Quantcast

Logitech Revue Kernel

Discussion in 'Hacking Logitech GTV' started by sparkyscott21, Jan 23, 2011.

  1. sparkyscott21

    sparkyscott21 Moderator Staff Member

    Joined:
    Nov 4, 2010
    Messages:
    7,280
    Likes Received:
    103
    Trophy Points:
    63
    Location:
    Northern Mich.
    [​IMG]


    From GTVHacker.com

    1 Overview
    2 Kernel Configuration
    3 Security Measures
    4 Running Modules
    5 USB Serial Adapter Support
    6 Virtual Kernel Memory Layout
    7 Examining the Kernel Image

    Overview

    The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader, etc wrapped around vmlinux.bin.gz which has its gzip header 0x37f5 bytes into the composite kernel image we have examined. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

    It should also be noted that reading through this Wiki page should illustrate that the kernel source posted on Google's mirrored source site is not a complete representation of the Logitech Revue's kernel.

    Kernel Configuration

    Fortunately the Revue's kernel provides /proc/config.gz which allows a glimpse into the kernel in advance of a proper GPL release from Logitech.

    Security Measures

    Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
    The /system partition is configured as read-only by the flash layout compiled into the kernel

    CONFIG_MODULE_SIG=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)

    CONFIG_DEVMEM_PROTECT=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

    Running Modules

    The following is lsmod output from a rooted Revue:

    alsa_shim 12092 0 - Live 0xad1bc000 (PF)
    snd_usb_audio 84480 0 - Live 0xad3e1000
    snd_usb_lib 17280 1 snd_usb_audio, Live 0xac4fa000
    snd_rawmidi 22016 1 snd_usb_lib, Live 0xad1b5000
    snd_seq_device 8332 1 snd_rawmidi, Live 0xad1a9000
    snd_pcm 74888 2 alsa_shim,snd_usb_audio, Live 0xad2c1000
    snd_page_alloc 11400 1 snd_pcm, Live 0xad1a5000
    snd_hwdep 8708 1 snd_usb_audio, Live 0xad1a1000
    snd_timer 23172 1 snd_pcm, Live 0xad031000
    snd 48820 8 alsa_shim,snd_usb_audio,snd_usb_lib,snd_rawmidi,snd_seq_device,snd_pcm,snd_hwdep,snd_timer, Live 0xad071000
    pvrsrvkm 120532 14 - Live 0xad001000 (F)
    edl_audio_dac_drv_linux 11264 0 - Live 0xac374000 (F)
    edl_thermal 7688 0 - Live 0xac2dc000 (F)
    vidcap_ce4X00 39132 0 - Live 0xac4e1000 (F)
    ismdavcap_shim 29888 0 - Live 0xac4b1000 (F)
    avcap_synthetic 14016 0 - Live 0xac2c7000 (F)
    avcap_core 10004 7 vidcap_ce4X00,ismdavcap_shim,avcap_synthetic, Live 0xac2cc000
    ismdbufmon 28612 0 - Live 0xac2d0000 (F)
    ismdaudio 5976696 1 alsa_shim, Live 0xbd9d5000 (F)
    ismdvidrend 115456 0 - Live 0xac481000 (F)
    ismdvidpproc 769908 1 ismdvidrend, Live 0xbd40f000 (F)
    ismdviddec_v2 386552 0 - Live 0xae701000 (F)
    ismddemux_v2 350816 0 - Live 0xad701000 (F)
    ismdclock_recovery 12552 4 ismdavcap_shim,ismdbufmon,ismdaudio,ismddemux_v2, Live 0xac279000 (F)
    ismdclock 22184 0 - Live 0xac269000 (F)
    ismdcore 6714528 11 alsa_shim,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock, Live 0xac57b000 (F)

    ioctl_module 5012 14 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore, Live 0xac243000
    gdl_mm 59212 40 ismdaudio,ismdvidrend, Live 0xac248000 (F)
    sec_kernel 21348 6 - Live 0xac231000 (F)
    hst_ccmp 6912 0 - Live 0xac21d000
    wlan 583560 1 hst_ccmp, Live 0xac2df000 (P)
    intel_ce_pm 14368 4 pvrsrvkm,vidcap_ce4X00,ismdvidpproc,gdl_mm, Live 0xac238000 (F)

    clock_control 21932 5 ismdaudio,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm, Live 0xac216000 (F)
    idl_spi 8524 1 edl_audio_dac_drv_linux, Live 0xac209000 (F)
    idl_gpio 23980 2 - Live 0xac0f2000 (F)
    idl_i2c 16540 3 vidcap_ce4X00,gdl_mm,clock_control, Live 0xac0f9000 (F)
    sven_linux 28648 13 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,sec_kernel,clock_control, Live 0xac0da000 (F)

    system_utils_linux 3712 8 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2, Live 0xac02c000 (F)

    platform_config 13316 15 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,intel_ce_pm,clock_control,sven_linux,system_utils_linux, Live 0xac0ea000
    pal_linux 20228 14 pvrsrvkm,edl_thermal,ismdaudio,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux, Live 0xac03a000 (F)

    osal_linux 23568 25 alsa_shim,pvrsrvkm,edl_audio_dac_drv_linux,edl_thermal,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux,system_utils_linux,pal_linux, Live 0xac0e3000

    USB Serial Adapter Support

    The published kernel from the Google TV Mirrored Source site is configured to have built-in support FTDI single interface USB serial adapters as a serial console.

    This option is also enabled in the kernel configuration of the Logitech Revue:
    #

    #
    CONFIG_USB_SERIAL=y
    CONFIG_USB_SERIAL_CONSOLE=y
    CONFIG_USB_SERIAL_GENERIC=y
    CONFIG_USB_SERIAL_FTDI_SIO=y

    NOTE: Although the driver has been verified to load, there is unfortunately no shell attached to the console in the default configuration.

    Virtual Kernel Memory Layout

    Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem) virtual kernel memory layout:

    fixmap : 0xffffa000 - 0xfffff000 ( 20 kB)
    vmalloc : 0xac000000 - 0xffff8000 (1343 MB)
    lowmem : 0x80000000 - 0xab800000 ( 696 MB)
    .init : 0x80484000 - 0x804b5000 ( 196 kB)
    .data : 0x803925b8 - 0x80481398 ( 955 kB)
    .text : 0x80100000 - 0x803925b8 (2633 kB)

    Examining the Kernel Image

    The kernel lives in /system/boot/kernel which can be extracted from an OTA update file or from a rooted Revue. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image.

    To extract vmlinux.bin.gz from /system/boot/kernel, use dd to copy starting at the gzip header:
    dd if=./ota_update/system/boot/kernel of=vmlinux.bin.gz bs=$((0x37f5)) skip=1
    Now you can decompress the vmlinux.bin.gz
    gzip -d vmlinux.bin.gz

    At this point you have the vmlinux.bin which is essentially vmlinux minus the ELF headers and symbols.

    1-23-11
    Source​
     
    Last edited by a moderator: Jan 24, 2011
  2. KernelJayOmega

    KernelJayOmega New Member

    Joined:
    Jan 24, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Hi sparkyscott21,

    Thanks you for taking our work from the gtvhacker.com wiki and reposting it on this forum. In the future however we would appreciate it if you would do us the courtesy of linking to our site a little more prominently so that those who are interested will have easier access to the rapidly developing GTVHacker wiki.

    In case anybody is interested, we have also started a blog with the first blog post available here: GTV Hacker » Blog Archive » Logitech Revue Software Root?

    Best Regards,
    Craig
    Craigdroid - GTV Hacker
     
  3. alphawave7

    alphawave7 Moderator Staff Member

    Joined:
    Oct 5, 2010
    Messages:
    1,094
    Likes Received:
    21
    Trophy Points:
    38

    Howdy Craig! We normally treat news items like this as you've seen above, which include the source linked at the bottom. Per your request, I've added a link to the top of the article, too. Hope that works! :) Keep up the GREAT work, and looking forward to any progress! :D
     

Share This Page

Search tags for this page
can linux run on logitech revue
,
how to install kodi logitech revue
,
how to install kodi on logitech revue
,
kodi for revue
,
kodi logitech revue
,
linux on logitech revue
,
logitech google tv kodi
,

logitech revue kodi

,
logitech revue kodi install
,

logitech revue linux