Difference between revisions of "Patch Over Network"

From AwkwardTV
Jump to: navigation, search
(Known Info)
(Known Info)
Line 67: Line 67:
 
It appears that in the syslog we are seeing the output of a check to ensure the update applied is a later version than the current system.
 
It appears that in the syslog we are seeing the output of a check to ensure the update applied is a later version than the current system.
  
After downloading the disk image, AppleTV downloads a signature file (http://mesu.apple.com/data/OS/061-2988.20070620.bHy75/2Z694-5248-45.dmg.signature for the 20 June 2007 update) and presumably checks the downloaded disk image for integrity prior to updating.
+
Prior to downloading the disk image, AppleTV downloads a signature file (http://mesu.apple.com/data/OS/061-2988.20070620.bHy75/2Z694-5248-45.dmg.signature for the 20 June 2007 update). Next, the disk image is downloaded and presumably it's signature is compared with the downloaded one.
  
 
The next step is to record the syslog when someone applies this software update to their AppleTV.
 
The next step is to record the syslog when someone applies this software update to their AppleTV.

Revision as of 15:46, 20 June 2007

Project Goal

An alternative approach to "hacking" the appletv without opening the case. This method would use the build in Apple software updater to install custom hacks and patches.
Even when the USB method is successful (and that would still be awesome), this method may be better because it would allow server based updates on an on going basis without creating a whole new updating system.

Known Info

When "Update Software" is selected from the settings menu, this file is requested: http://mesu.apple.com/version.xml .

From 2007-04-03 until 2007-06-19 there were no software updates and the file contained the following...

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
</dict>
</plist>

By adding mesu.apple.com to the hosts file to point to a local web server, we are able to modify this file and make the AppleTV unit download the modified file.

When downloading this file, the following is recorded by syslog...

Apr  3 20:38:47 appletv.local AppleTV FrontRow[113]: T:[0x193fa00] UPD: update check starting
Apr  3 20:38:47 appletv.local AppleTV FrontRow[113]: UPD: checking version info at http://mesu.apple.com/version.xml.
Apr  3 20:38:48 appletv.local AppleTV FrontRow[113]: T:[0x193fa00] downloading file http://mesu.apple.com/version.xml
Apr  3 20:38:48 appletv.local AppleTV FrontRow[113]: finished downloading file http://mesu.apple.com/version.xml
Apr  3 20:38:48 appletv.local AppleTV FrontRow[113]: VERS: comparing OS 10.4.7 with (null)
Apr  3 20:38:49 appletv.local AppleTV FrontRow[113]: VERS: comparing OS build 8N5107 with (null)
Apr  3 20:38:49 appletv.local AppleTV FrontRow[113]: UPD: versions available: OS:(null)/(null) EFI:(null) IR:(null) SI:(null)/(null) valid:1
Apr  3 20:38:49 appletv.local AppleTV FrontRow[113]: T:[0x193fa00] UPD: updating check complete

It seems to be looking for OS, build, EFI, IR, and SI version numbers in the xml file. If it can be determined the format of this xml file, it would be possible to have the AppleTV unit download and install patched versions of the OS automatically.


On 2007-06-20 Apple rolled out their first software update to add the YouTube functionality. The file at http://mesu.apple.com/version.xml now contains:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>OS</key>
	<dict>
		<key>BuildVersion</key>
		<string>8N5239</string>
		<key>UpdateURL</key>
		<string>http://mesu.apple.com/data/OS/061-2988.20070620.bHy75/2Z694-5248-45.dmg</string>
		<key>Version</key>
		<string>10.4.7</string>
	</dict>
</dict>
</plist>

We can see that the update is keyed with "OS", presumably because it is a general Operating System update. It also details the BuildVersion, Version and most importantly the UpdateURL which points to a disk image .dmg file. The file in question appears to be 179MB and presumably is the only file the AppleTV needs to update itself with the new functionality. I have made no attempt analyse the disk image.

From the syslog above we see:

Apr  3 20:38:48 appletv.local AppleTV FrontRow[113]: VERS: comparing OS 10.4.7 with (null)
Apr  3 20:38:49 appletv.local AppleTV FrontRow[113]: VERS: comparing OS build 8N5107 with (null)

The first line is comparing "10.4.7" with "null". We can see in the new version.xml file that the key "Version" has the string "10.4.7".

The second line is comparing "8N5107" with "null". Again, from the version.xml we see that the key "BuildVersion" has the string "8N5239".

It appears that in the syslog we are seeing the output of a check to ensure the update applied is a later version than the current system.

Prior to downloading the disk image, AppleTV downloads a signature file (http://mesu.apple.com/data/OS/061-2988.20070620.bHy75/2Z694-5248-45.dmg.signature for the 20 June 2007 update). Next, the disk image is downloaded and presumably it's signature is compared with the downloaded one.

The next step is to record the syslog when someone applies this software update to their AppleTV.

Software Update in MacOS X

"Real" Mac OS X connects to swscan.apple.com

wget http://swscan.apple.com/content/catalogs/index-1.sucatalog

(It seems that modifying user-agent is not necessary)

It is possible that AppleTV software update expects a similar xml catalogue.