Exploitee.rs - User contributions [en]

GTv-OS (AndroidTV)

2011-08-04T02:07:29Z

KernelJayOmega: /* SDK/Toolchain Support */

{{Revue toc Inline}}

== Overview ==
The Google TV operating system is based on Android 2.1 on a [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Linux 2.6.23 based kernel]. The system enables security such as an NX (Non eXecutable) Stack and a [http://en.wikipedia.org/wiki/Chroot chrooted] chrome. Also making things difficult is the Operating Systems ability to push automatic updates without user intervention.

The Operating System currently provides the following "stock" applications

*CNBC Real-Time
*Gallery
*Google Chrome
*Logitech Help Assistant (Logitech Only)
*Logitech Media Player (Logitech Only)
*Logitech Vid HD (Logitech Only)
*Napster
*NBA Game Time
*Netflix
*Pandora
*Settings
*TV
*Twitter

Gpl'd portions of the GoogleTV source can be found [http://code.google.com/p/googletv-mirrored-source/ here]

== SDK/Toolchain Support ==

The [http://googletv-mirrored-source.googlecode.com/hg/intel-sdk/intel-sdk-toolchain.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Intel SDK Toolchain] is available as part of Google's GPL release for the Google TV. The toolchain is required to compile code to run on the Linux operating system of the Logitech Revue. (Sony devices as well as other future devices are most likely also compatible with this toolchain but since we don't have these products to root we don't know yet.)

We have not yet documented a complete list of required dependencies but here are a few packages which might come in handy:
*texinfo (we encountered some issues with certain supposedly supported versions of makeinfo but updating texinfo resolved this on most systems)
*flex
*bison
*gawk -- Please note that some Ubuntu installs have mawk rather than the GNU awk (gawk); mawk is not compatible with the awk scripts in the Intel SDK
*patch
*gcc et al
*build-essential (Ubuntu)

To simplify the toolchain setup, [[craigdroid]] created [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip this script] which simplifies the process of configuring a build system. After preparing the toolchain you will want to run the following commands (which are demo'd in the script) to establish your environment:
<pre>
export CROSS_COMPILE=i686-cm-linux-
export LD_LIBRARY_PATH=~/googletv/sdk/i686-linux-elf/lib
export PATH=$PATH:~/googletv/sdk/i686-linux-elf/bin/
</pre>

== NDK Support ==

Although at present Google has not released a proper NDK for the platform, the gtvhacker team have combined the Intel SDK Toolchain from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] with the work of the [http://www.android-x86.org/ Android x86] project to provide unofficial support in the interim.

The entire process of setting up unofficial NDK support has been simplified into an [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip easy to use script] by craigdroid. The script has been tested on a few of our systems running CentOS 5.4 32-bit, as well as 32-bit and 64-bit editions of Ubuntu.

Since this is building the Intel toolchain automatically all of the caveats regarding the Intel SDK Toolchain apply here as well.

To automatically download, build and configure NDK support first save yourself some time and check the dependencies list in the SDK/Toolchain Support section and then from any users shell:
<pre>
wget http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip && unzip gtvhacker-NDK-installer.zip && ./gtvhacker-NDK-installer.sh
</pre>

This will install the NDK to ~/googletv/ndk/ for the current user. Some guidance on how to use the NDK is provided upon completion of successful script execution.

== Support For USB Serial Converters ==

The [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 published kernel] from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] is configured to have built-in support FTDI single interface USB serial adapters as a serial console.
<pre>
#
# USB Serial Converter support
#
CONFIG_USB_SERIAL=y
CONFIG_USB_SERIAL_CONSOLE=y
CONFIG_USB_SERIAL_GENERIC=y
CONFIG_USB_SERIAL_FTDI_SIO=y
</pre>

This configuration has been verified via the proc.gz file of a Logitech Revue at its latest firmware revision (using the BreakVue hack). Here is the [http://pastie.org/1437422 complete kernel configuration].

Please note however that by default init does not appear to run a shell on this console. This is the only adapter which we have identified to have built-in driver support.

GTv-OS (AndroidTV)

2011-02-11T18:04:56Z

KernelJayOmega: /* SDK/Toolchain Support */ fixed export

{{Revue toc Inline}}

== Overview ==
The Google TV operating system is based on Android 2.1 on a [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Linux 2.6.23 based kernel]. The system enables security such as an NX (Non eXecutable) Stack and a [http://en.wikipedia.org/wiki/Chroot chrooted] chrome. Also making things difficult is the Operating Systems ability to push automatic updates without user intervention.

The Operating System currently provides the following "stock" applications

*CNBC Real-Time
*Gallery
*Google Chrome
*Logitech Help Assistant (Logitech Only)
*Logitech Media Player (Logitech Only)
*Logitech Vid HD (Logitech Only)
*Napster
*NBA Game Time
*Netflix
*Pandora
*Settings
*TV
*Twitter

Gpl'd portions of the GoogleTV source can be found [http://code.google.com/p/googletv-mirrored-source/ here]

== SDK/Toolchain Support ==

The [http://googletv-mirrored-source.googlecode.com/hg/intel-sdk/intel-sdk-toolchain.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Intel SDK Toolchain] is available as part of Google's GPL release for the Google TV. The toolchain is required to compile code to run on the Linux operating system of the Logitech Revue. (Sony devices as well as other future devices are most likely also compatible with this toolchain but since we don't have these products to root we don't know yet.)

We have not yet documented a complete list of required dependencies but here are a few packages which might come in handy:
*texinfo (we encountered some issues with certain supposedly supported versions of makeinfo but updating texinfo resolved this on most systems)
*flex
*bison
*gawk -- Please note that some Ubuntu installs have mawk rather than the GNU awk (gawk); mawk is not compatible with the awk scripts in the Intel SDK
*patch
*gcc et al
*build-essential (Ubuntu)

To simplify the toolchain setup, craigdroid created [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip this script] which simplifies the process of configuring a build system. After preparing the toolchain you will want to run the following commands (which are demo'd in the script) to establish your environment:
<pre>
export CROSS_COMPILE=i686-cm-linux-
export LD_LIBRARY_PATH=~/googletv/sdk/i686-linux-elf/lib
export PATH=$PATH:~/googletv/sdk/i686-linux-elf/bin/
</pre>

== NDK Support ==

Although at present Google has not released a proper NDK for the platform, the gtvhacker team have combined the Intel SDK Toolchain from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] with the work of the [http://www.android-x86.org/ Android x86] project to provide unofficial support in the interim.

The entire process of setting up unofficial NDK support has been simplified into an [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip easy to use script] by craigdroid. The script has been tested on a few of our systems running CentOS 5.4 32-bit, as well as 32-bit and 64-bit editions of Ubuntu.

Since this is building the Intel toolchain automatically all of the caveats regarding the Intel SDK Toolchain apply here as well.

To automatically download, build and configure NDK support first save yourself some time and check the dependencies list in the SDK/Toolchain Support section and then from any users shell:
<pre>
wget http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip && unzip gtvhacker-NDK-installer.zip && ./gtvhacker-NDK-installer.sh
</pre>

This will install the NDK to ~/googletv/ndk/ for the current user. Some guidance on how to use the NDK is provided upon completion of successful script execution.

== Support For USB Serial Converters ==

The [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 published kernel] from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] is configured to have built-in support FTDI single interface USB serial adapters as a serial console.
<pre>
#
# USB Serial Converter support
#
CONFIG_USB_SERIAL=y
CONFIG_USB_SERIAL_CONSOLE=y
CONFIG_USB_SERIAL_GENERIC=y
CONFIG_USB_SERIAL_FTDI_SIO=y
</pre>

This configuration has been verified via the proc.gz file of a Logitech Revue at its latest firmware revision (using the BreakVue hack). Here is the [http://pastie.org/1437422 complete kernel configuration].

Please note however that by default init does not appear to run a shell on this console. This is the only adapter which we have identified to have built-in driver support.

Logitech Revue Kernel

2011-02-05T00:00:21Z

KernelJayOmega: /* Overview */

=== Overview ===
The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader, etc wrapped around vmlinux.bin.gz which has its gzip header 0x37f5 bytes into the composite kernel image we have examined. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

It should also be noted that reading through this Wiki page should illustrate that the [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 kernel source posted on Google's mirrored source site] is not a complete representation of the Logitech Revue's kernel.

Refer to [https://opensource.logitech.com opensource.logitech.com] for the complete Logitech Revue GPL release.

=== Kernel Configuration ===
Fortunately the Revue's kernel provides /proc/config.gz which allows a glimpse into the kernel in advance of a proper GPL release from Logitech.

=== Security Measures ===
Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
* The /system partition is configured as read-only by the flash layout compiled into the kernel
* [[CONFIG_MODULE_SIG]]=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)
* [[CONFIG_DEVMEM_PROTECT]]=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

=== Running Modules ===
The following is lsmod output from a rooted Revue:

<pre>
alsa_shim 12092 0 - Live 0xad1bc000 (PF)
snd_usb_audio 84480 0 - Live 0xad3e1000
snd_usb_lib 17280 1 snd_usb_audio, Live 0xac4fa000
snd_rawmidi 22016 1 snd_usb_lib, Live 0xad1b5000
snd_seq_device 8332 1 snd_rawmidi, Live 0xad1a9000
snd_pcm 74888 2 alsa_shim,snd_usb_audio, Live 0xad2c1000
snd_page_alloc 11400 1 snd_pcm, Live 0xad1a5000
snd_hwdep 8708 1 snd_usb_audio, Live 0xad1a1000
snd_timer 23172 1 snd_pcm, Live 0xad031000
snd 48820 8 alsa_shim,snd_usb_audio,snd_usb_lib,snd_rawmidi,snd_seq_device,snd_pcm,snd_hwdep,snd_timer, Live 0xad071000
pvrsrvkm 120532 14 - Live 0xad001000 (F)
edl_audio_dac_drv_linux 11264 0 - Live 0xac374000 (F)
edl_thermal 7688 0 - Live 0xac2dc000 (F)
vidcap_ce4X00 39132 0 - Live 0xac4e1000 (F)
ismdavcap_shim 29888 0 - Live 0xac4b1000 (F)
avcap_synthetic 14016 0 - Live 0xac2c7000 (F)
avcap_core 10004 7 vidcap_ce4X00,ismdavcap_shim,avcap_synthetic, Live 0xac2cc000
ismdbufmon 28612 0 - Live 0xac2d0000 (F)
ismdaudio 5976696 1 alsa_shim, Live 0xbd9d5000 (F)
ismdvidrend 115456 0 - Live 0xac481000 (F)
ismdvidpproc 769908 1 ismdvidrend, Live 0xbd40f000 (F)
ismdviddec_v2 386552 0 - Live 0xae701000 (F)
ismddemux_v2 350816 0 - Live 0xad701000 (F)
ismdclock_recovery 12552 4 ismdavcap_shim,ismdbufmon,ismdaudio,ismddemux_v2, Live 0xac279000 (F)
ismdclock 22184 0 - Live 0xac269000 (F)
ismdcore 6714528 11 alsa_shim,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock, Live 0xac57b000 (F)
ioctl_module 5012 14 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore, Live 0xac243000
gdl_mm 59212 40 ismdaudio,ismdvidrend, Live 0xac248000 (F)
sec_kernel 21348 6 - Live 0xac231000 (F)
hst_ccmp 6912 0 - Live 0xac21d000
wlan 583560 1 hst_ccmp, Live 0xac2df000 (P)
intel_ce_pm 14368 4 pvrsrvkm,vidcap_ce4X00,ismdvidpproc,gdl_mm, Live 0xac238000 (F)
clock_control 21932 5 ismdaudio,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm, Live 0xac216000 (F)
idl_spi 8524 1 edl_audio_dac_drv_linux, Live 0xac209000 (F)
idl_gpio 23980 2 - Live 0xac0f2000 (F)
idl_i2c 16540 3 vidcap_ce4X00,gdl_mm,clock_control, Live 0xac0f9000 (F)
sven_linux 28648 13 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,sec_kernel,clock_control, Live 0xac0da000 (F)
system_utils_linux 3712 8 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2, Live 0xac02c000 (F)
platform_config 13316 15 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,intel_ce_pm,clock_control,sven_linux,system_utils_linux, Live 0xac0ea000
pal_linux 20228 14 pvrsrvkm,edl_thermal,ismdaudio,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux, Live 0xac03a000 (F)
osal_linux 23568 25 alsa_shim,pvrsrvkm,edl_audio_dac_drv_linux,edl_thermal,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux,system_utils_linux,pal_linux, Live 0xac0e3000
</pre>

=== USB Serial Adapter Support ===
The [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 published kernel] from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] is configured to have built-in support FTDI single interface USB serial adapters as a serial console. This option is also enabled in the kernel configuration of the Logitech Revue:
<pre>
#
# USB Serial Converter support
#
CONFIG_USB_SERIAL=y
CONFIG_USB_SERIAL_CONSOLE=y
CONFIG_USB_SERIAL_GENERIC=y
CONFIG_USB_SERIAL_FTDI_SIO=y
</pre>

'''NOTE: Although the driver has been verified to load, there is unfortunately no shell attached to the console in the default configuration.'''

=== Virtual Kernel Memory Layout ===
Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffffa000 - 0xfffff000 ( 20 kB)
vmalloc : 0xac000000 - 0xffff8000 (1343 MB)
lowmem : 0x80000000 - 0xab800000 ( 696 MB)
.init : 0x80484000 - 0x804b5000 ( 196 kB)
.data : 0x803925b8 - 0x80481398 ( 955 kB)
.text : 0x80100000 - 0x803925b8 (2633 kB)

=== Examining the Kernel Image ===
The kernel lives in /system/boot/kernel which can be extracted from an OTA update file or from a rooted Revue. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image.

To extract vmlinux.bin.gz from /system/boot/kernel, use dd to copy starting at the gzip header:
dd if=./ota_update/system/boot/kernel of=vmlinux.bin.gz bs=$((0x37f5)) skip=1
Now you can decompress the vmlinux.bin.gz
gzip -d vmlinux.bin.gz

At this point you have the vmlinux.bin which is essentially vmlinux minus the ELF headers and symbols.

[[Category:Logitech Revue|Kernel]]
[[Category:Kernels|Logitech Revue]]

Craigdroid

2011-01-25T03:21:52Z

KernelJayOmega: added Android device list

'''Member Profile'''

*XDA/GTVHacker Name: Craigdroid
*Wiki/Blog Handle: KernelJayOmega
*Real Name: Craig Young
*Email: craig @ gtvhacker.com
*Twitter: [http://www.twitter.com/craigtweets craigtweets]
*Area of expertise: Build systems, Linux kernel development, network analysis, microelectronics, security research
*Android Devices: T-Mobile G1 (HTC Dream), Nexus One, 2xLogitech Revue (1 rooted and one stock)

Logitech Revue Kernel

2011-01-23T18:32:57Z

KernelJayOmega: FTDI notes

=== Overview ===
The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader, etc wrapped around vmlinux.bin.gz which has its gzip header 0x37f5 bytes into the composite kernel image we have examined. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

It should also be noted that reading through this Wiki page should illustrate that the [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 kernel source posted on Google's mirrored source site] is not a complete representation of the Logitech Revue's kernel.

=== Kernel Configuration ===
Fortunately the Revue's kernel provides /proc/config.gz which allows a glimpse into the kernel in advance of a proper GPL release from Logitech.

=== Security Measures ===
Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
* The /system partition is configured as read-only by the flash layout compiled into the kernel
* [[CONFIG_MODULE_SIG]]=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)
* [[CONFIG_DEVMEM_PROTECT]]=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

=== Running Modules ===
The following is lsmod output from a rooted Revue:

<pre>
alsa_shim 12092 0 - Live 0xad1bc000 (PF)
snd_usb_audio 84480 0 - Live 0xad3e1000
snd_usb_lib 17280 1 snd_usb_audio, Live 0xac4fa000
snd_rawmidi 22016 1 snd_usb_lib, Live 0xad1b5000
snd_seq_device 8332 1 snd_rawmidi, Live 0xad1a9000
snd_pcm 74888 2 alsa_shim,snd_usb_audio, Live 0xad2c1000
snd_page_alloc 11400 1 snd_pcm, Live 0xad1a5000
snd_hwdep 8708 1 snd_usb_audio, Live 0xad1a1000
snd_timer 23172 1 snd_pcm, Live 0xad031000
snd 48820 8 alsa_shim,snd_usb_audio,snd_usb_lib,snd_rawmidi,snd_seq_device,snd_pcm,snd_hwdep,snd_timer, Live 0xad071000
pvrsrvkm 120532 14 - Live 0xad001000 (F)
edl_audio_dac_drv_linux 11264 0 - Live 0xac374000 (F)
edl_thermal 7688 0 - Live 0xac2dc000 (F)
vidcap_ce4X00 39132 0 - Live 0xac4e1000 (F)
ismdavcap_shim 29888 0 - Live 0xac4b1000 (F)
avcap_synthetic 14016 0 - Live 0xac2c7000 (F)
avcap_core 10004 7 vidcap_ce4X00,ismdavcap_shim,avcap_synthetic, Live 0xac2cc000
ismdbufmon 28612 0 - Live 0xac2d0000 (F)
ismdaudio 5976696 1 alsa_shim, Live 0xbd9d5000 (F)
ismdvidrend 115456 0 - Live 0xac481000 (F)
ismdvidpproc 769908 1 ismdvidrend, Live 0xbd40f000 (F)
ismdviddec_v2 386552 0 - Live 0xae701000 (F)
ismddemux_v2 350816 0 - Live 0xad701000 (F)
ismdclock_recovery 12552 4 ismdavcap_shim,ismdbufmon,ismdaudio,ismddemux_v2, Live 0xac279000 (F)
ismdclock 22184 0 - Live 0xac269000 (F)
ismdcore 6714528 11 alsa_shim,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock, Live 0xac57b000 (F)
ioctl_module 5012 14 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore, Live 0xac243000
gdl_mm 59212 40 ismdaudio,ismdvidrend, Live 0xac248000 (F)
sec_kernel 21348 6 - Live 0xac231000 (F)
hst_ccmp 6912 0 - Live 0xac21d000
wlan 583560 1 hst_ccmp, Live 0xac2df000 (P)
intel_ce_pm 14368 4 pvrsrvkm,vidcap_ce4X00,ismdvidpproc,gdl_mm, Live 0xac238000 (F)
clock_control 21932 5 ismdaudio,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm, Live 0xac216000 (F)
idl_spi 8524 1 edl_audio_dac_drv_linux, Live 0xac209000 (F)
idl_gpio 23980 2 - Live 0xac0f2000 (F)
idl_i2c 16540 3 vidcap_ce4X00,gdl_mm,clock_control, Live 0xac0f9000 (F)
sven_linux 28648 13 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,sec_kernel,clock_control, Live 0xac0da000 (F)
system_utils_linux 3712 8 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2, Live 0xac02c000 (F)
platform_config 13316 15 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,intel_ce_pm,clock_control,sven_linux,system_utils_linux, Live 0xac0ea000
pal_linux 20228 14 pvrsrvkm,edl_thermal,ismdaudio,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux, Live 0xac03a000 (F)
osal_linux 23568 25 alsa_shim,pvrsrvkm,edl_audio_dac_drv_linux,edl_thermal,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux,system_utils_linux,pal_linux, Live 0xac0e3000
</pre>

=== USB Serial Adapter Support ===
The [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 published kernel] from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] is configured to have built-in support FTDI single interface USB serial adapters as a serial console. This option is also enabled in the kernel configuration of the Logitech Revue:
<pre>
#
# USB Serial Converter support
#
CONFIG_USB_SERIAL=y
CONFIG_USB_SERIAL_CONSOLE=y
CONFIG_USB_SERIAL_GENERIC=y
CONFIG_USB_SERIAL_FTDI_SIO=y
</pre>

'''NOTE: Although the driver has been verified to load, there is unfortunately no shell attached to the console in the default configuration.'''

=== Virtual Kernel Memory Layout ===
Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffffa000 - 0xfffff000 ( 20 kB)
vmalloc : 0xac000000 - 0xffff8000 (1343 MB)
lowmem : 0x80000000 - 0xab800000 ( 696 MB)
.init : 0x80484000 - 0x804b5000 ( 196 kB)
.data : 0x803925b8 - 0x80481398 ( 955 kB)
.text : 0x80100000 - 0x803925b8 (2633 kB)

=== Examining the Kernel Image ===
The kernel lives in /system/boot/kernel which can be extracted from an OTA update file or from a rooted Revue. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image.

To extract vmlinux.bin.gz from /system/boot/kernel, use dd to copy starting at the gzip header:
dd if=./ota_update/system/boot/kernel of=vmlinux.bin.gz bs=$((0x37f5)) skip=1
Now you can decompress the vmlinux.bin.gz
gzip -d vmlinux.bin.gz

At this point you have the vmlinux.bin which is essentially vmlinux minus the ELF headers and symbols.

[[Category:Logitech Revue|Kernel]]
[[Category:Kernels|Logitech Revue]]

Logitech Revue Kernel

2011-01-23T18:27:38Z

KernelJayOmega: added category Kernels

=== Overview ===
The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader, etc wrapped around vmlinux.bin.gz which has its gzip header 0x37f5 bytes into the composite kernel image we have examined. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

It should also be noted that reading through this Wiki page should illustrate that the [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 kernel source posted on Google's mirrored source site] is not a complete representation of the Logitech Revue's kernel.

=== Kernel Configuration ===
Fortunately the Revue's kernel provides /proc/config.gz which allows a glimpse into the kernel in advance of a proper GPL release from Logitech.

=== Security Measures ===
Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
* The /system partition is configured as read-only by the flash layout compiled into the kernel
* [[CONFIG_MODULE_SIG]]=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)
* [[CONFIG_DEVMEM_PROTECT]]=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

=== Running Modules ===
The following is lsmod output from a rooted Revue:

<pre>
alsa_shim 12092 0 - Live 0xad1bc000 (PF)
snd_usb_audio 84480 0 - Live 0xad3e1000
snd_usb_lib 17280 1 snd_usb_audio, Live 0xac4fa000
snd_rawmidi 22016 1 snd_usb_lib, Live 0xad1b5000
snd_seq_device 8332 1 snd_rawmidi, Live 0xad1a9000
snd_pcm 74888 2 alsa_shim,snd_usb_audio, Live 0xad2c1000
snd_page_alloc 11400 1 snd_pcm, Live 0xad1a5000
snd_hwdep 8708 1 snd_usb_audio, Live 0xad1a1000
snd_timer 23172 1 snd_pcm, Live 0xad031000
snd 48820 8 alsa_shim,snd_usb_audio,snd_usb_lib,snd_rawmidi,snd_seq_device,snd_pcm,snd_hwdep,snd_timer, Live 0xad071000
pvrsrvkm 120532 14 - Live 0xad001000 (F)
edl_audio_dac_drv_linux 11264 0 - Live 0xac374000 (F)
edl_thermal 7688 0 - Live 0xac2dc000 (F)
vidcap_ce4X00 39132 0 - Live 0xac4e1000 (F)
ismdavcap_shim 29888 0 - Live 0xac4b1000 (F)
avcap_synthetic 14016 0 - Live 0xac2c7000 (F)
avcap_core 10004 7 vidcap_ce4X00,ismdavcap_shim,avcap_synthetic, Live 0xac2cc000
ismdbufmon 28612 0 - Live 0xac2d0000 (F)
ismdaudio 5976696 1 alsa_shim, Live 0xbd9d5000 (F)
ismdvidrend 115456 0 - Live 0xac481000 (F)
ismdvidpproc 769908 1 ismdvidrend, Live 0xbd40f000 (F)
ismdviddec_v2 386552 0 - Live 0xae701000 (F)
ismddemux_v2 350816 0 - Live 0xad701000 (F)
ismdclock_recovery 12552 4 ismdavcap_shim,ismdbufmon,ismdaudio,ismddemux_v2, Live 0xac279000 (F)
ismdclock 22184 0 - Live 0xac269000 (F)
ismdcore 6714528 11 alsa_shim,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock, Live 0xac57b000 (F)
ioctl_module 5012 14 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore, Live 0xac243000
gdl_mm 59212 40 ismdaudio,ismdvidrend, Live 0xac248000 (F)
sec_kernel 21348 6 - Live 0xac231000 (F)
hst_ccmp 6912 0 - Live 0xac21d000
wlan 583560 1 hst_ccmp, Live 0xac2df000 (P)
intel_ce_pm 14368 4 pvrsrvkm,vidcap_ce4X00,ismdvidpproc,gdl_mm, Live 0xac238000 (F)
clock_control 21932 5 ismdaudio,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm, Live 0xac216000 (F)
idl_spi 8524 1 edl_audio_dac_drv_linux, Live 0xac209000 (F)
idl_gpio 23980 2 - Live 0xac0f2000 (F)
idl_i2c 16540 3 vidcap_ce4X00,gdl_mm,clock_control, Live 0xac0f9000 (F)
sven_linux 28648 13 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,sec_kernel,clock_control, Live 0xac0da000 (F)
system_utils_linux 3712 8 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2, Live 0xac02c000 (F)
platform_config 13316 15 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,intel_ce_pm,clock_control,sven_linux,system_utils_linux, Live 0xac0ea000
pal_linux 20228 14 pvrsrvkm,edl_thermal,ismdaudio,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux, Live 0xac03a000 (F)
osal_linux 23568 25 alsa_shim,pvrsrvkm,edl_audio_dac_drv_linux,edl_thermal,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux,system_utils_linux,pal_linux, Live 0xac0e3000
</pre>

=== Virtual Kernel Memory Layout ===
Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffffa000 - 0xfffff000 ( 20 kB)
vmalloc : 0xac000000 - 0xffff8000 (1343 MB)
lowmem : 0x80000000 - 0xab800000 ( 696 MB)
.init : 0x80484000 - 0x804b5000 ( 196 kB)
.data : 0x803925b8 - 0x80481398 ( 955 kB)
.text : 0x80100000 - 0x803925b8 (2633 kB)

=== Examining the Kernel Image ===
The kernel lives in /system/boot/kernel which can be extracted from an OTA update file or from a rooted Revue. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image.

To extract vmlinux.bin.gz from /system/boot/kernel, use dd to copy starting at the gzip header:
dd if=./ota_update/system/boot/kernel of=vmlinux.bin.gz bs=$((0x37f5)) skip=1
Now you can decompress the vmlinux.bin.gz
gzip -d vmlinux.bin.gz

At this point you have the vmlinux.bin which is essentially vmlinux minus the ELF headers and symbols.

[[Category:Logitech Revue|Kernel]]
[[Category:Kernels|Logitech Revue]]

CONFIG DEVMEM PROTECT

2011-01-23T18:26:57Z

KernelJayOmega: added category Kernels

=== Overview ===
Although we have not found a specific implementation for this kernel configuration item, it is most likely similar in nature to CONFIG_NONPROMISC_DEVMEM or CONFIG_STRICT_DEVMEM options in other kernel distributions. The purpose of this parameter would be to restrict user space applications from accessing kernel space (i.e. ring 0) memory via the /dev/mem character device. Preliminary testing reveals that requests to read from where the kernel is loaded (i.e. above 1MB) fail with EACCES even while root and with properly set permissions on the device. Without this protection in place it would be possible to modify kernel structures and subvert other security mechanisms such as the [[CONFIG_MODULE_SIG]] protection.

[[Category:Logitech Revue|CONFIG_DEVMEM_PROTECT]]
[[Category:Kernels|CONFIG_DEVMEM_PROTECT]]

Category:Kernels

2011-01-23T18:25:54Z

KernelJayOmega: Initial Contribution

This category is for any information pertinent to the kernels used in various Google TV devices.

CONFIG MODULE SIG

2011-01-23T18:24:47Z

KernelJayOmega: added category Kernels

=== Overview ===
The '''CONFIG_MODULE_SIG''' parameter implements cryptographic signing of all [http://tldp.org/HOWTO/Module-HOWTO/ loadable kernel modules (LKM)]. With this option configured the kernel will use compiled in public keys to verify the authenticity of the module. As per [http://lkml.org/lkml/2007/2/14/169 David Howells LKML post]:

There are several reasons why these patches are useful, amongst which are:

(1) to protect against accidentally-corrupted modules causing damage;

(2) to protect against maliciously modified modules causing damage;

(3) to allow a sysadmin (or more likely an IT department) to enforce a policy that only known and approved modules shall be loaded onto machines which they're expected to support;

(4) to allow other support providers to do likewise, or at least to _detect_ the fact that unsupported modules are loaded;

(5) to allow the detection of modules replaced by a second-order distro or a preloaded Linux purveyor.

'''NOTE: The patch attached to the referenced [http://lkml.org LKML] [http://lkml.org/lkml/2007/2/14/169 post] is not entirely consistent with the implementation on the Revue. Since Logitech has not made a GPL drop, we can not verify the specific implementation at this time.'''

=== Logitech Implementation ===
The CONFIG_MODULE_SIG option is enabled in the kernel used under normal operation. It is not enabled when in (the initial) recovery mode. Analysis of modules from the Logitech Revue gives an indication of how Logitech has likely modified the standard Linux kernel patch. Using objdump to inspect the ELF sections reveals that the Revue appears to use a section called '.signature' rather than '.module_sig'.

This is seen in index 11 of the 'objdump -h' output provided below from a module used by the Revue:
<pre>
sec_kernel.ko: file format elf32-i386

Sections:
Idx Name Size VMA LMA File off Algn
0 .text 00002960 00000000 00000000 00000040 2**4
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .rodata 000002bc 00000000 00000000 000029a0 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
2 .rodata.str1.1 00000199 00000000 00000000 00002c5c 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .rodata.str1.4 00000478 00000000 00000000 00002df8 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .modinfo 000000ba 00000000 00000000 00003280 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 __versions 00000580 00000000 00000000 00003340 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .data 000000c4 00000000 00000000 000038c0 2**5
CONTENTS, ALLOC, LOAD, RELOC, DATA
7 .gnu.linkonce.this_module 00000280 00000000 00000000 00003a00 2**7
CONTENTS, ALLOC, LOAD, RELOC, DATA, LINK_ONCE_DISCARD
8 .bss 00000664 00000000 00000000 00003c80 2**5
ALLOC
9 .comment 0000006c 00000000 00000000 00003c80 2**0
CONTENTS, READONLY
10 .note.GNU-stack 00000000 00000000 00000000 00003cec 2**0
CONTENTS, READONLY
11 .signature 00000200 00000000 00000000 00003cec 2**0
CONTENTS, READONLY
</pre>
[[Category:Logitech Revue|CONFIG_MODULE_SIG]]
[[Category:Kernels|CONFIG_MODULE_SIG]]

CONFIG MODULE SIG

2011-01-23T18:23:37Z

KernelJayOmega: /* Logitech Implementation */ note about recovery

Logitech Revue Kernel

2011-01-23T18:21:06Z

KernelJayOmega:

=== Overview ===
The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader, etc wrapped around vmlinux.bin.gz which has its gzip header 0x37f5 bytes into the composite kernel image we have examined. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

It should also be noted that reading through this Wiki page should illustrate that the [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 kernel source posted on Google's mirrored source site] is not a complete representation of the Logitech Revue's kernel.

=== Kernel Configuration ===
Fortunately the Revue's kernel provides /proc/config.gz which allows a glimpse into the kernel in advance of a proper GPL release from Logitech.

=== Security Measures ===
Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
* The /system partition is configured as read-only by the flash layout compiled into the kernel
* [[CONFIG_MODULE_SIG]]=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)
* [[CONFIG_DEVMEM_PROTECT]]=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

=== Running Modules ===
The following is lsmod output from a rooted Revue:

<pre>
alsa_shim 12092 0 - Live 0xad1bc000 (PF)
snd_usb_audio 84480 0 - Live 0xad3e1000
snd_usb_lib 17280 1 snd_usb_audio, Live 0xac4fa000
snd_rawmidi 22016 1 snd_usb_lib, Live 0xad1b5000
snd_seq_device 8332 1 snd_rawmidi, Live 0xad1a9000
snd_pcm 74888 2 alsa_shim,snd_usb_audio, Live 0xad2c1000
snd_page_alloc 11400 1 snd_pcm, Live 0xad1a5000
snd_hwdep 8708 1 snd_usb_audio, Live 0xad1a1000
snd_timer 23172 1 snd_pcm, Live 0xad031000
snd 48820 8 alsa_shim,snd_usb_audio,snd_usb_lib,snd_rawmidi,snd_seq_device,snd_pcm,snd_hwdep,snd_timer, Live 0xad071000
pvrsrvkm 120532 14 - Live 0xad001000 (F)
edl_audio_dac_drv_linux 11264 0 - Live 0xac374000 (F)
edl_thermal 7688 0 - Live 0xac2dc000 (F)
vidcap_ce4X00 39132 0 - Live 0xac4e1000 (F)
ismdavcap_shim 29888 0 - Live 0xac4b1000 (F)
avcap_synthetic 14016 0 - Live 0xac2c7000 (F)
avcap_core 10004 7 vidcap_ce4X00,ismdavcap_shim,avcap_synthetic, Live 0xac2cc000
ismdbufmon 28612 0 - Live 0xac2d0000 (F)
ismdaudio 5976696 1 alsa_shim, Live 0xbd9d5000 (F)
ismdvidrend 115456 0 - Live 0xac481000 (F)
ismdvidpproc 769908 1 ismdvidrend, Live 0xbd40f000 (F)
ismdviddec_v2 386552 0 - Live 0xae701000 (F)
ismddemux_v2 350816 0 - Live 0xad701000 (F)
ismdclock_recovery 12552 4 ismdavcap_shim,ismdbufmon,ismdaudio,ismddemux_v2, Live 0xac279000 (F)
ismdclock 22184 0 - Live 0xac269000 (F)
ismdcore 6714528 11 alsa_shim,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock, Live 0xac57b000 (F)
ioctl_module 5012 14 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore, Live 0xac243000
gdl_mm 59212 40 ismdaudio,ismdvidrend, Live 0xac248000 (F)
sec_kernel 21348 6 - Live 0xac231000 (F)
hst_ccmp 6912 0 - Live 0xac21d000
wlan 583560 1 hst_ccmp, Live 0xac2df000 (P)
intel_ce_pm 14368 4 pvrsrvkm,vidcap_ce4X00,ismdvidpproc,gdl_mm, Live 0xac238000 (F)
clock_control 21932 5 ismdaudio,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm, Live 0xac216000 (F)
idl_spi 8524 1 edl_audio_dac_drv_linux, Live 0xac209000 (F)
idl_gpio 23980 2 - Live 0xac0f2000 (F)
idl_i2c 16540 3 vidcap_ce4X00,gdl_mm,clock_control, Live 0xac0f9000 (F)
sven_linux 28648 13 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,sec_kernel,clock_control, Live 0xac0da000 (F)
system_utils_linux 3712 8 alsa_shim,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2, Live 0xac02c000 (F)
platform_config 13316 15 ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,intel_ce_pm,clock_control,sven_linux,system_utils_linux, Live 0xac0ea000
pal_linux 20228 14 pvrsrvkm,edl_thermal,ismdaudio,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux, Live 0xac03a000 (F)
osal_linux 23568 25 alsa_shim,pvrsrvkm,edl_audio_dac_drv_linux,edl_thermal,vidcap_ce4X00,ismdavcap_shim,ismdbufmon,ismdaudio,ismdvidrend,ismdvidpproc,ismdviddec_v2,ismddemux_v2,ismdclock_recovery,ismdclock,ismdcore,gdl_mm,sec_kernel,intel_ce_pm,clock_control,idl_spi,idl_gpio,idl_i2c,sven_linux,system_utils_linux,pal_linux, Live 0xac0e3000
</pre>

=== Virtual Kernel Memory Layout ===
Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffffa000 - 0xfffff000 ( 20 kB)
vmalloc : 0xac000000 - 0xffff8000 (1343 MB)
lowmem : 0x80000000 - 0xab800000 ( 696 MB)
.init : 0x80484000 - 0x804b5000 ( 196 kB)
.data : 0x803925b8 - 0x80481398 ( 955 kB)
.text : 0x80100000 - 0x803925b8 (2633 kB)

=== Examining the Kernel Image ===
The kernel lives in /system/boot/kernel which can be extracted from an OTA update file or from a rooted Revue. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image.

To extract vmlinux.bin.gz from /system/boot/kernel, use dd to copy starting at the gzip header:
dd if=./ota_update/system/boot/kernel of=vmlinux.bin.gz bs=$((0x37f5)) skip=1
Now you can decompress the vmlinux.bin.gz
gzip -d vmlinux.bin.gz

At this point you have the vmlinux.bin which is essentially vmlinux minus the ELF headers and symbols.

[[Category:Logitech Revue|Kernel]]

GoogleTV - Version Numbers

2011-01-23T18:17:23Z

KernelJayOmega: /* Logitech Revue */

Google TV Version numbers are unique per device.

== How to determine my Version Number ==

== Known Released Version Numbers ==
=== Logitech Revue ===
{| border="1" cellspacing="0"
! Version number
! ID
! Date first seen
! Update link
! Announcement
|-
| [[ Revue Update b39389 | b39389 ]]
|
| unknown
| http://android.clients.google.com/packages/ota/logitech_ka/439c26f6af05.mp-signed-ota_update-b39389.zip
|
|-
| [[ Revue Update b39953| b39953]]
|
| unknown
| http://android.clients.google.com/packages/ota/logitech_ka/52057d168e2b.mp-signed-ota_update-b39953.zip
|
|-
| [[ Revue Update b42449| b42449]]
| 2.1-Update1
| 12-15-10
| http://android.clients.google.com/packages/ota/logitech_ka/c9914396d183.mp-signed-ota_update-b42449.zip
| [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-December-15-2010/td-p/537980 Logitech Forums]
|-
| [[ Revue Update b42732 | b42732]]
| 2.1-Update1
| 01-12-11
| http://android.clients.google.com/packages/ota/logitech_ka/9504d579bade.mp-signed-ota_update-b42732.zip
| [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 Logitech Forums]
|}
[[Category:Logitech Revue|Version Numbers]]

=== Sony Blu Ray Player X ===
{| border="1" cellspacing="0"
! Version number
! ID
! Date first seen
! Update link
! Announcement
|-
| [[ Sony Update 164108| 164108]]
| 2.1-update1
| 01-10-11
| ogm_2.1_2010121503ON.164108
|
|}

=== Sony GoogleTV X===
== Known Development/Beta Vesion Numbers ==

== Core GoogleTV Versions ==
These Version Numbers relate to GoogleTV Versions, which may or may not see release to the individual devices. Think of the difference between ASOP releases and device-specific releases.

LogitechRevueUpdates

2011-01-23T18:16:40Z

KernelJayOmega: Removed category since this is just a place holder

Logitech Revue Version information and Update information has been moved to the [[GoogleTV_-_Version_Numbers | Google TV Version page]].
{{Revue toc Inline}}

CONFIG DEVMEM PROTECT

2011-01-23T18:15:53Z

KernelJayOmega: added category

CONFIG MODULE SIG

2011-01-23T18:15:11Z

KernelJayOmega: added category

=== Overview ===
The '''CONFIG_MODULE_SIG''' parameter implements cryptographic signing of all [http://tldp.org/HOWTO/Module-HOWTO/ loadable kernel modules (LKM)]. With this option configured the kernel will use compiled in public keys to verify the authenticity of the module. As per [http://lkml.org/lkml/2007/2/14/169 David Howells LKML post]:

There are several reasons why these patches are useful, amongst which are:

(1) to protect against accidentally-corrupted modules causing damage;

(2) to protect against maliciously modified modules causing damage;

(3) to allow a sysadmin (or more likely an IT department) to enforce a policy that only known and approved modules shall be loaded onto machines which they're expected to support;

(4) to allow other support providers to do likewise, or at least to _detect_ the fact that unsupported modules are loaded;

(5) to allow the detection of modules replaced by a second-order distro or a preloaded Linux purveyor.

'''NOTE: The patch attached to the referenced [http://lkml.org LKML] [http://lkml.org/lkml/2007/2/14/169 post] is not entirely consistent with the implementation on the Revue. Since Logitech has not made a GPL drop, we can not verify the specific implementation at this time.'''

=== Logitech Implementation ===
Analysis of modules from the Logitech Revue gives an indication of how Logitech has likely modified the standard Linux kernel patch. Using objdump to inspect the ELF sections reveals that the Revue appears to use a section called '.signature' rather than '.module_sig'.

This is seen in index 11 of the 'objdump -h' output provided below from a module used by the Revue:
<pre>
sec_kernel.ko: file format elf32-i386

Sections:
Idx Name Size VMA LMA File off Algn
0 .text 00002960 00000000 00000000 00000040 2**4
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .rodata 000002bc 00000000 00000000 000029a0 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
2 .rodata.str1.1 00000199 00000000 00000000 00002c5c 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .rodata.str1.4 00000478 00000000 00000000 00002df8 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .modinfo 000000ba 00000000 00000000 00003280 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 __versions 00000580 00000000 00000000 00003340 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .data 000000c4 00000000 00000000 000038c0 2**5
CONTENTS, ALLOC, LOAD, RELOC, DATA
7 .gnu.linkonce.this_module 00000280 00000000 00000000 00003a00 2**7
CONTENTS, ALLOC, LOAD, RELOC, DATA, LINK_ONCE_DISCARD
8 .bss 00000664 00000000 00000000 00003c80 2**5
ALLOC
9 .comment 0000006c 00000000 00000000 00003c80 2**0
CONTENTS, READONLY
10 .note.GNU-stack 00000000 00000000 00000000 00003cec 2**0
CONTENTS, READONLY
11 .signature 00000200 00000000 00000000 00003cec 2**0
CONTENTS, READONLY
</pre>
[[Category:Logitech Revue|CONFIG_MODULE_SIG]]

CONFIG DEVMEM PROTECT

2011-01-23T18:14:03Z

KernelJayOmega: added a note about CONFIG_MODULE_SIG

CONFIG DEVMEM PROTECT

2011-01-23T18:11:28Z

KernelJayOmega: Initial Contribution

CONFIG MODULE SIG

2011-01-23T18:02:14Z

KernelJayOmega: Initial Contribution

=== Overview ===
The '''CONFIG_MODULE_SIG''' parameter implements cryptographic signing of all [http://tldp.org/HOWTO/Module-HOWTO/ loadable kernel modules (LKM)]. With this option configured the kernel will use compiled in public keys to verify the authenticity of the module. As per [http://lkml.org/lkml/2007/2/14/169 David Howells LKML post]:

There are several reasons why these patches are useful, amongst which are:

(1) to protect against accidentally-corrupted modules causing damage;

(2) to protect against maliciously modified modules causing damage;

(3) to allow a sysadmin (or more likely an IT department) to enforce a policy that only known and approved modules shall be loaded onto machines which they're expected to support;

(4) to allow other support providers to do likewise, or at least to _detect_ the fact that unsupported modules are loaded;

(5) to allow the detection of modules replaced by a second-order distro or a preloaded Linux purveyor.

'''NOTE: The patch attached to the referenced [http://lkml.org LKML] [http://lkml.org/lkml/2007/2/14/169 post] is not entirely consistent with the implementation on the Revue. Since Logitech has not made a GPL drop, we can not verify the specific implementation at this time.'''

=== Logitech Implementation ===
Analysis of modules from the Logitech Revue gives an indication of how Logitech has likely modified the standard Linux kernel patch. Using objdump to inspect the ELF sections reveals that the Revue appears to use a section called '.signature' rather than '.module_sig'.

This is seen in index 11 of the 'objdump -h' output provided below from a module used by the Revue:
<pre>
sec_kernel.ko: file format elf32-i386

Sections:
Idx Name Size VMA LMA File off Algn
0 .text 00002960 00000000 00000000 00000040 2**4
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .rodata 000002bc 00000000 00000000 000029a0 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
2 .rodata.str1.1 00000199 00000000 00000000 00002c5c 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .rodata.str1.4 00000478 00000000 00000000 00002df8 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .modinfo 000000ba 00000000 00000000 00003280 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 __versions 00000580 00000000 00000000 00003340 2**5
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .data 000000c4 00000000 00000000 000038c0 2**5
CONTENTS, ALLOC, LOAD, RELOC, DATA
7 .gnu.linkonce.this_module 00000280 00000000 00000000 00003a00 2**7
CONTENTS, ALLOC, LOAD, RELOC, DATA, LINK_ONCE_DISCARD
8 .bss 00000664 00000000 00000000 00003c80 2**5
ALLOC
9 .comment 0000006c 00000000 00000000 00003c80 2**0
CONTENTS, READONLY
10 .note.GNU-stack 00000000 00000000 00000000 00003cec 2**0
CONTENTS, READONLY
11 .signature 00000200 00000000 00000000 00003cec 2**0
CONTENTS, READONLY
</pre>

Logitech Revue UART root

2011-01-23T17:17:57Z

KernelJayOmega: /* GTVHACKER'S Guide to installing applications and rooting your Logitech Revue */ -- Added steps for installing applications for the n00bs

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==
=== 2011 January 21: CONFIG_MODULE_SIG on the Revue ===
I have finally identified why my attempts at loading my own modules onto the Revue have all failed (outside of recovery). As shown in /proc/config.gz, the Revue kernel was built with CONFIG_MODULE_SIG=y which means that any module will require a signature that can be verified with the public signatures compiled into the kernel. Anybody out there up for patching /dev/mem to remove the signature checking or perhaps add a new signature? If so, please contact us!
--[http://gtvhacker.com/index.php/Craigdroid Craig]

=== 2011 January 16: FAT file systems and DOS line endings ===
I have received a few emails now from people having problems with the manual update script due to line endings and FAT file systems. If you do not understand what this means it is best to stick with using an extended (ext2) file system on your USB drive and extract everything under Linux rather than Windows.
--[http://gtvhacker.com/index.php/Craigdroid Craig]

=== 2011 January 15: Breaking OTA Updates ===
Logitech recently began deploying a [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 security update] which will incidentally remove root access if it is allowed to install on a rooted device. (This was not the purpose of the update but it is an adverse effect for our community.) The GTVHacker dev team's initial attempts to break OTA updates by moving the otacerts.zip was not fully successful. In order to remove the auto-updating feature, [http://gtvhacker.com/index.php/Craigdroid Craig] of the GTVHacker team has tested removal of /system/app/SystemUpdater.* with preliminary success. If this method works for others in the community, GTVHacker will consider the release of an updated manual update script with this and possibly other changes.

On a side note for non-rooted users, holding off on applying the update may expose your system to a vulnerability which could eventually be actively exploited to provide root access without a soldering iron. (This vulnerability could potentially be used maliciously so please consider this in deciding whether to apply the update.) Any (unrooted) box that is connected to the Internet over night will presumably be updated without user interaction.

=== 2011 January 14: Avoiding an unexpected reboot ===
NOTICE: If you have not properly completed step 6 (including pressing ALT+L) in the hardware portion before proceeding to the software section, you are risking bricking the Revue. This step is mandatory because it gets you into the recovery menu and prevents the system from automatically rebooting in the middle of an update. The video output should show the [http://simplygoogletv.com/wp-content/uploads/2010/12/202188476.jpg recovery menu] before proceeding to the software portion. (Thanks [http://www.twitter.com/stericson @stericson] for the picture.)

=== 2011 January 12: Logitech's Statement on Rooting ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue

=== 2011 January 5: Do I really need a virgin? ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L (On the revue keyboard, not through the console) until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Installing Apps===
After reboot, the Logitech Revue will now be running the [[Android Development Bridge (adb)]] daemon to allow remote connections on port 5555. If you already have the Android SDK tools installed you are ready to begin installing applications with the standard 'adb install' commands or accessing shell via 'adb shell'.
In case you are not familiar with using the [[Android Development Bridge (adb)]], the following steps will help you get started:

1.) Follow the steps outlined [http://developer.android.com/sdk/index.html here] to install the Android 2.1 SDK to the computer you wish to install apps from. Don't worry about USB drivers as you will not be using this with the Revue. (Newer SDK tools should work also, but keep in mind that the Revue is at SDK 7 when building apps.)

2.) Determine the IP address of your Revue by checking with your DHCP server or viewing 'Network Information' in the Revue Settings app. This will be referred to as <GTV-IP> in subsequent steps.

3.) Open a shell (i.e. bash/cygwin/dos/etc) on the machine with the SDK installed.

4.) Verify that the sdk tools directory is in your PATH (Google can help if you don't understand this step.)

5.) Run 'adb connect <GTV-IP>:5555' and you should see:
$ adb connect 10.10.10.50:5555
connected to 10.10.10.50:5555

6.) Change to the directory containing the Android packages (APK) you wish to install and run 'adb install app.apk' (where app.apk is the app's filename)
$ adb install Maps.apk
pkg: /data/local/tmp/Maps.apk
Success
1062 KB/s (3993846 bytes in 3.672s)

7.) If adb did not report any errors, your app should now be available in your Logitech Revue applications list. Please note that some Android apps make use of native code which runs outside of the [http://en.wikipedia.org/wiki/Dalvik_(software) DalvikVM]. These native pieces will need to be rebuilt for the Revue's x86 architecture. Refer to the [http://gtvhacker.com/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support Toolchain Support] page for help rebuilding native code.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is [http://gtvhacker.com/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support documented here].

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* [[Zenofex]]
* CJ_000
* [[Craigdroid]]
* Tdweng

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip Beta1] or [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer-beta2.zip Beta2]

[[Category:Logitech Revue]]

Logitech Revue Technical

2011-01-23T16:13:00Z

KernelJayOmega: /* Kernel Revisions */ updated link

{{Revue toc Inline}}

== Update Procedure ==

Place new update labelled "update.zip" on a USB drive, with a single partition (ie, 1st partition on a USB disk, so say "/dev/sdc1")

Insert into Revue in the Right most USB port (if looking at the back, closest to the power jack)

Boot into recovery mode:

#Plug in the box, once the fan goes low, hold the sync button. Box should reboot, keep the sync button held until image on screen.
#Once you see the Arrow on your screen, using your keyboard press Alt+L - usually once or twice until Formatting DATA: shows on the screen, and does not go away
#You can then update the box, with a newer update. Downgrading fails however due to a date check.

== Firmware Links ==

*http://android.clients.google.com/packages/ota/logitech_ka/439c26f6af05.mp-signed-ota_update-b39389.zip
*http://android.clients.google.com/packages/ota/logitech_ka/52057d168e2b.mp-signed-ota_update-b39953.zip
*http://android.clients.google.com/packages/ota/logitech_ka/c9914396d183.mp-signed-ota_update-b42449.zip
*http://android.clients.google.com/packages/ota/logitech_ka/9504d579bade.mp-signed-ota_update-b42732.zip

== Kernel Revisions ==
For details of the Revue kernel, refer to [[Logitech Revue Kernel]]

*Initial kernel observed on the Revue (?): 2.6.23.18-gc0a9a5fb (richard@sayan) (gcc version 4.1.2) #3 PREEMPT Sat Jul 31 15:32:56 PDT 2010
*439c26f6af05.mp-signed-ota_update-b39389: 2.6.23.18-g5fd8f46f (richard@mtdoom) #249 PREEMPT Tue Oct 5 09:55:20 BST 2010
*52057d168e2b.mp-signed-ota_update-b39953: 2.6.23.18-g5fd8f46f (richard@mtdoom) #249 PREEMPT Tue Oct 5 09:55:20 BST 2010
*c9914396d183.mp-signed-ota_update-b42449: 2.6.23.18-g5bba1a13 (sameer@sayan) #24 PREEMPT Fri Nov 19 11:13:31 PST 2010

== SDK/Toolchain Support ==

The [http://googletv-mirrored-source.googlecode.com/hg/intel-sdk/intel-sdk-toolchain.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Intel SDK Toolchain] is available as part of Google's GPL release for the Google TV. The toolchain is required to compile code to run on the Linux operating system of the Logitech Revue. (Sony devices as well as other future devices are most likely also compatible with this toolchain but since we don't have these products to root we don't know yet.)

We have not yet documented a complete list of required dependencies but here are a few packages which might come in handy:
*texinfo (we encountered some issues with certain supposedly supported versions of makeinfo but updating texinfo resolved this on most systems)
*flex
*bison
*awk
*patch
*gcc et al
*build-essential (Ubuntu)

To simplify the toolchain setup, craigdroid created [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip this script] which simplifies the process of configuring a build system. After preparing the toolchain you will want to run the following commands (which are demo'd in the script) to establish your environment:
<pre>
export CROSS_COMPILE=i686-linux-cm-
export LD_LIBRARY_PATH=~/googletv/sdk/i686-linux-elf/lib
export PATH=$PATH:~/googletv/sdk/i686-linux-elf/bin/
</pre>

== NDK Support ==

Although at present Google has not released a proper NDK for the platform, the gtvhacker team have combined the Intel SDK Toolchain from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] with the work of the [http://www.android-x86.org/ Android x86] project to provide unofficial support in the interim.

The entire process of setting up unofficial NDK support has been simplified into an [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip easy to use script] by craigdroid. The script has been tested on a few of our systems running CentOS 5.4 32-bit, as well as 32-bit and 64-bit editions of Ubuntu.

Since this is building the Intel toolchain automatically all of the caveats regarding the Intel SDK Toolchain apply here as well.

To automatically download, build and configure NDK support first save yourself some time and check the dependencies list in the SDK/Toolchain Support section and then from any users shell:
<pre>
wget http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip && unzip gtvhacker-NDK-installer.zip && ./gtvhacker-NDK-installer.sh
</pre>

This will install the NDK to ~/googletv/ndk/ for the current user. Some guidance on how to use the NDK is provided upon completion of successful script execution.

== Flash Hard Drive ==

The Revue has an internal hard drive stored on an sdram chip (flash memory). It contains the complete file system for the Revue as well as the user data (if their is not external storage provided). More information about the layout of this file system can be found [[ GTV_FileSystem | File System Details.]]

== Serial Output ==

The logitech revue board contains a UART1 port on the front of the board which before receiving the boxes initial updates is active. In order to communicate with UART port you will need a USB to TTL adapter (or board that does a similar conversion).

The pins operate at 3.3v and the port at 9600 baud with the following pinout:

[http://i.imgur.com/xJHay.jpg UART Pinout]

Serial output

via: http://googletv.pastebin.com/233dZqZx
[[Pasted Locally]]

== PIC Access ==
*There is a standard PIC access port to the right of the UART1 port. It can be accessed via a standard PIC Kit Debug board (Tested with version 2). The port has read/write access but the code is pulled from the chip as .hex file and is unreadable thus far.

*The pinout starting from the left (pin with white square around it) corresponds to pin 1 or Vpp.The remaining pins follow the same layout. [http://www.ianstedman.co.uk/Projects/TK3_PICKit2_adaptor/Pickit2_pinout.png PIC Pinout]

[http://googletv.pastebin.com/PBWRCAqB PIC Hex Dump] [[Local PIC Hex Dump]]

[http://dl.dropbox.com/u/217678/Bootloader%20from%20PIC.TXT PIC Disassembly]

== Updates ==
The updates contain a full set of system files (changed and unchanged), including a boot.img and a recovery.img

'''boot.img'''

The thread at [http://forum.xda-developers.com/showpost.php?p=8844074&postcount=80 xda-developer] has the process to extract from the .img files (thx bftb0):

"the "boot.img" file is in (little-endian) "squashfs" format and unpacks just fine using "unsquashfs" from the (Ubuntu 8.0.04 LTS) squashfs-tools package."

''' recovery.img

system/boot/recovery.img is a standard Android boot image with some extra garbage (0x580 bytes) at the front. Remove it like so:
dd if=system/boot/recovery.img bs=1408 skip=1 > recovery-ungarbaged.img
Unpack that like a normal Android boot image. Something like [http://android-dls.com/files/linux/split_bootimg.zip this Perl script] works well.

The kernel (system/boot/kernel) is also a boot image with the same extra garbage at the front.

'''Odex files'''

The .odex files can be extracted by using the following guide [http://code.google.com/p/smali/wiki/DeodexInstructions Deodex Instructions]

== Open Ports ==
List nmap ports

Normal Mode, hooked to a Dish Network DVR (622) via WiFi:

*Nmap scan report for LogitechRevue (192.168.1.142)
*Host is up (0.060s latency).
*Not shown: 65528 closed ports
*PORT STATE SERVICE
*53/tcp open domain
*1100/tcp open unknown
*5222/tcp open unknown -- [http://xmpp.org/ Extensible Messaging and Presence Protocol (XMPP) Service (http://xmpp.org/)]
*5223/tcp open unknown -- SSL port for [http://xmpp.org/ XMPP]
*9551/tcp open unknown -- [[AnyMote]] Pairing Service through IpRemoteControlService -- SSL handshake requests cert and logs show errors from [[AnyMote]]
*9552/tcp open unknown -- [[AnyMote]] Connection Port
*35832/tcp open unknown

Also of course, with root - port 5555, for ADB!

== Available Pinouts ==
*UART1 --> [http://i.imgur.com/xJHay.jpg UART Pinout]
*J3 --> PIC Chip Access (Pin 1 = VPP/MCLR, Pin 2 = VDD, Pin 3 = VSS, Pin 4 = ICSPDAT/PGD, Pin 5 = ICSPCLK/PGC, Pin 6 = Auxiliary)
*SW1 --> Push Button Switch (Use is unknown)
*J20 --> I2C (Top left - GND Top right - ? Bottom left - SDA Bottom right - SCL)
*J69 --> USB Pinout
*SATA1 --> SATA Pinout (Pin 1 = GND, Pin 2 = TXP / A+ , Pin 3 = TXN / A-, Pin 4 = GND , Pin 5 = RXN / B-, Pin 6 = RXP / B+ , Pin 7 = GND)
*J24 --> Unknown (Pin 1 = 3.3, Pin 2 = ?, Pin 3 = ?, Pin 4 = GND)
*J13 --> Unknown (Power for SATA?) - (Pin 1 = ?, Pin 2 = GND, Pin 3 = GND, Pin 4 = 5v)
*J67 --> USB (Pin 1 = GND, Pin 2 = D-, Pin 3 = D+, Pin 4 = FREE, Pin 5 = VCC +5V) used for RF daughter board. [http://www.chrispix.com/googleTV.jpg IMG]
*XDP1 --> Intel XDP Debug Adapter [http://software.intel.com/sites/products/documentation/hpc/atom/application/device_driver_debugging.pdf Information on XDP Debugging] [ftp://download.intel.com/design/Pentium4/guides/31337301.pdf Page 23 Pinout]
[[Category:Logitech Revue]]

== Volume Management Configuration ==
Similar to other android based products, external storage can be attached and the device will attempt to mount it to /sdcard as per the following vold.conf:
<pre>
volume_sdcard {
# NOTE: This path is overbroad and will capture any device on the
# tatung3/tatung4 external PCI bus. This needs to be fixed, in conjunction
# with vold changes to handle logical device names (DEVPATH names are not
# static, unfortunately.)
media_path /devices/pci0000:00/0000:00:01.0/0000:01:0d.1/usb2/
media_type scsi
mount_point /sdcard
read_only true
}
</pre>

Note the interesting comment about the media_path as well as the read_only=true attribute.
[[Category:Logitech Revue|Technical]]

Logitech Revue Kernel

2011-01-22T21:21:43Z

KernelJayOmega: changed wording about gzip header

Logitech Revue Kernel

2011-01-22T21:15:13Z

KernelJayOmega: Added note about config.gz

Logitech Revue Kernel

2011-01-22T21:06:31Z

KernelJayOmega: Added section on extracting vmlinux.bin

Logitech Revue Kernel

2011-01-22T20:49:28Z

KernelJayOmega: Removed space

=== Overview ===
The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

It should also be noted that reading through this Wiki page should illustrate that the [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 kernel source posted on Google's mirrored source site] is not a complete representation of the Logitech Revue's kernel.

=== Security Measures ===
Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
* The /system partition is configured as read-only by the flash layout compiled into the kernel
* [[CONFIG_MODULE_SIG]]=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)
* [[CONFIG_DEVMEM_PROTECT]]=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

=== Virtual Kernel Memory Layout ===
Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffffa000 - 0xfffff000 ( 20 kB)
vmalloc : 0xac000000 - 0xffff8000 (1343 MB)
lowmem : 0x80000000 - 0xab800000 ( 696 MB)
.init : 0x80484000 - 0x804b5000 ( 196 kB)
.data : 0x803925b8 - 0x80481398 ( 955 kB)
.text : 0x80100000 - 0x803925b8 (2633 kB)

[[Category:Logitech Revue|Kernel]]

Logitech Revue Kernel

2011-01-22T20:45:51Z

KernelJayOmega: removed toc

=== Overview ===
The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

It should also be noted that reading through this Wiki page should illustrate that the [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 kernel source posted on Google's mirrored source site] is not a complete representation of the Logitech Revue's kernel.

=== Security Measures ===
Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
* The /system partition is configured as read-only by the flash layout compiled into the kernel
* [[CONFIG_MODULE_SIG]]=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)
* [[CONFIG_DEVMEM_PROTECT]]=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

=== Virtual Kernel Memory Layout ===
Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffffa000 - 0xfffff000 ( 20 kB)
vmalloc : 0xac000000 - 0xffff8000 (1343 MB)
lowmem : 0x80000000 - 0xab800000 ( 696 MB)
.init : 0x80484000 - 0x804b5000 ( 196 kB)
.data : 0x803925b8 - 0x80481398 ( 955 kB)
.text : 0x80100000 - 0x803925b8 (2633 kB)

[[Category:Logitech Revue|Kernel]]

Logitech Revue Kernel

2011-01-22T20:45:07Z

KernelJayOmega: added toc

{{Revue toc Inline}}

=== Overview ===
The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

It should also be noted that reading through this Wiki page should illustrate that the [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 kernel source posted on Google's mirrored source site] is not a complete representation of the Logitech Revue's kernel.

=== Security Measures ===
Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
* The /system partition is configured as read-only by the flash layout compiled into the kernel
* [[CONFIG_MODULE_SIG]]=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)
* [[CONFIG_DEVMEM_PROTECT]]=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

=== Virtual Kernel Memory Layout ===
Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffffa000 - 0xfffff000 ( 20 kB)
vmalloc : 0xac000000 - 0xffff8000 (1343 MB)
lowmem : 0x80000000 - 0xab800000 ( 696 MB)
.init : 0x80484000 - 0x804b5000 ( 196 kB)
.data : 0x803925b8 - 0x80481398 ( 955 kB)
.text : 0x80100000 - 0x803925b8 (2633 kB)

[[Category:Logitech Revue|Kernel]]

Logitech Revue Kernel

2011-01-22T20:43:38Z

KernelJayOmega: Initial Contribution

=== Overview ===
The Logitech Revue's Operating System is based around Linux kernel based on 2.6.23.18 code. The kernel lives in /system/boot/kernel which can be extracted from an OTA update file. The kernel file appears to contain bootstrap loader (and possibly some other data) piggy-backed to vmlinux.bin.gz which has been observed to reside about 0x37f5 bytes into the composite kernel image. Several security measures have been put in place ensuring that many attacks commonly used against other operating systems are not applicable.

It should also be noted that reading through this Wiki page should illustrate that the [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 kernel source posted on Google's mirrored source site] is not a complete representation of the Logitech Revue's kernel.

=== Security Measures ===
Several security precautions have been made in the Logitech Revue with the intent of limiting system control even after root access has been obtained.
* The /system partition is configured as read-only by the flash layout compiled into the kernel
* [[CONFIG_MODULE_SIG]]=y : Module signatures are enabled. Logitech's included kernel modules contain a .signature section which is checked against public keys compiled into the kernel. This effectively limits execution of new code at privilege level 0 even once root access is achieved. (This is an option which is not implemented in the released GPL sources.)
* [[CONFIG_DEVMEM_PROTECT]]=y : This most likely enables a patch which filters access to the /dev/mem character device which could otherwise be used to create a rootkit by directly patching the running kernel. (This is another option which indicates that the Logitech Revue kernel has been patched in ways that the available GPL source code was not.)

=== Virtual Kernel Memory Layout ===
Memory: 700640k/712704k available (2633k kernel code, 11008k reserved, 955k data, 196k init, 0k highmem)
virtual kernel memory layout:
fixmap : 0xffffa000 - 0xfffff000 ( 20 kB)
vmalloc : 0xac000000 - 0xffff8000 (1343 MB)
lowmem : 0x80000000 - 0xab800000 ( 696 MB)
.init : 0x80484000 - 0x804b5000 ( 196 kB)
.data : 0x803925b8 - 0x80481398 ( 955 kB)
.text : 0x80100000 - 0x803925b8 (2633 kB)

[[Category:Logitech Revue|Kernel]]

LogitechRevueUpdates

2011-01-22T20:11:53Z

KernelJayOmega: added updates sort key. We should consider pruning this article though

Logitech Revue Version information and Update information has been moved to the [[GoogleTV_-_Version_Numbers | Google TV Version page]].
{{Revue toc Inline}}

[[Category:Logitech Revue|Updates]]

Revue Update b42732

2011-01-22T20:10:52Z

KernelJayOmega: added sort key 'Updates' in Logitech Revue category

This page describes update b42732 for the Logitech Revue, first appearing on 1/12/2010.

===Update Official Release Notes ===
Purpose: Security Updates per [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 Logitech Release]

=== Build Properties Diff ===
<pre>
3,5c3,5
< ro.build.id=KA1X-20101208.224639
< ro.build.display.id=KA1X-20101208.224639.user-b42449
< ro.build.version.incremental=user-b42449
---
> ro.build.id=KA1X-20101215.164651
> ro.build.display.id=KA1X-20101215.164651.user-b42732
> ro.build.version.incremental=user-b42732
9,10c9,10
< ro.build.date=Wed Dec 8 22:47:18 MST 2010
< ro.build.date.utc=1291873638
---
> ro.build.date=Wed Dec 15 16:47:55 MST 2010
> ro.build.date.utc=1292456875
29,30c29,30
< ro.build.description=ka-user 2.1-update1 KA1X-20101208.224639 user-b42449 release-keys
< ro.build.fingerprint=logitech/ka/ka/:2.1-update1/KA1X-20101208.224639/user-b42449:user/release-keys
---
> ro.build.description=ka-user 2.1-update1 KA1X-20101215.164651 user-b42732 release-keys
> ro.build.fingerprint=logitech/ka/ka/:2.1-update1/KA1X-20101215.164651/user-b42732:user/release-keys
</pre>

===Update Changeset===

*Plaintext Files:*
META-INF/CERT.SF

META-INF/MANIFEST.MF

Binary (or JAR) files:

=== Differences of note ===

system/bin/create_fses
<pre>
11,12c11,12
< CACHE_PARTITION=/dev/sda1
< CHROME_PARTITION=/dev/sda2
---
> CACHE_PARTITION=/dev/disk/by-topology/internal-usb0-part1
> CHROME_PARTITION=/dev/disk/by-topology/internal-usb0-part2
16,17c16,17
< CACHE_PARTITION=/dev/sda1
< CHROME_PARTITION=/dev/sda2
---
> CACHE_PARTITION=/dev/disk/by-topology/internal-usb0-part1
> CHROME_PARTITION=/dev/disk/by-topology/internal-usb0-part2
21,22c21,22
< CACHE_PARTITION=/dev/sda1
< CHROME_PARTITION=/dev/sda2
---
> CACHE_PARTITION=/dev/disk/by-topology/internal-usb0-part1
> CHROME_PARTITION=/dev/disk/by-topology/internal-usb0-part2
</pre>

===Libraries to inspect ===

===How to dump libraries ===
objdump -Sdl libname.so > libname.so.dumpc99'
'objdump -Sdl libname.so.dump950
then start diffing the dumps for internal library changes

=== Inspection Results ===
*keep in mind however that checksums can change without a functional change just due to a different build system being used*
libprotobuf.so - Changes: [ http://dl.dropbox.com/u/1886948/updates.diff ]

[[Category:Logitech Revue|Updates]]
[[Category:Contribute]]

Logitech Revue Technical

2011-01-22T20:10:04Z

KernelJayOmega: Added sort key

{{Revue toc Inline}}

== Update Procedure ==

Place new update labelled "update.zip" on a USB drive, with a single partition (ie, 1st partition on a USB disk, so say "/dev/sdc1")

Insert into Revue in the Right most USB port (if looking at the back, closest to the power jack)

Boot into recovery mode:

#Plug in the box, once the fan goes low, hold the sync button. Box should reboot, keep the sync button held until image on screen.
#Once you see the Arrow on your screen, using your keyboard press Alt+L - usually once or twice until Formatting DATA: shows on the screen, and does not go away
#You can then update the box, with a newer update. Downgrading fails however due to a date check.

== Firmware Links ==

*http://android.clients.google.com/packages/ota/logitech_ka/439c26f6af05.mp-signed-ota_update-b39389.zip
*http://android.clients.google.com/packages/ota/logitech_ka/52057d168e2b.mp-signed-ota_update-b39953.zip
*http://android.clients.google.com/packages/ota/logitech_ka/c9914396d183.mp-signed-ota_update-b42449.zip
*http://android.clients.google.com/packages/ota/logitech_ka/9504d579bade.mp-signed-ota_update-b42732.zip

== Kernel Revisions ==
For details of the Revue kernel, refer to [[Kernels_Revue]]

*Initial kernel observed on the Revue (?): 2.6.23.18-gc0a9a5fb (richard@sayan) (gcc version 4.1.2) #3 PREEMPT Sat Jul 31 15:32:56 PDT 2010
*439c26f6af05.mp-signed-ota_update-b39389: 2.6.23.18-g5fd8f46f (richard@mtdoom) #249 PREEMPT Tue Oct 5 09:55:20 BST 2010
*52057d168e2b.mp-signed-ota_update-b39953: 2.6.23.18-g5fd8f46f (richard@mtdoom) #249 PREEMPT Tue Oct 5 09:55:20 BST 2010
*c9914396d183.mp-signed-ota_update-b42449: 2.6.23.18-g5bba1a13 (sameer@sayan) #24 PREEMPT Fri Nov 19 11:13:31 PST 2010

== SDK/Toolchain Support ==

The [http://googletv-mirrored-source.googlecode.com/hg/intel-sdk/intel-sdk-toolchain.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Intel SDK Toolchain] is available as part of Google's GPL release for the Google TV. The toolchain is required to compile code to run on the Linux operating system of the Logitech Revue. (Sony devices as well as other future devices are most likely also compatible with this toolchain but since we don't have these products to root we don't know yet.)

We have not yet documented a complete list of required dependencies but here are a few packages which might come in handy:
*texinfo (we encountered some issues with certain supposedly supported versions of makeinfo but updating texinfo resolved this on most systems)
*flex
*bison
*awk
*patch
*gcc et al
*build-essential (Ubuntu)

To simplify the toolchain setup, craigdroid created [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip this script] which simplifies the process of configuring a build system. After preparing the toolchain you will want to run the following commands (which are demo'd in the script) to establish your environment:
<pre>
export CROSS_COMPILE=i686-linux-cm-
export LD_LIBRARY_PATH=~/googletv/sdk/i686-linux-elf/lib
export PATH=$PATH:~/googletv/sdk/i686-linux-elf/bin/
</pre>

== NDK Support ==

Although at present Google has not released a proper NDK for the platform, the gtvhacker team have combined the Intel SDK Toolchain from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] with the work of the [http://www.android-x86.org/ Android x86] project to provide unofficial support in the interim.

The entire process of setting up unofficial NDK support has been simplified into an [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip easy to use script] by craigdroid. The script has been tested on a few of our systems running CentOS 5.4 32-bit, as well as 32-bit and 64-bit editions of Ubuntu.

Since this is building the Intel toolchain automatically all of the caveats regarding the Intel SDK Toolchain apply here as well.

To automatically download, build and configure NDK support first save yourself some time and check the dependencies list in the SDK/Toolchain Support section and then from any users shell:
<pre>
wget http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip && unzip gtvhacker-NDK-installer.zip && ./gtvhacker-NDK-installer.sh
</pre>

This will install the NDK to ~/googletv/ndk/ for the current user. Some guidance on how to use the NDK is provided upon completion of successful script execution.

== Flash Hard Drive ==

The Revue has an internal hard drive stored on an sdram chip (flash memory). It contains the complete file system for the Revue as well as the user data (if their is not external storage provided). More information about the layout of this file system can be found [[ GTV_FileSystem | File System Details.]]

== Serial Output ==

The logitech revue board contains a UART1 port on the front of the board which before receiving the boxes initial updates is active. In order to communicate with UART port you will need a USB to TTL adapter (or board that does a similar conversion).

The pins operate at 3.3v and the port at 9600 baud with the following pinout:

[http://i.imgur.com/xJHay.jpg UART Pinout]

Serial output

via: http://googletv.pastebin.com/233dZqZx
[[Pasted Locally]]

== PIC Access ==
*There is a standard PIC access port to the right of the UART1 port. It can be accessed via a standard PIC Kit Debug board (Tested with version 2). The port has read/write access but the code is pulled from the chip as .hex file and is unreadable thus far.

*The pinout starting from the left (pin with white square around it) corresponds to pin 1 or Vpp.The remaining pins follow the same layout. [http://www.ianstedman.co.uk/Projects/TK3_PICKit2_adaptor/Pickit2_pinout.png PIC Pinout]

[http://googletv.pastebin.com/PBWRCAqB PIC Hex Dump] [[Local PIC Hex Dump]]

[http://dl.dropbox.com/u/217678/Bootloader%20from%20PIC.TXT PIC Disassembly]

== Updates ==
The updates contain a full set of system files (changed and unchanged), including a boot.img and a recovery.img

'''boot.img'''

The thread at [http://forum.xda-developers.com/showpost.php?p=8844074&postcount=80 xda-developer] has the process to extract from the .img files (thx bftb0):

"the "boot.img" file is in (little-endian) "squashfs" format and unpacks just fine using "unsquashfs" from the (Ubuntu 8.0.04 LTS) squashfs-tools package."

''' recovery.img

system/boot/recovery.img is a standard Android boot image with some extra garbage (0x580 bytes) at the front. Remove it like so:
dd if=system/boot/recovery.img bs=1408 skip=1 > recovery-ungarbaged.img
Unpack that like a normal Android boot image. Something like [http://android-dls.com/files/linux/split_bootimg.zip this Perl script] works well.

The kernel (system/boot/kernel) is also a boot image with the same extra garbage at the front.

'''Odex files'''

The .odex files can be extracted by using the following guide [http://code.google.com/p/smali/wiki/DeodexInstructions Deodex Instructions]

== Open Ports ==
List nmap ports

Normal Mode, hooked to a Dish Network DVR (622) via WiFi:

*Nmap scan report for LogitechRevue (192.168.1.142)
*Host is up (0.060s latency).
*Not shown: 65528 closed ports
*PORT STATE SERVICE
*53/tcp open domain
*1100/tcp open unknown
*5222/tcp open unknown -- [http://xmpp.org/ Extensible Messaging and Presence Protocol (XMPP) Service (http://xmpp.org/)]
*5223/tcp open unknown -- SSL port for [http://xmpp.org/ XMPP]
*9551/tcp open unknown -- [[AnyMote]] Pairing Service through IpRemoteControlService -- SSL handshake requests cert and logs show errors from [[AnyMote]]
*9552/tcp open unknown -- [[AnyMote]] Connection Port
*35832/tcp open unknown

Also of course, with root - port 5555, for ADB!

== Available Pinouts ==
*UART1 --> [http://i.imgur.com/xJHay.jpg UART Pinout]
*J3 --> PIC Chip Access (Pin 1 = VPP/MCLR, Pin 2 = VDD, Pin 3 = VSS, Pin 4 = ICSPDAT/PGD, Pin 5 = ICSPCLK/PGC, Pin 6 = Auxiliary)
*SW1 --> Push Button Switch (Use is unknown)
*J20 --> I2C (Top left - GND Top right - ? Bottom left - SDA Bottom right - SCL)
*J69 --> USB Pinout
*SATA1 --> SATA Pinout (Pin 1 = GND, Pin 2 = TXP / A+ , Pin 3 = TXN / A-, Pin 4 = GND , Pin 5 = RXN / B-, Pin 6 = RXP / B+ , Pin 7 = GND)
*J24 --> Unknown (Pin 1 = 3.3, Pin 2 = ?, Pin 3 = ?, Pin 4 = GND)
*J13 --> Unknown (Power for SATA?) - (Pin 1 = ?, Pin 2 = GND, Pin 3 = GND, Pin 4 = 5v)
*J67 --> USB (Pin 1 = GND, Pin 2 = D-, Pin 3 = D+, Pin 4 = FREE, Pin 5 = VCC +5V) used for RF daughter board. [http://www.chrispix.com/googleTV.jpg IMG]
*XDP1 --> Intel XDP Debug Adapter [http://software.intel.com/sites/products/documentation/hpc/atom/application/device_driver_debugging.pdf Information on XDP Debugging] [ftp://download.intel.com/design/Pentium4/guides/31337301.pdf Page 23 Pinout]
[[Category:Logitech Revue]]

== Volume Management Configuration ==
Similar to other android based products, external storage can be attached and the device will attempt to mount it to /sdcard as per the following vold.conf:
<pre>
volume_sdcard {
# NOTE: This path is overbroad and will capture any device on the
# tatung3/tatung4 external PCI bus. This needs to be fixed, in conjunction
# with vold changes to handle logical device names (DEVPATH names are not
# static, unfortunately.)
media_path /devices/pci0000:00/0000:00:01.0/0000:01:0d.1/usb2/
media_type scsi
mount_point /sdcard
read_only true
}
</pre>

Note the interesting comment about the media_path as well as the read_only=true attribute.
[[Category:Logitech Revue|Technical]]

Logitech Revue Hardware

2011-01-22T20:08:55Z

KernelJayOmega: Added sort key

[[File:Revue-advert.gif|250px|left|thumb]]
{{Revue toc Inline}}
This page will be dedicated to the hardware specifications, descriptions, and information related to the Logitech Revue.

The Revue was initially released October 21st 2010 (with official availability on the 25th) in the United States. The Revue was released initially as a pass-through device meant to augment your initial set top box connection to your display device. For customers using the "DISH Network" Satellite subscription television service, integration was available that allowed the Revue to communicate directly with the satellite receiver/set top box. For all other devices, an IR blaster was used to simulate remote control commands as a means to communicate between the Revue and the STB hardware.

== Specs ==
*Intel Atom CE4150 1.2 GHz processor, with a 400 MHz GPU
*Gigabyte GA-SBKAN2 motherboard
*Samsung K9F8G08U0M 1 GB NAND Flash (Single Level Cell) [http://www.samsung.com/global/system/business/semiconductor/product/2007/6/11/NANDFlash/SLC_LargeBlock/8Gbit/K9F8G08U0M/ds_k9f8g08x0m_rev10.pdf Datasheet] [http://zenosec.com/gtv/revue/ds_k9f8g08x0m_rev10.pdf Mirror]
*Hynix H27UBG8T2ATR 4 GB NAND Flash (Multiple Level Cell) [http://www.szyuda88.com/uploadfile/cfile/201061714220663.pdf Datasheet]
*Silicon Image Sil9135 HDMI 1.3 Receiver [http://dl.dropbox.com/u/217678/Silicon%20Image%20Sil9135%20Info.pdf Chip Information] [http://focus.tij.co.jp/jp/lit/an/spraav4/spraav4.pdf Datasheet from TI]
*Nanya NT5CB128M8CN-CG 1 GB DDR3 SDRAM (1 Gb X 8) [http://dl.dropbox.com/u/217678/NTC-DDR3-1G-C-V58B-12-12-5.pdf Datasheet]
*Realtek Semiconductor RTL8201N 10/100M PHYceiver [http://realtek.info/pdf/RTL8201N_1-1.pdf Datasheet]
*Microchip PIC24FJ64GA004-I/PT 16-bit microcontroller [http://ww1.microchip.com/downloads/en/DeviceDoc/39881c.pdf Datasheet]
*Phison S2251-50 USB to Flash Controller (Datasheet not available to end users according to manufacture)
*IDT ICS9LPRS525AGLF Clock for CPU [http://dl.dropbox.com/u/217678/9LPRS525.pdf Datasheet]

The Logitech Revue was recently torndown and had its [http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1 inners revealed].
Direct link to the higher resolution picture of the [http://guide-images.ifixit.net/igi/5jWUcNNOrDvXZqEy.huge motherboard].

SemiAccurate has a populated board similar to the one in the Revue: http://www.semiaccurate.com/2010/06/04/gigabyte-has-google-tv-ready-motherboard/

== Usage ==
Samsung K9F8G08U0M 1 GB NAND Flash
*Used for storage of bootloader, kernel, boot flash graphics, Linux OS etc..

Hynix H27UBG8T2ATR 4 GB NAND Flash (Long Term Storage)
*Used for persistent storage, device is /dev/sda - possible to override with an external USB drive

Microchip PIC24FJ64GA004-I/PT 16-bit microcontroller
*Used to handle IR input/output for remotes/IR blasters and possible interface with wireless keyboard
*System reboot/powerdown
*Possibly HDMI CEC

Silicon Image Sil9135 HDMI 1.3 Receiver
*Used to process video to and from HDMI ports as well as audio over HDMI and SPDIF
*Supports DTS even though the Revue does not (An update can probably enable this feature)

IDT ICS9LPRS525AGLF Clock for CPU
*Provides a clock for the Intel Atom CPU
[[Category:Logitech Revue|Hardware]]

Logitech Revue Kernel

2011-01-22T20:08:24Z

KernelJayOmega: Created page with "=== Overview === Kernel"

=== Overview ===

[[Category:Logitech Revue|Kernel]]

Logitech Revue Technical

2011-01-22T20:03:41Z

KernelJayOmega: Added link to kernel section

{{Revue toc Inline}}

== Update Procedure ==

Place new update labelled "update.zip" on a USB drive, with a single partition (ie, 1st partition on a USB disk, so say "/dev/sdc1")

Insert into Revue in the Right most USB port (if looking at the back, closest to the power jack)

Boot into recovery mode:

#Plug in the box, once the fan goes low, hold the sync button. Box should reboot, keep the sync button held until image on screen.
#Once you see the Arrow on your screen, using your keyboard press Alt+L - usually once or twice until Formatting DATA: shows on the screen, and does not go away
#You can then update the box, with a newer update. Downgrading fails however due to a date check.

== Firmware Links ==

*http://android.clients.google.com/packages/ota/logitech_ka/439c26f6af05.mp-signed-ota_update-b39389.zip
*http://android.clients.google.com/packages/ota/logitech_ka/52057d168e2b.mp-signed-ota_update-b39953.zip
*http://android.clients.google.com/packages/ota/logitech_ka/c9914396d183.mp-signed-ota_update-b42449.zip
*http://android.clients.google.com/packages/ota/logitech_ka/9504d579bade.mp-signed-ota_update-b42732.zip

== Kernel Revisions ==
For details of the Revue kernel, refer to [[Kernels_Revue]]

*Initial kernel observed on the Revue (?): 2.6.23.18-gc0a9a5fb (richard@sayan) (gcc version 4.1.2) #3 PREEMPT Sat Jul 31 15:32:56 PDT 2010
*439c26f6af05.mp-signed-ota_update-b39389: 2.6.23.18-g5fd8f46f (richard@mtdoom) #249 PREEMPT Tue Oct 5 09:55:20 BST 2010
*52057d168e2b.mp-signed-ota_update-b39953: 2.6.23.18-g5fd8f46f (richard@mtdoom) #249 PREEMPT Tue Oct 5 09:55:20 BST 2010
*c9914396d183.mp-signed-ota_update-b42449: 2.6.23.18-g5bba1a13 (sameer@sayan) #24 PREEMPT Fri Nov 19 11:13:31 PST 2010

== SDK/Toolchain Support ==

The [http://googletv-mirrored-source.googlecode.com/hg/intel-sdk/intel-sdk-toolchain.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Intel SDK Toolchain] is available as part of Google's GPL release for the Google TV. The toolchain is required to compile code to run on the Linux operating system of the Logitech Revue. (Sony devices as well as other future devices are most likely also compatible with this toolchain but since we don't have these products to root we don't know yet.)

We have not yet documented a complete list of required dependencies but here are a few packages which might come in handy:
*texinfo (we encountered some issues with certain supposedly supported versions of makeinfo but updating texinfo resolved this on most systems)
*flex
*bison
*awk
*patch
*gcc et al
*build-essential (Ubuntu)

To simplify the toolchain setup, craigdroid created [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip this script] which simplifies the process of configuring a build system. After preparing the toolchain you will want to run the following commands (which are demo'd in the script) to establish your environment:
<pre>
export CROSS_COMPILE=i686-linux-cm-
export LD_LIBRARY_PATH=~/googletv/sdk/i686-linux-elf/lib
export PATH=$PATH:~/googletv/sdk/i686-linux-elf/bin/
</pre>

== NDK Support ==

Although at present Google has not released a proper NDK for the platform, the gtvhacker team have combined the Intel SDK Toolchain from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] with the work of the [http://www.android-x86.org/ Android x86] project to provide unofficial support in the interim.

The entire process of setting up unofficial NDK support has been simplified into an [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip easy to use script] by craigdroid. The script has been tested on a few of our systems running CentOS 5.4 32-bit, as well as 32-bit and 64-bit editions of Ubuntu.

Since this is building the Intel toolchain automatically all of the caveats regarding the Intel SDK Toolchain apply here as well.

To automatically download, build and configure NDK support first save yourself some time and check the dependencies list in the SDK/Toolchain Support section and then from any users shell:
<pre>
wget http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip && unzip gtvhacker-NDK-installer.zip && ./gtvhacker-NDK-installer.sh
</pre>

This will install the NDK to ~/googletv/ndk/ for the current user. Some guidance on how to use the NDK is provided upon completion of successful script execution.

== Flash Hard Drive ==

The Revue has an internal hard drive stored on an sdram chip (flash memory). It contains the complete file system for the Revue as well as the user data (if their is not external storage provided). More information about the layout of this file system can be found [[ GTV_FileSystem | File System Details.]]

== Serial Output ==

The logitech revue board contains a UART1 port on the front of the board which before receiving the boxes initial updates is active. In order to communicate with UART port you will need a USB to TTL adapter (or board that does a similar conversion).

The pins operate at 3.3v and the port at 9600 baud with the following pinout:

[http://i.imgur.com/xJHay.jpg UART Pinout]

Serial output

via: http://googletv.pastebin.com/233dZqZx
[[Pasted Locally]]

== PIC Access ==
*There is a standard PIC access port to the right of the UART1 port. It can be accessed via a standard PIC Kit Debug board (Tested with version 2). The port has read/write access but the code is pulled from the chip as .hex file and is unreadable thus far.

*The pinout starting from the left (pin with white square around it) corresponds to pin 1 or Vpp.The remaining pins follow the same layout. [http://www.ianstedman.co.uk/Projects/TK3_PICKit2_adaptor/Pickit2_pinout.png PIC Pinout]

[http://googletv.pastebin.com/PBWRCAqB PIC Hex Dump] [[Local PIC Hex Dump]]

[http://dl.dropbox.com/u/217678/Bootloader%20from%20PIC.TXT PIC Disassembly]

== Updates ==
The updates contain a full set of system files (changed and unchanged), including a boot.img and a recovery.img

'''boot.img'''

The thread at [http://forum.xda-developers.com/showpost.php?p=8844074&postcount=80 xda-developer] has the process to extract from the .img files (thx bftb0):

"the "boot.img" file is in (little-endian) "squashfs" format and unpacks just fine using "unsquashfs" from the (Ubuntu 8.0.04 LTS) squashfs-tools package."

''' recovery.img

system/boot/recovery.img is a standard Android boot image with some extra garbage (0x580 bytes) at the front. Remove it like so:
dd if=system/boot/recovery.img bs=1408 skip=1 > recovery-ungarbaged.img
Unpack that like a normal Android boot image. Something like [http://android-dls.com/files/linux/split_bootimg.zip this Perl script] works well.

The kernel (system/boot/kernel) is also a boot image with the same extra garbage at the front.

'''Odex files'''

The .odex files can be extracted by using the following guide [http://code.google.com/p/smali/wiki/DeodexInstructions Deodex Instructions]

== Open Ports ==
List nmap ports

Normal Mode, hooked to a Dish Network DVR (622) via WiFi:

*Nmap scan report for LogitechRevue (192.168.1.142)
*Host is up (0.060s latency).
*Not shown: 65528 closed ports
*PORT STATE SERVICE
*53/tcp open domain
*1100/tcp open unknown
*5222/tcp open unknown -- [http://xmpp.org/ Extensible Messaging and Presence Protocol (XMPP) Service (http://xmpp.org/)]
*5223/tcp open unknown -- SSL port for [http://xmpp.org/ XMPP]
*9551/tcp open unknown -- [[AnyMote]] Pairing Service through IpRemoteControlService -- SSL handshake requests cert and logs show errors from [[AnyMote]]
*9552/tcp open unknown -- [[AnyMote]] Connection Port
*35832/tcp open unknown

Also of course, with root - port 5555, for ADB!

== Available Pinouts ==
*UART1 --> [http://i.imgur.com/xJHay.jpg UART Pinout]
*J3 --> PIC Chip Access (Pin 1 = VPP/MCLR, Pin 2 = VDD, Pin 3 = VSS, Pin 4 = ICSPDAT/PGD, Pin 5 = ICSPCLK/PGC, Pin 6 = Auxiliary)
*SW1 --> Push Button Switch (Use is unknown)
*J20 --> I2C (Top left - GND Top right - ? Bottom left - SDA Bottom right - SCL)
*J69 --> USB Pinout
*SATA1 --> SATA Pinout (Pin 1 = GND, Pin 2 = TXP / A+ , Pin 3 = TXN / A-, Pin 4 = GND , Pin 5 = RXN / B-, Pin 6 = RXP / B+ , Pin 7 = GND)
*J24 --> Unknown (Pin 1 = 3.3, Pin 2 = ?, Pin 3 = ?, Pin 4 = GND)
*J13 --> Unknown (Power for SATA?) - (Pin 1 = ?, Pin 2 = GND, Pin 3 = GND, Pin 4 = 5v)
*J67 --> USB (Pin 1 = GND, Pin 2 = D-, Pin 3 = D+, Pin 4 = FREE, Pin 5 = VCC +5V) used for RF daughter board. [http://www.chrispix.com/googleTV.jpg IMG]
*XDP1 --> Intel XDP Debug Adapter [http://software.intel.com/sites/products/documentation/hpc/atom/application/device_driver_debugging.pdf Information on XDP Debugging] [ftp://download.intel.com/design/Pentium4/guides/31337301.pdf Page 23 Pinout]
[[Category:Logitech Revue]]

== Volume Management Configuration ==
Similar to other android based products, external storage can be attached and the device will attempt to mount it to /sdcard as per the following vold.conf:
<pre>
volume_sdcard {
# NOTE: This path is overbroad and will capture any device on the
# tatung3/tatung4 external PCI bus. This needs to be fixed, in conjunction
# with vold changes to handle logical device names (DEVPATH names are not
# static, unfortunately.)
media_path /devices/pci0000:00/0000:00:01.0/0000:01:0d.1/usb2/
media_type scsi
mount_point /sdcard
read_only true
}
</pre>

Note the interesting comment about the media_path as well as the read_only=true attribute.

Logitech Revue UART root

2011-01-22T00:49:51Z

KernelJayOmega: Update about CONFIG_MODULE_SIG

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==
=== 2011 January 21: CONFIG_MODULE_SIG on the Revue ===
I have finally identified why my attempts at loading my own modules onto the Revue have all failed (outside of recovery). As shown in /proc/config.gz, the Revue kernel was built with CONFIG_MODULE_SIG=y which means that any module will require a signature that can be verified with the public signatures compiled into the kernel. Anybody out there up for patching /dev/mem to remove the signature checking or perhaps add a new signature? If so, please contact us!
--[http://gtvhacker.com/index.php/Craigdroid Craig]

=== 2011 January 16: FAT file systems and DOS line endings ===
I have received a few emails now from people having problems with the manual update script due to line endings and FAT file systems. If you do not understand what this means it is best to stick with using an extended (ext2) file system on your USB drive and extract everything under Linux rather than Windows.
--[http://gtvhacker.com/index.php/Craigdroid Craig]

=== 2011 January 15: Breaking OTA Updates ===
Logitech recently began deploying a [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 security update] which will incidentally remove root access if it is allowed to install on a rooted device. (This was not the purpose of the update but it is an adverse effect for our community.) The GTVHacker dev team's initial attempts to break OTA updates by moving the otacerts.zip was not fully successful. In order to remove the auto-updating feature, [http://gtvhacker.com/index.php/Craigdroid Craig] of the GTVHacker team has tested removal of /system/app/SystemUpdater.* with preliminary success. If this method works for others in the community, GTVHacker will consider the release of an updated manual update script with this and possibly other changes.

On a side note for non-rooted users, holding off on applying the update may expose your system to a vulnerability which could eventually be actively exploited to provide root access without a soldering iron. (This vulnerability could potentially be used maliciously so please consider this in deciding whether to apply the update.) Any (unrooted) box that is connected to the Internet over night will presumably be updated without user interaction.

=== 2011 January 14: Avoiding an unexpected reboot ===
NOTICE: If you have not properly completed step 6 (including pressing ALT+L) in the hardware portion before proceeding to the software section, you are risking bricking the Revue. This step is mandatory because it gets you into the recovery menu and prevents the system from automatically rebooting in the middle of an update. The video output should show the [http://simplygoogletv.com/wp-content/uploads/2010/12/202188476.jpg recovery menu] before proceeding to the software portion. (Thanks [http://www.twitter.com/stericson @stericson] for the picture.)

=== 2011 January 12: Logitech's Statement on Rooting ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue

=== 2011 January 5: Do I really need a virgin? ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L (On the revue keyboard, not through the console) until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is [http://gtvhacker.com/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support documented here].

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* [[Zenofex]]
* CJ_000
* [[Craigdroid]]
* Tdweng

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip Beta1] or [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer-beta2.zip Beta2]

[[Category:Logitech Revue]]

Com.google.android.systemupdater

2011-01-16T23:17:54Z

KernelJayOmega: Initial contribution

== com.google.android.systemupdater ==

As the name implies, this is the software component of Google TV which is responsible for keeping the device up to date with the latest OTA updates from Google.

This service is provided by:
* /system/app/SystemUpdater.apk
* /system/app/SystemUpdater.odex

GTV FileSystem

2011-01-16T23:14:47Z

KernelJayOmega: Revised the updates section

The Google TV File System is similar to most other Android Operating Systems.

== Still Needs ==
* Finishing merging update information from the [[ Logitech_Revue_Technical]] page including proper truncation and hex editting steps. also mentions odex.
* Description of how the Update Signing process works and how it works (And why we can't just copy an edited zip to a usb key and root the box). This is a common noob question.
* Description of the seperation between the boot loader steps, recovery kernel, and the actual "device" file system/kernel. This can be key for explaining how the UART1 console was used and when it was used. There is often discussion on "I was looking for output during X boot stage" that this data could provide a definition for.

== File System Layout ==

The File System is created by the mounting of 13 partitions into a *nix-based file system.

Below is a list of the paritions, their contents, and their mount points:
{| border="1"
| Identifier?
| Partition Name
| Description
| Mount Point
|-
|0x00000000-0x00200000
| "mbr"
| Mostly blank, repeats "01c0000 b00b dead 000f a901 0000 0000 0000 0000"
|
|-
| 0x00200000-0x00a00000
| "cefdk"
| Boot loader. It's Data - Wouldn't say it is encrypted, but no strings visible. It may contain a console
|
|-
| 0x00a00000-0x00c00000
| "redboot"
| All FF's
|
|-
| 0x00c00000-0x00e00000
| "cefdk-config"
| Holds Box SN, repeats (like MBR)
|
|-
| 0x01000000-0x01800000
| "splash"
| Splash image, [ http://img413.imageshack.us/img413/3144/splashc.png visible here] . It reports itself as a BMP even though it is a PNG
|
|-
| 0x01800000-0x01900000
| "fts"
| Flash Transaction Key/Value Storage. (Contents seem to be just seems to be just: "F*TS..e.L.......bootloader.command=boot-recovery.bootloader.recovery=recovery.--wipe_data.")
|
|-
| 0x01900000-0x02d00000
| "recovery"
| Full image, including kernel and small ramdisk (in squashfs format), boots to recovery menu
|
|-
| 0x02d00000-0x03200000
| "kernel"
| The kernel image
|
|-
| 0x03200000-0x07200000
| "boot"
| Root partition, goes in hand with the kernel image, also in squashfs format
|
|-
| 0x07200000-0x1f200000
| "system"
| /system partition. Holds most of the crucial system files. It's YAFFS
|
|-
| 0x1f200000-0x3fa00000
| "data"
| Where user data is stored. YAFFS
|
|-
| 0x3fa00000-0x3ff00000
| "keystore"
| Don't delete this . Has Keys for communication w/ Google & Logitech YAFFS
|
|-
| 0x3ff00000-0x40000000
| "bbt"
| Bad Block Table
|
|}
Sources:
* MTD Parition listing came from [http://googletv.pastebin.com/233dZqZx Revue Boot Output]. ([http://my.safaribooksonline.com/book/operating-systems-and-server-administration/embedded-linux/0136130550/mtd-subsystem/ch10lev1sec3 What's an MTD partition?]) 
* Partition mount points came from /init.rc & init.<board>.rc
== Updates ==
Updates to the Google TV, unlike the incremental updates that most Android phones receive, come as a complete file system meant to replace the previous. It is assumed that since Google TV devices are meant to be connected to high speed internet connections, downloading a full File System is more palatable than on a limited-bandwidth mobile device.

The Google TV software uses the [[com.google.android.systemupdater]] activity to periodically query Google's servers looking for available updates based on the devices serial number. Under normal circumstances, during initial setup of a device (i.e. configuring from a wiped or factory default state), the [[com.google.android.systemupdater]] activity will prevent completion of first time setup until any available updates have been downloaded and applied. This can be bypassed by removing the files /system/app/SystemUpdater.{apk,odex} from the file system. If a previously configured device finds an available update at boot, it will display a prompt asking the user if they wish to install or defer the update. If the system is not in use at this time, the update will be applied without user interaction. Based on network traffic it appears that the Logitech Revue is configured to check for updates in the early AM hours. The currently installed build number can be checked through '''Applications > Settings > About'''. (See [[GoogleTV - Version Numbers]] for more information). Updates are distributed as signed zip files including [[boot.img]], [[kernel.img]], [[ota.prop]], updated content, and meta-information (signing data, install scripts, etc).

Until a new recovery image with is prepared for Google TV devices, it is unlikely that anyone will be able to prepare homebrew updates since it is computationally infeasible to produce signatures matching Google's private key. This same logic applies when considering modification of a properly signed update.

List of all updates for:
*[[LogitechRevueUpdates|Logitech Revue]]

The Updates each include:
* boot.img: A file system including the root file system for the device.<
* The "system" folder: This is the guts of the Google TV and it's applications. These files are copied into the system folder on update.
* META-INF directory: Includes the manifest and other certificates shipped with the device for authentication.

== File System Obfusication ==

== How to access the File System contained within an image ==
The Zip File is a simple matter to extract, however the images within them tack some massaging in order to explore. While they are a typical SquashFS File System, they have some padding bytes that prevented a simple "Unsquashing."

*It would be great if we could create a way to use dd to truncate the image instead of using a hex editor. You should be able ot somehow grep for the start and then dd the proper bits into a new file that could be explored correctly.*

Some data on the process is available here:
http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images

== GTV Recovery Mode vs GTV(System) Mode ==

== GTV Boot Loader ==
The Boot Loader is included on the File System, currently in the X directory. The Boot Loader is based off of the Y Loader (More information can be found at Z).
For the Sony BlueRay player, the Boot Loader is ABC.

== Files of interest within the File System ==

[[Category:Contribute]]

Logitech Revue UART root

2011-01-16T19:42:17Z

KernelJayOmega: Added update about FAT and line endings

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==
=== 2011 January 16: FAT file systems and DOS line endings ===
I have received a few emails now from people having problems with the manual update script due to line endings and FAT file systems. If you do not understand what this means it is best to stick with using an extended (ext2) file system on your USB drive and extract everything under Linux rather than Windows.
--[http://gtvhacker.com/index.php/Craigdroid Craig]

=== 2011 January 15: Breaking OTA Updates ===
Logitech recently began deploying a [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 security update] which will incidentally remove root access if it is allowed to install on a rooted device. (This was not the purpose of the update but it is an adverse effect for our community.) The GTVHacker dev team's initial attempts to break OTA updates by moving the otacerts.zip was not fully successful. In order to remove the auto-updating feature, [http://gtvhacker.com/index.php/Craigdroid Craig] of the GTVHacker team has tested removal of /system/app/SystemUpdater.* with preliminary success. If this method works for others in the community, GTVHacker will consider the release of an updated manual update script with this and possibly other changes.

On a side note for non-rooted users, holding off on applying the update may expose your system to a vulnerability which could eventually be actively exploited to provide root access without a soldering iron. (This vulnerability could potentially be used maliciously so please consider this in deciding whether to apply the update.) Any (unrooted) box that is connected to the Internet over night will presumably be updated without user interaction.

=== 2011 January 14: Avoiding an unexpected reboot ===
NOTICE: If you have not properly completed step 6 (including pressing ALT+L) in the hardware portion before proceeding to the software section, you are risking bricking the Revue. This step is mandatory because it gets you into the recovery menu and prevents the system from automatically rebooting in the middle of an update. The video output should show the [http://simplygoogletv.com/wp-content/uploads/2010/12/202188476.jpg recovery menu] before proceeding to the software portion. (Thanks [http://www.twitter.com/stericson @stericson] for the picture.)

=== 2011 January 12: Logitech's Statement on Rooting ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue

=== 2011 January 5: Do I really need a virgin? ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L (On the revue keyboard, not through the console) until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is [http://gtvhacker.com/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support documented here].

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* [[Zenofex]]
* CJ_000
* [[Craigdroid]]
* Tdweng

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip Beta1] or [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer-beta2.zip Beta2]

[[Category:Logitech Revue]]

Logitech Revue UART root

2011-01-15T23:30:06Z

KernelJayOmega: /* Related Files: */ added NDK beta2

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==

=== 2011 January 15: ===
Logitech recently began deploying a [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 security update] which will incidentally remove root access if it is allowed to install on a rooted device. (This was not the purpose of the update but it is an adverse effect for our community.) The GTVHacker dev team's initial attempts to break OTA updates by moving the otacerts.zip was not fully successful. In order to remove the auto-updating feature, [http://gtvhacker.com/index.php/Craigdroid Craig] of the GTVHacker team has tested removal of /system/app/SystemUpdater.* with preliminary success. If this method works for others in the community, GTVHacker will consider the release of an updated manual update script with this and possibly other changes.

On a side note for non-rooted users, holding off on applying the update may expose your system to a vulnerability which could eventually be actively exploited to provide root access without a soldering iron. (This vulnerability could potentially be used maliciously so please consider this in deciding whether to apply the update.) Any (unrooted) box that is connected to the Internet over night will presumably be updated without user interaction.

=== 2011 January 14: ===
NOTICE: If you have not properly completed step 6 (including pressing ALT+L) in the hardware portion before proceeding to the software section, you are risking bricking the Revue. This step is mandatory because it gets you into the recovery menu and prevents the system from automatically rebooting in the middle of an update. The video output should show the [http://simplygoogletv.com/wp-content/uploads/2010/12/202188476.jpg recovery menu] before proceeding to the software portion. (Thanks [http://www.twitter.com/stericson @stericson] for the picture.)

=== 2011 January 12: ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue

=== 2011 January 5: ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is [http://gtvhacker.com/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support documented here].

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* [[Zenofex]]
* CJ_000
* [[Craigdroid]]
* Tdweng
* DcPlaya

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip Beta1] or [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer-beta2.zip Beta2]

[[Category:Logitech Revue]]

Logitech Revue UART root

2011-01-15T19:25:28Z

KernelJayOmega: /* Building the code */

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==

=== 2011 January 15: ===
Logitech recently began deploying a [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 security update] which will incidentally remove root access if it is allowed to install on a rooted device. (This was not the purpose of the update but it is an adverse effect for our community.) The GTVHacker dev team's initial attempts to break OTA updates by moving the otacerts.zip was not fully successful. In order to remove the auto-updating feature, [http://gtvhacker.com/index.php/Craigdroid Craig] of the GTVHacker team has tested removal of /system/app/SystemUpdater.* with preliminary success. If this method works for others in the community, GTVHacker will consider the release of an updated manual update script with this and possibly other changes.

On a side note for non-rooted users, holding off on applying the update may expose your system to a vulnerability which could eventually be actively exploited to provide root access without a soldering iron. (This vulnerability could potentially be used maliciously so please consider this in deciding whether to apply the update.) Any (unrooted) box that is connected to the Internet over night will presumably be updated without user interaction.

=== 2011 January 14: ===
NOTICE: If you have not properly completed step 6 (including pressing ALT+L) in the hardware portion before proceeding to the software section, you are risking bricking the Revue. This step is mandatory because it gets you into the recovery menu and prevents the system from automatically rebooting in the middle of an update. The video output should show the [http://simplygoogletv.com/wp-content/uploads/2010/12/202188476.jpg recovery menu] before proceeding to the software portion. (Thanks [http://www.twitter.com/stericson @stericson] for the picture.)

=== 2011 January 12: ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue

=== 2011 January 5: ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is [http://gtvhacker.com/index.php/GTv-OS_(AndroidTV)#SDK.2FToolchain_Support documented here].

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* [[Zenofex]]
* CJ_000
* [[Craigdroid]]
* Tdweng
* DcPlaya

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip

[[Category:Logitech Revue]]

Logitech Revue UART root

2011-01-15T19:23:02Z

KernelJayOmega: Changed a hyperlink

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==

=== 2011 January 15: ===
Logitech recently began deploying a [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 security update] which will incidentally remove root access if it is allowed to install on a rooted device. (This was not the purpose of the update but it is an adverse effect for our community.) The GTVHacker dev team's initial attempts to break OTA updates by moving the otacerts.zip was not fully successful. In order to remove the auto-updating feature, [http://gtvhacker.com/index.php/Craigdroid Craig] of the GTVHacker team has tested removal of /system/app/SystemUpdater.* with preliminary success. If this method works for others in the community, GTVHacker will consider the release of an updated manual update script with this and possibly other changes.

On a side note for non-rooted users, holding off on applying the update may expose your system to a vulnerability which could eventually be actively exploited to provide root access without a soldering iron. (This vulnerability could potentially be used maliciously so please consider this in deciding whether to apply the update.) Any (unrooted) box that is connected to the Internet over night will presumably be updated without user interaction.

=== 2011 January 14: ===
NOTICE: If you have not properly completed step 6 (including pressing ALT+L) in the hardware portion before proceeding to the software section, you are risking bricking the Revue. This step is mandatory because it gets you into the recovery menu and prevents the system from automatically rebooting in the middle of an update. The video output should show the [http://simplygoogletv.com/wp-content/uploads/2010/12/202188476.jpg recovery menu] before proceeding to the software portion. (Thanks [http://www.twitter.com/stericson @stericson] for the picture.)

=== 2011 January 12: ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue

=== 2011 January 5: ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is documented in the Logitech Revue technical section.

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* [[Zenofex]]
* CJ_000
* [[Craigdroid]]
* Tdweng
* DcPlaya

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip

[[Category:Logitech Revue]]

Logitech Revue UART root

2011-01-15T16:24:33Z

KernelJayOmega: Added note about breaking system updates

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==

=== 2011 January 15: ===
Logitech [http://forums.logitech.com/t5/Revue-Product-Updates-Release/Revue-amp-Google-TV-Update-January-11-2011/td-p/557792 recently began deploying a security update] which will incidentally remove root access if it is allowed to install on a rooted device. (This was not the purpose of the update but it is an adverse effect for our community.) The GTVHacker dev team's initial attempts to break OTA updates by moving the otacerts.zip was not fully successful. In order to remove the auto-updating feature, [http://gtvhacker.com/index.php/Craigdroid Craig] of the GTVHacker team has tested removal of /system/app/SystemUpdater.* with preliminary success. If this method works for others in the community, GTVHacker will consider the release of an updated manual update script with this and possibly other changes.

On a side note for non-rooted users, holding off on applying the update may expose your system to a vulnerability which could eventually be actively exploited to provide root access without a soldering iron. (This vulnerability could potentially be used maliciously so please consider this in deciding whether to apply the update.) Any (unrooted) box that is connected to the Internet over night will presumably be updated without user interaction.

=== 2011 January 14: ===
NOTICE: If you have not properly completed step 6 (including pressing ALT+L) in the hardware portion before proceeding to the software section, you are risking bricking the Revue. This step is mandatory because it gets you into the recovery menu and prevents the system from automatically rebooting in the middle of an update. The video output should show the [http://simplygoogletv.com/wp-content/uploads/2010/12/202188476.jpg recovery menu] before proceeding to the software portion. (Thanks [http://www.twitter.com/stericson @stericson] for the picture.)

=== 2011 January 12: ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue

=== 2011 January 5: ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is documented in the Logitech Revue technical section.

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* [[Zenofex]]
* CJ_000
* [[Craigdroid]]
* Tdweng
* DcPlaya

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip

[[Category:Logitech Revue]]

Logitech Revue UART root

2011-01-14T23:47:31Z

KernelJayOmega: Added an update note about pressing ALT+L

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==

=== 2011 January 14: ===
NOTICE: If you have not properly completed step 6 (including pressing ALT+L) in the hardware portion before proceeding to the software section, you are risking bricking the Revue. This step is mandatory because it gets you into the recovery menu and prevents the system from automatically rebooting in the middle of an update. The video output should show the [http://simplygoogletv.com/wp-content/uploads/2010/12/202188476.jpg recovery menu] before proceeding to the software portion. (Thanks [http://www.twitter.com/stericson @stericson] for the picture.)

=== 2011 January 12: ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue

=== 2011 January 5: ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is documented in the Logitech Revue technical section.

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* [[Zenofex]]
* CJ_000
* [[Craigdroid]]
* Tdweng
* DcPlaya

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip

[[Category:Logitech Revue]]

Logitech Revue UART root

2011-01-14T23:37:20Z

KernelJayOmega: Added notice about recovery auto-reboots and bricking

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==
=== 2011 January 12: ===
[http://forums.logitech.com/t5/Revue/Support-Policy-Rooting-Revue/td-p/558604 Logitech Issues a "Statement"] regarding rooting the Revue

=== 2011 January 5: ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

NOTICE: If you have not properly completed step 6 you may risk having the Revue automatically reboot while you are flashing new firmware resulting in a bricked Revue. The video output should show the recovery menu before proceeding to the software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is documented in the Logitech Revue technical section.

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* [[Zenofex]]
* CJ_000
* [[Craigdroid]]
* Tdweng
* DcPlaya

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip

[[Category:Logitech Revue]]

Craigdroid

2011-01-14T23:32:05Z

KernelJayOmega:

'''Member Profile'''

*XDA/GTVHacker Name: Craigdroid
*Real Name: Craig Young
*Email: craig @ gtvhacker.com
*Twitter: [http://www.twitter.com/craigtweets craigtweets]
*AKA: Kernel Jay Omega
*Area of expertise: Build systems, Linux kernel development, network analysis, microelectronics, security research

Logitech Revue UART root

2011-01-07T19:14:16Z

KernelJayOmega: /* About Us */

[[File:Revue-advert.gif|250px|right|thumb]]
{{Revue toc Inline}}
== Updates ==
=== 2011 January 5: ===
You '''ABSOLUTELY''' need a "virgin" Logitech Revue with ''NO'' updates in order to do this hack!!

'''Any previous device updates will disable the UART1 pins necessary for this hack!'''

== Demonstration video.==
Shows Filesystem access, Apps and the Market, as well as previously blocked websites.
Check it out http://www.youtube.com/user/gtvhacker

== GTVHACKER'S Guide to installing applications and rooting your Logitech Revue ==

This is being brought to you right before CES, we all worked hard and here it is.

===Features===

ADBD Running for adb access.
Custom boot logo.
Flash Plugin Update to allow previously blocked content providers.

Experimental method to block automatic updates (We would appreciate feedback on this as we we've been unable to confirm its success so far.)

===About the Hack===

The reason this is possible is due to the "out of factory" state of the Logitech Revue boxes not disabling the UART port on the board and allowing access to a root shell in recovery mode. After discovering this we were able to reverse the update files and manually upgrade the Revue to the most recent update. The attached files are our output of all the effort put forward by our team. Also as a notice to anyone performing the update, we are not responsible for any harm that may come of your box as an outcome of running our scripts. We will attempt to help you with any issues you may experience and have tried to make the process as safe as possible. Also if you have any suggestions or ideas on how we can make this process better please feel free to drop by our IRC channel and tell us.

===About Manual Update===

The manual-update.sh script is our attempt at duplicating the process done by the GTV scripts that update the box in recovery mode. There are also a few miscellaneous tweaks done to assure applications load correctly, backups are made, and that the box doesn't auto-update. Some portions of the script do things such as flash parts of the NAND so make sure you do not short circuit your box or accidentally remove power during the manual-update process.

===Required Tools===

Soldering Iron

USB->TTL or similar board/setup (An Arduino in tristate mode works great)

4 wires to attach board to TTL board

Terminal program (Minicom for Linux or Putty for Windows)
A USB Drive (At least 1gb, 2+gb Recommended)

===Hardware Portion===

In order to complete the root you will need an un-updated box, it seems as if the first or second update to the box closed the serial access hole. If you have a "virgin" box then you are ready to proceed.

1.) Open your box, there are 4 screws (1 under each of the soft legs on the bottom of the box), the rest of the box un-clips very easily. A better explanation is available at http://www.ifixit.com/Teardown/Logitech-Revue-Teardown/3788/1

2.) After opening your box you will need to remove the led bar and look at the top front of the board. Locate the pins labeled UART1. These are the pins you will be sodering to.

3.) Solder 4 wires to your board. The appropriate pins can be view here: http://gtvhacker.com/index.php/File:XJHay.jpg . You MAY only need to solder to TX, RX, and GND.

4.) Attach wires to appropriate pins on your USB->TTL device

5.) Connect to the USB->TTL device on your computer using a program like Minicom or Putty. The appropriate settings are speed is 9600 baud with 8n1, make sure flow control is set to none.

6.) Reboot Revue into recovery mode by holding the pair button on the back of the board until the box shuts down and comes back up. Then press Alt+L until "FORMATING DATA:" shows and stays, a menu should appear shortly after system is done clearing partitions. (More info: [[Logitech_Revue_Technical]])

7.) If setup is correct so far you should be seeing logcat output through your terminal program (Putty/Minicom). Shortly after you will be presented with a # sign which is your console.

8.) Proceed to software portion.

===Software Portion===

1.) Place all files in manual update on USB (preferably to ext3) device keeping all the files inside of the "updatec99" folder for easiest installation.

2.) Insert the USB and run the following command for an ext3 USB device "mount -rw -t ext3 /dev/sdb1 /sdcard" substitute ext3 for vfat for a fat32 device (Also remove quotes)

3.) In minicom/putty browse to the /sdcard directory with "cd /sdcard/updatec99".

4.) Execute the update with the following command "sh manual-update.sh"

5.) If the process ends prompting "Complete" you are finished and may restart. You will then have adbd running on your Revue and can connect using "./adb connect LogitechRevue". If the process does not prompt you with "Complete" but some other error you will need to make sure you do not reboot your Revue or it may be bricked.

You are now complete and free to install applications on your box remotely through adb.

Note: when booting in normal mode, ''you will not see any console output''. If you want a serial console again, go into recovery.

===Building the code===

The GTVHacker team has a [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip script] to simplify the download/configuration/installation of unofficial NDK/toolchain support which is documented in the Logitech Revue technical section.

===Troubleshooting===

If you experience '''any''' issues, please check wiki as we will be updating it with the most common problems then visit our IRC if the wiki does not assist you.

===About Us===
This package is brought to you by the GTVHacker team over at irc.freenode.net #gtvhacker.

GTVHacker Team Members:

* Zenofex
* CJ_000
* [[Craigdroid]]
* Tdweng
* DcPlaya

Thanks to everyone in the community who made this all possible.
The GTVHacker Team

== Related Files: ==
Google TV O/S modifications to achieve root are available at: http://www.multiupload.com/REVEQS6HII or http://bit.ly/gtvuc99

Script to simplify tool chain and sdk building : http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip

[[Category:Logitech Revue]]

GTv-OS (AndroidTV)

2011-01-07T16:02:18Z

KernelJayOmega: Added note about gawk versus mawk

{{Revue toc Inline}}

== Overview ==
The Google TV operating system is based on Android 2.1 on a [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Linux 2.6.23 based kernel]. The system enables security such as an NX (Non eXecutable) Stack and a [http://en.wikipedia.org/wiki/Chroot chrooted] chrome. Also making things difficult is the Operating Systems ability to push automatic updates without user intervention.

The Operating System currently provides the following "stock" applications

*CNBC Real-Time
*Gallery
*Google Chrome
*Logitech Help Assistant (Logitech Only)
*Logitech Media Player (Logitech Only)
*Logitech Vid HD (Logitech Only)
*Napster
*NBA Game Time
*Netflix
*Pandora
*Settings
*TV
*Twitter

Gpl'd portions of the GoogleTV source can be found [http://code.google.com/p/googletv-mirrored-source/ here]

== SDK/Toolchain Support ==

The [http://googletv-mirrored-source.googlecode.com/hg/intel-sdk/intel-sdk-toolchain.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Intel SDK Toolchain] is available as part of Google's GPL release for the Google TV. The toolchain is required to compile code to run on the Linux operating system of the Logitech Revue. (Sony devices as well as other future devices are most likely also compatible with this toolchain but since we don't have these products to root we don't know yet.)

We have not yet documented a complete list of required dependencies but here are a few packages which might come in handy:
*texinfo (we encountered some issues with certain supposedly supported versions of makeinfo but updating texinfo resolved this on most systems)
*flex
*bison
*gawk -- Please note that some Ubuntu installs have mawk rather than the GNU awk (gawk); mawk is not compatible with the awk scripts in the Intel SDK
*patch
*gcc et al
*build-essential (Ubuntu)

To simplify the toolchain setup, craigdroid created [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip this script] which simplifies the process of configuring a build system. After preparing the toolchain you will want to run the following commands (which are demo'd in the script) to establish your environment:
<pre>
export CROSS_COMPILE=i686-linux-cm-
export LD_LIBRARY_PATH=~/googletv/sdk/i686-linux-elf/lib
export PATH=$PATH:~/googletv/sdk/i686-linux-elf/bin/
</pre>

== NDK Support ==

Although at present Google has not released a proper NDK for the platform, the gtvhacker team have combined the Intel SDK Toolchain from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] with the work of the [http://www.android-x86.org/ Android x86] project to provide unofficial support in the interim.

The entire process of setting up unofficial NDK support has been simplified into an [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip easy to use script] by craigdroid. The script has been tested on a few of our systems running CentOS 5.4 32-bit, as well as 32-bit and 64-bit editions of Ubuntu.

Since this is building the Intel toolchain automatically all of the caveats regarding the Intel SDK Toolchain apply here as well.

To automatically download, build and configure NDK support first save yourself some time and check the dependencies list in the SDK/Toolchain Support section and then from any users shell:
<pre>
wget http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip && unzip gtvhacker-NDK-installer.zip && ./gtvhacker-NDK-installer.sh
</pre>

This will install the NDK to ~/googletv/ndk/ for the current user. Some guidance on how to use the NDK is provided upon completion of successful script execution.

== Support For USB Serial Converters ==

The [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 published kernel] from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] is configured to have built-in support FTDI single interface USB serial adapters as a serial console.
<pre>
#
# USB Serial Converter support
#
CONFIG_USB_SERIAL=y
CONFIG_USB_SERIAL_CONSOLE=y
CONFIG_USB_SERIAL_GENERIC=y
CONFIG_USB_SERIAL_FTDI_SIO=y
</pre>

This configuration has been verified via the proc.gz file of a Logitech Revue at its latest firmware revision (using the BreakVue hack). Here is the [http://pastie.org/1437422 complete kernel configuration].

Please note however that by default init does not appear to run a shell on this console. This is the only adapter which we have identified to have built-in driver support.

GTv-OS (AndroidTV)

2011-01-07T15:58:28Z

KernelJayOmega: Added table of contents and some updates about kernel

{{Revue toc Inline}}

== Overview ==
The Google TV operating system is based on Android 2.1 on a [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Linux 2.6.23 based kernel]. The system enables security such as an NX (Non eXecutable) Stack and a [http://en.wikipedia.org/wiki/Chroot chrooted] chrome. Also making things difficult is the Operating Systems ability to push automatic updates without user intervention.

The Operating System currently provides the following "stock" applications

*CNBC Real-Time
*Gallery
*Google Chrome
*Logitech Help Assistant (Logitech Only)
*Logitech Media Player (Logitech Only)
*Logitech Vid HD (Logitech Only)
*Napster
*NBA Game Time
*Netflix
*Pandora
*Settings
*TV
*Twitter

Gpl'd portions of the GoogleTV source can be found [http://code.google.com/p/googletv-mirrored-source/ here]

== SDK/Toolchain Support ==

The [http://googletv-mirrored-source.googlecode.com/hg/intel-sdk/intel-sdk-toolchain.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Intel SDK Toolchain] is available as part of Google's GPL release for the Google TV. The toolchain is required to compile code to run on the Linux operating system of the Logitech Revue. (Sony devices as well as other future devices are most likely also compatible with this toolchain but since we don't have these products to root we don't know yet.)

We have not yet documented a complete list of required dependencies but here are a few packages which might come in handy:
*texinfo (we encountered some issues with certain supposedly supported versions of makeinfo but updating texinfo resolved this on most systems)
*flex
*bison
*awk
*patch
*gcc et al
*build-essential (Ubuntu)

To simplify the toolchain setup, craigdroid created [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip this script] which simplifies the process of configuring a build system. After preparing the toolchain you will want to run the following commands (which are demo'd in the script) to establish your environment:
<pre>
export CROSS_COMPILE=i686-linux-cm-
export LD_LIBRARY_PATH=~/googletv/sdk/i686-linux-elf/lib
export PATH=$PATH:~/googletv/sdk/i686-linux-elf/bin/
</pre>

== NDK Support ==

Although at present Google has not released a proper NDK for the platform, the gtvhacker team have combined the Intel SDK Toolchain from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] with the work of the [http://www.android-x86.org/ Android x86] project to provide unofficial support in the interim.

The entire process of setting up unofficial NDK support has been simplified into an [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip easy to use script] by craigdroid. The script has been tested on a few of our systems running CentOS 5.4 32-bit, as well as 32-bit and 64-bit editions of Ubuntu.

Since this is building the Intel toolchain automatically all of the caveats regarding the Intel SDK Toolchain apply here as well.

To automatically download, build and configure NDK support first save yourself some time and check the dependencies list in the SDK/Toolchain Support section and then from any users shell:
<pre>
wget http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip && unzip gtvhacker-NDK-installer.zip && ./gtvhacker-NDK-installer.sh
</pre>

This will install the NDK to ~/googletv/ndk/ for the current user. Some guidance on how to use the NDK is provided upon completion of successful script execution.

== Support For USB Serial Converters ==

The [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 published kernel] from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] is configured to have built-in support FTDI single interface USB serial adapters as a serial console.
<pre>
#
# USB Serial Converter support
#
CONFIG_USB_SERIAL=y
CONFIG_USB_SERIAL_CONSOLE=y
CONFIG_USB_SERIAL_GENERIC=y
CONFIG_USB_SERIAL_FTDI_SIO=y
</pre>

This configuration has been verified via the proc.gz file of a Logitech Revue at its latest firmware revision (using the BreakVue hack). Here is the [http://pastie.org/1437422 complete kernel configuration].

Please note however that by default init does not appear to run a shell on this console. This is the only adapter which we have identified to have built-in driver support.

GTv-OS (AndroidTV)

2011-01-07T15:20:42Z

KernelJayOmega:

The Google TV operating system is based on Android 2.1. The system enables security such as an NX (Non eXecutable) Stack and a [http://en.wikipedia.org/wiki/Chroot chrooted] chrome. Also making things difficult is the Operating Systems ability to push automatic updates without user intervention.

The Operating System currently provides the following "stock" applications

*CNBC Real-Time
*Gallery
*Google Chrome
*Logitech Help Assistant (Logitech Only)
*Logitech Media Player (Logitech Only)
*Logitech Vid HD (Logitech Only)
*Napster
*NBA Game Time
*Netflix
*Pandora
*Settings
*TV
*Twitter

Gpl'd portions of the GoogleTV source can be found [http://code.google.com/p/googletv-mirrored-source/ here]

== SDK/Toolchain Support ==

The [http://googletv-mirrored-source.googlecode.com/hg/intel-sdk/intel-sdk-toolchain.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 Intel SDK Toolchain] is available as part of Google's GPL release for the Google TV. The toolchain is required to compile code to run on the Linux operating system of the Logitech Revue. (Sony devices as well as other future devices are most likely also compatible with this toolchain but since we don't have these products to root we don't know yet.)

We have not yet documented a complete list of required dependencies but here are a few packages which might come in handy:
*texinfo (we encountered some issues with certain supposedly supported versions of makeinfo but updating texinfo resolved this on most systems)
*flex
*bison
*awk
*patch
*gcc et al
*build-essential (Ubuntu)

To simplify the toolchain setup, craigdroid created [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip this script] which simplifies the process of configuring a build system. After preparing the toolchain you will want to run the following commands (which are demo'd in the script) to establish your environment:
<pre>
export CROSS_COMPILE=i686-linux-cm-
export LD_LIBRARY_PATH=~/googletv/sdk/i686-linux-elf/lib
export PATH=$PATH:~/googletv/sdk/i686-linux-elf/bin/
</pre>

== NDK Support ==

Although at present Google has not released a proper NDK for the platform, the gtvhacker team have combined the Intel SDK Toolchain from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] with the work of the [http://www.android-x86.org/ Android x86] project to provide unofficial support in the interim.

The entire process of setting up unofficial NDK support has been simplified into an [http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip easy to use script] by craigdroid. The script has been tested on a few of our systems running CentOS 5.4 32-bit, as well as 32-bit and 64-bit editions of Ubuntu.

Since this is building the Intel toolchain automatically all of the caveats regarding the Intel SDK Toolchain apply here as well.

To automatically download, build and configure NDK support first save yourself some time and check the dependencies list in the SDK/Toolchain Support section and then from any users shell:
<pre>
wget http://dl.dropbox.com/u/1886948/gtvhacker-NDK-installer.zip && unzip gtvhacker-NDK-installer.zip && ./gtvhacker-NDK-installer.sh
</pre>

This will install the NDK to ~/googletv/ndk/ for the current user. Some guidance on how to use the NDK is provided upon completion of successful script execution.

== Support For USB Serial Converters ==

The [http://googletv-mirrored-source.googlecode.com/hg/linux/linux-2.6.23-gtv.tar.bz2?r=27705a482273e3a34e8bcdbfb4fdad9afcd65e93 published kernel] from the [http://code.google.com/p/googletv-mirrored-source/ Google TV Mirrored Source site] is configured to have built-in support FTDI single interface USB serial adapters as a serial console.
<pre>
#
# USB Serial Converter support
#
CONFIG_USB_SERIAL=y
CONFIG_USB_SERIAL_CONSOLE=y
CONFIG_USB_SERIAL_GENERIC=y
CONFIG_USB_SERIAL_FTDI_SIO=y
</pre>

This configuration has been verified via the proc.gz file of a Logitech Revue at its latest firmware revision (using the BreakVue hack). Here is the [http://pastie.org/1437422 complete kernel configuration].

Please note however that by default init does not appear to run a shell on this console. This is the only adapter which we have identified to have built-in driver support.

Craigdroid

2011-01-07T15:09:18Z

KernelJayOmega:

'''Member Profile'''

*XDA/GTVHacker Name: Craigdroid
*Real Name: Craig Young
*Email: craig@gtvhacker.com (Coming soon)
*Twitter: [http://www.twitter.com/craigtweets craigtweets]
*AKA: Kernel Jay Omega
*Area of expertise: Build systems, Linux kernel development, network analysis, microelectronics

Craigdroid

2011-01-07T15:08:37Z

KernelJayOmega: Created page with "'''Member Profile''' *XDA/GTVHacker Name: Craigdroid *Real Name: Craig Young *Email: craig@gtvhacker.com (Coming soon) *Twitter: [http://www.twitter.com/craigtweets craigtweets]..."