LG webOS Smart TV
Kayvon2008 (Talk | contribs) (→Partition 2 (/mnt/lg/cmn_data)) |
Kayvon2008 (Talk | contribs) (→Partition 2 (/mnt/lg/cmn_data)) |
||
Line 83: | Line 83: | ||
The "/var/luna/preferences/localtime" file contains the local timezone. In the provided dataset "/usr/share/zoneinfo/America/Denver". | The "/var/luna/preferences/localtime" file contains the local timezone. In the provided dataset "/usr/share/zoneinfo/America/Denver". | ||
+ | |||
+ | |||
+ | The "/var/luna/preferences/option" file contains various TV settings, including the ZIP code. In the provided dataset "80020", that corresponds to "Broomfield, Colorado" where VTO Labs is located. | ||
==Links== | ==Links== | ||
* https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-2.html | * https://blog.digital-forensics.it/2020/12/a-journey-into-iot-forensics-episode-2.html |
Revision as of 22:50, 27 November 2021
LG Smart TVs usually run the webOS operating system. If it is older, they may run Android (Google TV), or SmartView. ZENA forensics has made an analysis on a 55SK8000PUA tv.
Contents |
Partition structure
Four EXT4 partitions can be found.
7-zip revealed a SquashFS at the beginning of the image.
The Squashfs has a Linux-style folder schema and seems to contain the WebOS files.
I decided then to run "binwalk" on the image: the tool found 6 SquashFS file systems.
Overall I found six SquashFS, extracted by binwalk and four EXT4 partitions, extracted by MobileRevelator and TestDisk: Partition 0 (/mnt/lg/uhdcp), Partition 1 (/var/db), Partition 2 (/mnt/lg/cmn_data) and Partition 3(/media).
SquashFS files
The six SquashFS files contain the stock LG WebOS. The "/etc/issue" file contains the operating system version. In the dataset it contains "webOS TV 3.5.0".
Partition 0 (/mnt/lg/uhdcp) and Partition 1 (/var/db)
Partition 0 (/mnt/lg/uhdcp) and Partition 1 (/var/db) don't seem containing useful data from a forensics perspective.
Partition 2 (/mnt/lg/cmn_data)
Partition 2 (/mnt/lg/cmn_data) seems containing the most interesting files from a forensics perspective.
The "/.iot/accountInfoFile" file contains a username, apparently related to the Amazon Echo service. In the provided dataset three values seem interesting: userID, userNo and aliasName.
The "/.iot/networkInfoFile" file contains the device name (in the provided dataset "[LG] webOS TV SK8000PUA")
- The "/btsvc/mtk.conf" file contains:
- the TV Bluetooth name (in the provided dataset "[LG] webOS TV SK8000PUA")
- the TV Bluetooth MAC Address (in the provided dataset "00:51:ed:2b:db:27", manufactured by LG Innotek)
- the paired LG MR18 remote controller Bluetooth MAC Address (in the provided dataset "98:f5:a9:da:aa:f5")
The "/btsvc/mrcu1.info" file contains additional details about the remote controller, including the firmware version.
The "/btsvc/pairing_history" file contains information about remote controller pairing, including timestamps.
The "/btsvc/bluedroid-mtk/rec/bluedroid/bt_config.conf" file contains additional information about paired devices.
The "/channel_logo/major_logo_img" folder contains TV channels images an related JSON files.
The "/irdbmanager/setting/oss_setting_info_stb.txt" file contains information about the connected Set Top Box. In the provided dataset the Set Top Box is manufactured by "Direct TV" and connected on HDMI_1 port. The service name is "DirectTV(Denver)".
The "/var/lib/connman/" file contains information about connected Wi-Fi.
The "/var/luna/data/downloadhistory.db" file contains information about installed applications. An embedded JSON file for each installation is available. It contains information about the specific app, including timestamps. In the specific dataset various apps are installed like Netflix, Amazon Prime Video, Vudu, ChannelPlus, Sling and YouTube.
The "/var/lib/wam/" folder contains information about the "Web Application Manager", a component responsible for web application management in webOS platform. The Default subfolder is a Chrome-style profile folder, that can be parsed with Hindsight.
Various Chrome-style Localstorage databases are stored in the profile. Among the others, the "lgappstv.com" contains last use date for each installed app.
The "/var/luna/preferences/" folder contains various TV settings and preferences.
The "/var/luna/preferences/localtime" file contains the local timezone. In the provided dataset "/usr/share/zoneinfo/America/Denver".
The "/var/luna/preferences/option" file contains various TV settings, including the ZIP code. In the provided dataset "80020", that corresponds to "Broomfield, Colorado" where VTO Labs is located.