1 00:00:00,000 --> 00:00:01,999 MIKE BAKER: Greetings, everyone. 2 00:00:01,999 --> 00:00:04,250 Welcome to Google TV or How I Learned to Stop Worrying 3 00:00:04,250 --> 00:00:06,709 and Exploit Secure Boot. 4 00:00:07,999 --> 00:00:10,542 My name is Mike Baker. 5 00:00:10,542 --> 00:00:13,876 I am a firmware developer and I did OpenWrt. 6 00:00:13,876 --> 00:00:20,999 (Applause.) MIKE BAKER: We also have Hans Nielsen who 7 00:00:20,999 --> 00:00:30,584 is a senior securities consultant at Matasano and we have CJ Heres, 8 00:00:30,584 --> 00:00:37,417 IT systems administrator and we have Tom Dwanger 9 00:00:37,417 --> 00:00:43,250 in the audience and stand up, Tom. 10 00:00:43,584 --> 00:00:49,000 (Applause.) MIKE BAKER: And we have Amir Elemadieh who 11 00:00:49,000 --> 00:00:54,751 is a researcher at Accuvant LABS and also the founder 12 00:00:54,751 --> 00:00:58,042 of the GTVHacker group. 13 00:00:59,417 --> 00:01:04,292 GTVHacker is a group of about six hackers that hack 14 00:01:04,292 --> 00:01:08,999 in to the Google TV line of products. 15 00:01:08,999 --> 00:01:12,083 Our primary goal is to bypass the hardware and software restrictions 16 00:01:12,083 --> 00:01:14,334 and open up the device. 17 00:01:15,999 --> 00:01:20,125 The GTVHacker team was the first to exploit the Google TV 18 00:01:20,125 --> 00:01:22,918 and won a $500 bounty. 19 00:01:24,626 --> 00:01:28,083 So what is the Google TV platform? 20 00:01:28,083 --> 00:01:31,959 The Google TV platform is an Android device that connects 21 00:01:31,959 --> 00:01:33,834 to your TV. 22 00:01:33,834 --> 00:01:36,167 So your TV essentially becomes the same Android device 23 00:01:36,167 --> 00:01:38,584 as your mobile phone. 24 00:01:38,999 --> 00:01:44,125 It has HDI in and HDI out and IR. 25 00:01:45,250 --> 00:01:51,375 Some of them include Blu Ray players and Sony TV has integrated Google TV 26 00:01:51,375 --> 00:01:54,584 and has a custom version of Chrome and 27 00:01:54,584 --> 00:01:59,292 a Flash version that I will talk about later. 28 00:02:01,792 --> 00:02:05,709 So why do we hack the platform? 29 00:02:05,999 --> 00:02:09,876 We hack the platform because unlike the Google Nexus 30 00:02:09,876 --> 00:02:13,459 devices it has a heavy restricted kernel and 31 00:02:13,459 --> 00:02:19,999 the previous generation, generation 1 is the end of life and the Flash player, 32 00:02:19,999 --> 00:02:24,083 I will get to that in the next slides. 33 00:02:25,417 --> 00:02:29,417 So before we start I am going to do a very quick recap 34 00:02:29,417 --> 00:02:33,501 of the stuff we did last year at DEF CON. 35 00:02:33,501 --> 00:02:34,999 I am going to speed through it. 36 00:02:34,999 --> 00:02:37,792 So if you missed something look at last year's slides. 37 00:02:47,709 --> 00:02:52,792 The Logitech review left a root URT and we also have an exploit 38 00:02:52,792 --> 00:02:59,584 by Dan Rossenburg who uses dev man and sort of wrote an impactor plug in. 39 00:03:00,999 --> 00:03:06,709 So the Sony similar situation has a no dev bug and we also wrote 40 00:03:06,709 --> 00:03:10,918 a custom recovery for it and used K exec to load 41 00:03:10,918 --> 00:03:16,083 in a new kernel and now we have unsigned kernels. 42 00:03:17,999 --> 00:03:23,083 The Flash player was blocked by various streaming sites. 43 00:03:23,083 --> 00:03:25,125 So, for example, you can't watch Hula. 44 00:03:25,125 --> 00:03:28,250 You get redirected to a site that says sorry, this 45 00:03:28,250 --> 00:03:34,834 is a Google TV and the fix for that is changing the version string. 46 00:03:35,125 --> 00:03:38,292 So what happened after we hacked these Google 47 00:03:38,292 --> 00:03:40,083 TV devices? 48 00:03:40,459 --> 00:03:42,918 We found this, this is a nice message 49 00:03:42,918 --> 00:03:47,918 from Logitech that they hid in the Android recovery. 50 00:03:47,918 --> 00:03:50,792 It is a root 13, that says GTVHacker, congratulations, 51 00:03:50,792 --> 00:03:53,999 if you are reading this please post. 52 00:03:55,083 --> 00:03:56,792 Let me know. 53 00:03:56,999 --> 00:03:59,334 And includes all of our nicknames. 54 00:03:59,334 --> 00:04:00,334 (Laughter). 55 00:04:00,334 --> 00:04:01,459 MIKE BAKER: Yes. 56 00:04:01,459 --> 00:04:05,083 Whoever is at Logitech that wrote that you are awesome. 57 00:04:05,083 --> 00:04:06,918 This is why we hack devices. 58 00:04:08,417 --> 00:04:12,334 So the Boxee Box is a similar device and using 59 00:04:12,334 --> 00:04:14,501 the same SoC. 60 00:04:14,999 --> 00:04:17,999 In the process of hacking the Google TV we came 61 00:04:17,999 --> 00:04:22,083 up with an exploit for the Boxee Box that led the way 62 00:04:22,083 --> 00:04:27,417 to the Boxee plus community and it is still vulnerable. 63 00:04:27,667 --> 00:04:30,125 So that's awesome. 64 00:04:30,667 --> 00:04:32,334 So next up is Amir. 65 00:04:32,334 --> 00:04:34,751 (Applause.) AMIR ELEMADIEH: Hi everyone. 66 00:04:39,375 --> 00:04:43,999 I am going to continue the presentation. 67 00:04:43,999 --> 00:04:48,292 My section regards Gen 2 hardware and one of the first ODY that we are 68 00:04:48,292 --> 00:04:51,667 going to release for the platform. 69 00:04:52,667 --> 00:04:57,999 So Gen 2 hardware we have a multitude of devices. 70 00:04:57,999 --> 00:05:01,999 They increase the amount of devices they had by like a factor of 2. 71 00:05:02,876 --> 00:05:07,083 And I guess they were going to increase the market share 72 00:05:07,083 --> 00:05:11,292 but essentially you have the Korean LGU plus the S cube 73 00:05:11,292 --> 00:05:15,876 and the LG 47, G2 and G3 and the Netgear Prime and GS8 and 74 00:05:15,876 --> 00:05:19,292 the Hipulse and the Vizio Costar and they have 75 00:05:19,292 --> 00:05:24,667 a similar hardware design short of the LG 47, G2 and G3. 76 00:05:29,999 --> 00:05:36,125 It is an ARM dual 1.2 gigahertz processor hubbed the Armada 1500. 77 00:05:38,999 --> 00:05:42,999 And it does Secure Boot from RAM via RSA verification 78 00:05:42,999 --> 00:05:45,250 and AS decryption. 79 00:05:45,459 --> 00:05:50,999 On this slide there is not a whole lot to pull from this. 80 00:05:50,999 --> 00:05:54,667 This is direct from their marketing stuff for the chip. 81 00:05:55,999 --> 00:06:01,083 Yes, it is just here to show you kind of how they pride the chip set itself. 82 00:06:01,876 --> 00:06:03,999 Skip the place order apparently. 83 00:06:03,999 --> 00:06:07,999 So platform information, the newest version of GTV 84 00:06:07,999 --> 00:06:10,542 is on Android 3.2. 85 00:06:10,999 --> 00:06:14,999 No public vulnerabilities that worked up until about a week ago. 86 00:06:15,751 --> 00:06:20,542 The master key vulnerability and the key signing bugs were big news 87 00:06:20,542 --> 00:06:24,999 and impactor wrote his amazing tool or SARK wrote his amazing 88 00:06:24,999 --> 00:06:26,999 tool impactor. 89 00:06:29,876 --> 00:06:36,667 It is a fat G LPSY setup and does not support native libraries. 90 00:06:39,999 --> 00:06:43,751 Gen 1 was X86 single core atom and Gen 2 91 00:06:43,751 --> 00:06:47,999 is 1500 dual core ARM 1.2 gigahertz. 92 00:06:50,751 --> 00:06:55,918 Adds native libraries and bionic LPSY from what we heard in the rumor miles. 93 00:06:55,918 --> 00:06:57,667 I am going to go through these next devices pretty 94 00:06:57,667 --> 00:07:00,542 quickly because it is all public information and I am sure 95 00:07:00,542 --> 00:07:03,083 you don't really care too much. 96 00:07:03,542 --> 00:07:08,876 Gigabit Flash, site of the Sony it is has the best remote. 97 00:07:08,876 --> 00:07:09,999 So if you are going to buy Google TV we recommend 98 00:07:09,999 --> 00:07:11,250 this one. 99 00:07:11,459 --> 00:07:12,959 Hard to recommend Sony. 100 00:07:13,250 --> 00:07:17,167 Larger form factor than some of the other Google TV devices 101 00:07:17,167 --> 00:07:19,999 and has built in IR blasters which sounds 102 00:07:19,999 --> 00:07:24,834 like something it would be throughout the whole platform. 103 00:07:27,334 --> 00:07:30,083 No voice search, a custom launcher and $99 MSRP 104 00:07:30,083 --> 00:07:33,125 and updates are done through update logic as opposed 105 00:07:33,125 --> 00:07:36,542 to the standard Android check in system. 106 00:07:37,125 --> 00:07:39,375 Common in all Vizio devices. 107 00:07:42,083 --> 00:07:44,999 It was launched with AB running as a root. 108 00:07:45,125 --> 00:07:50,626 When you pick one up because it is actually updated you can AB in, 109 00:07:50,626 --> 00:07:54,792 AB root and AB has root privileges. 110 00:07:54,792 --> 00:07:58,501 So it was patched shortly after and it has a $99 MSRP. 111 00:07:58,999 --> 00:08:02,876 With ADB root there was also a URT root set up I guess 112 00:08:02,876 --> 00:08:05,999 for debugging and whatnot. 113 00:08:06,083 --> 00:08:09,125 And they had debugible set as one. 114 00:08:09,125 --> 00:08:11,751 ADB root was all you needed for a software root, but if you wanted 115 00:08:11,751 --> 00:08:16,626 to have some fun connect your UR to adapters that we give you after this. 116 00:08:16,626 --> 00:08:19,584 You can connect to that pin out that's right up there. 117 00:08:19,876 --> 00:08:23,375 We will have a select number of USB adapters. 118 00:08:27,876 --> 00:08:30,083 $129 MSRP and two exploits for it. 119 00:08:30,083 --> 00:08:34,083 One was real and one was technically oversight, at least in our opinion. 120 00:08:34,542 --> 00:08:38,999 The oversight was that they went ahead and put the console 121 00:08:38,999 --> 00:08:42,083 to start up on UR regardless. 122 00:08:42,250 --> 00:08:43,626 Ro.secure was set. 123 00:08:45,709 --> 00:08:49,626 If they are in a debug environment they will set it to 0 and if not 124 00:08:49,626 --> 00:08:53,999 in a debug environment they will set it to ro.secure to 1. 125 00:08:56,959 --> 00:08:59,918 Then we did the NeoTVPrime root which was 126 00:08:59,918 --> 00:09:03,876 essentially an exploit that leveraged the update system 127 00:09:03,876 --> 00:09:06,751 on the Netgear NeoTVPrime. 128 00:09:07,999 --> 00:09:14,292 The process involves checking of persist radio and if it extracts it 129 00:09:14,292 --> 00:09:20,083 a test mode with a USB drive and then it just straight executes 130 00:09:20,083 --> 00:09:23,999 a shell script from that file. 131 00:09:23,999 --> 00:09:28,626 So you run you get local command execution fairly easily 132 00:09:28,626 --> 00:09:33,209 with a thumb drive and shell script. 133 00:09:34,709 --> 00:09:38,501 It is the same generation to hardware. 134 00:09:38,501 --> 00:09:39,501 Horrible mode. 135 00:09:41,834 --> 00:09:46,999 But we really like this box because of this next part. 136 00:09:46,999 --> 00:09:47,999 Q root. 137 00:09:47,999 --> 00:09:49,459 So we have a lot of fun with this. 138 00:09:49,459 --> 00:09:52,584 We hadn't done an Android APK that actually leveraged 139 00:09:52,584 --> 00:09:57,083 one of our exploits up until this point. 140 00:09:57,083 --> 00:10:00,918 It was neat to put this together and certain members were 141 00:10:00,918 --> 00:10:03,542 a big portion of this. 142 00:10:03,918 --> 00:10:06,876 So this was great because we created an app that 143 00:10:06,876 --> 00:10:09,083 not only exploits by patches your cube 144 00:10:09,083 --> 00:10:13,125 because our whole fear was releasing an exploit in to the market, 145 00:10:13,125 --> 00:10:17,459 if someone else takes a look at it they could put it in their own app 146 00:10:17,459 --> 00:10:20,209 and root all your Google TVs. 147 00:10:20,709 --> 00:10:24,999 So we set it up so that it can do patches and it can do rooting, 148 00:10:24,999 --> 00:10:29,751 but essentially how it worked it exploited a helper app. 149 00:10:31,959 --> 00:10:35,000 The helper application passed unsanitized input 150 00:10:35,000 --> 00:10:38,751 to the mount command resulting in command execution, 151 00:10:38,751 --> 00:10:42,999 which triggered the vulnerability from Android PK which showed 152 00:10:42,999 --> 00:10:48,501 network permissions and added it to the Google play store for fun. 153 00:10:48,999 --> 00:10:55,626 With that being said it was pulled by Google after six days. 154 00:10:55,959 --> 00:10:58,209 We rooted around 256 boxes including one 155 00:10:58,209 --> 00:11:01,459 engineer build which was pretty cool. 156 00:11:02,751 --> 00:11:06,083 And it took two months for them to actually patch it. 157 00:11:06,083 --> 00:11:07,999 So, you know, with six days in the market can you imagine 158 00:11:07,999 --> 00:11:09,834 the type of damage someone could have 159 00:11:09,834 --> 00:11:13,250 actually done if they were trying to maliciously and not just help people 160 00:11:13,250 --> 00:11:15,250 unlock their devices. 161 00:11:15,999 --> 00:11:19,999 Then we got to the ODY that I told you guys about. 162 00:11:20,083 --> 00:11:23,417 We have been using this bug for awhile to do our investigations 163 00:11:23,417 --> 00:11:25,959 on like new devices and research on new devices 164 00:11:25,959 --> 00:11:28,334 to see how things are set up. 165 00:11:28,334 --> 00:11:30,459 So this is kind of something that's new and dear 166 00:11:30,459 --> 00:11:34,709 to us because it has worked on the entire platform to date. 167 00:11:35,083 --> 00:11:37,959 What it is is we call the magic USB. 168 00:11:37,959 --> 00:11:38,876 We like saying magic because we are 169 00:11:38,876 --> 00:11:41,626 on the Penn & Teller stage I guess. 170 00:11:42,834 --> 00:11:45,999 If you recall our past exploits it required four USBs. 171 00:11:49,083 --> 00:11:54,083 You could narrow down the number to a lot lower but you have to have 172 00:11:54,083 --> 00:11:58,209 a lot of different images for the USB drive and leveraged 173 00:11:58,209 --> 00:12:04,083 and improperly mounted ext3 drive that was mounted without no dev. 174 00:12:04,125 --> 00:12:06,876 So there is pretty similar to that. 175 00:12:06,876 --> 00:12:10,999 It is NTFS root but it is not and it is not done in recovery but it 176 00:12:10,999 --> 00:12:13,542 is just as powerful. 177 00:12:13,709 --> 00:12:16,999 So all Google TVs and some other Android devices are vulnerable. 178 00:12:16,999 --> 00:12:21,999 What this bug is is actually I will get to that in the next slide. 179 00:12:22,751 --> 00:12:26,918 The way that this is set up it requires a user to have 180 00:12:26,918 --> 00:12:31,083 an NTFS removable storage device and requires the devices 181 00:12:31,083 --> 00:12:36,999 to be mounted no dev when you plug it in so you can run mount and see if it 182 00:12:36,999 --> 00:12:38,709 is no dev. 183 00:12:38,709 --> 00:12:40,626 And so it affects more than Android. 184 00:12:40,626 --> 00:12:42,999 It affects certain kernel configurations. 185 00:12:44,083 --> 00:12:49,542 So with this particular setup volt mounts partition without no dev 186 00:12:49,542 --> 00:12:54,876 and low num feature it does support blocked devices. 187 00:12:54,918 --> 00:13:00,999 Our magic USB the process is that you go, you get the major 188 00:13:00,999 --> 00:13:03,918 and minor hashes. 189 00:13:04,250 --> 00:13:06,792 You set up a device on a separate computer 190 00:13:06,792 --> 00:13:10,918 on an NTFS formatted drive and plug it in to your Google TV 191 00:13:10,918 --> 00:13:14,709 and you DD directly to that newly created device that's 192 00:13:14,709 --> 00:13:18,999 on your USB drive and the kernel does its magic. 193 00:13:18,999 --> 00:13:22,083 Even though the partitions are mounted read only it 194 00:13:22,083 --> 00:13:25,083 overwrites them just beautifully. 195 00:13:30,125 --> 00:13:34,999 We write it back as a user and reboot and we are rooted. 196 00:13:34,999 --> 00:13:38,751 So Sony boxes require an additional step. 197 00:13:38,751 --> 00:13:41,375 Now I am going to go ahead and introduce Hans Nielsen. 198 00:13:41,459 --> 00:13:42,876 Oh, yeah. 199 00:13:47,334 --> 00:13:50,083 (Applause.) HANS NIELSEN: Hello. 200 00:13:50,083 --> 00:13:51,083 I am Hans. 201 00:13:51,083 --> 00:13:53,334 So one thing that we really love to do here at GTVHacker 202 00:13:53,334 --> 00:13:57,626 is we love taking things apart and soldering wires to things. 203 00:13:57,999 --> 00:14:00,999 It tickles something deep in our brain that makes us feel 204 00:14:00,999 --> 00:14:02,584 very good. 205 00:14:03,167 --> 00:14:05,876 There is a few platforms out there. 206 00:14:07,209 --> 00:14:11,751 One of them is this TV that's made by LG. 207 00:14:12,542 --> 00:14:17,125 It is an interesting implementation of the platform. 208 00:14:17,125 --> 00:14:22,083 They use a different chip than the rest of the Gen 2 Google TVs. 209 00:14:22,083 --> 00:14:24,459 It has a custom chip called the ARM L9. 210 00:14:28,167 --> 00:14:31,999 LG also signed pretty much everything in terms of images 211 00:14:31,999 --> 00:14:36,999 on the Flash file system including the boot splash images. 212 00:14:36,999 --> 00:14:40,999 So this platform has always kind of alluded us. 213 00:14:42,083 --> 00:14:45,334 It is in a 47 inch LCD TV and it is very upmarket because it 214 00:14:45,334 --> 00:14:47,083 is a Google TV. 215 00:14:47,999 --> 00:14:49,999 This thing is over a thousand dollars and we didn't 216 00:14:49,999 --> 00:14:52,792 want to spend a thousand dollars on it. 217 00:14:52,792 --> 00:14:55,375 What are we going to do? 218 00:14:55,375 --> 00:14:59,083 Well, we like taking things apart and putting them back together. 219 00:15:00,999 --> 00:15:04,709 One eBay we bought a motherboard and a power supply 220 00:15:04,709 --> 00:15:09,751 and it turns out that you can get that for not so much. 221 00:15:12,459 --> 00:15:14,751 We soldered some wires to it. 222 00:15:14,999 --> 00:15:19,417 So this hardware is based around that LG SoC and 223 00:15:19,417 --> 00:15:25,999 the storage it uses is it is using an eMMC Flash chip. 224 00:15:26,167 --> 00:15:30,125 It is similar to an SD card and has a few extra little bits that allow 225 00:15:30,125 --> 00:15:32,375 for secure storage. 226 00:15:33,417 --> 00:15:38,584 But essentially what it allows us to do is that we can just solder, 227 00:15:38,584 --> 00:15:43,292 you know, a very few number of wires to this thing and hook it 228 00:15:43,292 --> 00:15:48,542 up directly to an SD card reader and with that SD card reader we can 229 00:15:48,542 --> 00:15:53,542 read and write from the Flash on the device at will. 230 00:15:53,584 --> 00:15:55,250 No issues here. 231 00:15:55,250 --> 00:15:57,999 So like most devices will have a NAND chip. 232 00:15:57,999 --> 00:15:59,999 It is much trickier to write those. 233 00:16:01,834 --> 00:16:07,083 Not as many common available pieces of hardware to read that for you. 234 00:16:07,459 --> 00:16:08,999 Everyone has an SD reader. 235 00:16:09,209 --> 00:16:12,334 So to actually root this thing, we spent awhile digging 236 00:16:12,334 --> 00:16:17,667 through the file system seeing what is here and how can we pull stuff apart. 237 00:16:17,999 --> 00:16:22,999 At 0X 100,000 hex we found the partition information that tells us 238 00:16:22,999 --> 00:16:28,125 where each of the partitions are used in this device are. 239 00:16:29,292 --> 00:16:32,125 So what we did now was we just went through each 240 00:16:32,125 --> 00:16:36,542 of the partitions looking for okay, is this one signed. 241 00:16:36,542 --> 00:16:37,918 Can we do anything with it. 242 00:16:37,918 --> 00:16:39,125 Is there fun stuff here. 243 00:16:39,209 --> 00:16:41,209 So one of the more interesting partitions 244 00:16:41,209 --> 00:16:44,459 as usual is system because that contains the majority 245 00:16:44,459 --> 00:16:48,083 of the files used to actually run Google TV. 246 00:16:48,083 --> 00:16:50,999 That's where all the ABKs live and all the LPSY lives. 247 00:16:52,459 --> 00:16:55,999 So likely said all of the file systems stuff was signed 248 00:16:55,999 --> 00:17:01,626 pretty much but it turns out that they did not sign the system image. 249 00:17:01,999 --> 00:17:04,876 Once we figured that out it was just a matter 250 00:17:04,876 --> 00:17:07,918 of unpacking the system image, figuring out what 251 00:17:07,918 --> 00:17:11,792 in that system image gets quickly called with the boot loader 252 00:17:11,792 --> 00:17:13,999 and messing with it. 253 00:17:13,999 --> 00:17:16,209 It turns out that the boot partition you can see 254 00:17:16,209 --> 00:17:20,792 on the right side here there is part of the boot scripts. 255 00:17:20,999 --> 00:17:25,709 At the bottom it calls this vender bin anit force script.sh. 256 00:17:28,501 --> 00:17:32,334 So we just replace that file to spawn a shell. 257 00:17:32,751 --> 00:17:35,417 Connect it to the UR. 258 00:17:35,417 --> 00:17:40,083 Again we love soldering wires to things and there we go. 259 00:17:40,501 --> 00:17:41,667 Then we have root. 260 00:17:41,999 --> 00:17:45,334 All in a device that we never actually bought the full thing of. 261 00:17:48,999 --> 00:17:55,667 So another device that we did this to was the Sony NSZ GS7 and 8. 262 00:17:55,667 --> 00:17:59,626 They went with this eMMC Flash interface. 263 00:17:59,876 --> 00:18:03,751 So on this platform neither boot nor system were signed. 264 00:18:03,751 --> 00:18:07,999 So just a matter of rewriting those partitions. 265 00:18:07,999 --> 00:18:11,083 So the first thing that we did was the usual way to do this 266 00:18:11,083 --> 00:18:15,876 at Android you modify the boot properties ro.secure is 0. 267 00:18:15,999 --> 00:18:19,334 Straight up ADD the device and everything will be great, 268 00:18:19,334 --> 00:18:21,083 easy, simple. 269 00:18:22,083 --> 00:18:24,918 But we did that and it didn't work. 270 00:18:24,918 --> 00:18:27,417 So it turns out that the anit scripts were checking 271 00:18:27,417 --> 00:18:30,083 signatures for some stuff. 272 00:18:30,501 --> 00:18:33,999 And it was also making sure that some of these properties weren't set. 273 00:18:33,999 --> 00:18:36,083 So it is like okay, ro.secure must be why. 274 00:18:36,459 --> 00:18:40,626 So we went around looking at how is this signature stuff working. 275 00:18:40,626 --> 00:18:43,083 And they are just not verifying those signatures. 276 00:18:43,250 --> 00:18:47,999 So it was pretty simple to just replace anit and then we were 277 00:18:47,999 --> 00:18:52,209 able to do whatever we wanted and yeah. 278 00:18:53,626 --> 00:18:56,999 This is why you don't allow hardware access to systems because you get 279 00:18:56,999 --> 00:18:59,999 to do things like this and then we win. 280 00:19:00,250 --> 00:19:06,125 Another fun feature that this device had was it had a sata port, 281 00:19:06,125 --> 00:19:11,292 but it did actually have the necessary passer components 282 00:19:11,292 --> 00:19:14,876 on the hardware to support. 283 00:19:14,999 --> 00:19:18,375 So we soldered a sata connector to it. 284 00:19:20,250 --> 00:19:23,209 So far it doesn't appear that the kernel actually supports 285 00:19:23,209 --> 00:19:24,999 these things. 286 00:19:24,999 --> 00:19:26,999 But the hard drive is actually spinning 287 00:19:26,999 --> 00:19:30,375 up and we are pretty sure it is working and we 288 00:19:30,375 --> 00:19:33,334 will talk more about that. 289 00:19:33,334 --> 00:19:35,334 So beyond those two devices is another device that came 290 00:19:35,334 --> 00:19:37,125 up very recently. 291 00:19:37,292 --> 00:19:39,334 Very interesting device. 292 00:19:39,334 --> 00:19:40,334 Very similar. 293 00:19:40,334 --> 00:19:43,375 It is an interesting evolution of the GTV family. 294 00:19:43,751 --> 00:19:45,167 Google Chromecast. 295 00:19:45,999 --> 00:19:48,542 Google announced this device last week. 296 00:19:48,999 --> 00:19:50,918 Last Wednesday even. 297 00:19:50,959 --> 00:19:52,918 35 dollars. 298 00:19:52,918 --> 00:19:55,501 This is an order of magnitude cheaper than pretty much 299 00:19:55,501 --> 00:19:57,999 any current GTV device. 300 00:19:58,375 --> 00:20:01,459 It doesn't have the same in and out for HDMI that 301 00:20:01,459 --> 00:20:03,999 all the other GTV devices. 302 00:20:04,918 --> 00:20:06,999 You plug it in to the TV and power it 303 00:20:06,999 --> 00:20:09,876 from the USB cable and boom, you have something 304 00:20:09,876 --> 00:20:11,999 to share with videos. 305 00:20:11,999 --> 00:20:15,999 It is actually a really awesome device and we think it 306 00:20:15,999 --> 00:20:17,999 is very cool. 307 00:20:18,417 --> 00:20:22,417 In many ways we think it solved some of the issues that GTV had 308 00:20:22,417 --> 00:20:26,626 in the past with kind of expensive niche platform. 309 00:20:26,626 --> 00:20:29,501 It is a really interesting device. 310 00:20:29,501 --> 00:20:33,042 Instead of having two thick clients to deal with content you now have one 311 00:20:33,042 --> 00:20:36,000 thinner device that goes with your thick device, 312 00:20:36,000 --> 00:20:40,501 say your phone or your computer and then you can share content directly 313 00:20:40,501 --> 00:20:41,959 to it. 314 00:20:41,959 --> 00:20:45,876 So one of the interesting things about that is so this is a thin device. 315 00:20:45,876 --> 00:20:47,999 How are you pushing content to this device? 316 00:20:47,999 --> 00:20:52,000 Well, you are not just streaming video from your phone. 317 00:20:52,501 --> 00:20:53,999 That's really slow. 318 00:20:53,999 --> 00:20:54,999 That's hard to do. 319 00:20:54,999 --> 00:20:58,042 So this device is actually reasonably powerful. 320 00:20:58,999 --> 00:21:01,999 So what's in it? 321 00:21:01,999 --> 00:21:05,167 We pulled it apart as soon as we could and it turns 322 00:21:05,167 --> 00:21:09,375 out that it has pretty standard stuff that you kind of see 323 00:21:09,375 --> 00:21:11,999 for an embedded device. 324 00:21:11,999 --> 00:21:12,999 It has RAM. 325 00:21:12,999 --> 00:21:13,999 It has Flash. 326 00:21:14,083 --> 00:21:17,542 It has a WiFi chip and has a CPU. 327 00:21:20,999 --> 00:21:25,999 Now this instantly made us go oh, well, this is cool. 328 00:21:25,999 --> 00:21:29,167 Because the Marvell DE 3800 is what we have been seeing in most 329 00:21:29,167 --> 00:21:31,250 of the Gen 2 TVs. 330 00:21:33,459 --> 00:21:36,709 When we saw that we started getting suspicious. 331 00:21:36,918 --> 00:21:38,876 Why is this device in here? 332 00:21:39,250 --> 00:21:42,792 Maybe this shares similarities to the Google TV platform. 333 00:21:44,751 --> 00:21:48,375 So the first thing that we did is say okay, well, this thing is going 334 00:21:48,375 --> 00:21:50,459 to have a URT in it. 335 00:21:50,876 --> 00:21:53,918 So let's go find that. 336 00:21:53,999 --> 00:21:56,459 So we found the URT and started looking 337 00:21:56,459 --> 00:22:00,999 at the kernel output from this device and turns out that it 338 00:22:00,999 --> 00:22:05,417 is very, very, very similar to a Google TV. 339 00:22:05,626 --> 00:22:10,999 It even says booting GTV kernel when you look at the URT output. 340 00:22:11,417 --> 00:22:15,501 And other things that it has. 341 00:22:15,501 --> 00:22:17,999 It has a USB port on it that you use to power it. 342 00:22:19,375 --> 00:22:21,709 But when you if you plug that in to your computer 343 00:22:21,709 --> 00:22:25,959 with a standard USB data cable you don't actually get anything there. 344 00:22:25,959 --> 00:22:27,999 The device doesn't show up or anything. 345 00:22:27,999 --> 00:22:31,834 That's because it is not actually a USB device. 346 00:22:31,834 --> 00:22:33,667 It runs in USB host mode. 347 00:22:33,999 --> 00:22:37,999 So you are actually using a USB on the go cable, plug other devices 348 00:22:37,999 --> 00:22:40,999 in to the Chromecast directly. 349 00:22:41,459 --> 00:22:46,417 Another very fun feature was it has the boot loader as the DE 3100. 350 00:22:47,999 --> 00:22:52,292 If you look at the source code drop that Google provided for this device it 351 00:22:52,292 --> 00:22:54,751 is the same boot loader. 352 00:22:54,751 --> 00:22:57,167 In fact, almost no references to the 3005. 353 00:23:00,542 --> 00:23:06,626 Very, very similar to previous Google TV platforms. 354 00:23:06,626 --> 00:23:08,959 So, of course, the first thing we do is say okay, 355 00:23:08,959 --> 00:23:12,999 although we have this thing how can we get root on it. 356 00:23:13,542 --> 00:23:17,083 Well, part of that involved how do we actually get 357 00:23:17,083 --> 00:23:22,918 to a point where we can, you know, run a recovery on this device. 358 00:23:22,918 --> 00:23:24,083 It is really restricted. 359 00:23:24,083 --> 00:23:26,459 All we have is this URT and we have this host port 360 00:23:26,459 --> 00:23:27,999 and HDMI. 361 00:23:28,083 --> 00:23:30,083 And one button. 362 00:23:32,667 --> 00:23:35,999 The first thing that do with a button you press it while it 363 00:23:35,999 --> 00:23:38,459 is rebooting and turns out holding this button 364 00:23:38,459 --> 00:23:41,876 down causes fun things in the boot loader. 365 00:23:41,999 --> 00:23:45,083 The boot loader has a special recovery mode where 366 00:23:45,083 --> 00:23:50,667 instead of doing a normal, you know, Android style recovery where it boots 367 00:23:50,667 --> 00:23:55,167 a Linux kernel and then you have a whole recovery system there 368 00:23:55,167 --> 00:23:58,626 and does signature verification. 369 00:23:58,999 --> 00:24:03,083 Instead what it does it is a much lower level recovery. 370 00:24:03,083 --> 00:24:10,417 It runs code INF boot loader, reads directly from a USB stick. 371 00:24:10,999 --> 00:24:17,334 So that host mode USB port turns out to be useful for this recovery mode. 372 00:24:17,834 --> 00:24:19,959 So the boot loader is really simple. 373 00:24:19,959 --> 00:24:22,083 They tried to put not too much stuff in there. 374 00:24:22,083 --> 00:24:25,083 So it is not even like it is a file system in this boot loader. 375 00:24:25,542 --> 00:24:33,125 It reads directly from the from 0X 1000 on that USB key. 376 00:24:37,584 --> 00:24:39,999 And then data. 377 00:24:41,250 --> 00:24:45,167 So now that we discovered okay, well, we can actually try and get it 378 00:24:45,167 --> 00:24:47,999 to load images from here, like how do we figure 379 00:24:47,999 --> 00:24:51,751 out what image format it is loading and it is the it is actually 380 00:24:51,751 --> 00:24:55,417 the same standard Marvell image format that we had seen on a lot 381 00:24:55,417 --> 00:24:57,709 of Google TV devices. 382 00:24:57,918 --> 00:25:02,999 We found an image. 383 00:25:03,626 --> 00:25:05,417 Can we boot stuff? 384 00:25:05,417 --> 00:25:07,250 Do we have signed kernels, other signed images we can try running 385 00:25:07,250 --> 00:25:10,250 on here and see if we can get anything to run. 386 00:25:10,876 --> 00:25:16,792 We spent some time looking at the code and what we found was 387 00:25:16,792 --> 00:25:20,918 a very significant oversight. 388 00:25:21,083 --> 00:25:26,999 It turns out that if you don't verify the result of your signature check your 389 00:25:26,999 --> 00:25:30,834 Secure Boot doesn't work very well. 390 00:25:30,834 --> 00:25:31,834 (Laughter). 391 00:25:31,834 --> 00:25:33,834 HANS NIELSEN: So the original root 392 00:25:33,834 --> 00:25:38,334 for this thing was actually pretty straightforward once you figured 393 00:25:38,334 --> 00:25:42,542 out all of the weird steps to get there, like you had to hold 394 00:25:42,542 --> 00:25:45,959 down the button and had to have USB on the go and 395 00:25:45,959 --> 00:25:49,792 a Flash drive and stuff at the right spot. 396 00:25:50,292 --> 00:25:53,999 You get to the point okay, I can load an image on here. 397 00:25:53,999 --> 00:25:57,626 Why is my image verification not failing? 398 00:25:57,626 --> 00:26:02,876 Well, it is because they don't fail it when you verify the image. 399 00:26:02,999 --> 00:26:06,083 So we manage to actually get root on there. 400 00:26:06,083 --> 00:26:07,584 It is awesome. 401 00:26:07,999 --> 00:26:10,834 Google has already patched this. 402 00:26:10,834 --> 00:26:13,083 They released an update for this yesterday. 403 00:26:13,542 --> 00:26:17,709 So I don't know how readable the source code is. 404 00:26:17,709 --> 00:26:22,250 Essentially that green blob on the right side is the patch 405 00:26:22,250 --> 00:26:27,584 from Google that says if Ret return negative 1. 406 00:26:27,999 --> 00:26:30,250 So they patched that. 407 00:26:30,250 --> 00:26:31,250 A little sad. 408 00:26:31,250 --> 00:26:34,501 But we are looking in to Excuse me. 409 00:26:34,501 --> 00:26:38,542 So a little tradition at DEF CON first time speakers get 410 00:26:38,542 --> 00:26:41,459 to do a shot on stage. 411 00:26:41,876 --> 00:26:43,999 These guys are all first time. 412 00:26:44,125 --> 00:26:45,709 Have to. 413 00:26:45,792 --> 00:26:48,876 Give a big round of applause for the first time. 414 00:26:57,083 --> 00:26:59,792 (Applause.) Are they 21? 415 00:26:59,792 --> 00:27:00,792 Yes. 416 00:27:00,792 --> 00:27:02,167 Just one shot, not 21 shots. 417 00:27:02,167 --> 00:27:05,626 We have to be able to finish. 418 00:27:05,626 --> 00:27:08,083 Just keep going. 419 00:27:08,083 --> 00:27:09,667 Cheers. 420 00:27:09,709 --> 00:27:13,083 HANS NIELSEN: And one for everyone in the audience. 421 00:27:15,999 --> 00:27:18,459 (Applause.) Cheers. 422 00:27:18,459 --> 00:27:19,459 Cheers. 423 00:27:19,459 --> 00:27:20,459 Very good. 424 00:27:21,667 --> 00:27:23,792 All right. 425 00:27:25,834 --> 00:27:28,334 You 21? 426 00:27:33,626 --> 00:27:35,459 All right. 427 00:27:35,459 --> 00:27:36,459 No. 428 00:27:36,459 --> 00:27:37,459 Yes. 429 00:27:37,459 --> 00:27:39,876 HANS NIELSEN: Notice I didn't say the wife. 430 00:27:39,876 --> 00:27:40,876 That is a wife. 431 00:27:40,876 --> 00:27:41,876 Cheers. 432 00:27:41,876 --> 00:27:42,876 Cheers. 433 00:27:42,876 --> 00:27:43,999 First time speakers. 434 00:27:43,999 --> 00:27:48,584 Come on, give a round of applause. 435 00:27:48,999 --> 00:27:50,999 (Applause.) Now we will see if they can keep going 436 00:27:50,999 --> 00:27:54,501 with the presentation and pick up where they left off. 437 00:27:54,501 --> 00:27:57,083 HANS NIELSEN: I am not that much of a lightweight. 438 00:28:01,375 --> 00:28:02,626 Indeed. 439 00:28:02,626 --> 00:28:03,626 Thank you. 440 00:28:03,999 --> 00:28:06,999 That's actually pretty much it for the Chromecast stuff. 441 00:28:09,083 --> 00:28:10,999 Very convenient. 442 00:28:11,167 --> 00:28:14,501 And now I don't have to worry about speaking with a shot in me. 443 00:28:14,501 --> 00:28:15,501 So CJ. 444 00:28:15,501 --> 00:28:28,584 (Applause.) CJ HERES: So now my introduction, lovely picture. 445 00:28:28,959 --> 00:28:31,626 We have root through the NTFS trick. 446 00:28:31,626 --> 00:28:33,999 It works great and we can write whatever we want. 447 00:28:33,999 --> 00:28:37,083 But relating to the sata header we want more. 448 00:28:39,083 --> 00:28:45,999 So Secure Boot exploit and I promise you they checked the code. 449 00:28:49,083 --> 00:28:55,999 Armada 1000 the older version of the Armada 1500. 450 00:28:57,959 --> 00:29:00,167 Now very similar chips. 451 00:29:00,167 --> 00:29:02,667 Just the 3100 was a bit faster. 452 00:29:03,083 --> 00:29:05,667 So we believe that this exploit should also work 453 00:29:05,667 --> 00:29:08,584 on pretty much every Android based Armada 1000 454 00:29:08,584 --> 00:29:12,876 because the boot loader was provided by that model. 455 00:29:15,999 --> 00:29:20,999 Left hand side the Sony NSZ GS7, Vizio Costar, Hisense pulse, 456 00:29:20,999 --> 00:29:26,999 the LG plus IPTV and Google's Berlin's development device which is similar 457 00:29:26,999 --> 00:29:31,999 to the Vizio Costar and also devices we believe it should work 458 00:29:31,999 --> 00:29:36,083 on but haven't tested because we don't have them, 459 00:29:36,083 --> 00:29:40,501 error desktop PC, the Hisense XT 780 TV which might be 460 00:29:40,501 --> 00:29:42,999 out at any moment. 461 00:29:46,792 --> 00:29:48,584 Might patch it. 462 00:29:50,709 --> 00:29:55,709 Lenovo S31 which is available in China. 463 00:29:56,999 --> 00:29:59,918 And others, there may be other venders using this 464 00:29:59,918 --> 00:30:02,584 chip that we aren't aware of. 465 00:30:02,584 --> 00:30:06,751 Detailed security overview, starting from the internal secure crypto 466 00:30:06,751 --> 00:30:10,501 subprocessor, the box will power on and then execute 467 00:30:10,501 --> 00:30:15,751 the RAM code that is built in to it and will load stage 2. 468 00:30:15,792 --> 00:30:20,999 Stage 2 exists either on demand, eMMC, or over SPI but when it loads it in it 469 00:30:20,999 --> 00:30:26,167 will first decrypt it with a key that's stored within the CPU. 470 00:30:34,918 --> 00:30:37,417 So if it decrypts and verifies successfully it 471 00:30:37,417 --> 00:30:41,375 will actually have a return code and it will return a 1 or 0 depending 472 00:30:41,375 --> 00:30:44,999 on how it boots and either fail or continue. 473 00:30:44,999 --> 00:30:46,250 (Off microphone). 474 00:30:46,250 --> 00:30:48,250 CJ HERES: Sorry. 475 00:30:48,250 --> 00:30:49,918 I will slow down. 476 00:30:49,999 --> 00:30:50,999 (Laughter). 477 00:30:50,999 --> 00:30:53,834 CJ HERES: I will take a sip. 478 00:30:53,999 --> 00:30:54,999 Hold on. 479 00:30:54,999 --> 00:30:55,999 Another shot. 480 00:30:56,083 --> 00:31:02,751 (Laughter) (Applause.) CJ HERES: Thanks. 481 00:31:11,209 --> 00:31:15,709 So next up stage 2 will then execute. 482 00:31:15,709 --> 00:31:18,667 So assuming it verifies it starts up. 483 00:31:18,667 --> 00:31:21,584 And then stage 2 will finish the initialization 484 00:31:21,584 --> 00:31:26,751 on eMMC that we could remind you modify to pretty much do whatever we 485 00:31:26,751 --> 00:31:31,250 want and it will then load stage 3 to 0X 680000. 486 00:31:31,292 --> 00:31:34,417 We will admit these addresses are somewhat important. 487 00:31:38,417 --> 00:31:40,792 So that will load in. 488 00:31:40,834 --> 00:31:43,876 And assuming it then decrypts and verifies properly it 489 00:31:43,876 --> 00:31:46,501 will then execute stage 3. 490 00:31:46,501 --> 00:31:47,876 Stage 3 is the boot loader. 491 00:31:47,876 --> 00:31:50,209 It is a highly modified version of U Boot and mostly stripped 492 00:31:50,209 --> 00:31:53,417 out and it is kind of funny but simple. 493 00:31:53,751 --> 00:31:57,792 It also has, you know, support to boot secure images. 494 00:31:57,792 --> 00:32:00,918 It will send the image directly to the Secure Boot processor. 495 00:32:00,999 --> 00:32:02,834 Send it back to make sure it is good. 496 00:32:03,083 --> 00:32:07,209 Upon execution it will load the kernel to 0X 01100800. 497 00:32:09,083 --> 00:32:12,209 Assuming then again it decrypts and verifies and 498 00:32:12,209 --> 00:32:15,209 all good and returns a value that it checks it 499 00:32:15,209 --> 00:32:18,999 will then continue to load the RAM disk to 0X I think it 500 00:32:18,999 --> 00:32:21,584 is about 2 million or so. 501 00:32:23,999 --> 00:32:27,542 It will then execute the kernel and the kernel and 502 00:32:27,542 --> 00:32:31,334 the command lines that are set inside the boot loader 503 00:32:31,334 --> 00:32:35,751 will then set a hash to check the anit script to ensure that 504 00:32:35,751 --> 00:32:39,918 the anit binary has not been tampered with. 505 00:32:42,709 --> 00:32:44,959 Then it will then verify the RSA signatures 506 00:32:44,959 --> 00:32:47,876 on the anit scripts which we know don't work but I am sure 507 00:32:47,876 --> 00:32:50,792 they will probably work within a week. 508 00:32:51,167 --> 00:32:54,417 But back to the URT which keep in mind we are giving away URT 509 00:32:54,417 --> 00:32:56,459 adapters after this. 510 00:32:56,459 --> 00:32:57,709 They are kind of pointy. 511 00:33:01,083 --> 00:33:04,375 We can see they have some dot kernel at 0018000. 512 00:33:06,876 --> 00:33:09,626 So again keep that address in mind. 513 00:33:09,626 --> 00:33:10,626 It is important. 514 00:33:12,250 --> 00:33:14,542 This is a picture of the Android kernel 515 00:33:14,542 --> 00:33:16,959 and model secure image. 516 00:33:16,999 --> 00:33:21,876 Android had the Android magic and then some kernel arguments which 517 00:33:21,876 --> 00:33:25,999 it doesn't use and encrypted gunk below it. 518 00:33:25,999 --> 00:33:28,876 So keep that Android kernel header in mind. 519 00:33:29,501 --> 00:33:32,999 Now if you take a look at Asus boot image dot H you have 520 00:33:32,999 --> 00:33:36,125 an instruct for the kernel itself. 521 00:33:39,292 --> 00:33:41,501 Then you have the kernel size. 522 00:33:41,501 --> 00:33:45,375 Kernel address and RAM disk size and RAM disk address and SHA 1 hash 523 00:33:45,375 --> 00:33:49,584 and some of the stuff is not really relevant now. 524 00:33:49,751 --> 00:33:50,999 I am going to pull up a mocked version 525 00:33:50,999 --> 00:33:54,999 of this and give you a minute to review while I take a sip of this. 526 00:33:56,209 --> 00:33:57,667 Whoo. 527 00:33:58,999 --> 00:34:01,083 So the mocked up version of the Android kernel 528 00:34:01,083 --> 00:34:03,459 and Marvell secure version. 529 00:34:05,459 --> 00:34:08,626 Keep in mind these slides will be (lost audio). 530 00:34:12,459 --> 00:34:15,584 Might wait until Monday when we are back home. 531 00:34:20,501 --> 00:34:24,375 But getting to this, Android magic and then kernel size and then kernel 532 00:34:24,375 --> 00:34:26,083 load address. 533 00:34:26,375 --> 00:34:29,999 After the kernel load address we have the RAM disk size and RAM loader 534 00:34:29,999 --> 00:34:33,334 address and then kernel load arguments which surprisingly are 535 00:34:33,334 --> 00:34:35,292 replaced on root. 536 00:34:35,334 --> 00:34:38,999 When we initially started trying to get in to this box we dumped the image 537 00:34:38,999 --> 00:34:40,999 and noticed the Android kernel header 538 00:34:40,999 --> 00:34:44,209 and we figured we could mess around with the command lines 539 00:34:44,209 --> 00:34:46,209 and it might work. 540 00:34:46,999 --> 00:34:50,375 So we went with the eMMC Flash. 541 00:34:51,417 --> 00:34:53,999 We were able to replace the kernel arguments 542 00:34:53,999 --> 00:34:56,542 but it still wasn't changing. 543 00:34:56,876 --> 00:35:02,999 So figured they were replaced and then SSH 1 hash and still boot. 544 00:35:02,999 --> 00:35:05,083 It does not check that. 545 00:35:05,083 --> 00:35:11,459 The actual Marvell secure image which includes a key index and then RSA 1024 546 00:35:11,459 --> 00:35:15,167 bit signature followed by AES. 547 00:35:16,209 --> 00:35:18,417 So not messing around. 548 00:35:18,584 --> 00:35:20,751 But let's take a second look about header. 549 00:35:21,083 --> 00:35:23,709 RAM disk size and RAM disk load address. 550 00:35:23,999 --> 00:35:27,501 In the red is the RAM disk size and in the black is the RAM disk address. 551 00:35:27,999 --> 00:35:31,918 For some idiotic reason they do especially 552 00:35:31,918 --> 00:35:37,459 if we place it where the kernel should be loading. 553 00:35:37,542 --> 00:35:39,751 This loads in right after the kernel. 554 00:35:39,792 --> 00:35:42,501 And since we changed the RAM disk load address we can then 555 00:35:42,501 --> 00:35:45,167 replace the RAM disk with our own unsigned kernel 556 00:35:45,167 --> 00:35:47,999 with sata support or whatever we want and jam it 557 00:35:47,999 --> 00:35:51,250 in there and when we boot the box it will automatically boot 558 00:35:51,250 --> 00:35:52,999 up to that. 559 00:35:54,751 --> 00:35:58,999 So some pseudo code of what the boot loader code looks like. 560 00:35:58,999 --> 00:36:01,626 We have a fixed kernel load address and does 561 00:36:01,626 --> 00:36:06,250 an eMMC read and then does a we thought this was load image 562 00:36:06,250 --> 00:36:10,083 and turns out it is a verify image. 563 00:36:10,083 --> 00:36:12,375 Verify image on the kernel image itself and has 564 00:36:12,375 --> 00:36:15,417 an if to check the return code. 565 00:36:17,250 --> 00:36:20,999 But if you notice after the return it will then load the RAM disk it 566 00:36:20,999 --> 00:36:24,792 will check the RAM disk header size to see what it is and if it is set 567 00:36:24,792 --> 00:36:27,999 to something and it will then load an arbitrary amount of data 568 00:36:27,999 --> 00:36:30,959 at whatever address we will give. 569 00:36:36,083 --> 00:36:37,999 For the Sony NSZ7. 570 00:36:38,751 --> 00:36:40,959 Sony went above and beyond with the security 571 00:36:40,959 --> 00:36:43,584 and also signed the RAM disk image. 572 00:36:44,083 --> 00:36:47,501 However what we could do is append a at a small kernel 573 00:36:47,501 --> 00:36:49,999 and append it with our RAM disk which was 574 00:36:49,999 --> 00:36:53,792 a custom kernel and stick that in to the RAM disk location 575 00:36:53,792 --> 00:36:56,999 and offset the RAM disk load address. 576 00:36:56,999 --> 00:37:02,167 Instead of 010008000 we could set it to 010098000 to something 577 00:37:02,167 --> 00:37:10,292 and then still get hacked kernel to load right address and still execute. 578 00:37:10,375 --> 00:37:12,999 Sony has made quite a few blunders like this trying 579 00:37:12,999 --> 00:37:15,083 to improve security. 580 00:37:15,542 --> 00:37:16,959 I don't know what's up. 581 00:37:17,834 --> 00:37:20,626 So placeholder image and now U Boot. 582 00:37:20,626 --> 00:37:22,959 Through this exploit which we are releasing these packages 583 00:37:22,959 --> 00:37:25,876 for most Google TVs, or you could modify the source code 584 00:37:25,876 --> 00:37:27,999 to whatever you want. 585 00:37:32,959 --> 00:37:36,918 The cubed GPL release had a version of U Boot that we were able 586 00:37:36,918 --> 00:37:39,999 to modify and then get it to execute with no issues 587 00:37:39,999 --> 00:37:43,167 and we could load a kernel via FTP. 588 00:37:44,584 --> 00:37:51,125 I will skip this feature and show you guys a quick demo. 589 00:37:56,167 --> 00:37:57,999 I don't use Max. 590 00:37:57,999 --> 00:37:59,751 Where is my mouse? 591 00:38:00,999 --> 00:38:02,292 Thank you. 592 00:38:02,542 --> 00:38:06,125 So we are also going to show a quick come on. 593 00:38:06,959 --> 00:38:10,999 I look totally computer illiterate. 594 00:38:10,999 --> 00:38:11,999 Seriously. 595 00:38:12,250 --> 00:38:13,667 Fix me. 596 00:38:13,959 --> 00:38:14,959 (Laughter). 597 00:38:14,959 --> 00:38:24,667 CJ HERES: Nice. 598 00:38:24,667 --> 00:38:25,667 There you go. 599 00:38:25,667 --> 00:38:28,375 So what we are doing right now Nothing on the screen. 600 00:38:28,375 --> 00:38:29,375 CJ HERES: Really? 601 00:38:29,375 --> 00:38:30,375 Do this. 602 00:38:31,083 --> 00:38:33,626 This is your computer and not mine. 603 00:38:33,999 --> 00:38:35,876 Thanks for that. 604 00:38:35,999 --> 00:38:38,999 CJ HERES: This blame is totally not on me. 605 00:38:38,999 --> 00:38:41,999 I am blaming you, too. 606 00:38:41,999 --> 00:38:43,999 That's awesome. 607 00:38:43,999 --> 00:38:49,417 CJ HERES: There you go. 608 00:38:49,417 --> 00:38:52,918 Move to your right. 609 00:38:52,918 --> 00:38:53,918 Move to your right. 610 00:38:53,918 --> 00:38:54,918 Yay. 611 00:38:54,918 --> 00:38:56,459 (Applause.) CJ HERES: Sweet. 612 00:38:56,459 --> 00:38:57,999 So you are probably not going to be able to make this out and going 613 00:38:57,999 --> 00:39:01,083 to be on Youtube when we are off the stage. 614 00:39:01,999 --> 00:39:06,542 What we are doing right now is we are pulling up Asus cubed 615 00:39:06,542 --> 00:39:09,083 and do an NTFS point. 616 00:39:14,334 --> 00:39:17,125 Then we stuck it inside the Asus cube and what we are 617 00:39:17,125 --> 00:39:19,334 going to do right now is run Flash erase 618 00:39:19,334 --> 00:39:23,167 on the normal one that doesn't work since we don't have root permissions 619 00:39:23,167 --> 00:39:27,709 and then run Flash erase and then write on our modified version. 620 00:39:29,959 --> 00:39:32,626 Keep in mind our custom recovery is rather thin. 621 00:39:32,709 --> 00:39:36,709 It is not like we can just put CWM to it and call it a day 622 00:39:36,709 --> 00:39:40,083 because CWM's buffer uses Android's. 623 00:39:42,792 --> 00:39:45,959 Google TV boxes have a very specific custom version which 624 00:39:45,959 --> 00:39:47,501 is idiotic. 625 00:39:48,584 --> 00:39:51,334 Right now it is showing it being written 626 00:39:51,334 --> 00:39:53,667 and erased and we will give that 627 00:39:53,667 --> 00:39:58,709 a moment and watch blurry text while we listen to a whole model keyboard 628 00:39:58,709 --> 00:40:00,792 to rattle away. 629 00:40:02,999 --> 00:40:04,667 So that was the erase and now we are going 630 00:40:04,667 --> 00:40:07,125 to do the man write and I have a typo. 631 00:40:07,125 --> 00:40:08,834 So it is going to error at first. 632 00:40:12,834 --> 00:40:13,999 Yeah. 633 00:40:13,999 --> 00:40:15,375 This took many, many takes because I do not know how 634 00:40:15,375 --> 00:40:17,083 to use a camera. 635 00:40:23,334 --> 00:40:25,125 So it shows the permission denied trying 636 00:40:25,125 --> 00:40:28,709 to write the actual MTV device and then show my typo. 637 00:40:31,000 --> 00:40:35,000 And honestly I do not know what I mistyped but something happened. 638 00:40:37,417 --> 00:40:38,999 So now we are going to do the actual write 639 00:40:38,999 --> 00:40:41,626 of the custom recovery that we created. 640 00:40:48,209 --> 00:40:50,792 This is the slow of the video watching everything type 641 00:40:50,792 --> 00:40:52,709 and then it picks up. 642 00:40:57,167 --> 00:41:00,959 Write, write, write, write showing that we can write 643 00:41:00,959 --> 00:41:04,167 to anything on the box that we want which should 644 00:41:04,167 --> 00:41:08,083 work on many, many devices and NTFS device can use block 645 00:41:08,083 --> 00:41:10,626 in character devices. 646 00:41:10,876 --> 00:41:13,709 Now we are rebooting in to our custom recovery. 647 00:41:14,375 --> 00:41:19,083 Keep in mind that recovery images, kernel images signed and encrypted 648 00:41:19,083 --> 00:41:22,459 and show you on the left hand side we have put my 649 00:41:22,459 --> 00:41:25,626 handle for the kernel compiler. 650 00:41:25,626 --> 00:41:27,834 We are putting in a USB drive with a copy of U Boot 651 00:41:27,834 --> 00:41:32,501 on it that we are going to then Flash to replace the boot loader. 652 00:41:32,959 --> 00:41:37,125 So there is that custom recovery on the right using unsigned code. 653 00:41:42,250 --> 00:41:44,959 (Applause.) CJ HERES: And now scrolling all the way 654 00:41:44,959 --> 00:41:47,417 to the top we did a busy box I.D. 655 00:41:47,999 --> 00:41:51,959 Also roots over ADB and if you want you can modify 656 00:41:51,959 --> 00:41:54,999 to whatever else you want. 657 00:41:55,250 --> 00:41:59,083 Command line, just proving that it is our own custom compiled kernel 658 00:41:59,083 --> 00:42:03,959 running on the box and pressing 1 and installing the custom U Boot. 659 00:42:06,542 --> 00:42:09,083 As completed we are going to be set. 660 00:42:09,375 --> 00:42:11,209 Reboot the box and you will see on the left hand side we will go 661 00:42:11,209 --> 00:42:14,083 to U Boot prompt letting us boot anything we want. 662 00:42:14,709 --> 00:42:16,999 We can start whatever we need. 663 00:42:17,417 --> 00:42:19,999 So pretty much it for the demo video. 664 00:42:19,999 --> 00:42:22,292 I am going to shoot it back to MBM to close up. 665 00:42:29,999 --> 00:42:31,999 (Applause.) Good luck. 666 00:42:31,999 --> 00:42:33,459 (Applause.) MIKE BAKER: So links to everything that we have covered 667 00:42:33,459 --> 00:42:36,083 in this presentation is at DC21.gtvhacker.com. 668 00:42:38,584 --> 00:42:40,999 We thank you all for attending and we are going to hand 669 00:42:40,999 --> 00:42:42,999 out some URT adapters. 670 00:42:42,999 --> 00:42:45,292 We are looking for questions that people who ask 671 00:42:45,292 --> 00:42:49,501 questions will get priority and URT adapters and after that we 672 00:42:49,501 --> 00:42:52,167 will hand out what's left. 673 00:42:52,792 --> 00:42:54,292 Quick questions. 674 00:42:54,292 --> 00:42:55,292 Anyone? 675 00:42:55,292 --> 00:42:56,999 Right here. 676 00:43:00,083 --> 00:43:02,167 (Off microphone). 677 00:43:05,375 --> 00:43:09,918 He said what experience do we have getting Android applications that are 678 00:43:09,918 --> 00:43:12,918 not built for the Google TV with native code to run 679 00:43:12,918 --> 00:43:14,918 on the Google TV. 680 00:43:14,918 --> 00:43:17,792 I actually did put together a native development kit 681 00:43:17,792 --> 00:43:21,459 for Google TV but it is not in a good state that I feel 682 00:43:21,459 --> 00:43:23,999 comfortable releasing. 683 00:43:23,999 --> 00:43:26,375 I built a connect APK with just some 684 00:43:26,375 --> 00:43:31,999 like it does very minimal like it uses very minimal native code 685 00:43:31,999 --> 00:43:33,999 but it works. 686 00:43:33,999 --> 00:43:36,125 I tested the native code and it works fine. 687 00:43:36,125 --> 00:43:38,667 If anyone in the community wants to step forward and help 688 00:43:38,667 --> 00:43:41,792 out with that we would appreciate it. 689 00:43:41,792 --> 00:43:45,209 If you want to come and grab your adapter. 690 00:43:45,751 --> 00:43:46,751 Anyone else? 691 00:43:48,125 --> 00:43:49,999 Right here. 692 00:43:51,375 --> 00:43:54,083 It is very pointy. 693 00:43:54,083 --> 00:43:57,083 Can you say that again? 694 00:43:57,083 --> 00:43:58,876 (Off microphone). 695 00:43:58,876 --> 00:44:00,709 He asked if we tried JTAG debugging or 696 00:44:00,709 --> 00:44:02,999 if URT is sufficient. 697 00:44:02,999 --> 00:44:05,959 URT has been sufficient up until this point. 698 00:44:07,334 --> 00:44:09,751 We haven't made a whole lot of progress with them and 699 00:44:09,751 --> 00:44:11,417 the Gen 1 we did. 700 00:44:12,542 --> 00:44:15,375 We haven't needed it at this point. 701 00:44:15,375 --> 00:44:19,959 If we got down to it we would go to that route, but we haven't yet. 702 00:44:19,999 --> 00:44:21,999 You want to give him one. 703 00:44:22,125 --> 00:44:23,125 Anyone? 704 00:44:23,125 --> 00:44:24,125 Next question. 705 00:44:24,125 --> 00:44:25,125 Right here. 706 00:44:25,125 --> 00:44:27,626 (Off microphone). 707 00:44:27,999 --> 00:44:29,751 He asked besides Hula what other content 708 00:44:29,751 --> 00:44:32,542 providers have we had issues with? 709 00:44:32,876 --> 00:44:40,709 CBS, Fox, miscellaneous Flash streaming sites. 710 00:44:40,709 --> 00:44:43,709 It is ridiculous the number of people that choose to block us 711 00:44:43,709 --> 00:44:46,375 or block Google TV in general. 712 00:44:47,751 --> 00:44:49,834 (Off microphone). 713 00:44:51,083 --> 00:44:54,167 He asked how many have we had success bypassing? 714 00:44:54,751 --> 00:44:55,751 All of them. 715 00:44:55,751 --> 00:44:58,250 We mimic the desktop Flash setup. 716 00:44:58,417 --> 00:44:59,999 If you want to give him one. 717 00:45:00,876 --> 00:45:05,334 I think we are I think we are running low on time. 718 00:45:05,334 --> 00:45:07,999 So let me get like one or two more questions. 719 00:45:07,999 --> 00:45:08,999 Yes. 720 00:45:08,999 --> 00:45:09,999 Okay. 721 00:45:09,999 --> 00:45:11,792 Like guy in the red shirt and then we will get the guy 722 00:45:11,792 --> 00:45:14,501 in the black shirt that's behind him. 723 00:45:14,501 --> 00:45:15,999 (Off microphone). 724 00:45:19,250 --> 00:45:21,375 Can you repeat the question? 725 00:45:21,375 --> 00:45:22,375 I am sorry. 726 00:45:27,709 --> 00:45:29,751 (Off microphone). 727 00:45:29,751 --> 00:45:32,542 It hasn't been something he asked if we have tried to get a Python 728 00:45:32,542 --> 00:45:36,083 or pro or any other scripting languages on the box. 729 00:45:36,375 --> 00:45:41,125 We haven't worked on that, but it would absolutely be possible. 730 00:45:41,375 --> 00:45:42,375 Yes. 731 00:45:42,626 --> 00:45:45,292 It is Linux at its core. 732 00:45:45,292 --> 00:45:47,083 So let me get this. 733 00:45:47,209 --> 00:45:49,542 I am sorry. 734 00:45:49,667 --> 00:45:52,083 And oh, wow. 735 00:45:52,083 --> 00:45:53,083 Good throw. 736 00:45:53,083 --> 00:45:54,083 Black shirt polo. 737 00:45:54,334 --> 00:45:57,209 (Off microphone). 738 00:45:57,626 --> 00:46:00,083 He asked what's next for the Chromecast. 739 00:46:00,083 --> 00:46:03,125 We are looking at other avenues of exploitation but we are afraid 740 00:46:03,125 --> 00:46:05,334 to mention exactly what they are based 741 00:46:05,334 --> 00:46:09,584 on how quickly it was patched and also that we are here. 742 00:46:09,584 --> 00:46:14,542 If we say anything publicly it could bite us in the butt. 743 00:46:14,542 --> 00:46:16,250 So if you want to someone want to give that gentleman one 744 00:46:16,250 --> 00:46:18,125 or throw one at him. 745 00:46:18,125 --> 00:46:19,125 Sorry. 746 00:46:19,334 --> 00:46:20,999 Oh, my God. 747 00:46:20,999 --> 00:46:21,999 Okay. 748 00:46:22,250 --> 00:46:24,542 You know, let's use the honor system and pass that 749 00:46:24,542 --> 00:46:28,584 to him if that's cool or, you know, just leave it for Penn & Teller. 750 00:46:28,999 --> 00:46:29,999 I think the gentleman in the black shirt had 751 00:46:29,999 --> 00:46:32,709 a question unless it was already answered. 752 00:46:32,918 --> 00:46:35,250 (Off microphone). 753 00:46:35,459 --> 00:46:38,209 No, we would actually really love to know. 754 00:46:38,209 --> 00:46:41,584 If anyone is here from Google is here we would love to talk to them. 755 00:46:41,999 --> 00:46:45,999 We had an open conversation with Google and we don't know 756 00:46:45,999 --> 00:46:49,959 if they hate us and we get the feeling that they do 757 00:46:49,959 --> 00:46:53,876 because they tend to shy away from us. 758 00:46:58,375 --> 00:47:03,209 Let's give him a URT and we will continue this in the Q and A room. 759 00:47:05,125 --> 00:47:06,417 Oh. 760 00:47:06,417 --> 00:47:08,125 This is this is getting bad. 761 00:47:08,626 --> 00:47:10,959 So we will follow up in the Q and A room. 762 00:47:10,959 --> 00:47:12,417 We can hand these out directly. 763 00:47:16,751 --> 00:47:19,209 We don't have any more time for questions but we will have time 764 00:47:19,209 --> 00:47:20,999 in the other room. 765 00:47:22,709 --> 00:47:26,083 We will have time in the other room if any of you guys want to follow up. 766 00:47:26,083 --> 00:47:27,083 Thank you. 767 00:47:27,083 --> 00:47:28,626 (Applause) You did great. 768 00:47:28,626 --> 00:47:29,626 Thank you. 769 00:47:29,626 --> 00:47:31,125 We didn't hurt anyone, did we?