Difference between revisions of "Logitech Revue Kernel"

From Exploitee.rs
Jump to navigationJump to search
m (Created page with "=== Overview === Kernel")
 
(Initial Contribution)
Line 1: Line 1:
=== Overview ===
=== Overview ===
The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code.  The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image.  Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.
It should also be noted that reading through this Wiki page should illustrate that the [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 kernel source posted on Google's mirrored source site] is not a complete representation of the Logitech Revue's kernel.
=== Security Measures ===
Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
* The /system partition is configured as read-only by the flash layout compiled into the kernel
* [[CONFIG_MODULE_SIG]]=y : Module signatures are enabled.  Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel.  This effectively limits execution of new code at privilege level 0 even once root access is achieved.  (This is an option which is not implemented in the released GPL sources.)
* [[CONFIG_DEVMEM_PROTECT]]=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)
=== Virtual Kernel Memory Layout ===
Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem)
virtual kernel memory layout:
    fixmap  : 0xffffa000 - 0xfffff000  (  20 kB)
    vmalloc : 0xac000000 - 0xffff8000  (1343 MB)
    lowmem  : 0x80000000 - 0xab800000  ( 696 MB)
      .init : 0x80484000 - 0x804b5000  ( 196 kB)
      .data : 0x803925b8 - 0x80481398  ( 955 kB)
      .text : 0x80100000 - 0x803925b8  (2633 kB)


[[Category:Logitech Revue|Kernel]]
[[Category:Logitech Revue|Kernel]]

Revision as of 20:43, 22 January 2011

Overview

The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

It should also be noted that reading through this Wiki page should illustrate that the kernel source posted on Google's mirrored source site is not a complete representation of the Logitech Revue's kernel.

Security Measures

Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.

  • The /system partition is configured as read-only by the flash layout compiled into the kernel
  • CONFIG_MODULE_SIG=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)
  • CONFIG_DEVMEM_PROTECT=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

Virtual Kernel Memory Layout

Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem) virtual kernel memory layout:

    fixmap  : 0xffffa000 - 0xfffff000   (  20 kB)
    vmalloc : 0xac000000 - 0xffff8000   (1343 MB)
    lowmem  : 0x80000000 - 0xab800000   ( 696 MB)
      .init : 0x80484000 - 0x804b5000   ( 196 kB)
      .data : 0x803925b8 - 0x80481398   ( 955 kB)
      .text : 0x80100000 - 0x803925b8   (2633 kB)