The Sony Bravia series of HDTVs are a great piece of kit; they’re nice displays that usually have enough inputs for the craziest home theatre setups. These TVs also run Linux, but until now we haven’t seen anything that capitalizes on the fact these displays are wall-mounted Linux boxen. [Sam] sent in an exploit to root any Bravia TV – hopefully the first step towards replacing our home media server.
The exploit itself is a regular buffer overflow initialized by a Python script. The script sets up a Telnet server on any Sony Bravia with a USB port, and provides complete root access. [Sam] was able to get a Debian install running off a USB drive and all the Debian programs run correctly.
If you have a Bravia you’d like to test [Sam]’s script on, you’ll need a USB network adapter for the TV and a Telnet client to explore your TV’s file system. Right now there’s not much to do with a rooted Bravia, but at least now running XMBC or other media server on a TV is possible.
If anyone would like to start porting XMBC to a Bravia TV, [Sam] says he’s more than willing to help out. We’re not aware of any HDTV modding communities on the Internet, so if you’re part of one post a link in the comments.
The proud cry of “I am root” rings true once again, this time on Sony Google TV devices. Although a low-level exploit was found on previous firmware versions, a downgrade process lets you run unsigned kernels on updated TV or Bluray models of the Internet streaming devices.
These systems are Android-based, which currently run version 3.1 Honeycomb. This version patches the previous exploit, but with three different USB sticks you can downgrade, exploit, and upgrade to an altered and unsigned hack of the most recent kernel. This gives you the root access you may have been longing for, but other than the features discussed in the forum thread there’s not a whole lot of changes rolled into the exploit yet.
We’re always looking out for open source projects running on living-room devices and hope that someday we’ll see a branch of XBMC for the GTV. Until then we’ll just have to keep our fingers crossed for the viability of a RaspberryPI XBMC.
So you’ve been rooting devices eh? If you get caught you’re headed for the big house, the lockup, the pen, the joint, they’ll send you up the river, you better be careful! Seriously though, if you buy a device and circumvent the security features should that in itself be breaking the law? We’re not talking about stealing intellectual property, like playing copied games on a chipped system (yeah, that’s stealing). We mean unlocking a device so that you can use it for what you wish. Be it your own prototyping, or running open-source applications. Unfortunately if the current Digital Millennium Copyright Act exemptions expire it will be a crime.
Thankfully, [Bunnie] is doing something about this. You may remember him as the guy that found most of the ridiculous security holes in the original Xbox, or the brain behind the Chumby. Now’s he’s got an online petition where your voice can be heard. Speak up and let the US politicians know why unlocking a device isn’t a crime.
[Kubbur87] put together a guide to replacing the Non-touch Kindle 4 screensavers with your own images. We’ve already seen a way to remove the Special Offers banners from the newest version of Kindle Hardware, this hack lets you use your own 600×800 Portable Network Graphics (.png) file instead of the images pushed to the device by Amazon.
Frankly, we’re shocked at how easy this hack is. [Kubbur87] puts the device into developer mode, enables SSH, and then goes to work on the Linux shell within. It seems the only line of protection is the root password which he somehow acquired.
After the break you’ll find his videos which show how to enable developer mode and how to perform this hack. By putting a file named “ENABLE_DIAGS” with no extension on the device when it is recognized as a USB storage device you’ll gain access to the diagnostic menu system. From there it’s just a matter of cruising that menu to get SSH access. Like we said, you’ll need the root password, that that’s as easy as naming your favorite video game character from the 1980’s.
Continue reading “Custom screensaver on the non-touch Kindle 4″
[Chris’] family made the mistake of giving him a hackable Christmas gift. We’d bet they didn’t see much of him for the rest of the day as he set about rooting this Android wristwatch.
This thing has some pretty powerful hardware under the hood. It’s sporting an OMAP3 processor running at 600 MHz along with 256 MB of RAM. [Chris] needed to get his hands on a firmware image in order to look for security holes. He found a way to spoof the update application in order to intercept an upgrade image from the Internet.
He dumped the firmware locations and got to work searching for a way to exploit the device. Details are a bit scarce about want exactly he did, but you can download his modified image, letting you root your own Motorola Actv using the Android Debug Bridge.
We’ve embedded a demo video after the break. The OS is pretty snappy on the tiny device. We’re not sure what will come of this functionality, but we assume [Chris] was really only interested in the challenge of rooting process itself.
Continue reading “Rooting a Motorola Actv (Android wristwatch)”
The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device.
Gaining access to the device is as easy as injecting some HTML code into the UI. It is then run by the device as root (no kidding!). [Yifan] grabbed an MP3 file, changed its tag information to the HTML attack code, then played the file on the device to exploit the flaw. How long before malicious data from illegally downloaded MP3 files ends up blanking the root file system on one of these?
Continue reading “How the Kindle Touch jailbreak was discovered”
Amazon’s new tablet reader, the Kindle Fire has been rooted. Early this morning [Death2All110] posted the steps he took to gain root access to his device (which is so fresh out of the box it still smells new). The heavy lifting is done by a package called SuperOneClick which aims to root all manner of phones and devices running Android.
There’s a bit more than the one click necessary, but not by much. Using the Android Developer Bridge in conjunction with the SDK you need to put in a value that will be recognized as the VID. From there, turn on the ability to install apps from unknown developers, re-enumerate the device on your PC and run the one-click package.
What can you do with this? Well, it completely opens up the Android OS so that you can bend it to your will. We haven’t seen any demonstrations yet, but it should be even better than what we saw done with the Sony PRS-T1.
[Addictive Tips via Reddit]