Posted: August 4th, 2012 | Author: zenofex | Filed under: Uncategorized | Comments Off
As previously mentioned, we were invited to speak at the DEFCON 20 security conference, covering what else – Hacking the Google TV. We all had an awesome time at DEFCON and it was great to meet the rest of the team, both current and past members.
If you haven’t seen our slides from our DEFCON 20 presentation you can find them online here
If you notice in the DEFCON slides, we released multiple exploits, including:
WARNING: The links above contain the until now unreleased Revue root. As bliss described it, “it is like punching the device in the face while telling it that it’s not getting hit”. It is incredibly unstable and we are providing it unpackaged to prevent it from being used by someone who may end up damaging their box. If you are looking to get root to help achieve some form of optimal Android experience from the box, then please wait for a better packaged version with persistence. If you are technically savy and are willing to risk damaging your box, gambling on how skilled you are, then feel free to give it a shot. We will note that you are likely to brick your device much like we have bricked ours (but we have fancy-pants hardware recovery mechanisms).
The Revue root is an interesting one, at the moment it is not persistent; upon each reboot the Revue will need to be rooted again. We are working constantly to get past this road block. Unfortunately, every last item on the box has a signature that is verified at boot, so it makes keeping root across boots difficult. However, rest assured – we will do our best to get some form of persistence out soon. In the meantime, if you are worried, just unplug your Revue from the Internet.
Finally – we kept track of what we did while at the conference, and roughly how much time everything took:
Posted: July 23rd, 2012 | Author: zenofex | Filed under: Uncategorized | 2 Comments »
A few members of the GTVHacker team will be presenting at the Defcon security conference in Las Vegas this week regarding our newest exploits for the gen-1 GoogleTV line. If you are nearby come check out our talk schedule for Sunday July 29th 3:00pm. A brief description of the talk and info on the presenters can be found on the Defcon Speakers page:
“The GoogleTV platform is designed to bring an integrated web experience, utilizing the Chrome web browser and Android applications, to your television. GoogleTV is based on the Android operating system, which is mainly used in tablets and smart phones, but customized with security features not normally seen on most Android devices. The current version of the platform utilizes signatures to establish a “chain of trust” from bootloader to system applications.
This presentation will focus on the current GoogleTV devices, including X86 platform details, and the exhaustive security measures used by each device. The presentation will also include video demonstrations of previously found bugs and exploits for each GoogleTV device and includes specific details about how each bug works. Furthermore, we will include interesting experiences that the team has encountered along the way. Finally the talk will be capped off with the release of multiple unpublished GoogleTV exploits which will allow unsigned kernels across all x86 devices (Revue / Sony GoogleTV).”
We also have other surprises in store for the community. Make sure to check out our presentation if you are at or around Defcon, otherwise check our twitter (@GTVHacker) and blog after the conference for public releases.
Posted: July 6th, 2012 | Author: zenofex | Filed under: Uncategorized | Comments Off
It’s been a bit since we’ve made a blog post, however exciting times are coming. To
start, we have cleaned up the wiki and reorganized some sections. The NSZ-GS7 section of our wiki has been updated with lots
of new info, including a tear down and pictures of the new Sony recovery. You can check the teardown pics and the new recovery out here:
GTVHacker Wiki: Sony NSZ-GS7
We’ve also started a page for the new LG devices, the LG 47g2 and the 55g2. The LG section is lacking since none of the GTVHacker team members currently have the TV, so we are counting on the community to fill in the blanks. We are also looking for a few users to help us with some remote debugging of the TV. If you’d like to help out you can find a few things we are looking for on our forums in the new LG section at:
GTVHacker Forums: LG 47g2 and 55g2
Posted: February 20th, 2012 | Author: zenofex | Filed under: Uncategorized | 2 Comments »
We give to you our latest release, a root for all current Sony Google TV devices that we call “The GTVHacker Sony Recovery Downgrader & Rebooter”. This method will allow you root and run custom unsigned kernels on your Sony Google TV device.
The process in the guide above will walk you through downgrading the system to an exploitable version. Then using another exploit, we hijack the devices boot process and reload a new kernel. This completely bypasses the signatures normally used by the system, including those used in the bootloader, kernel, and init binary. The kernel reload process happens automatically each time the box is powered on, and the USB drives required for the install are not needed again. After loading our attached unsigned kernel you will notice a new splash screen (featuring the Sony and GTVHacker logo) as well as the following perks:
- Modified flash plugin with random per box flash string for Content Provider Bypass.
- Crippled update feature to prevent box from receiving automatic updates.
- Completely RW system, cache, and rootfs partitions
- Full ADB Root
- Removed signature checks on kernel / init scripts / init binary
- A few other surprises.
- BETA: Enable NTFS Support for Sony Google TV devices (see wiki for instructions on how to add: GTVHacker.com: Sony NTFS)
Between the speediness of the 3.2 upgrade and the unsigned kernels we finally have the box that we’ve always wanted from the Google TV. We recommend this update to everyone as it only requires 4 USB sticks and is a 100% softmod (No soldering required!).
The guide and information about the process can be found at our wiki:
How to Root Guide:
GTVHacker.com: Running Unsigned Kernels On Sony GTV
For a more detailed look into how this all works, check out the about:
GTVHacker.com: About The Sony Downgrade & Rebooter (Root)
And finally, for support or to comment checkout our forum post:
GTVHacker Forums: NSX-GT1 and NSZ-GT1 exploit to run unsigned kernels!
Posted: October 19th, 2011 | Author: resno | Filed under: Uncategorized | Comments Off
Below is a method to flash the old “un-neutered” HC recovery onto the new userdebug build. This will allow you to update by USB to the official HC build that Google will hopefully release in the coming weeks. The method below requires that you have installed adb from the android sdk. Please make sure to enter the commands below after entering the directory that the recovery.img was extracted to (or to change the “adb push recovery.img /tmp/recovery.img” command to “adb push /path/to/recovery.img /tmp/recovery.img”).
Warning: Using any recovery other than a properly signed recovery will brick your box, only use the recovery supplied. You also may to ensure you have a good network connection to your revue before continuing.
Note: recovery.img(sha1) = 14c31dc6db2d8f9ec15f94f2f929dbb68142d16c
Step 1.) Get IP Address of Revue (settings->network->status).
Step 2.) Enable adbd (settings->applications->development), then check “Remote Debugging”.
Step 3.) Add the IP Address of the computer you are connecting from (“Debugger Ip Address in settings->applications->development).
Step 4.) Connect to adb from computer using the following (Replacing with your ip) adb command:
Step 5.) Restart adbd as root by executing the following:
Step 6.) Reconnect to adbd on the revue using:
Step 7.) Paste each line of the following (one at a time).
- adb push recovery.img /tmp/recovery.img
- adb shell flash_image recovery /tmp/recovery.img
Successfully running the last line should output something similar to the following:
- mtd: successfully wrote block at 0
- mtd: successfully wrote block at 40000
- mtd: successfully wrote block at 80000
- mtd: successfully wrote block at c0000
- mtd: successfully wrote block at 100000
- mtd: successfully wrote block at 140000
- mtd: successfully wrote block at 180000
- mtd: successfully wrote block at 1c0000
- mtd: successfully wrote block at 200000
- mtd: successfully wrote block at 240000
- mtd: successfully wrote block at 280000
- mtd: successfully wrote block at 2c0000
- mtd: successfully wrote block at 300000
- mtd: successfully wrote block at 340000
- mtd: successfully wrote block at 380000
- mtd: successfully wrote block at 3c0000
- mtd: successfully wrote block at 400000
- mtd: successfully wrote block at 440000
- mtd: successfully wrote block at 480000
- mtd: successfully wrote block at 4c0000
- mtd: successfully wrote block at 500000
- mtd: successfully wrote block at 540000
- mtd: successfully wrote block at 580000
- mtd: successfully wrote block at 5c0000
- mtd: successfully wrote block at 600000
- mtd: successfully wrote block at 0
Posted: August 26th, 2011 | Author: resno | Filed under: Uncategorized | Comments Off
Reports are, there are some new devices on the horizon for our friends across the lake. (The Atlantic Lake). Reports arent saying much yet, but GoogleTv isnt going anywhere!
Posted: June 15th, 2011 | Author: resno | Filed under: Uncategorized | Comments Off
Recently, Zenofex of the GtvHacker community spoke on a podcast about getting root. You can check it out here: http://techmisfits.com/05/19/gtvhacker-zenofex-speaks/.
He speaks with Resno and Integgrol.
Posted: May 10th, 2011 | Author: resno | Filed under: Uncategorized | 1 Comment »
Well, after hearing Google IO, we have learned some unfortunate information. We wont be getting market till sometime this summer.
We are suppose to getting Android version 3.1, which is good news. Not sure what that means in terms of getting and maintaining a software root for the Google Tv Devices.
Stay tuned as more details develop. Soon our hopes and dreams will become a reality. (At least we hope)
Posted: April 8th, 2011 | Author: resno | Filed under: Uncategorized | Tags: google, googletv, sdk, software root | 2 Comments »
We have been wondering when the Google TV SDK would be released and we are starting to hope and think the time is soon-ish. Reports are, it should be release within a month! The market is believed to follow in about 3 months.
This has several implications, but the biggest note is, this should open the door and make the GoogleTV any even better device. Having the market and sdk available will allow us one more tool in finding a software root. This is an exciting time, and we can not wait to ride the rollercoaster.
Posted: April 1st, 2011 | Author: resno | Filed under: Uncategorized | Tags: apps, benefit, google, hackings, logitech, revue, sdk, sony, statuses, tv device, tv devices | 3 Comments »
We are proud to announce we have rooted all available Google TV devices with a one click root method. We are very excited to be releasing this new method out to the world.
This doesnt require the use of hardware hackings like previously done on other boards and has been shown to work on most every Google TV Device. The other benefit is that, since the Market and SDK havent been released, we are able to allow market apps to be installed on all devices.
Lastly, this new system works on all statuses. So devices that have been used can now enjoy root!
For instructions click here.
(This is a April Fools joke.)