Difference between revisions of "Logitech Revue UART root"

From Exploitee.rs
Jump to navigationJump to search
 
(20 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<seo title="Logitech,Revue,BreakVue" metak="googletv,gtv,revue,root," metad="" />
[[File:Revue-advert.gif|250px|right|thumb]]
[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
{{Revue toc Inline}}
{{Disclaimer}}
[[Category:Logitech Revue]]
== Updates ==
== Updates ==
=== 2011 January 21: CONFIG_MODULE_SIG on the Revue ===
Updates and other change log notes are available [[Revue Root Notes]]. Check these out before getting started.
I have finally identified why my attempts at loading my own modules onto the Revue have all failed (outside of recovery).  As shown in /proc/config.gz, the Revue kernel was built with CONFIG_MODULE_SIG=y which means that any module will require a signature that can be verified with the public signatures compiled into the kernel.  Anybody out there up for patching /dev/mem to remove the signature checking or perhaps add a new signature? If so, please contact us!
--[http://gtvhacker.com/index.php/Craigdroid Craig]
 
=== 2011 January 16: FAT file systems and DOS line endings ===
I have received a few emails now from people having problems with the manual update script due to line endings and FAT file systems.  If you do not understand what this means it is best to stick with using an extended (ext2) file system on your USB drive and extract everything under Linux rather than Windows.
--[http://gtvhacker.com/index.php/Craigdroid Craig]
 
=== 2011 January 15: Breaking OTA Updates ===
Logitech recently began deploying a [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 security update] which will incidentally remove root access if it is allowed to install on a rooted device.  (This was not the purpose of the update but it is an adverse effect for our community.) The GTVHacker dev team's initial attempts to break OTA updates by moving the otacerts.zip was not fully successful.  In order to remove the auto-updating feature, [http://gtvhacker.com/index.php/Craigdroid Craig] of the GTVHacker team has tested removal of /system/app/SystemUpdater.* with preliminary success.  If this method works for others in the community, GTVHacker will consider the release of an updated manual update script with this and possibly other changes.
 
On a side note for non-rooted users, holding off on applying the update may expose your system to a vulnerability which could eventually be actively exploited to provide root access without a soldering iron.  (This vulnerability could potentially be used maliciously so please consider this in deciding whether to apply the update.)  Any (unrooted) box that is connected to the Internet over night will presumably be updated without user interaction.
 
=== 2011 January 14: Avoiding an unexpected reboot ===
NOTICE: If you have not properly completed step 6 (including pressing ALT+L) in the hardware portion before proceeding to the software section, you are risking bricking the Revue.  This step is mandatory because it gets you into the recovery menu and prevents the system from automatically rebooting in the middle of an update.  The video output should show the [http://simplygoogletv.com/wp-content/uploads/2010/12/202188476.jpg recovery menu] before proceeding to the software portion. (Thanks [http://www.twitter.com/stericson @stericson] for the picture.)
 
=== 2011 January 12: Logitech's Statement on Rooting ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue
 
=== 2011 January 5: Do I really need a virgin? ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!


'''Any previous device updates will disable the UART1 pins necessary for this hack!'''
'''Any previous device updates will disable the UART1 pins necessary for this hack!'''
Line 33: Line 14:




== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==
== The Exploitee.rs Guide to installing applications and rooting your Logitech Revue ==


This is being brought to you right before CES, we all worked hard and here it is.  
This is being brought to you right before CES, we all worked hard and here it is.  
Line 73: Line 54:
2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.
2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.


3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.
3.) Solder 4 wires to your board. The appropriate pins can be view here: http://Exploitee.rs/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.


4.) Attach wires to appropriate pins on your USB->TTL device
4.) Attach wires to appropriate pins on your USB->TTL device
Line 89: Line 70:
===Software Portion===
===Software Portion===


1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.
1.) Place all files in manual update on USB (preferably formatted to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.


2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)
2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes). If you choose to use a fat32 drive you will probably have problems with Netflix. Please format the drive to ext3 for best results!


3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".
3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".


4.) Execute the update with the following command "sh manual-update.sh"
4.) Execute the update with the following command "sh manual-update.sh". If you chose a fat32 formatted usb drive you will receive "Permission denied" errors during the chmod process of the manual-update script, this is normal.


5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.  
5.) If the process ends prompting "Complete" you are finished and may restart (regardless of the permission denied errors on fat32). You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.  


You are now complete and free to install applications on your box remotely through adb.
You are now complete and free to install applications on your box remotely through adb.
Line 104: Line 85:


===Installing Apps===
===Installing Apps===
After reboot, the Logitech Revue will now be running the [[Android Development Bridge (adb)]] daemon to allow remote connections on port 5555.  If you already have the Android SDK tools installed you are ready to begin installing applications with the standard 'adb install' commands or accessing shell via 'adb shell'.
After reboot, the Logitech Revue will now be running the [[Android Debug Bridge (adb)]] daemon to allow remote connections on port 5555.  If you already have the Android SDK tools installed you are ready to begin installing applications with the standard 'adb install' commands or accessing shell via 'adb shell'.
In case you are not familiar with using the [[Android Development Bridge (adb)]], the following steps will help you get started:
In case you are not familiar with using the [[Android Debug Bridge (adb)]], the following steps will help you get started:


1.) Follow the steps outlined [http://developer.android.com/sdk/index.html here] to install the Android 2.1 SDK to the computer you wish to install apps from. Don't worry about USB drivers as you will not be using this with the Revue.  (Newer SDK tools should work also, but keep in mind that the Revue is at SDK 7 when building apps.)
1.) Follow the steps outlined [http://developer.android.com/sdk/index.html here] to install the Android 2.1 SDK to the computer you wish to install apps from. Don't worry about USB drivers as you will not be using this with the Revue.  (Newer SDK tools should work also, but keep in mind that the Revue is at SDK 7 when building apps.)
Line 125: Line 106:
   1062 KB/s (3993846 bytes in 3.672s)
   1062 KB/s (3993846 bytes in 3.672s)


7.) If adb did not report any errors, your app should now be available in your Logitech Revue applications list.  Please note that some Android apps make use of native code which runs outside of the [http://en.wikipedia.org/wiki/Dalvik_(software) DalvikVM].  These native pieces will need to be rebuilt for the Revue's x86 architecture.  Refer to the [http://gtvhacker.com/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support Toolchain Support] page for help rebuilding native code.
7.) If adb did not report any errors, your app should now be available in your Logitech Revue applications list.  Please note that some Android apps make use of native code which runs outside of the [http://en.wikipedia.org/wiki/Dalvik_(software) DalvikVM].  These native pieces will need to be rebuilt for the Revue's x86 architecture.  Refer to the [http://Exploitee.rs/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support Toolchain Support] page for help rebuilding native code.


===Building the code===
===Building the code===


The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is [http://gtvhacker.com/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support documented here].
The Exploitee.rs team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is [http://Exploitee.rs/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support documented here].


===Troubleshooting===
===Troubleshooting===


If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.  
If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC or the [http://forum.Exploitee.rs/ Exploitee.rs forums] if the wiki does not assist you. If you stop by IRC to ask a question please give us time to respond, we are not always at the computer so there may be times that no one will respond immediately. Also, feel free to send zenofex an email at zenofex at Exploitee.rs with questions.


===About Us===
===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.  
This package is brought to you by the Exploitee.rs team over at irc.freenode.net #Exploiteers.  


GTVHacker Team Members:
Exploitee.rs Team Members:


* [[Zenofex]]
* [[Zenofex]]
Line 146: Line 127:


Thanks to everyone in the community who made this all possible.  
Thanks to everyone in the community who made this all possible.  
The GTVHacker Team
The Exploitee.rs Team


== Related Files: ==
== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99


Script to simplify tool chain and sdk building : [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip Beta1] or [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer-beta2.zip Beta2]  
=== Logitech Revue Modified Updates ===
{| border="1" cellspacing="0"
! Version number
! Update link
! Update link 2
! Date
! Features
|-
| [[ Revue Update b54202 | b54202 ]]
| http://www7.zippyshare.com/v/84320220/file.html
|
| 08-25-2011
|
|-
| [[ Revue Update b49116 | b49116 ]]
| http://www.multiupload.com/SSV46RGX44
|
| 04-05-2011
|
|-
| [[ Revue Update b47773 | b47773 ]]
| http://www.multiupload.com/ANOWNDJ4IS
|
| 03-20-2011
|
|-
| [[ Revue Update b42732 | b42732 ]]
| http://www.multiupload.com/NWXIUNZEF3
|
| 01-26-2011
|
|-
| [[ Revue Update b42449 | b42449 ]]
| http://www.multiupload.com/REVEQS6HII
| http://bit.ly/gtvuc99
| 01-05-2011
|
|}
 
Script to simplify tool chain and sdk building : [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip Beta1] or [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer-beta2.zip Beta2]


[[Category:Logitech Revue]]
 
[[Category:Logitech]]

Latest revision as of 20:24, 3 January 2017

Revue-advert.gif

"Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong."

Updates

Updates and other change log notes are available Revue Root Notes. Check these out before getting started.

Any previous device updates will disable the UART1 pins necessary for this hack!

Demonstration video.

Shows Filesystem access, Apps and the Market, as well as previously blocked websites. Check it out http://www.youtube.com/user/gtvhacker


The Exploitee.rs Guide to installing applications and rooting your Logitech Revue

This is being brought to you right before CES, we all worked hard and here it is.

Features

ADBD Running for adb access. Custom boot logo. Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

About the Hack

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

About Manual Update

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

Required Tools

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows) A USB Drive (At least 1gb, 2+gb Recommended)

Hardware Portion

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://Exploitee.rs/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L (On the revue keyboard, not through the console) until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: Logitech_Revue_Technical)

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

Software Portion

1.) Place all files in manual update on USB (preferably formatted to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes). If you choose to use a fat32 drive you will probably have problems with Netflix. Please format the drive to ext3 for best results!

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh". If you chose a fat32 formatted usb drive you will receive "Permission denied" errors during the chmod process of the manual-update script, this is normal.

5.) If the process ends prompting "Complete" you are finished and may restart (regardless of the permission denied errors on fat32). You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, you will not see any console output. If you want a serial console again, go into recovery.

Installing Apps

After reboot, the Logitech Revue will now be running the Android Debug Bridge (adb) daemon to allow remote connections on port 5555. If you already have the Android SDK tools installed you are ready to begin installing applications with the standard 'adb install' commands or accessing shell via 'adb shell'. In case you are not familiar with using the Android Debug Bridge (adb), the following steps will help you get started:

1.) Follow the steps outlined here to install the Android 2.1 SDK to the computer you wish to install apps from. Don't worry about USB drivers as you will not be using this with the Revue. (Newer SDK tools should work also, but keep in mind that the Revue is at SDK 7 when building apps.)

2.) Determine the IP address of your Revue by checking with your DHCP server or viewing 'Network Information' in the Revue Settings app. This will be referred to as <GTV-IP> in subsequent steps.

3.) Open a shell (i.e. bash/cygwin/dos/etc) on the machine with the SDK installed.

4.) Verify that the sdk tools directory is in your PATH (Google can help if you don't understand this step.)

5.) Run 'adb connect <GTV-IP>:5555' and you should see:

  $ adb connect 10.10.10.50:5555
  connected to 10.10.10.50:5555

6.) Change to the directory containing the Android packages (APK) you wish to install and run 'adb install app.apk' (where app.apk is the app's filename)

  $ adb install Maps.apk
       pkg: /data/local/tmp/Maps.apk
  Success
  1062 KB/s (3993846 bytes in 3.672s)

7.) If adb did not report any errors, your app should now be available in your Logitech Revue applications list. Please note that some Android apps make use of native code which runs outside of the DalvikVM. These native pieces will need to be rebuilt for the Revue's x86 architecture. Refer to the Toolchain Support page for help rebuilding native code.

Building the code

The Exploitee.rs team has a script to simplify the download/configuration/installation of unofficial NDK/toolchain support which is documented here.

Troubleshooting

If you experience any issues, please check wiki as we will be updating it with the most common problems then visit our IRC or the Exploitee.rs forums if the wiki does not assist you. If you stop by IRC to ask a question please give us time to respond, we are not always at the computer so there may be times that no one will respond immediately. Also, feel free to send zenofex an email at zenofex at Exploitee.rs with questions.

About Us

This package is brought to you by the Exploitee.rs team over at irc.freenode.net #Exploiteers.

Exploitee.rs Team Members:

Thanks to everyone in the community who made this all possible. The Exploitee.rs Team

Related Files:

Logitech Revue Modified Updates

Version number Update link Update link 2 Date Features
b54202 http://www7.zippyshare.com/v/84320220/file.html 08-25-2011
b49116 http://www.multiupload.com/SSV46RGX44 04-05-2011
b47773 http://www.multiupload.com/ANOWNDJ4IS 03-20-2011
b42732 http://www.multiupload.com/NWXIUNZEF3 01-26-2011
b42449 http://www.multiupload.com/REVEQS6HII http://bit.ly/gtvuc99 01-05-2011

Script to simplify tool chain and sdk building : Beta1 or Beta2