'%3e%3cpath%20d='M7.5%201.26055C9.37031%201.26055%209.5918%201.26875%2010.3273%201.30156C11.0109%201.33164%2011.3801%201.44648%2011.6262%201.54219C11.9516%201.66797%2012.1867%201.82109%2012.4301%202.06445C12.6762%202.31055%2012.8266%202.54297%2012.9523%202.86836C13.048%203.11445%2013.1629%203.48633%2013.193%204.16719C13.2258%204.90547%2013.234%205.12695%2013.234%206.99453C13.234%208.86484%2013.2258%209.08633%2013.193%209.82188C13.1629%2010.5055%2013.048%2010.8746%2012.9523%2011.1207C12.8266%2011.4461%2012.6734%2011.6812%2012.4301%2011.9246C12.184%2012.1707%2011.9516%2012.3211%2011.6262%2012.4469C11.3801%2012.5426%2011.0082%2012.6574%2010.3273%2012.6875C9.58906%2012.7203%209.36758%2012.7285%207.5%2012.7285C5.62969%2012.7285%205.4082%2012.7203%204.67266%2012.6875C3.98906%2012.6574%203.61992%2012.5426%203.37383%2012.4469C3.04844%2012.3211%202.81328%2012.168%202.56992%2011.9246C2.32383%2011.6785%202.17344%2011.4461%202.04766%2011.1207C1.95195%2010.8746%201.83711%2010.5027%201.80703%209.82188C1.77422%209.08359%201.76602%208.86211%201.76602%206.99453C1.76602%205.12422%201.77422%204.90273%201.80703%204.16719C1.83711%203.48359%201.95195%203.11445%202.04766%202.86836C2.17344%202.54297%202.32656%202.30781%202.56992%202.06445C2.81602%201.81836%203.04844%201.66797%203.37383%201.54219C3.61992%201.44648%203.9918%201.33164%204.67266%201.30156C5.4082%201.26875%205.62969%201.26055%207.5%201.26055ZM7.5%200C5.59961%200%205.36172%200.00820312%204.61523%200.0410156C3.87148%200.0738281%203.36016%200.194141%202.91719%200.366406C2.45508%200.546875%202.06406%200.784766%201.67578%201.17578C1.28477%201.56406%201.04688%201.95508%200.866406%202.41445C0.694141%202.86016%200.573828%203.36875%200.541016%204.1125C0.508203%204.86172%200.5%205.09961%200.5%207C0.5%208.90039%200.508203%209.13828%200.541016%209.88477C0.573828%2010.6285%200.694141%2011.1398%200.866406%2011.5828C1.04688%2012.0449%201.28477%2012.4359%201.67578%2012.8242C2.06406%2013.2125%202.45508%2013.4531%202.91445%2013.6309C3.36016%2013.8031%203.86875%2013.9234%204.6125%2013.9562C5.35898%2013.9891%205.59687%2013.9973%207.49727%2013.9973C9.39766%2013.9973%209.63555%2013.9891%2010.382%2013.9562C11.1258%2013.9234%2011.6371%2013.8031%2012.0801%2013.6309C12.5395%2013.4531%2012.9305%2013.2125%2013.3187%2012.8242C13.707%2012.4359%2013.9477%2012.0449%2014.1254%2011.5855C14.2977%2011.1398%2014.418%2010.6313%2014.4508%209.8875C14.4836%209.14102%2014.4918%208.90312%2014.4918%207.00273C14.4918%205.10234%2014.4836%204.86445%2014.4508%204.11797C14.418%203.37422%2014.2977%202.86289%2014.1254%202.41992C13.9531%201.95508%2013.7152%201.56406%2013.3242%201.17578C12.9359%200.7875%2012.5449%200.546875%2012.0855%200.369141C11.6398%200.196875%2011.1313%200.0765625%2010.3875%200.04375C9.63828%200.00820313%209.40039%200%207.5%200Z'%20fill='white'/%3e%3cpath%20d='M7.5%203.4043C5.51484%203.4043%203.9043%205.01484%203.9043%207C3.9043%208.98516%205.51484%2010.5957%207.5%2010.5957C9.48516%2010.5957%2011.0957%208.98516%2011.0957%207C11.0957%205.01484%209.48516%203.4043%207.5%203.4043ZM7.5%209.33242C6.21211%209.33242%205.16758%208.28789%205.16758%207C5.16758%205.71211%206.21211%204.66758%207.5%204.66758C8.78789%204.66758%209.83242%205.71211%209.83242%207C9.83242%208.28789%208.78789%209.33242%207.5%209.33242Z'%20fill='white'/%3e%3cpath%20d='M12.0773%203.26206C12.0773%203.72691%2011.7%204.10152%2011.2379%204.10152C10.773%204.10152%2010.3984%203.72417%2010.3984%203.26206C10.3984%202.79722%2010.7758%202.42261%2011.2379%202.42261C11.7%202.42261%2012.0773%202.79995%2012.0773%203.26206Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_560_306'%3e%3crect%20width='14'%20height='14'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
9 
5 This exploited a flaw in the USB updater system and the way it handles .zip files, allowing me to write any file anywhere as root. Unfortunately, every directory but 2 are mounted as RO and cryptographically signed, and there (seemed to be) nothing executable to overwrite on the 2 that are RW, they mostly just store cache files and user settings.
3 Also the only way to see anything is from the diagnostic logs in dealer mode, which are limited and take ~15 minutes to export to a USB. So I'd have to make 1 change, plug it in, let it run the update process for ~10 minutes, and then export the log which took another 15, and then go connect it to my PC to see if that change worked... painfully slow process lmao
1 You said this is an exploit right? are you going to show this to kia for a bounty?
1 I'm learning how to exploit rn, this is really cool
1 
OP 1dGet SHREKT Kia!
6 #1 21hKia doesn't offer bounties, and was actually hostile against the last dude that reported one, so no. They can kiss my ass. This is gonna be used to pirate the dashboard themes they sell instead, because charging $40 just to change my dashboard profile pic to Darth Vader on a car I ALREADY PAID 50K FOR is criminal
1 OP 21hhonestly i wish cars were more customizable but i also can see the security issue. I want my instrument clusters to be displayed one way but at most all i can do is change one small little info container 😕. But yeah unfortunate kia is that way
1