HC 3.1 on Revue

Posted: August 11th, 2011 | Author: | Filed under: Google TV Kernels, Logitech Revue | Tags: , , , , , , , , | Comments Off on HC 3.1 on Revue

Since the release of HC on the Reuve, the worlds been discussing all the things possible. You can follow and join in the dicussion on our forums.

Heres the post we received from an unknown source.

Here it is everyone, Android 3.1 (Honeycomb) BETA On the Logitech Revue.

http://www.load2all.com/files/BE2FD2F97/1b3a6b1aa9fd.mp-signed-ota_update-b55579.zip.html

This is BETA, it is not meant to be widely used and has bugs. If that’s something you don’t care about and would like to risk it anyway, install the update. Also, If you want to help Logitech and Google out buy another Revue ( preferably from logitech.com ), at $99 its worth every penny.

If you want to help, mirror this file in as many places as possible. I’m sure it’ll be taken down quickly

Thanks!


Logitech Revue Software Root?

Posted: January 24th, 2011 | Author: | Filed under: Google TV Kernels, Logitech Revue | Tags: , , , , , , , | 2 Comments »

It has now been over a month since the GTVHacker team acquired a recovery mode root shell on the Logitech Revue. Since that time we have learned a lot about the internals of the Revue which allowed us to release the BreakVue script for enabling ADB support along with a trivial hack to demonstrate how certain content provider restrictions can be overcome.

Throughout January, we have received a flood of requests for a software based root technique. Specifically there is a lot of talk about rooting the Revue through malicious web content. This has been possible with Apple’s iOS as well as other systems which make use of Apple’s WebKit so it is often assumed that similar attacks should be possible on the Revue. As of yet however the most successful browser based attacks are only able to trigger a ‘Kill Page’ dialog from Chrome. The likely reason for this is that Chrome page rendering is being sandboxed through a chroot jail such that access to a malicious web site results in a crashed page rather than a compromised system. My personal opinion is that there is a better chance of compromise through specially crafted video files played through the Logitech Media Player than there is of getting root through a browser exploit. (Of course I am not much of an exploit developer and would love for someone to prove me wrong on this.)

Overall I have observed that the Logitech Revue is a very well hardened system and I strongly suspect that, if not for the slight oversight of leaving a root shell attached to UART1, we would still be scratching our heads about how to get root. Even now that we have root, the hardened kernel still has numerous protections in place:

  1. read-only /system partition as per the flash layout in Logitech’s Linux kernel
  2. Module signing is enforced to prevent untrusted loadable kernel modules
  3. DEVMEM restrictions are in place to prevent tampering with kernel structures even by root

While we keep trying, it appears that a software one-click-root solution will most likely have to wait until official Market support is enabled on the Logitech Revue.  Until then, feel free to check out our wiki where I have documented a few internal details of the Logitech Revue kernel: http://bit.ly/RevueKernel

–Craig
craig_at_gtvhacker_dot_com