README: make it clearer that it's patched

2023-12-16 00:15:42 -05:00 · 2023-12-16 00:15:42 -05:00 · 5ce894ed10
commit 5ce894ed10
--- a/README.md
+++ b/README.md
@ -1,5 +1,8 @@
 ![RootMyTV header image](./img/header_logo.png)

+> [!IMPORTANT]
+> RootMyTV is unlikely to work on your TV. [Find out why](#vulnerable).
+
 RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.

 It bootstraps the installation of the [webOS Homebrew Channel](https://github.com/webosbrew/webos-homebrew-channel),
@ -9,18 +12,62 @@ community-developed open source app, that makes it easier to develop and install

 If you want the full details of how the exploit works, [skip ahead to our writeup](#research-summary-and-timeline).

-# Is my TV vulnerable? (short answer: no)
+# Is my TV vulnerable? (short answer: no) <a id="vulnerable"></a>

 **The vulnerabilities used by RootMyTV (both v1 and v2) have been patched by LG.
 RootMyTV is unlikely to work on firmware released since mid-2022.**

-If you get a `"Denied method call "download" for category "/""` error, your TV is patched.
-If your TV reboots but Homebrew Channel is not installed, it is likely patched.
-Firmware downgrades are no longer possible without already having root access.
+> [!IMPORTANT]
+> If you get a `"Denied method call "download" for category "/""` error, your TV is patched.
+> If your TV reboots but Homebrew Channel is not installed, it is likely patched.
+> Firmware downgrades are no longer possible without already having root access.

-RootMyTV never worked on webOS versions prior to 3.4.0 or newer than 6.2.x.
+The following table lists the first webOS version for each year's models that is
+known to <u>**not**</u> support RootMyTV:
+| TV model year | Base webOS version | RootMyTV patched since webOS version |
+| ------------- | ------------------ | ------------------------------------ |
+| 2016          | 3.0                | 3.4.2                                |
+| 2017          | 3.5                | 3.9.2                                |
+| 2018          | 4.0                | 4.4.2                                |
+| 2019          | 4.5                | 4.9.7                                |
+| 2020          | 5                  | 5.4.0                                |
+| 2021          | 6                  | 6.3.0                                |

-Note: this versioning refers to the "webOS TV Version" field in the settings menu, *not* the "Software Version" field.
+If your webOS version is equal to or greater than the version in the "patched
+since" column for your TV's model year, **your TV is not vulnerable to
+RootMyTV**. While these versions and newer are definitely patched, older
+versions may or may not work. RootMyTV never worked on webOS versions prior to
+3.4.0 or any TVs that came with webOS 1, 2, 7 (22), or 8 (23).
+
+<details>
+<summary>More information about webOS version numbers</summary><br>
+
+Depending on the year a TV was released, it uses a certain range of webOS version
+numbers.
+
+The versions before 2016 and after 2019 are easy to understand, since the first
+digit is used only for a single year (e.g., every 6.x.y version is for a 2021
+TV).
+
+However, LG did something unusual in 2017 and 2019 by not using a new first
+digit. TVs from 2017 and 2019 started from webOS versions 3.5 and 4.5,
+respectively. For example, TVs released in 2016 will have webOS versions equal
+to or greater than 3.0.0 and less than 3.5.0; TVs released in 2017 will use
+3.5.0 up to (but not including) 4.0.0; and so on.
+
+<i>Note that when trying to determine when a given webOS version was released,
+you should only compare it with version numbers from the same model year.</i>
+For example, it is safe to assume version 3.4.1 was released after 3.3.0. But
+version 3.4.2 could have been (and in fact was) released after version 4.0.0.
+
+With webOS 7 in 2022, LG started using the marketing name "webOS 22"; the same
+applies to webOS 8 ("webOS 23").
+<br>
+</details>
+<br>
+
+> [!NOTE]
+> This versioning refers to the "webOS TV Version" field in the settings menu, *not* the "Software Version" field.

 *If you want to protect your TV against remote exploitation, please see the
 [relevant section](#mitigation-note) of our writeup and/or apply the latest