BETA: Revue Root (Not for general public use)
Posted: Sat Aug 04, 2012 1:30 am
Hey everyone,
We've decided that since we are now fighting a future revue update which will fix this functionality we will release dan rosenberg's revue exploit "as is" with a giant warning label. Essentially this root is un-stable and needs a form of persistence to continue beyond a reboot. The problem is that all the partitions that would allow a suid binary are either signed, which means we are unable to change without logitech's private key, or are marked nosuid. This creates a hurdle as there is no way for us to leave a binary that will grant us root when we need it without actually needing to re-run the exploit. So you may ask why not just run the exploit every time? The reason we don't want to do this is that when running the exploit the box becomes unstable until it is rebooted. So we are left without a way to modify the system files that would allow us to unlock the box and with an exploit that creates an unstable environment.
Along with the root are 2 other scripts, one which disables code signing for loaded modules (codesign) and one of which that marks the system partitions that are RO (Read Only) as RW (Read/Writeable) which is known as (blockwrite). Using these additional files is not recommended unless you are working on creating a module or looking to write to a partition that isn't signed. This is probably not the case for 99.9% of you.
So there it is, that's why the release of the exploit has been delayed since we got back. We've been working on some ideas to get around the signed partitions most of which may be riskier than most of you would probably want to go through, but we will continue to do so until we either run out of ideas or make a breakthrough. Regardless of which we know its a race until the Logitech update comes out so keep checking back here, our wiki, and our twitter (@gtvhacker) for updates. If all else fails we will let people know when we hear of updates rolling out and users can disconnect their revues from the internet until a work-around is found.
Link to exploit on wiki
http://gtvhacker.com/index.php/Revue_software_root
Thanks,
Zenofex
We've decided that since we are now fighting a future revue update which will fix this functionality we will release dan rosenberg's revue exploit "as is" with a giant warning label. Essentially this root is un-stable and needs a form of persistence to continue beyond a reboot. The problem is that all the partitions that would allow a suid binary are either signed, which means we are unable to change without logitech's private key, or are marked nosuid. This creates a hurdle as there is no way for us to leave a binary that will grant us root when we need it without actually needing to re-run the exploit. So you may ask why not just run the exploit every time? The reason we don't want to do this is that when running the exploit the box becomes unstable until it is rebooted. So we are left without a way to modify the system files that would allow us to unlock the box and with an exploit that creates an unstable environment.
Along with the root are 2 other scripts, one which disables code signing for loaded modules (codesign) and one of which that marks the system partitions that are RO (Read Only) as RW (Read/Writeable) which is known as (blockwrite). Using these additional files is not recommended unless you are working on creating a module or looking to write to a partition that isn't signed. This is probably not the case for 99.9% of you.
So there it is, that's why the release of the exploit has been delayed since we got back. We've been working on some ideas to get around the signed partitions most of which may be riskier than most of you would probably want to go through, but we will continue to do so until we either run out of ideas or make a breakthrough. Regardless of which we know its a race until the Logitech update comes out so keep checking back here, our wiki, and our twitter (@gtvhacker) for updates. If all else fails we will let people know when we hear of updates rolling out and users can disconnect their revues from the internet until a work-around is found.
Link to exploit on wiki
http://gtvhacker.com/index.php/Revue_software_root
Thanks,
Zenofex