   IPC_VERSION=$?
   case "$IPC_VERSION" in
      0) # Initial IPC
         START_ONOFF_IPC_CHANNEL="dev-spi-dra6xx -v -c /etc/spi3.cfg"
         ;;
      1) # IPC V1 - Block IPC on Jacinto
         START_ONOFF_IPC_CHANNEL="io-ipc -c /etc/io-ipc-j5.cfg"
         ;;
      2) # IPC V2 - Block IPC on Jacinto and OMAP
         START_ONOFF_IPC_CHANNEL="io-ipc -c /etc/io-ipc-v2-j5.cfg"
         ;;
      *) log_msg "Unknown IPC Version $IPC_VERSION - unable to start OnOff IPC channel!"
         exit 2
         ;;
   esac
   if [[ $OMAP -eq 1 ]]; then
      log_msg "Starting IPC resource manager on $JACINTO_NODE ..."
      log_msg "$START_ONOFF_IPC_CHANNEL"
      on -f /net/$JACINTO_NODE $START_ONOFF_IPC_CHANNEL
   else
      log_msg "Starting IPC resource manager ..."
      log_msg "$START_ONOFF_IPC_CHANNEL"
      $START_ONOFF_IPC_CHANNEL
   fi
   waitfor $ONOFF_IPC_CHANNEL 10
   if [[ ! -e $ONOFF_IPC_CHANNEL ]]; then
      log_msg "Failed to start IPC resource manager!"
      exit 3
   fi
 fi
 # ... then execute v850commander (may run on any node)
 log_msg "Executing v850commander $* ..."
 exec v850commander $*
 log_msg "Failed to execute v850commander!"
 exit 4
--- a/boot/etc/nbt_version.txt
+++ b/boot/etc/nbt_version.txt
@ -0,0 +1 @@
 NBTevo_N18092I
--- a/boot/lib/cam-disk.so
+++ b/boot/lib/cam-disk.so
--- a/boot/lib/charset.so
+++ b/boot/lib/charset.so
--- a/boot/lib/fs-dos.so
+++ b/boot/lib/fs-dos.so
--- a/boot/lib/fs-qnx6.so
+++ b/boot/lib/fs-qnx6.so
--- a/boot/lib/io-blk.so
+++ b/boot/lib/io-blk.so
--- a/boot/lib/libc.so.3
+++ b/boot/lib/libc.so.3
--- a/boot/lib/libcam.so.2
+++ b/boot/lib/libcam.so.2
--- a/boot/lib/libnbt_starter_plugin-omap.so
+++ b/boot/lib/libnbt_starter_plugin-omap.so