Difference between revisions of "GTV FileSystem"

From Exploitee.rs
Jump to navigationJump to search
Line 93: Line 93:
boot.img: A file system including the root file system for the device.
boot.img: A file system including the root file system for the device.
The "system" folder: This is the guts of the Google TV and it's applications.  These files are copied into the system folder on update.
The "system" folder: This is the guts of the Google TV and it's applications.  These files are copied into the system folder on update.
The META-INF directory which includes the manifest and other certififacts shipped with the device for authenticaiton.
The META-INF directory which includes the manifest and other certificates shipped with the device for authentication.


== File System Obfusication ==
== File System Obfusication ==

Revision as of 04:10, 10 January 2011

The Google TV File System is similar to most other Android Operating Systems.

File System Layout

The File System is created by the mounting of 13 partitions into a *nix-based file system.

Below is a list of the paritions, their contents, and their mount points:

Identifier? Partition Name Description Mount Point
0x00000000-0x00200000 "mbr" Mostly blank, repeats "01c0000 b00b dead 000f a901 0000 0000 0000 0000"
0x00200000-0x00a00000 "cefdk" Boot loader? It's Data - Wouldn't say crypted, but no strings.
0x00a00000-0x00c00000 "redboot" All FF's
0x00c00000-0x00e00000 "cefdk-config" Holds Box SN, repeats (like MBR)
0x01000000-0x01800000 "splash" Says its a BMP, doesnt totally look like one (on quick look)
0x01800000-0x01900000 "fts" Repeats this data, mostly: "F*TS..e.L.......bootloader.command=boot-recovery.bootloader.recovery=recovery.--wipe_data."
0x01900000-0x02d00000 "recovery" Full image, including kernel and small ramdisk (in squashfs format), boots to recovery menu
0x02d00000-0x03200000 "kernel" The kernel image
0x03200000-0x07200000 "boot" Root partition, goes in hand with the kernel image, also in squashfs format
0x07200000-0x1f200000 "system" /system partition. Holds most of the crucial system files. It's YAFFS
0x1f200000-0x3fa00000 "data" Where user data is stored. YAFFS
0x3fa00000-0x3ff00000 "keystore" Don't delete this . Has Keys for communication w/ Google & Logitech YAFFS
0x3ff00000-0x40000000 "bbt" Bad Block Table

Sources:

Updates

Updates to the Google TV, unlike the incremental updates that most Android phones receive, come as a complete file system meant to replace the previous. It is assumed that since Google TV devices are meant to be connected to high speed internet connections, downloading a full File System is more palatable than on a limited-bandwidth mobile device.

Updates are retrieved without user intervention from the Google Servers. You can use the device version number to check your current file system implementation (See GoogleTV - Version Numbers for more information). Updates are distributed as signed zip files including the base file system image, the system files, as well as updated certificates and any public keys necessary. The current update packages are:

Logitech Revue b42449

List of all updates for:

The Updates each include: boot.img: A file system including the root file system for the device. The "system" folder: This is the guts of the Google TV and it's applications. These files are copied into the system folder on update. The META-INF directory which includes the manifest and other certificates shipped with the device for authentication.

File System Obfusication

How to access the File System contained within an image

The Zip File is a simple matter to extract, however the images within them tack some massaging in order to explore. While they are a typical SquashFS File System, they have some padding bytes that prevented a simple "Unsquashing."

  • It would be great if we could create a way to use dd to truncate the image instead of using a hex editor. You should be able ot somehow grep for the start and then dd the proper bits into a new file that could be explored correctly.*

Some data on the process is available here: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images

GTV Recovery Mode vs GTV(System) Mode

GTV Boot Loader

The Boot Loader is included on the File System, currently in the X directory. The Boot Loader is based off of the Y Loader (More information can be found at Z). For the Sony BlueRay player, the Boot Loader is ABC.

Files of interest within the File System

So, why can't I just edit a File System and use it to update my review?