kopia lustrzana https://github.com/RootMyTV/RootMyTV.github.io
add notice that the vulnerabilities are patched
Added a prominent warning in index.html and made the notice in README.md more explicit.pull/134/head
rodzic
7f9736dbf6
commit
5ea5ab371f
40
README.md
40
README.md
|
@ -9,35 +9,22 @@ community-developed open source app, that makes it easier to develop and install
|
|||
|
||||
If you want the full details of how the exploit works, [skip ahead to our writeup](#research-summary-and-timeline).
|
||||
|
||||
# Is my TV vulnerable?
|
||||
# Is my TV vulnerable? (short answer: no)
|
||||
|
||||
---
|
||||
|
||||
*Update (2022-12-24)*: **The vulnerabilities used by RootMyTV (both v1 and v2) have been patched by LG.
|
||||
**The vulnerabilities used by RootMyTV (both v1 and v2) have been patched by LG.
|
||||
RootMyTV is unlikely to work on firmware released since mid-2022.**
|
||||
|
||||
If you get a `"Denied method call "download" for category "/""` error, your TV is patched.
|
||||
If your TV reboots but Homebrew Channel is not installed, it is likely patched.
|
||||
Firmware downgrades are no longer possible without already having root access.
|
||||
|
||||
---
|
||||
|
||||
At the time of writing the original exploit (RootMyTV v1 - 2021-05-15), all
|
||||
webOS versions between 3.4 and 6.0 we tested (TVs released between mid-2017 and
|
||||
early-2021) are supported by this exploit chain. Around June-July 2021 LG
|
||||
started rolling out updates which added some minor mitigations that broke our
|
||||
original exploit chain.
|
||||
|
||||
**At the time of writing (RootMyTV v2 - 2022-01-05)**, all webOS versions
|
||||
between 4.x and 6.2+ we tested (TVs released between early-2018 and late-2021)
|
||||
are supported by the new exploit chain.
|
||||
|
||||
Some versions between 3.4 and 3.9 may be supported by RootMyTV v2, but your
|
||||
mileage may vary.
|
||||
RootMyTV never worked on webOS versions prior to 3.4.0 or newer than 6.2.x.
|
||||
|
||||
Note: this versioning refers to the "webOS TV Version" field in the settings menu, *not* the "Software Version" field.
|
||||
|
||||
*If you want to protect your TV against remote exploitation, please see the
|
||||
[relevant section](#mitigation-note) of our writeup and/or await an update from LG.*
|
||||
[relevant section](#mitigation-note) of our writeup and/or apply the latest
|
||||
firmware update for your TV.*
|
||||
|
||||
# Usage Instructions
|
||||
|
||||
|
@ -263,6 +250,21 @@ We would like to thank:
|
|||
|
||||
- LG, for patching symptoms of bugs rather than underlying causes...
|
||||
|
||||
# Historical Information
|
||||
|
||||
At the time of writing the original exploit (RootMyTV v1 - 2021-05-15), all
|
||||
webOS versions between 3.4 and 6.0 we tested (TVs released between mid-2017 and
|
||||
early 2021) were supported by this exploit chain. Around June-July 2021 LG
|
||||
started rolling out updates which added some minor mitigations that broke our
|
||||
original exploit chain.
|
||||
|
||||
When RootMyTV v2 was released (2022-01-05), all webOS versions
|
||||
between 4.x and 6.2+ we tested (TVs released between early 2018 and late 2021)
|
||||
were supported by the v2 exploit chain.
|
||||
|
||||
Some versions between 3.4 and 3.9 may be supported by RootMyTV v2, but your
|
||||
mileage may vary.
|
||||
|
||||
# The Technical Details
|
||||
|
||||
### Background
|
||||
|
|
|
@ -169,3 +169,12 @@ background-repeat: no-repeat;
|
|||
font-size: 12vw;
|
||||
}
|
||||
}
|
||||
|
||||
#patched {
|
||||
color: red;
|
||||
}
|
||||
|
||||
#patched > .code {
|
||||
font-family: monospace;
|
||||
background-color: #282828;
|
||||
}
|
||||
|
|
|
@ -25,6 +25,12 @@
|
|||
and install the <a href="https://github.com/webosbrew/webos-homebrew-channel">
|
||||
webOS Homebrew Channel.</a>
|
||||
</p>
|
||||
<p id="patched">
|
||||
If you get a <span class="code">Denied method call</span> error or your
|
||||
TV reboots but Homebrew Channel is not installed, then <b>your TV is
|
||||
patched</b>. All firmware released since mid-2022 is patched.
|
||||
There is no need to report this to us.
|
||||
</p>
|
||||
<p>
|
||||
<b>/!\ IMPORTANT /!\ :</b> Read <a href="https://github.com/RootMyTV/RootMyTV.github.io">our documentation</a>
|
||||
<b>BEFORE</b> you continue - or risk bricking your TV!
|
||||
|
|
Ładowanie…
Reference in New Issue