From 5ea5ab371fb29b7162787968f78cf729412385bd Mon Sep 17 00:00:00 2001
From: throwaway96 <68320646+throwaway96@users.noreply.github.com>
Date: Fri, 15 Dec 2023 18:37:40 -0500
Subject: [PATCH] add notice that the vulnerabilities are patched
Added a prominent warning in index.html and made the notice in README.md
more explicit.
---
README.md | 40 +++++++++++++++++++++-------------------
css/common.css | 9 +++++++++
index.html | 6 ++++++
3 files changed, 36 insertions(+), 19 deletions(-)
diff --git a/README.md b/README.md
index 7b2dfed..8140757 100644
--- a/README.md
+++ b/README.md
@@ -9,35 +9,22 @@ community-developed open source app, that makes it easier to develop and install
If you want the full details of how the exploit works, [skip ahead to our writeup](#research-summary-and-timeline).
-# Is my TV vulnerable?
+# Is my TV vulnerable? (short answer: no)
----
-
-*Update (2022-12-24)*: **The vulnerabilities used by RootMyTV (both v1 and v2) have been patched by LG.
+**The vulnerabilities used by RootMyTV (both v1 and v2) have been patched by LG.
RootMyTV is unlikely to work on firmware released since mid-2022.**
+
If you get a `"Denied method call "download" for category "/""` error, your TV is patched.
If your TV reboots but Homebrew Channel is not installed, it is likely patched.
Firmware downgrades are no longer possible without already having root access.
----
-
-At the time of writing the original exploit (RootMyTV v1 - 2021-05-15), all
-webOS versions between 3.4 and 6.0 we tested (TVs released between mid-2017 and
-early-2021) are supported by this exploit chain. Around June-July 2021 LG
-started rolling out updates which added some minor mitigations that broke our
-original exploit chain.
-
-**At the time of writing (RootMyTV v2 - 2022-01-05)**, all webOS versions
-between 4.x and 6.2+ we tested (TVs released between early-2018 and late-2021)
-are supported by the new exploit chain.
-
-Some versions between 3.4 and 3.9 may be supported by RootMyTV v2, but your
-mileage may vary.
+RootMyTV never worked on webOS versions prior to 3.4.0 or newer than 6.2.x.
Note: this versioning refers to the "webOS TV Version" field in the settings menu, *not* the "Software Version" field.
*If you want to protect your TV against remote exploitation, please see the
-[relevant section](#mitigation-note) of our writeup and/or await an update from LG.*
+[relevant section](#mitigation-note) of our writeup and/or apply the latest
+firmware update for your TV.*
# Usage Instructions
@@ -263,6 +250,21 @@ We would like to thank:
- LG, for patching symptoms of bugs rather than underlying causes...
+# Historical Information
+
+At the time of writing the original exploit (RootMyTV v1 - 2021-05-15), all
+webOS versions between 3.4 and 6.0 we tested (TVs released between mid-2017 and
+early 2021) were supported by this exploit chain. Around June-July 2021 LG
+started rolling out updates which added some minor mitigations that broke our
+original exploit chain.
+
+When RootMyTV v2 was released (2022-01-05), all webOS versions
+between 4.x and 6.2+ we tested (TVs released between early 2018 and late 2021)
+were supported by the v2 exploit chain.
+
+Some versions between 3.4 and 3.9 may be supported by RootMyTV v2, but your
+mileage may vary.
+
# The Technical Details
### Background
diff --git a/css/common.css b/css/common.css
index 48592b9..0a12014 100644
--- a/css/common.css
+++ b/css/common.css
@@ -169,3 +169,12 @@ background-repeat: no-repeat;
font-size: 12vw;
}
}
+
+#patched {
+ color: red;
+}
+
+#patched > .code {
+ font-family: monospace;
+ background-color: #282828;
+}
diff --git a/index.html b/index.html
index 56b7391..97eaa0d 100644
--- a/index.html
+++ b/index.html
@@ -25,6 +25,12 @@
and install the
webOS Homebrew Channel.
+
+ If you get a Denied method call error or your
+ TV reboots but Homebrew Channel is not installed, then your TV is
+ patched. All firmware released since mid-2022 is patched.
+ There is no need to report this to us.
+
/!\ IMPORTANT /!\ : Read our documentation
BEFORE you continue - or risk bricking your TV!