LG webOS Smart TV
Kayvon2008 (Talk | contribs) |
Kayvon2008 (Talk | contribs) |
||
| Line 31: | Line 31: | ||
Partition 2 (/mnt/lg/cmn_data) seems containing the most interesting files from a forensics perspective. | Partition 2 (/mnt/lg/cmn_data) seems containing the most interesting files from a forensics perspective. | ||
| + | |||
| + | The "/.iot/accountInfoFile" file contains a username, apparently related to the Amazon Echo service. In the provided dataset three values seem interesting: userID, userNo and aliasName. | ||
| + | |||
| + | |||
| + | |||
| + | The "/.iot/networkInfoFile" file contains the device name (in the provided dataset "[LG] webOS TV SK8000PUA") | ||
| + | |||
| + | |||
| + | |||
| + | *The "/btsvc/mtk.conf" file contains: | ||
| + | *the TV Bluetooth name (in the provided dataset "[LG] webOS TV SK8000PUA") | ||
| + | *the TV Bluetooth MAC Address (in the provided dataset "00:51:ed:2b:db:27", manufactured by LG Innotek) | ||
| + | *the paired LG MR18 remote controller Bluetooth MAC Address (in the provided dataset "98:f5:a9:da:aa:f5") | ||
| + | |||
| + | |||
| + | |||
| + | The "/btsvc/mrcu1.info" file contains additional details about the remote controller, including the firmware version. | ||
| + | |||
| + | |||
| + | |||
| + | The "/btsvc/pairing_history" file contains information about remote controller pairing, including timestamps. | ||
| + | |||
| + | |||
| + | |||
| + | The "/btsvc/bluedroid-mtk/rec/bluedroid/bt_config.conf" file contains additional information about paired devices. | ||
==Links== | ==Links== | ||
* https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-2.html | * https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-2.html | ||
Revision as of 04:06, 27 November 2021
LG Smart TVs usually run the webOS operating system. If it is older, they may run Android (Google TV), or SmartView. ZENA forensics has made an analysis on a 55SK8000PUA tv.
Contents |
Partition structure
Four EXT4 partitions can be found.
7-zip revealed a SquashFS at the beginning of the image.
The Squashfs has a Linux-style folder schema and seems to contain the WebOS files.
I decided then to run "binwalk" on the image: the tool found 6 SquashFS file systems.
Overall I found six SquashFS, extracted by binwalk and four EXT4 partitions, extracted by MobileRevelator and TestDisk: Partition 0 (/mnt/lg/uhdcp), Partition 1 (/var/db), Partition 2 (/mnt/lg/cmn_data) and Partition 3(/media).
SquashFS files
The six SquashFS files contain the stock LG WebOS. The "/etc/issue" file contains the operating system version. In the dataset it contains "webOS TV 3.5.0".
Partition 0 (/mnt/lg/uhdcp) and Partition 1 (/var/db)
Partition 0 (/mnt/lg/uhdcp) and Partition 1 (/var/db) don't seem containing useful data from a forensics perspective.
Partition 2 (/mnt/lg/cmn_data)
Partition 2 (/mnt/lg/cmn_data) seems containing the most interesting files from a forensics perspective.
The "/.iot/accountInfoFile" file contains a username, apparently related to the Amazon Echo service. In the provided dataset three values seem interesting: userID, userNo and aliasName.
The "/.iot/networkInfoFile" file contains the device name (in the provided dataset "[LG] webOS TV SK8000PUA")
- The "/btsvc/mtk.conf" file contains:
- the TV Bluetooth name (in the provided dataset "[LG] webOS TV SK8000PUA")
- the TV Bluetooth MAC Address (in the provided dataset "00:51:ed:2b:db:27", manufactured by LG Innotek)
- the paired LG MR18 remote controller Bluetooth MAC Address (in the provided dataset "98:f5:a9:da:aa:f5")
The "/btsvc/mrcu1.info" file contains additional details about the remote controller, including the firmware version.
The "/btsvc/pairing_history" file contains information about remote controller pairing, including timestamps.
The "/btsvc/bluedroid-mtk/rec/bluedroid/bt_config.conf" file contains additional information about paired devices.
