Peugeot Forums banner
Cancel
Create thread New Garage Forums

Version not compatible with hardware " Firmware update failure "

Jump to Latest
20K views 92 replies 23 participants last post by  jbf69  
#2 ·
The latest firmware for the NAC Wave 2 (NAC_EUR_WAVE2), version 21.08.90.52_NAC-r0, was released to public in 27 Sep 2024 but was in testing state since 17 Oct 2022. Because they didn't bother to update the certificates used to sign the firmware in 2022, those certificates expired in 3 Nov 2024. Since then it's impossible to install the firmware, that gives the generic "Version not compatible with hardware" error (and if you're unlucky, it also might give you the "bricked" blue screen "Software loading on demand"). Until they release updates with valid certificates, it's impossible to install any NAC Wave 2 firmware at the moment, the older versions also have expired certificates.
 
#4 ·
@FReego :

Not those, but the certificate used to sign the firmware update:
Code: 
> openssl smime -in SWL/001315031666020829/MediaHeader/MediaVersion.ini -pk7out | openssl pkcs7 -print_certs -text | head
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 14 (0xe)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, L=Paris, O=PSA Peugeot Citroen, OU=Certificate Authorities, OU=(c) PSA Peugeot Citroen - For authorized use only, OU=0002 319187308, CN=PSA - OVIP - Code signing - G1
Validity
Not Before: Nov 3 14:38:04 2021 GMT
Not After : Nov 3 14:38:04 2024 GMT
Subject: C=FR, L=Paris, O=PSA Peugeot Citroen, OU=Open Vehicle Infotainment Platform, OU=(c) PSA Peugeot Citroen - For authorized use only, CN=Continental \/ NAC \/ 1
 
#9 ·
@Ricardo.Rosa
You can install the European maps/cartography 28.0.0-r0 for the NAC Wave 2 without any problem.

Since 3 Nov 2024, it is impossible to install that firmware (or any other previous version), because it was digitally signed with a certificate that is now expired. The installation fails with the generic "Version not compatible with hardware" error.

Yesterday, PSA silently released a new update - it has the exact same bytes, but has an updated file, the certificate "SWL/001315031666020829/Certificates/PSA-OVIP-CS-G1.crt" - unfortunately they forgot to sign the "SWL/001315031666020829/MediaHeader/MediaVersion.ini" file with the updated certificate, so the installation still fails.

But at least they acknowledge the problem and are trying to fix it... :)
 
#11 ·
@cferreira : The license (that is unique to your infotainment system head unit and to the firmware version you're trying to install) and the signing certificate are 2 different things. Only PSA can fix the expired certificate problem by releasing a new update (it could be the same version) digitally signed with a valid certificate.

All versions of NAC Wave 2 (also Wave 1 and Wave 3) firmware are signed with expired certificates, so you can't install any of them.
 
#13 ·
As I wrote, ALL NAC_EUR_WAVE2 firmware updates are using expired certificates - at the moment, It's impossible to install any of them.

As a rule of thumb, if the update has 2+ years old, it probably was signed with expired certificates.
So the exceptions are the last 2 firmware updates for the RCC Wave 3 (6_0421_23.3I29.1 / 6_0422_23.3I37.1) and NAC Wave 4 (44.07.05.22_NAC-r0 / 44.07.33.32_NAC-r0).

There are no new testing versions since 22.08.90.52_NAC-r0 and the easy fix is just sign the file with a new certificate (used in the above versions, for instance). But the NAC Wave 1 hasn't seen a firmware update since 2019 and it isn't expected they release one. That hardware revision is pretty much unsupported. Maybe it's the time for the Wave 2...
 
#21 ·
The same scripts that search for new updates daily to build up my site will also warn me of any file changes. That's why I know about the new 3 December file (it has a new certificate file, but they didn't sign the code with it...).

So any news will be posted here.
 
#22 ·
And here is the news.

The update file was reuploaded today, it has again a PUB status, a new size, and, more importantly, a new certificate and the code is finally signed with it. It expires on 8 Nov 2026.

Code: 
{
  "updateType": "ovip-int-firmware-version",
  "updateVersion": "21.08.90.52_NAC-r0",
  "updateProvider": "CONTINENTAL",
  "updateId": "001315031666020829",
  "updateDate": "2025/01/08 14:08:27",
  "updateStatus": {
    "code": "PUB",
    "label": "Publié"
  }
}
Code: 
> curl --head https://ds4emloty3shq.cloudfront.net/CONTINENTAL/NAC_EU/ovip-int-firmware-version/PSA_ovip-int-firmware-version_21-08-90-52_NAC-r0_NAC_EUR_WAVE2.tar
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: 2729062912
Connection: keep-alive
Date: Thu, 09 Jan 2025 15:57:00 GMT
Last-Modified: Thu, 09 Jan 2025 08:40:10 GMT
Code: 
> openssl smime -in SWL/001315031666020829/MediaHeader/MediaVersion.ini -pk7out | openssl pkcs7 -print_certs -text | head
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:3e:30:93:b5:e0:50:3a:43:c3:02:68:b1:06:c4:1d:fb:35:db:b7
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=FR, L=Paris, O=PSA Peugeot Citroen, OU=Certificate Authorities, OU=(c) PSA Peugeot Citroen - For authorized use only, OU=0002 319187308, CN=PSA - OVIP - Code signing - G1
        Validity
            Not Before: Nov  8 18:27:06 2023 GMT
            Not After : Nov  8 18:27:06 2026 GMT
        Subject: C=FR, L=Paris, O=PSA Peugeot Citroen, OU=Open Vehicle Infotainment Platform, OU=(c) PSA Peugeot Citroen - For authorized use only, CN=Continental \/ NAC \/ 1
 
#32 · (Edited)
Don't use the MyPeugeot app or "Peugeot Update" software, they are still offering the old update 21.08.87.32_NAC-r1 that also has expired certificates (it's PSA/Stellantis, they can't do everything right at first).

Download from the cloudfront link directly -

Extract the .tar file update to a FAT32-formatted USB flash drive and that's it. You don't need the digital license/key (that is specific for that version AND for your car) if you connect your car to the internet - it could be an active and available Connected services subscription, a WiFi network, or tethering your phone (sharing mobile data over bluetooth).

EDIT:
In fact, because this latest version isn't in PUB status again, you might need to have the digital license/key on the USB flash drive:
Code: 
{
  "updateType": "ovip-int-firmware-version",
  "updateVersion": "21.08.90.52_NAC-r0",
  "updateProvider": "CONTINENTAL",
  "updateId": "001315031666020829",
  "updateDate": "2025/01/08 14:08:27",
  "fileName": "PSA_ovip-int-firmware-version_21-08-90-52_NAC-r0_NAC_EUR_WAVE2.tar",
  "updateStatus": {
    "code": "AVC",
    "label": "En attente de validation fournisseur"
  }
}
 
#35 ·
@Changedforlife : Did you also download the license key ("license_xxxxxxxxxxxxxxxxxxxx_yyyyyyyyyyyyyyyyyy.key") and copy it to "\license" folder?

The Amazon CloudFront is a known CDN (Content Delivery Network). PSA/Stellantis started using it in late 2022 to share the firmware updates. Before that, they used their own very slow majestic-web.mpsa.com server.
 
#42 ·
The problem is the "Version not compatible with hardware" error message is a generic one and is also shown when there are problems with the firmware license (not related with the expired certificate). And because that firmware version is not in PUB state, maybe the online verification of said license also fails and you need the actual file in the USB flash drive.

It doesn't work if you change the file name, but if you have an old license, you can download the correct one from (replace the ... with the UIN of the old one):
Code: 
https://majestic-web.mpsa.com/mjf00-web/rest/LicenseDownload?mediaVersion=001315031666020829&uin=...
And copy that file to the \license folder on the USB flash drive.
 
#44 ·
@Changedforlife: No, you need to replace that "..." with the UIN (serial number) of your infotainment system. It is a 20-digit hex number (usually starts with 0D), and if you have an older key for another version, you can see the UIN in that file name. The 00x31... (18-digit number) is the MediaVersion/UpdateID, or the firmware version number written in another format.

So the file name is "license_UIN_MediaVersion.key":
The license_xxxxxxxxxxxxxxxxxxxx_001315031613548831.key is the key for the 21.08.87.32_NAC-r1 and the license_xxxxxxxxxxxxxxxxxxxx_001315031666020829 .key is the license for the 21.08.90.52_NAC-r0. Both the "xxxxxxxxxxxxxxxxxxxx"must be equal and are the UIN (serial number) of your infotainment system.
 
#46 ·
No! You don't change the filename, the license (contents) is unique for a specific infotainment system hardware (UIN) and a specific firmware version (MediaVersion). Because the UIN is always the same for your car, you can use the filename of an old license to see that UIN. And then use that UIN to download the new license.
 
#61 ·
@Pekempy The directory structure is fine.

But the NAC Wave 2 firmware version 21.08.87.32_NAC-r1 is signed with an expired certificate and impossible to install (and that is the version currently offered by MyPeugeot/Peugeot Update).
The version 21.08.90.52_NAC-r0 has now a valid certificate (so you can install it), but it isn't in PUB status. This means it isn't easy to install this version: You must not use the Peugeot Update (you need to prepare the USB flash drive manually), the license file must be present on that USB drive, and the car must be offline.

To add insult to injury, PSA/Stellantis uses a generic "Version not compatible with hardware" error message, that not only is false but it's used for a multitude of reasons (expired signing certificate or invalid/unknown license are 2 of them).
 
#68 ·
@ulipo No, for the NAC Wave 4 (firmware version 4x.xx.xx.xx), it is still impossible to install any firmware. The Last 2 versions are in AVP status:

Code: 
{
  "updateType": "ovip-int-firmware-version",
  "updateVersion": "44.07.05.22_NAC-r0",
  "updateProvider": "CONTINENTAL",
  "updateId": "001315031675246547",
  "updateDate": "2025/01/09 17:06:17",
  "updateStatus": {
    "code": "AVP",
    "label": "En attente de validation PSA"
  }
}

{
  "updateType": "ovip-int-firmware-version",
  "updateVersion": "44.07.33.32_NAC-r0",
  "updateProvider": "CONTINENTAL",
  "updateId": "001315031692686757",
  "updateDate": "2025/01/17 15:12:00",
  "updateStatus": {
    "code": "AVP",
    "label": "En attente de validation PSA"
  }
}
And that version, 44.06.44.22_NAC-r0, has expired certificates.
 
#72 ·
@FCosta85:
Since 17 Jan 2025 15:47:36 (for NAC Wave 2 firmware) and 28 Jan 2025 12:39:24 (NAC Wave 4 firmware), that should be no surprise...

The problem is again installing NAC Wave 1 or Wave 3 firmware.
 
Peugeot Forums
posts
657K
members
376K
Since
2005
A forum community dedicated for all Peugeot owners and enthusiasts. Come join the discussion about performance, reviews, reliability, modifications, troubleshooting, maintenance, for all models.
Full Forum Listing
Explore Our Forums
307 3008 (2017-2024) 407 General Discussion 207