Breaking Secure-Boot on the Roku

Posted: December 28th, 2013 | Author: | Filed under: Roku, Uncategorized | 12 Comments »
Hello Universe, welcome back. It’s been a while since our last post due to a lack of new Google TV hardware and developments. When we have free time we tend to look at other interesting opportunities that come our way and recently we came into just such a situation when we found ourselves auditing multiple Roku devices.
Roku-PileYou may not know it by looking at the device, but the Roku is considerably more secure than most entertainment devices in its genre (even our namesake). The engineers at Roku not only implemented a decently hardened grsec kernel, they did it where we hadn’t seen before, on ARM. The layers above that contain a miscellaneous assortment of secure boot and encryption methods with configurations varying between the different chipsets throughout the platform. Our package leverages one such configuration, the bcm2835 chipset, in which user accessible per box keys are used to sign the initial “stage 1″ portion of the bootloader. This allows us, from the initial root bug, to modify a portion of the system boot and remove signature verification checks. Effectively breaking the “chain of trust” established and allowing us to load any compatible image desired.
roku3-rooted
Now for the details. The initial root exploit utilizes a local command execution vulnerability within the developer settings menu of the device. Specifically, the bug is within the development password field, and due to poor sanitation of input, the bug lets us run commands as root. This affects the majority of updated Roku devices and was ironically introduced as a security improvement.  The downside to this bug is that it does not provide a persistent root method (or, in short, a method that continues beyond system restarts). This left us looking for a method to persist root on the device, which is when we noticed the configuration of the bcm2835 Roku devices. In this chipset, the bootloader is signed by a per box key which, in all tested bcm2835 devices, is included on the box.  By having the per box key we are able to break the chain of trust and load a modified “stage 2″ bootloader image. In our case we modify the stock U-Boot to include the “dev=1” kernel cmdline argument that identifies a developer device. We then take advantage of a init.d script which allows us to place files in a non-signature validated portion of the file system that is executed when the “dev=1” kernel cmdline argument is set. We use this file to place commands to mount a replacement version of “/bin/Application”, Roku’s main content shell binary, to allow us to disable automatic updates on each boot.
We’ve packaged up all of the above into a nicely commented script which can be downloaded from our download servers at:

The file above contains a script with a cpio archive that includes the following 5 files:

  •     bpatch – compiled for the device and used to apply binary patches to files
  •     mtd1-uboot.patch – a patch file for bpatch used to patch the U-Boot portion of mtd1
  •     nandboot.patch – a patch file for bpatch used to patch nandboot.bin (stage1 bootloader)
  •     roku2-nandwrite.ko – a custom kernel module used to modify kernel cmdline in memory and trick the NAND driver into allowing bootloader writes.
  •     Application.patch – a patch file for bpatch used to patch /bin/Application to disable updates.
The entire GTVHacker team has put a lot of work into this release and we hope the Roku community enjoys it. We invite others to continue our work and are happy to share progress made while we work to further leverage the current exploits before a patch is released. In the mean time, if you have a second generation Roku, root it. And if you don’t, buy one quick!
This bug will probably get patched soon. So in other words, exploit now or forever hold your peace.

Google TV Or: How I Learned to Stop Worrying and Exploit Secure Boot

Posted: August 3rd, 2013 | Author: | Filed under: Uncategorized | 1 Comment »

Yesterday at the DEF CON 21 security conference we released our custom recovery package and 2 individual exploits for the Google TV platform. The 2 exploits leveraged together allow users to install the first custom recovery ever created on the Google TV. The first exploit is a vulnerability which affects certain Linux configurations, in particular those that mount NTFS drives without the nodev flag. This is very similar to a vulnerability we leveraged last year for unsigned kernels on the Gen 1 Sony Google TV where as both exploit poorly mounted flash drives. The difference in this being that the NTFS bug affects every device within the platform and allows users to rewrite previously non write-able (RO) mtdblock partitions. We use this exploit to drop a SU binary on the device within the /system partition which is not mounted nosuid.  Of note, another valid method we could have used would have been to modify the build.prop file. Unfortunately,  even as the root user, security features within the kernel prevent this from being used to allow much for the Google TV community.We can however leverage this exploit to obtain a larger attack surface on the device.

This leads us to our next bug which only affects the boot-loader on the second generation of Google TV devices. This bug is found within the initial loading of the Google TV kernel after the device performs its RSA verification. This can best be summed up by the picture below.

Boot process for second gen Google TV devices.

Boot process for second gen Google TV devices.

As you can see by the above picture, multiple levels of AES decryption and RSA verification are performed. In a secure boot environment this setup is called a “Chain of Trust” which, in more descriptive terms, means that each segment loaded during the device’s boot is signed and verified to establish that it is provided by the manufacturer and not a third party (like GTVHacker). Our attack is actually performed directly after the last AES decrypt and verification routine, which in particular verifies the authenticity of the kernel image being loaded. The bug lies in the fact that the majority of Gen 2 devices do not perform any verification on the loaded RAMdisk address which is stored in the kernel image header. By changing the RAMdisk load address in the image to actually point to the kernel load address and by attaching an unsigned kernel image to the RAMdisk. We are able to load an unsigned kernel directly on top of the actual signed kernel after all decryption and verification routines are performed.  This method works on every device in the platform except the second gen devices by Sony. The Sony devices actually do check the RAMdisk that is supplied, but fail to do so correctly. By simply attaching another kernel and RAMdisk after the signed versions, and pointing the RAMdisk load address to this new kernel and RAMdisk we are able to bypass their signature checks.  By using either of these techniques on the generation 2 devices we are able to  completely destroy the chain of trust the device attempts to establish during boot and we are allowed to run any code needed, which in our case is a custom recovery image that does not perform any signature validation on update images.

Today we are releasing instructions on performing both attacks as well as our slides and content for the presentation.  Please note that this process does involve flashing portions of the device, and in doing so there is a risk of bricking your Google TV. We’ve attempted to make this process as fail-proof as possible in order to prevent bricked devices, however we can’t guarantee that your device won’t become a glorified paperweight.  With that being said, proceed at your own caution.

We will be open sourcing our code as well as compiling more custom recovery images for Google TV devices in the coming days. Keep checking our wiki, blog and Twitter for more info. In the mean time enjoy our DEF CON 21 content that we’ve spent a portion of our free time over the last year working on, and check out the video of the demo from our presentation below.


Chromecast: Exploiting the Newest Device By Google.

Posted: July 28th, 2013 | Author: | Filed under: Uncategorized | 10 Comments »

Chromecast-stockOn Wednesday, July 24th Google launched the Chromecast. As soon as the source code hit we began our audit. Within a short period of time we had multiple items to look at for when our devices arrived. Then we received our Chromecasts the following day and were able to confirm that one of the bugs existed in the build Chromecast shipped with. From that point on we began building what you are now seeing as our public release package.

Exploit Package:
Our Chromecast exploit package will modify the system to spawn a root shell on port 23. This will allow researchers to better investigate the environment as well as give developers a chance to build and test software on their Chromecasts. For the normal user this release will probably be of no use, for the rest of the community this is just the first step in opening up what has just been a mysterious stick up to this point. We hope that following this release the community will have the tools they need to improve on the shortfalls of this device and make better use of the hardware.

Is it really ChromeOS?

No, it’s not. We had a lot of internal discussion on this, and have concluded that it’s more Android than ChromeOS. To be specific, it’s actually a modified Google TV release, but with all of the Bionic / Dalvik stripped out and replaced with a single binary for Chromecast. Since the Marvell DE3005 SOC running this is a single core variant of the 88DE3100, most of the Google TV code was reused. So, although it’s not going to let you install an APK or anything, its origins: the bootloader, kernel, init scripts, binaries, are all from the Google TV.

We are not ruling out the ability for this to become a Google TV “stick”.

Speaking of Google TV – if you are in Vegas for DEF CON 21, check out our talk – “Google TV: Or How I Learned to Stop Worrying and Exploit Secure Boot” this Friday August 2nd at 3PM in the Penn and Teller Theater! We’ve got secure boot exploits for the Google TV (unsigned kernels and roots anyone?) and more – don’t miss it!

Chromecast - GTVHacker

How does the exploit work?

Lucky for us, Google was kind enough to GPL the bootloader source code for the device. So we can identify the exact flaw that allows us to boot the unsigned kernel. By holding down the single button, while powering the device, the Chromecast boots into USB boot mode. USB boot mode looks for a signed image at 0×1000 on the USB drive. When found, the image is passed to the internal crypto hardware to be verified, but after this process the return code is never checked! Therefore, we can execute any code at will.

ret = VerifyImage((unsigned int)k_buff, cpu_img_siz, (unsigned int)k_buff);

The example above shows the call made to verify the image, the value stored in ret is never actually verified to ensure that the call to “VerifyImage” succeeded. From that, we are able to execute our own kernel. Hilariously, this was harder to do than our initial analysis of exploitation suggested. This was due to the USB booted kernel needing extra modifications to allow us to modify /system as well as a few other tweaks.

We then built a custom ramdisk which, when started, began the process of modifying the system by performing the following steps:

  • Mount the USB drive plugged in to the chromecast.
  • Erase the /system partition (mtd3).
  • Write the new custom system image.
  • Reboot.

Note: /system is squashfs as opposed to normally seen EXT4/YAFFS2.

The system image installed from our package is a copy of the original with a modified /bin/clear_crash_counter binary. This binary was modified to perform its original action as well as spawn a telnet server as root.

After the above process, the only modification to the device is done to spawn a root shell. No update mitigations are performed which means that theoretically, an update could be pushed at any moment patching our exploit. Even with that knowledge, having an internal look at the device is priceless and we hope that the community will be able to leverage this bug in time.

Downloads and instructions for exploitation can be found on our wiki at: GTVHacker Wiki: Google Chromecast

Looking for help rooting your device or just want to ask us a question? Check out our Chromecast forum


GTVHacker at DEF CON 20: Oh the Exploits!

Posted: August 4th, 2012 | Author: | Filed under: Uncategorized | Comments Off

As previously mentioned, we were invited to speak at the DEFCON 20 security conference, covering what else – Hacking the Google TV. We all had an awesome time at DEFCON and it was great to meet the rest of the team, both current and past members.

If you haven’t seen our slides from our DEFCON 20 presentation you can find them online here

If you notice in the DEFCON slides, we released multiple exploits, including:

WARNING: The links above contain the until now unreleased Revue root. As bliss described it, “it is like punching the device in the face while telling it that it’s not getting hit”. It is incredibly unstable and we are providing it unpackaged to prevent it from being used by someone who may end up damaging their box. If you are looking to get root to help achieve some form of optimal Android experience from the box, then please wait for a better packaged version with persistence. If you are technically savy and are willing to risk damaging your box, gambling on how skilled you are, then feel free to give it a shot. We will note that you are likely to brick your device much like we have bricked ours (but we have fancy-pants hardware recovery mechanisms).

The Revue root is an interesting one, at the moment it is not persistent; upon each reboot the Revue will need to be rooted again. We are working constantly to get past this road block. Unfortunately, every last item on the box has a signature that is verified at boot, so it makes keeping root across boots difficult. However, rest assured – we will do our best to get some form of persistence out soon. In the meantime, if you are worried, just unplug your Revue from the Internet.

Finally – we kept track of what we did while at the conference, and roughly how much time everything took:

 


We’ll be at DefCon!

Posted: July 23rd, 2012 | Author: | Filed under: Uncategorized | 2 Comments »

A few members of the GTVHacker team will be presenting at the Defcon security conference in Las Vegas this week regarding our newest exploits for the gen-1 GoogleTV line. If you are nearby come check out our talk schedule for Sunday July 29th 3:00pm.  A brief description of the talk and info on the presenters can be found on the Defcon Speakers page:

“The GoogleTV platform is designed to bring an integrated web experience, utilizing the Chrome web browser and Android applications, to your television. GoogleTV is based on the Android operating system, which is mainly used in tablets and smart phones, but customized with security features not normally seen on most Android devices. The current version of the platform utilizes signatures to establish a “chain of trust” from bootloader to system applications.

This presentation will focus on the current GoogleTV devices, including X86 platform details, and the exhaustive security measures used by each device. The presentation will also include video demonstrations of previously found bugs and exploits for each GoogleTV device and includes specific details about how each bug works. Furthermore, we will include interesting experiences that the team has encountered along the way. Finally the talk will be capped off with the release of multiple unpublished GoogleTV exploits which will allow unsigned kernels across all x86 devices (Revue / Sony GoogleTV).”

We also have other surprises in store for the community. Make sure to check out our presentation if you are at or around Defcon, otherwise check our twitter (@GTVHacker) and blog after the conference for public releases.

 


New Wiki Updates – featuring Sony NSZ-GS7 Teardown

Posted: July 6th, 2012 | Author: | Filed under: Uncategorized | Comments Off

Sony NSZ-GS7 Recovery MenuIt’s been a bit since we’ve made a blog post, however exciting times are coming. To
start, we have cleaned up the wiki and reorganized some sections.  The NSZ-GS7 section of our wiki has been updated with lots
of new info, including a tear down and pictures of the new Sony recovery. You can check the teardown pics and the new recovery out here:
GTVHacker Wiki: Sony NSZ-GS7

We’ve also started a page for the new LG devices, the LG 47g2 and the 55g2. The LG section is lacking since none of the GTVHacker team members currently have the TV, so we are counting on the community to fill in the blanks. We are also looking for a few users to help us with some remote debugging of the TV. If you’d like to help out you can find a few things we are looking for on our forums in the new LG section at:

GTVHacker Forums: LG 47g2 and 55g2


Root for Sony Google TV with Unsigned Kernels!

Posted: February 20th, 2012 | Author: | Filed under: Uncategorized | 2 Comments »

Splash screen for sony gtvhacker bootup

We give to you our latest release, a root for all current Sony Google TV devices that we call “The GTVHacker Sony Recovery Downgrader & Rebooter”. This method will allow you root and run custom unsigned kernels on your Sony Google TV device.

The process in the guide above will walk you through downgrading the system to an exploitable version. Then using another exploit, we hijack the devices boot process and reload a new kernel. This completely bypasses the signatures normally used by the system, including those used in the bootloader, kernel, and init binary. The kernel reload process happens automatically each time the box is powered on, and the USB drives required for the install are not needed again. After loading our attached unsigned kernel you will notice a new splash screen (featuring the Sony and GTVHacker logo) as well as the following perks:

  • Modified flash plugin with random per box flash string for Content Provider Bypass.
  • Crippled update feature to prevent box from receiving automatic updates.
  • Completely RW system, cache, and rootfs partitions
  • Full ADB Root
  • Removed signature checks on kernel / init scripts / init binary
  • A few other surprises.
  • BETA: Enable NTFS Support for Sony Google TV devices (see wiki for instructions on how to add: GTVHacker.com: Sony NTFS)

Between the speediness of the 3.2 upgrade and the unsigned kernels we finally have the box that we’ve always wanted from the Google TV. We recommend this update to everyone as it only requires 4 USB sticks and is a 100% softmod (No soldering required!).

The guide and information about the process can be found at our wiki:

How to Root Guide:
GTVHacker.com: Running Unsigned Kernels On Sony GTV

For a more detailed look into how this all works, check out the about:

GTVHacker.com: About The Sony Downgrade & Rebooter (Root)

And finally, for support or to comment checkout our forum post:

GTVHacker Forums: NSX-GT1 and NSZ-GT1 exploit to run unsigned kernels!

GTVHacker


Updating to future USB updates from HC “User-Debug” leak

Posted: October 19th, 2011 | Author: | Filed under: Uncategorized | Comments Off

Below is a method to flash the old “un-neutered” HC recovery onto the new userdebug build. This will allow you to update by USB to the official HC build that Google will hopefully release in the coming weeks. The method below requires that you have installed adb from the android sdk. Please make sure to enter the commands below after entering the directory that the recovery.img was extracted to (or to change the “adb push recovery.img /tmp/recovery.img” command to “adb push /path/to/recovery.img /tmp/recovery.img”).

Warning: Using any recovery other than a properly signed recovery will brick your box, only use the recovery supplied. You also may to ensure you have a good network connection to your revue before continuing.
Recovery:

http://www.multiupload.com/BLFDQYH354

Note: recovery.img(sha1) = 14c31dc6db2d8f9ec15f94f2f929dbb68142d16c

Step 1.) Get IP Address of Revue (settings->network->status).
Step 2.) Enable adbd (settings->applications->development), then check “Remote Debugging”.
Step 3.) Add the IP Address of the computer you are connecting from (“Debugger Ip Address in settings->applications->development).
Step 4.) Connect to adb from computer using the following (Replacing with your ip) adb command:

  • adb connect

Step 5.) Restart adbd as root by executing the following:

  • adb root

Step 6.) Reconnect to adbd on the revue using:

  • adb connect

Step 7.) Paste each line of the following (one at a time).

  • adb push recovery.img /tmp/recovery.img
  • adb shell flash_image recovery /tmp/recovery.img

Successfully running the last line should output something similar to the following:

  • mtd: successfully wrote block at 0
  • mtd: successfully wrote block at 40000
  • mtd: successfully wrote block at 80000
  • mtd: successfully wrote block at c0000
  • mtd: successfully wrote block at 100000
  • mtd: successfully wrote block at 140000
  • mtd: successfully wrote block at 180000
  • mtd: successfully wrote block at 1c0000
  • mtd: successfully wrote block at 200000
  • mtd: successfully wrote block at 240000
  • mtd: successfully wrote block at 280000
  • mtd: successfully wrote block at 2c0000
  • mtd: successfully wrote block at 300000
  • mtd: successfully wrote block at 340000
  • mtd: successfully wrote block at 380000
  • mtd: successfully wrote block at 3c0000
  • mtd: successfully wrote block at 400000
  • mtd: successfully wrote block at 440000
  • mtd: successfully wrote block at 480000
  • mtd: successfully wrote block at 4c0000
  • mtd: successfully wrote block at 500000
  • mtd: successfully wrote block at 540000
  • mtd: successfully wrote block at 580000
  • mtd: successfully wrote block at 5c0000
  • mtd: successfully wrote block at 600000
  • mtd: successfully wrote block at 0

New Devices for UK

Posted: August 26th, 2011 | Author: | Filed under: Uncategorized | Comments Off

Reports are, there are some new devices on the horizon for our friends across the lake. (The Atlantic Lake).  Reports arent saying much yet, but GoogleTv isnt going anywhere!


Zenofex speaks on podcast

Posted: June 15th, 2011 | Author: | Filed under: Uncategorized | Comments Off

Recently, Zenofex of the GtvHacker community spoke on a podcast about getting root. You can check it out here: http://techmisfits.com/05/19/gtvhacker-zenofex-speaks/.

He speaks with Resno and Integgrol.