Apple, in a press release with the title “Introducing Apple Business — a new all‑in‑one platform for businesses of all sizes”, buried in a section tucked in the middle labelled “Enhanced Discoverability in Apple Maps”, both of which are so anodyne as to encourage missing this key bit of news:

Every day, users choose Apple Maps to discover and explore places and businesses around them. Beginning this summer in the U.S. and Canada, businesses will have a new way to be discovered by using Apple Business to create ads on Maps. Ads on Maps will appear when users search in Maps, and can appear at the top of a user’s search results based on relevance, as well as at the top of a new Suggested Places experience in Maps, which will display recommendations based on what’s trending nearby, the user’s recent searches, and more. Ads will be clearly marked to ensure transparency for Maps users.

The way they are “clearly marked” is with a light blue background and a small “Ad” badge, though it is worth noting Apple has been testing an even less obvious demarcation for App Store ads. In the case of the App Store, I have found the advertising blitz junks up search results more than it helps me find things I am interested in.

This is surely not something users are asking for. I would settle for a more reliable search engine, one that prioritizes results immediately near me instead of finding places in cities often hundreds of kilometres away. There are no details yet on what targeting advertisers will be allowed to use, but it will be extremely frustrating if the only reason I begin seeing more immediately relevant results is because a local business had to pay for the spot.

Update: I have this one little nagging thought I cannot shake. Maps has been an imperfect — to be kind — app for nearly fifteen years, but it was ultimately a self-evident piece of good software, at least in theory. It was a directory of points-of-interest, and a means of getting directions. With this announcement, it becomes a container for advertising. Its primary function feels corrupted, at least a little bit, because what users care about is now subservient to the interests of the businesses paying Apple.

⌥ Permalink

Ingrid Burrington:

So even though there isn’t really a smoking gun here, I think it’s worth playing out what Google Geo being break-even or not-especially profitable means for both Google and for geospatial technology as a sector. Google Maps really warped public perception of the business of geospatial by making what had previously been consumer products totally free to consumers. Why do that — why undercut a revenue source — in order to maintain other revenue sources that aren’t necessarily profitable or certainly not hundreds of billions of dollars profitable?

Burrington’s attempts to answer this question reinforce how much of Google is unsustainable if it were fractured into standalone businesss. Maps, Docs, YouTube, Gemini — it seems unlikely any of these work on their own without the backing of Google’s monopolistic digital advertising business. That is, not just any digital ads, but specifically the vast control Google has over online advertising is, seemingly, what props up products that would otherwise struggle to remain afloat as they grew.

⌥ Permalink

Simon Sharwood, the Register:

Over the weekend, users noticed their Timelines went missing.

Google seems to have noticed, too, as The Register has seen multiple social media posts in which Timelines users share an email from the search and ads giant in which it admits “We briefly experienced a technical issue that caused the deletion of Timeline data for some people.”

The email goes on to explain that most users that availed themselves of a feature that enables encrypted backups will be able to restore their Maps Timelines data.

Once again, Google provides no explanation for why it is incapable of reliably storing user data, and no customer support. Users are on their own.

⌥ Permalink

I have RNS315 radio/navigation/media system (I will call it unit) in my car. I bought it with maps from 2014 which are hugely outdated so I started to research how to update the maps.

The obvious way is to go to the dealer and buy map update but that costs some higher tens of Euros so I started researching other options.

The update comes on an SD card which is unreadable in PC – this is because the card is locked with CMD42 and most operating systems cannot deal with this lock. There is a very nice technical note where you can read about the mechanism.

The way how the map update works is, that first the unit checks if the card is locked and reads the SD card CID (unique card ID). If the card is not locked but contains updates, it will show that there is a card with updates but it is not genuine. If it is locked, the unit will generate a password based on the CID and try to unlock the card with CMD42. If it cannot unlock, it will show an error.

There are two ways how people deal with this problem:
– cards with changeable CIDs
– online password generators for your specific card CID

You can buy a very rare SD card with changeable CID (card ID) but these are really hard to get and their price is not worth it. If you have it, you change the CID and lock the card with a know public password.

Next option is to use an online password generator (e.g. this one) where you enter your cards CID and it will give you a password. But this also costs money so I started thinking about some other way.

The update data can be found on the Internet by searching “map update RNS315”. For Europe, there are two packages – Eastern Europe (EE) or Western Europe (WE). For the time of writing, the latest version is V12. You need to copy this data to your SD card before making any magic with locking.

Getting the password

As I was thinking about it, I thought there is actually no hashing or obfuscation mechanism in the unlocking sequence for CMD42 – the host will simply send the password “as is” so you should be able to capture it. So I just took a card, locked it with random password and put it in my unit with a logic analyzer attached (basic FT2232H and PulseView) .

You can see in the background displayed: “Error: SD card” because the card is locked with a different password.

I started to analyze the captured data. PulseView has a SD card protocol decoder so it was quite easy and I was able to find CMD42 quickly:

You can see I captured it with 10Mhz sample rate and it was enough. It probably switches to higher speeds (20MHz?) only after initializing the card (I didn’t check this). You can also see there is data only on single DAT line. This is probably also the reason why copying the data from card may take up to 2hours (16GB / 20MHz 1-bit SD mode = 6872sec)

PulseView doesn’t have data decoding for SD card in SD mode so I had to improvise to get the password data. I have used SPI decoder, and since we don’t have chip-select signal here to properly align bits into bytes, I extended it with an option to skip bits on start. So I was able to get the password bytes decoded:

I have aligned it in a way, that the first 1 belongs to the previous byte 0xFE (it’s start bit) and then it continues with 0x00 0x10 which for the CMD42 means unlock command with password length 0x10 (16 bytes). Next 16 bytes (0xBB, 0x37, 0x3D,…) are the password followed by a checksum. So we have the password now!

Locking/unlocking the card

In previous paragraph I skipped the way how to lock/unlock the card. When you insert a locked card into PC, it won’t be able to read it:

To get control of the card, I used Arduino on ESP32 with SD library which I modified to work with ESP32 and applied a mod to support CMD42. The complete project is here. It can initialize card, list files, display CID, detect locked card, lock/unlock with CMD42 and delete devid file.

Short Howto

1. Copy navigation data to card
2. Lock the card with any password
3. Capture the password using logic analyzer
4. Unlock the card with original password
5. Lock the card with correct password
6. …
7. Profit

When you insert the card you will be asked to assign the card with the unit.

Once you do this, it will create a file called devid with following contents (probably some serial number of the unit):

$ hd deviceid
00000000 9a 04 8b 6b 13 02 61 f8 00 00 ff bf ff ff fe ff |…k..a………|
00000010

But since we know the password, we can always delete it. Either after unlocking in a computer or using my esp32 firmware (function delete_devid()). After this, it can be used in another car.

Next, you are asked what to do with the update – install or use the maps from the card:

This really takes more than a hour, so do this during a long journey or with your car connected to a battery charger. After this, you are ready to use the updated maps.

For the purpose of sniffing I created a microSD card sniffer. If you want one, you can buy it in my e-shop at Lectronz.

I also wonder if the online password generation services know the password algorithm or they communicate with some unit and emulate a card with your CID to capture the password. I was also thinking about building such system but decided it’s not worth the investment but it is definitely doable.

And that’s it, if you have any questions or comments, feel free to comment.