What is this?

A home-brew implementation of BMW's Online portal for CIC High (8.8") infotainment units. It works through Bluetooth tethering.

If your telematics subscription is still active you can still access the original BMW servers. The public proxy that was accessible through Bluetooth tethering was shut down around 2018.

Modifications and pull requests highly encouraged!

Scope

Only the Online / Live section is implemented. Internet requires binauth (I haven't figured out how to do this yet) and Squid bumping to account for the fact that almost no websites use SSL or TLS1.0

Portal features

News - powered by 68knews (ActionRetro/68k-news)
Weather - parsed from weather.com
Search - powered by frogfind (ActionRetro/FrogFind)
A somewhat crude lap timer
A world clock
Whatever else you wish to add :)

Manual Installation

Overview of the process

1. Set up a static IP web server. Either create it with the instructions provided or download the pre-made VM.

2. Set up the Squid proxy and host the portal pages from the server.

3. The Combox contains a set of XMLs that it falls back on if provisioning updates fail. This step can be skipped however, doing so could lead to the Combox defaulting to the BMW proxy IPs.

4. Code CIC and Combox.

5. Upload provisioning via Tool32 or 'Update Services' if Combox XMLs are modified.

Server

You have a choice here. Self-hosted or cloud. It's typically quite difficult to obtain a static IP from a residential ISP. You don't want this IP to change especially if you modify the Combox XML(s).

For self-hosted I'd recommend a Debian VM. For cloud, a small Lightsail instance is $3.50/month.

You will need an http web-server (Apache, Lighttpd, NGINX, etc.) and PHP.

The instructions below apply for a Debian 11 instance with Lighttpd and PHP8.2.

Add source:

echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/sury-php.list && curl -fsSL https://packages.sury.org/php/apt.gpg | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/sury-keyring.gpg

Install packages:
sudo su -c 'apt update && apt upgrade -y && apt install lighttpd lighttpd-mod-deflate php-fpm php-xml php-curl php-gd php-mbstring -y'

Configure server:
ln -s /var/www/html/ web-root && sudo su -c 'chown admin:admin /var/www/ -R && echo -e "cgi.fix_pathinfo=1\nzlib.output_compression = On\nzlib.output_compression_level = 9\n" >> /etc/php/8.2/fpm/php.ini && ln -s /etc/lighttpd/conf-available/10-fastcgi.conf /etc/lighttpd/conf-enabled/ && ln -s /etc/lighttpd/conf-available/15-fastcgi-php.conf /etc/lighttpd/conf-enabled/ && ln -s /etc/lighttpd/conf-available/10-accesslog.conf /etc/lighttpd/conf-enabled/'

Modify configuration:
sudo vi /etc/lighttpd/conf-available/15-fastcgi-php.conf

fastcgi.server += ( ".php" => 
	((
		"socket" => "/run/php/php8.2-fpm.sock",
		"broken-scriptfilename" => "enable"
	))
)

Main lighttpd configuration:
sudo vi /etc/lighttpd/lighttpd.conf

server.modules = (
  "mod_expire",
  "mod_setenv",
  "mod_deflate",
  "mod_staticfile",
)

expire.url = ( "/assets/" => "access plus 1 months" )


server.document-root        = "/var/www/html"
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log"
server.pid-file             = "/var/run/lighttpd.pid"
server.username             = "www-data"
server.groupname            = "www-data"
server.port                 = 80
server.tag =                ""
server.max-keep-alive-idle  = 60

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
)

static-file.exclude-extensions = ( ".php", ".fcgi" )

deflate.cache-dir           = "/var/cache/lighttpd/compress/"
deflate.mimetypes           = ( "application/javascript", "text/css", "text/html", "application/xml" )
deflate.allowed-encodings   = ( "gzip", "deflate" )

# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"

Re-start the web server:
sudo su -c 'systemctl restart lighttpd.service; systemctl restart php*'

Copy the portal files to the web root (/var/www/html/) and change permissions for settings files, cache folder for frogfind,news:

sudo su -c 'chown www-data:www-data /var/www/html/settings/vehicle -R; chown www-data:www-data /var/www/html/cache -R'

Squid

All requests from the CIC are proxied before they reach a server. We will set up a http proxy with basic auth. An added benefit of the proxy is that you don't need to keep port 80 open to the world.

Install squid from apt with: sudo apt install squid apache2-utils -y

Create password and config file: sudo su -c 'touch /etc/squid/passwords && htpasswd -c /etc/squid/passwords b2v_standard'
sudo su -c 'mv /etc/squid/squid.conf /etc/squid/squid.conf.original && vi /etc/squid/squid.conf'

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords                  # Basic auth as used by the CIC
auth_param basic realm Squid
auth_param basic credentialsttl 24 hours                                                      # Keep client authenticated for x hours
acl authenticated proxy_auth REQUIRED                                                         # Require basic auth
acl Safe_ports port 80                                                                        # Restrict to the webserver's port
http_access deny !to_localhost                                                                # Restrict to localhost
http_access deny !Safe_ports
http_access allow authenticated
http_access deny all                                                                          # Deny all other requests
reply_header_access X-Cache-Lookup deny all                                                   # Unnecessary headers
reply_header_access X-Cache deny all
dns_v4_first on
forwarded_for delete
via off
http_port 8080                                                                                # Squid port set in provisioning xml

# Only cache static resources
acl filecachetype urlpath_regex	.*\.(png|jpg|jpeg|js|css)

request_header_access Cache-Control deny all                                                  # Ignore request for fresh assets
cache deny !filecachetype
cache_mem 128 MB                                                                              # 128mb RAM cache

refresh_pattern \.(css|js)                     600        50%     43200 ignore-reload         # cache js and css for shorter periods
refresh_pattern \.(png|jpg|jpeg)               86400     100%     86400 ignore-reload         # forcefully cache images for two months as they don't change

# Log requests
logformat timereadable %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
access_log daemon:/var/log/squid/access.log timereadable

Restart squid:
sudo systemctl restart squid

If ufw is installed:
sudo ufw allow 8080/tcp

OR: Building from Debian source (newer, but takes a while...):

Download: export SQUID_VER="5.7" && export SQUID_PKG="${SQUID_VER}-1" sudo apt build-dep squid -y && sudo apt install squid-langpack apache2-utils libtdb-dev -y wget http://http.debian.net/debian/pool/main/s/squid/squid_${SQUID_PKG}.dsc \ wget http://http.debian.net/debian/pool/main/s/squid/squid_${SQUID_VER}.orig.tar.xz \ wget http://http.debian.net/debian/pool/main/s/squid/squid_${SQUID_VER}.orig.tar.xz.asc \ wget http://http.debian.net/debian/pool/main/s/squid/squid_${SQUID_PKG}.debian.tar.xz

Build: dpkg-source -x squid_${SQUID_PKG}.dsc && cd squid-${SQUID_VER} && dpkg-buildpackage -rfakeroot -b -us -uc

Install: cd .. && sudo dpkg -i squid-common_${SQUID_PKG}_all.deb && sudo dpkg -i squid_${SQUID_PKG}_amd64.deb

Combox

The Combox uses essentially the same hardware as the CIC sans the Fujitsu Carmine GPU and half the RAM. If you read the HARMAN manual you will note that pins 8 (TX), 9 (RX) and 16 (GND) are UART to the SH4 chip.

Hook up a simple UART (57600) adapter to those pins and you will see debug output that is printed by a custom binary (TestMenu). However, in order to do anything fun like say, execute commands we will need to login to this binary with root access.

1. Press l - login to level 1 (default access) with password "COMBOX__01HB".​

2. Press 2 - log menu -> write to usb (usb drive plugged in to armrest).​
   This creates a folder "Log_*day*_*month*_*year*__*hour*_*minutes*_*seconds*​
   Get Protect.DAT from subdirectory "HBHK" and rename it to "t.DAT".

3. FTP into CIC and upload comboxconsole, rootpersists.DAT and t.DAT to /mnt/hbuser.

4. SSH into CIC and run:

cd /mnt/hbuser && chmod +x comboxconsole && ./comboxconsole

5. l - login, 6 - Show Passwords

Modify the XML provided (dpas_003.xml) to include your proxy IP. Place your modified XMLs to the root of a usb drive in a folder named "xml", log in as root on the Combox and exit to shell (0). Run:

`mount -o remount rw /HBProvisioning && cp /fs/usb0/xml/* /HBProvisioning/xml/ && mount -o remount ro /HBProvisioning && rm -r /HBPr