Posted: January 31st, 2011 | Author: resno | Filed under: Logitech Revue, Root | Tags: BreakVue, googletv, GTVHacker, live wallpapers | Comments Off
With the hardware root under our belt, we have been able to try a few other things. Here’s one cool thing thats been reported so far, Live Wallpapers! If you have an Android phone, you know them well. They are essentially wallpapers with different animations.
Have you been able to do anything on your rooted GoogleTV?
Posted: January 24th, 2011 | Author: KernelJayOmega | Filed under: Google TV Kernels, Logitech Revue | Tags: BreakVue, Chrome, googletv, GTVHacker, logitech, revue, UART, wiki | 2 Comments »
It has now been over a month since the GTVHacker team acquired a recovery mode root shell on the Logitech Revue. Since that time we have learned a lot about the internals of the Revue which allowed us to release the BreakVue script for enabling ADB support along with a trivial hack to demonstrate how certain content provider restrictions can be overcome.
Throughout January, we have received a flood of requests for a software based root technique. Specifically there is a lot of talk about rooting the Revue through malicious web content. This has been possible with Apple’s iOS as well as other systems which make use of Apple’s WebKit so it is often assumed that similar attacks should be possible on the Revue. As of yet however the most successful browser based attacks are only able to trigger a ‘Kill Page’ dialog from Chrome. The likely reason for this is that Chrome page rendering is being sandboxed through a chroot jail such that access to a malicious web site results in a crashed page rather than a compromised system. My personal opinion is that there is a better chance of compromise through specially crafted video files played through the Logitech Media Player than there is of getting root through a browser exploit. (Of course I am not much of an exploit developer and would love for someone to prove me wrong on this.)
Overall I have observed that the Logitech Revue is a very well hardened system and I strongly suspect that, if not for the slight oversight of leaving a root shell attached to UART1, we would still be scratching our heads about how to get root. Even now that we have root, the hardened kernel still has numerous protections in place:
- read-only /system partition as per the flash layout in Logitech’s Linux kernel
- Module signing is enforced to prevent untrusted loadable kernel modules
- DEVMEM restrictions are in place to prevent tampering with kernel structures even by root
While we keep trying, it appears that a software one-click-root solution will most likely have to wait until official Market support is enabled on the Logitech Revue. Until then, feel free to check out our wiki where I have documented a few internal details of the Logitech Revue kernel: http://bit.ly/RevueKernel