I have some very backlogged projects I’ve decided to just release to get them out of my backlog. The first one is related to aftermarket Apple CarPlay and Android Auto dongles.
This release is the majority of my notes, tools, findings, and research artifacts from looking at the Mayton/AutoPro-style dongle ecosystem. It includes documentation, test plans, logs, configs, disclosure material, and source-based tooling for inspecting and interacting with the devices.
The most interesting part is probably the tool suite. There is work around cpctl/cpcp, CarPlay shim/sink tooling, and a man-in-the-middle/interceptor setup for observing and experimenting with how these dongles communicate. The release is meant to be useful for other researchers who want to understand the attack surface, protocol behavior, firmware layout, and practical testing workflow without starting from zero.
I intentionally excluded raw firmware images, extracted filesystems, private agent files, and personal secrets. What is included is the public research package: notes, reports, source, scripts, and supporting evidence.
Maybe one day I’ll revisit. For now, I have enough CVEs and don’t have the bandwidth to pursue it further.

You can find it HERE!
END TRANSMISSION
