Further Reading
The sources below are the ones worth your time for going deeper on the Gen 6 Mazda Connect CMU — security disclosures, hardware teardowns, CAN signal databases, and firmware archaeology. Each entry says what it actually covers and how much to trust it.
For the curated list of active community repositories and forums, see Community. For toolchain setup, see Tools. For CMU hardware details, see Platform Specs.
Security research
Section titled “Security research”The two disclosures that matter for understanding the platform’s exposure. Our own summary lives in attack surface, with the legal framing in legal and research notes.
- ZDI advisory (November 2024) — Zero Day Initiative writeup of multiple vulnerabilities in the Mazda IVI system. The current authoritative source on the attack surface.
- BleepingComputer, 2017 USB PoC — Background on
mazda_getInfo, MZD-AIO, and the early USB autorun-style behavior that the modding scene grew out of.
Hardware and CMU internals
Section titled “Hardware and CMU internals”- silverchris/mazda-cmu-documentation — The reference for CMU internals: VIP microcontroller protocol, kernel configuration, and board-level detail.
- Mazda Connect owner’s manual — Mazda’s own user-facing reference for USB media, Bluetooth, navigation, and documented system behavior. Useful for confirming what’s stock before you decide something is a bug.
CAN signal databases
Section titled “CAN signal databases”If you’re decoding the bus, start with these rather than reverse-engineering from scratch.
- commaai/opendbc — Open-source CAN databases including Mazda DBC files (
mazda_2017.dbc). - majbthrd/MazdaCANbus — HS-CAN and MS-CAN message database (
skyactiv.kcd) covering Skyactiv-generation vehicles.
Firmware archaeology
Section titled “Firmware archaeology”- checksummaster/mazda_emulation — Firmware extraction scripts and package-analysis notes.
- drone540/mazda-firmware-changelogs — Compiled version history and changelogs across firmware releases.
Historical install walkthroughs
Section titled “Historical install walkthroughs”Treat these as background, not instructions. They predate current firmware and recovery paths — follow one blindly and you can leave a CMU in a state it didn’t ship in. Verify against your exact firmware version first.
- Mazda3Revolution AIO thread — The long-running MZD-AIO support thread, with firmware constraints and user troubleshooting buried throughout.
- Roman Garms’ MZD Connect research — A practical research walkthrough. Public copies move around; check it against current forum and repository notes before relying on it.
- MZD Online (WordPress) — CMU bench-setup and general modding guides. Mirrors are common, so confirm the author and date before trusting any given copy.
Automotive security conferences
Section titled “Automotive security conferences”Where IVI and vehicle security research relevant to this platform tends to surface:
- DEF CON Car Hacking Village — Annual hands-on automotive security track.
- escar — European and US conferences on embedded automotive security.
- Auto-ISAC — The Automotive Information Sharing and Analysis Center; publishes vehicle cybersecurity best practices.