kopia lustrzana https://github.com/RootMyTV/RootMyTV.github.io
add notice that the vulnerabilities are patched
Added a prominent warning in index.html and made the notice in README.md more explicit.pull/134/head
rodzic
7f9736dbf6
commit
5ea5ab371f
40
README.md
40
README.md
|
@ -9,35 +9,22 @@ community-developed open source app, that makes it easier to develop and install
|
||||||
|
|
||||||
If you want the full details of how the exploit works, [skip ahead to our writeup](#research-summary-and-timeline).
|
If you want the full details of how the exploit works, [skip ahead to our writeup](#research-summary-and-timeline).
|
||||||
|
|
||||||
# Is my TV vulnerable?
|
# Is my TV vulnerable? (short answer: no)
|
||||||
|
|
||||||
---
|
**The vulnerabilities used by RootMyTV (both v1 and v2) have been patched by LG.
|
||||||
|
|
||||||
*Update (2022-12-24)*: **The vulnerabilities used by RootMyTV (both v1 and v2) have been patched by LG.
|
|
||||||
RootMyTV is unlikely to work on firmware released since mid-2022.**
|
RootMyTV is unlikely to work on firmware released since mid-2022.**
|
||||||
|
|
||||||
If you get a `"Denied method call "download" for category "/""` error, your TV is patched.
|
If you get a `"Denied method call "download" for category "/""` error, your TV is patched.
|
||||||
If your TV reboots but Homebrew Channel is not installed, it is likely patched.
|
If your TV reboots but Homebrew Channel is not installed, it is likely patched.
|
||||||
Firmware downgrades are no longer possible without already having root access.
|
Firmware downgrades are no longer possible without already having root access.
|
||||||
|
|
||||||
---
|
RootMyTV never worked on webOS versions prior to 3.4.0 or newer than 6.2.x.
|
||||||
|
|
||||||
At the time of writing the original exploit (RootMyTV v1 - 2021-05-15), all
|
|
||||||
webOS versions between 3.4 and 6.0 we tested (TVs released between mid-2017 and
|
|
||||||
early-2021) are supported by this exploit chain. Around June-July 2021 LG
|
|
||||||
started rolling out updates which added some minor mitigations that broke our
|
|
||||||
original exploit chain.
|
|
||||||
|
|
||||||
**At the time of writing (RootMyTV v2 - 2022-01-05)**, all webOS versions
|
|
||||||
between 4.x and 6.2+ we tested (TVs released between early-2018 and late-2021)
|
|
||||||
are supported by the new exploit chain.
|
|
||||||
|
|
||||||
Some versions between 3.4 and 3.9 may be supported by RootMyTV v2, but your
|
|
||||||
mileage may vary.
|
|
||||||
|
|
||||||
Note: this versioning refers to the "webOS TV Version" field in the settings menu, *not* the "Software Version" field.
|
Note: this versioning refers to the "webOS TV Version" field in the settings menu, *not* the "Software Version" field.
|
||||||
|
|
||||||
*If you want to protect your TV against remote exploitation, please see the
|
*If you want to protect your TV against remote exploitation, please see the
|
||||||
[relevant section](#mitigation-note) of our writeup and/or await an update from LG.*
|
[relevant section](#mitigation-note) of our writeup and/or apply the latest
|
||||||
|
firmware update for your TV.*
|
||||||
|
|
||||||
# Usage Instructions
|
# Usage Instructions
|
||||||
|
|
||||||
|
@ -263,6 +250,21 @@ We would like to thank:
|
||||||
|
|
||||||
- LG, for patching symptoms of bugs rather than underlying causes...
|
- LG, for patching symptoms of bugs rather than underlying causes...
|
||||||
|
|
||||||
|
# Historical Information
|
||||||
|
|
||||||
|
At the time of writing the original exploit (RootMyTV v1 - 2021-05-15), all
|
||||||
|
webOS versions between 3.4 and 6.0 we tested (TVs released between mid-2017 and
|
||||||
|
early 2021) were supported by this exploit chain. Around June-July 2021 LG
|
||||||
|
started rolling out updates which added some minor mitigations that broke our
|
||||||
|
original exploit chain.
|
||||||
|
|
||||||
|
When RootMyTV v2 was released (2022-01-05), all webOS versions
|
||||||
|
between 4.x and 6.2+ we tested (TVs released between early 2018 and late 2021)
|
||||||
|
were supported by the v2 exploit chain.
|
||||||
|
|
||||||
|
Some versions between 3.4 and 3.9 may be supported by RootMyTV v2, but your
|
||||||
|
mileage may vary.
|
||||||
|
|
||||||
# The Technical Details
|
# The Technical Details
|
||||||
|
|
||||||
### Background
|
### Background
|
||||||
|
|
|
@ -169,3 +169,12 @@ background-repeat: no-repeat;
|
||||||
font-size: 12vw;
|
font-size: 12vw;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#patched {
|
||||||
|
color: red;
|
||||||
|
}
|
||||||
|
|
||||||
|
#patched > .code {
|
||||||
|
font-family: monospace;
|
||||||
|
background-color: #282828;
|
||||||
|
}
|
||||||
|
|
|
@ -25,6 +25,12 @@
|
||||||
and install the <a href="https://github.com/webosbrew/webos-homebrew-channel">
|
and install the <a href="https://github.com/webosbrew/webos-homebrew-channel">
|
||||||
webOS Homebrew Channel.</a>
|
webOS Homebrew Channel.</a>
|
||||||
</p>
|
</p>
|
||||||
|
<p id="patched">
|
||||||
|
If you get a <span class="code">Denied method call</span> error or your
|
||||||
|
TV reboots but Homebrew Channel is not installed, then <b>your TV is
|
||||||
|
patched</b>. All firmware released since mid-2022 is patched.
|
||||||
|
There is no need to report this to us.
|
||||||
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<b>/!\ IMPORTANT /!\ :</b> Read <a href="https://github.com/RootMyTV/RootMyTV.github.io">our documentation</a>
|
<b>/!\ IMPORTANT /!\ :</b> Read <a href="https://github.com/RootMyTV/RootMyTV.github.io">our documentation</a>
|
||||||
<b>BEFORE</b> you continue - or risk bricking your TV!
|
<b>BEFORE</b> you continue - or risk bricking your TV!
|
||||||
|
|
Ładowanie…
Reference in New Issue