Merge pull request #135 from throwaway96/patch-notice2-20231216

Make it clearer that it's patched

README.md

@@ -1,5 +1,8 @@
 ![RootMyTV header image](./img/header_logo.png)
 
+> [!IMPORTANT]
+> RootMyTV is unlikely to work on your TV. [Find out why](#vulnerable).
+
 RootMyTV is a user-friendly exploit for rooting/jailbreaking LG webOS smart TVs.
 
 It bootstraps the installation of the [webOS Homebrew Channel](https://github.com/webosbrew/webos-homebrew-channel),
@@ -9,35 +12,66 @@ community-developed open source app, that makes it easier to develop and install
 
 If you want the full details of how the exploit works, [skip ahead to our writeup](#research-summary-and-timeline).
 
-# Is my TV vulnerable?
+# Is my TV vulnerable? (short answer: no) <a id="vulnerable"></a>
 
----
-
-*Update (2022-12-24)*: **The vulnerabilities used by RootMyTV (both v1 and v2) have been patched by LG.
+**The vulnerabilities used by RootMyTV (both v1 and v2) have been patched by LG.
 RootMyTV is unlikely to work on firmware released since mid-2022.**
-If you get a `"Denied method call "download" for category "/""` error, your TV is patched.
-If your TV reboots but Homebrew Channel is not installed, it is likely patched.
-Firmware downgrades are no longer possible without already having root access.
 
----
+> [!IMPORTANT]
+> If you get a `"Denied method call "download" for category "/""` error, your TV is patched.
+> If your TV reboots but Homebrew Channel is not installed, it is likely patched.
+> Firmware downgrades are no longer possible without already having root access.
 
-At the time of writing the original exploit (RootMyTV v1 - 2021-05-15), all
-webOS versions between 3.4 and 6.0 we tested (TVs released between mid-2017 and
-early-2021) are supported by this exploit chain. Around June-July 2021 LG
-started rolling out updates which added some minor mitigations that broke our
-original exploit chain.
+The following table lists the first webOS version for each year's models that is
+known to <u>**not**</u> support RootMyTV:
+| TV model year | Base webOS version | RootMyTV patched since webOS version |
+| ------------- | ------------------ | ------------------------------------ |
+| 2016          | 3.0                | 3.4.2                                |
+| 2017          | 3.5                | 3.9.2                                |
+| 2018          | 4.0                | 4.4.2                                |
+| 2019          | 4.5                | 4.9.7                                |
+| 2020          | 5                  | 5.4.0                                |
+| 2021          | 6                  | 6.3.0                                |
 
-**At the time of writing (RootMyTV v2 - 2022-01-05)**, all webOS versions
-between 4.x and 6.2+ we tested (TVs released between early-2018 and late-2021)
-are supported by the new exploit chain.
+If your webOS version is equal to or greater than the version in the "patched
+since" column for your TV's model year, **your TV is not vulnerable to
+RootMyTV**. While these versions and newer are definitely patched, older
+versions may or may not work. RootMyTV never worked on webOS versions prior to
+3.4.0 or any TVs that came with webOS 1, 2, 7 (22), or 8 (23).
 
-Some versions between 3.4 and 3.9 may be supported by RootMyTV v2, but your
-mileage may vary.
+<details>
+<summary>More information about webOS version numbers</summary><br>
 
-Note: this versioning refers to the "webOS TV Version" field in the settings menu, *not* the "Software Version" field.
+Depending on the year a TV was released, it uses a certain range of webOS version
+numbers.
+
+The versions before 2016 and after 2019 are easy to understand, since the first
+digit is used only for a single year (e.g., every 6.x.y version is for a 2021
+TV).
+
+However, LG did something unusual in 2017 and 2019 by not using a new first
+digit. TVs from 2017 and 2019 started from webOS versions 3.5 and 4.5,
+respectively. For example, TVs released in 2016 will have webOS versions equal
+to or greater than 3.0.0 and less than 3.5.0; TVs released in 2017 will use
+3.5.0 up to (but not including) 4.0.0; and so on.
+
+<i>Note that when trying to determine when a given webOS version was released,
+you should only compare it with version numbers from the same model year.</i>
+For example, it is safe to assume version 3.4.1 was released after 3.3.0. But
+version 3.4.2 could have been (and in fact was) released after version 4.0.0.
+
+With webOS 7 in 2022, LG started using the marketing name "webOS 22"; the same
+applies to webOS 8 ("webOS 23").
+<br>
+</details>
+<br>
+
+> [!NOTE]
+> This versioning refers to the "webOS TV Version" field in the settings menu, *not* the "Software Version" field.
 
 *If you want to protect your TV against remote exploitation, please see the
-[relevant section](#mitigation-note) of our writeup and/or await an update from LG.*
+[relevant section](#mitigation-note) of our writeup and/or apply the latest
+firmware update for your TV.*
 
 # Usage Instructions
 
@@ -263,6 +297,21 @@ We would like to thank:
 
  - LG, for patching symptoms of bugs rather than underlying causes...
 
+# Historical Information
+
+At the time of writing the original exploit (RootMyTV v1 - 2021-05-15), all
+webOS versions between 3.4 and 6.0 we tested (TVs released between mid-2017 and
+early 2021) were supported by this exploit chain. Around June-July 2021 LG
+started rolling out updates which added some minor mitigations that broke our
+original exploit chain.
+
+When RootMyTV v2 was released (2022-01-05), all webOS versions
+between 4.x and 6.2+ we tested (TVs released between early 2018 and late 2021)
+were supported by the v2 exploit chain.
+
+Some versions between 3.4 and 3.9 may be supported by RootMyTV v2, but your
+mileage may vary.
+
 # The Technical Details
 
 ### Background

css/common.css

@@ -169,3 +169,12 @@ background-repeat: no-repeat;
 		font-size: 12vw;
 	}
 }
+
+#patched {
+    color: red;
+}
+
+#patched > .code {
+    font-family: monospace;
+    background-color: #282828;
+}

index.html

@@ -25,6 +25,12 @@
         and install the <a href="https://github.com/webosbrew/webos-homebrew-channel">
         webOS Homebrew Channel.</a>
       </p>
+      <p id="patched">
+        If you get a <span class="code">Denied method call</span> error or your
+        TV reboots but Homebrew Channel is not installed, then <b>your TV is
+        patched</b>. All firmware released since mid-2022 is patched.
+        There is no need to report this to us.
+      </p>
       <p>
         <b>/!\ IMPORTANT /!\ :</b> Read <a href="https://github.com/RootMyTV/RootMyTV.github.io">our documentation</a>
         <b>BEFORE</b> you continue - or risk bricking your TV!