Please en­able JS and dis­able any ad blocker

Please en­able JS and dis­able any ad blocker

Intelligence should be open, ac­ces­si­ble, and ready to build with, em­pow­er­ing every de­vel­oper, every­where.

GLM-5.2 is now avail­able to all GLM Coding Plan users, in­clud­ing Lite, Pro, Max, and Team plans. http://​docs.z.ai/​de­v­pack/​lat­est-model

As our new flag­ship model, GLM-5.2 de­liv­ers pow­er­ful cod­ing ca­pa­bil­i­ties, us­able 1M-context sup­port, and con­tin­ued strengths in long-hori­zon tasks.

API and Chatbot ser­vices will launch next week. The model will also be of­fi­cially open-sourced next week un­der the MIT License.

The fu­ture of AI is open, and it be­longs to the peo­ple.

Three years ago, I pub­lished my ini­tial work to un­der­stand and re­verse en­gi­neer my car, specif­i­cally the head­unit of my 2021 Honda Civic.1

The ini­tial re­sponse was in­cred­i­bly en­cour­ag­ing. I’m writ­ing to give a pro­ject up­date.

Keys to the Kingdom

The biggest progress has been made while map­ping out the up­date process.

Honda sup­ports up­dat­ing the head­unit via USB. There are a num­ber of Honda-specific checks, but ul­ti­mately the USB drive con­tains a signed AOSP up­date file that gets staged and ap­plied via Android re­cov­ery. The good news? They left the pub­licly-known AOSP test key in res/​keys*, and, even though they mod­i­fied the re­cov­ery bi­nary, the ver­i­fy_­file sig­na­ture logic matches stock AOSP.

So as long as you can prop­erly for­mat a USB drive and sign it with the pub­licly-known AOSP test key, you can in­stall what­ever you want to the head­unit, with­out con­ven­tional root ac­cess (no need for su with se­tuid). This means that, as long as the head­unit has power and an at­tacker has phys­i­cal ac­cess to the front-most USB port, they have ar­bi­trary code ex­e­cu­tion on the head­unit via the up­date path.

This is an evil maid at­tack. Since it re­quires phys­i­cal ac­cess to the cabin of the car rather than the ho­tel room, I call it an evil valet at­tack. Imagine a jour­nal­ist dri­ves to a ho­tel and leaves their car with the valet. The valet, who works for a three-let­ter agency, in­stalls an up­date via USB. When the car is re­turned, the jour­nal­ist does­n’t know the head­unit has been mod­i­fied. Since I want a cool vul­ner­a­bil­ity name, I’m call­ing this “EvilValet”.

This blog ar­ti­cle is not in­tended as a tech­ni­cal writeup. If you want the gory de­tails, see the tech­ni­cal docs.2

I’ve also pub­lished a new tool, ota-builder3, that al­lows peo­ple to eas­ily pre­pare up­date files that will be ac­cepted by the head­unit. While in its early days, it should be triv­ial to now build an up­date file that, for ex­am­ple, in­stalls an su bi­nary with se­tuid set (i.e., to root the de­vice).

*I have strong rea­son to be­lieve that all up­dates are signed with the pub­licly-known AOSP test key, but I don’t have ac­cess to every pos­si­ble of­fi­cial up­date file, nor ac­cess to every head­unit vari­ant and its filesys­tem. My head­unit has the AOSP test key in res/​keys, though I’ve also in­stalled HondaHack, so it’s pos­si­ble that it in­jected the key into the key­store. However, I’ve also con­firmed that MRC_EU_SW_v12_4.zip, a pub­licly-avail­able EU soft­ware up­date file, is test key signed. This file was down­loaded from a pub­lic fo­rum4 and was never mod­i­fied by me. So it seems highly likely that all up­dates are signed with the AOSP test key. Contributors are wel­come to help sup­port or re­fute this hy­poth­e­sis.

Building Tools

Beyond the up­date process, the most use­ful work has been on apk-re­builder5. It has one very im­por­tant job: take in a Honda Civic up­date file from the Internet, and pro­duce a clean tree of out­put files that au­to­mates every­thing a re­verse en­gi­neer would oth­er­wise have to do man­u­ally, in­clud­ing:

Resolving re­sources

Reconstructing .smali code

Repacking APK files

Extracting the ramdisk

And more

This also serves an im­por­tant role be­cause we can’t pub­lish ac­tual Honda source code. We pub­lish a func­tion that takes in an up­date file (that we don’t host) and spits out Honda .smali code, im­age as­sets, etc. The re­sult­ing out­put fol­lows a clear di­rec­tory struc­ture that can be ref­er­enced in doc­u­men­ta­tion with­out ac­tu­ally up­load­ing the sen­si­tive files them­selves.

Outstanding Work - A Call for Contributors

There are a few out­stand­ing things that would be nice to have.

Known Versions

The up­date process is frag­ile and re­lies heav­ily on ver­sion num­bers. This does­n’t limit the abil­ity to run un­signed code, be­cause the ver­sion num­bers can be “spoofed” (see the tech­ni­cal docs). But in or­der to build an up­date file in the first place you need to know what ver­sions your head­unit ex­pects. Further, any changes to the head­unit soft­ware that don’t match my build could lead to un­ex­pected be­hav­ior and re­cov­ery loops.

If you drive a 10th gen Honda Civic and are tech-savvy, I en­cour­age you to con­tribute to the “Known Versions, Display Audio Software” sec­tion of the repo.6

If you’re feel­ing par­tic­u­larly brave, read through the ota-builder code and try and flash an up­date. But do so at your own risk; if your head­unit dif­fers from mine you could get stuck in a re­cov­ery loop and soft­brick your de­vice.

Toolchain

I have an ex­per­i­men­tal/​work-in-progress tool­chain on my lo­cal ma­chine. It takes can­di­date .c code and com­piles it for ARMv7, us­ing the same com­piler ver­sion and build flags as the orig­i­nal ven­dor bi­na­ries. This proved in­dis­pens­able in my work to un­der­stand the up­date process. It makes heavy use of Docker. The cur­rent it­er­a­tion is messy and largely spe­cific to my work­flow, but I’d like to pub­lish a clean im­ple­men­ta­tion.

Custom Themes

I ex­plored this a bit while vibe-cod­ing apk-ren­der­er7. Custom themes are likely dif­fi­cult to ship be­cause they live in Mitsubishi’s fork of the AOSP frame­work, and the head­unit apps are mini­fied to ex­pect hard­coded re­source IDs. Any at­tempt to ship a cus­tom theme would likely in­volve sur­gi­cally edit­ing the ven­dor frame­work (and writ­ing a tool to do so au­to­mat­i­cally). None of this is triv­ial and prob­a­bly is­n’t worth the ef­fort, but I wel­come con­trib­u­tors.

Improve aidl-re­builder

I started work­ing on a tool to parse .smali files and gen­er­ate/​map out all AIDL in­ter­faces on the head­unit. This works but I haven’t re­viewed it fully for ac­cu­racy. This opens up the door for cus­tom apps such as vir­tual speedome­ters. Contributors wel­come.

Thoughts on Documentation and LLMs

I’ve placed less em­pha­sis on ref­er­ence doc­u­men­ta­tion and more on tool­ing. The idea is that if I can ship re­li­able, de­ter­min­is­tic tools that map the head­unit code to more di­gestible forms, then peo­ple can use LLMs to query those more di­gestible forms to an­swer what­ever their spe­cific ques­tions are. This avoids hav­ing to main­tain ref­er­ence docs that can stray from the ac­tual head­unit code, be­cause the head­unit code is the source of truth.

For ex­am­ple, a user guide that ex­plains how to con­nect to the head­unit via ADB is still deemed use­ful. But a doc­u­ment ex­plain­ing how some Java code works, when the Java code it­self is avail­able to an LLM, seems like a main­te­nance bur­den.

Wrapping up and Thanks

At this point, I’ve done most of the in­ves­tiga­tive work I in­tend to do on the head­unit. This is one of those pro­jects that I could toil end­lessly on, but I’ll likely tran­si­tion to other pro­jects. That said, the repo is by no means aban­doned. PRs are al­ways wel­come.

Special thanks to Tunas8 for the mem­o­ries, and to Hackaday9 for cov­er­ing my orig­i­nal work.

See every­one some­time down the road 🌱

Eric

McDonald, E. (2023). “Honda Reverse Engineering”. Juniperspring. Retrieved June 13, 2026. ↩︎

McDonald, E. (2023). “Honda Reverse Engineering”. Juniperspring. Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “Display Audio Update Files”. GitHub. Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “Display Audio Update Files”. GitHub. Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “ota-builder”. GitHub. Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “ota-builder”. GitHub. Retrieved June 13, 2026. ↩︎

fe­lixlen­nart (September 22, 2022). “Install American firmware on European head unit”. 2016+ Honda Civic Forum (CivicX.com). Retrieved June 13, 2026. ↩︎

fe­lixlen­nart (September 22, 2022). “Install American firmware on European head unit”. 2016+ Honda Civic Forum (CivicX.com). Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “apk-rebuilder”. GitHub. Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “apk-rebuilder”. GitHub. Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “Known Versions, Display Audio Software”. GitHub. Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “Known Versions, Display Audio Software”. GitHub. Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “apk-renderer”. GitHub. Retrieved June 13, 2026. ↩︎

McDonald, E. (n.d.). “apk-renderer”. GitHub. Retrieved June 13, 2026. ↩︎

Tunas. (n.d.). “Tunas1337”. GitHub. Retrieved June 13, 2026. ↩︎

Tunas. (n.d.). “Tunas1337”. GitHub. Retrieved June 13, 2026. ↩︎

Posch, M. (June 27, 2023). “Honda Headunit Reverse Engineering, And The Dismal State Of Infotainment Systems”. Hackaday. Retrieved June 13, 2026. ↩︎

Posch, M. (June 27, 2023). “Honda Headunit Reverse Engineering, And The Dismal State Of Infotainment Systems”. Hackaday. Retrieved June 13, 2026. ↩︎

There are three ways to do AI cod­ing at home with­out spend­ing like a com­pany, and which one fits de­pends mostly on how much you trust the next year of hard­ware and model re­leases. The first is to self host. You buy the ma­chine, run open source mod­els lo­cally, and pay noth­ing per to­ken af­ter that. The up­front cost is steep and the mod­els you can ac­tu­ally run at home are weaker than what the fron­tier labs ship, so this only pays off if you can keep the rig busy with long run­ning tasks where a slower, cheaper model grinds away overnight. Most peo­ple can’t keep a home ma­chine that loaded, and the hard­ware you buy to­day may look like a bad bet in a year.

The sec­ond is to skip the hard­ware and rent those same open source mod­els from a provider at API rates. For most peo­ple this is the right call. You avoid putting thou­sands of dol­lars on one GPU setup while con­fig­u­ra­tions are still in flux, you skip the work of squeez­ing long run­ning per­for­mance out of an open model, and you can switch to what­ever is cheaper or bet­ter next month with­out re­selling a box. Something like OpenRouter makes the move close to a one line change.

The third is to min-max the fron­tier sub­scrip­tions from OpenAI and Anthropic. Around $400 a month of plans buys roughly $2800 of API us­age at list prices, which is a real bar­gain right up un­til you hit the ceil­ing. The plans are me­tered, and any large AI na­tive work­flow will chew through the in­cluded to­kens fast. They shine for the work you drive by hand and fall short as the en­gine for an agent run­ning all day.

What I’ve seen work best is a blend of the last two. Keep a cou­ple of fron­tier sub­scrip­tions for the hard think­ing and the spec writ­ing, and pay API rates for open source mod­els to han­dle the small me­chan­i­cal pieces. Lean on spec dri­ven de­vel­op­ment so the ex­pen­sive mod­els pro­duce the plan and the cheap ones fill it in. Do that well and you can build what a team of twenty en­gi­neers would put out in a month for around a thou­sand dol­lars.

SQL to ER Diagram — free on­line ERD gen­er­a­tor: con­vert a SQL schema (CREATE TABLE state­ments) into an in­ter­ac­tive en­tity-re­la­tion­ship di­a­gram in your browser. Turn SQL into a di­a­gram in­stantly, no signup.

SQL to ER Diagram

SQL schema

Paste SQL, see the schema.

Drop your CREATE TABLE state­ments on the left. Drag ta­bles, scroll to zoom, dou­ble-click to re­name, ex­port when done.

100% lo­cal — your schema never leaves your browser. No ac­counts, no up­loads.

SQL to ER Diagram is a free, open-source tool that con­verts a SQL schema into an in­ter­ac­tive en­tity-re­la­tion­ship di­a­gram (ERD) right in your browser. Paste your CREATE TABLE state­ments and in­stantly vi­su­al­ize ta­bles, columns, pri­mary keys, for­eign keys and re­la­tion­ships. Works with PostgreSQL, MySQL, SQLite and SQL Server. Drag ta­bles, auto-arrange the lay­out, add notes, and ex­port to PNG or SVG. Nothing is up­loaded — your schema stays on your ma­chine.

Frequently asked ques­tions

How do I cre­ate an ER di­a­gram from SQL?

Paste your SQL CREATE TABLE state­ments into the ed­i­tor and SQL to ER Diagram in­stantly ren­ders an in­ter­ac­tive en­tity-re­la­tion­ship di­a­gram. Drag ta­bles to arrange them, then ex­port as PNG or SVG.

Which SQL di­alects are sup­ported?

It parses stan­dard CREATE TABLE and ALTER TABLE DDL and works with PostgreSQL, MySQL, SQLite and SQL Server syn­tax, in­clud­ing pri­mary keys, for­eign keys, unique and not-null con­straints.

Is it free?

Yes. SQL to ER Diagram is com­pletely free and open source, with no ac­count or sign-up re­quired.

Is my data pri­vate? Does my SQL get up­loaded?

Everything runs lo­cally in your browser. Your SQL schema is never up­loaded to or stored on any server.

Can I ex­port the di­a­gram?

Yes. You can ex­port a high-res­o­lu­tion PNG or a vec­tor SVG, save the full pro­ject as a file, or copy a share­able link that en­codes the di­a­gram in the URL.

Do I need to in­stall any­thing?

No in­stal­la­tion needed. It runs en­tirely in your web browser on both desk­top and mo­bile.

ReactOS, the open-source op­er­at­ing sys­tem work­ing for bi­nary com­pat­i­bil­ity with Microsoft Windows com­puter pro­grams and dri­vers, has reached the mile­stone of be­ing able to en­joy the clas­sic game Half-Life run­ning on this open-source plat­form.

ReactOS has been in de­vel­op­ment for 28 years now and to­day its de­vel­op­ers are not­ing on X the abil­ity to run the Windows ver­sion of Half-Life. Some years ago were re­ports of the Half-Life game at least ini­tial­iz­ing un­der ReactOS while given to­day’s X cov­er­age, it seems to be the first time re­ported of the game suc­cess­fully run­ning on ReactOS and han­dling it in-game.

Granted, these days you can run Half-Life on Linux and it works well on other plat­forms via Wine, it’s fun see­ing Half-Life now run­ning on ReactOS at it con­tin­ues per­se­ver­ing in its quest of Windows bi­nary com­pat­i­bil­ity.

ReactOS user “Zombiedeth” got Half-Life run­ning on a Dell OptiPlex sys­tem with a Core i5 2400 Sandy Bridge proces­sor and NVIDIA GeForce 8400GS graph­ics.

Details on X for those in­ter­ested.