This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Set Intel(R) Speed Shift Technology to Enabled | |
setup_var 0x4BC 0x1 | |
# Set CFG Lock to Disabled | |
setup_var 0x4ED 0x0 | |
# Set Above 4GB MMIO BIOS assignment to Enabled | |
# setup_var 0x79A 0x1 | |
# Set EHCI Hand-off to Disabled | |
# setup_var 0x2 0x0 | |
# Set XHCI Hand-off to Disabled |
See dejavuln-autoroot for a simpler exploit that works on webOS 3.5+ TVs (i.e., models from 2017 and later). It is unpatched as of 2024-04-21 and does not require Developer Mode or even a network connection—just a USB drive.
Otherwise:
- If you have a webOS 5–8 TV with old enough firmware, WTA (which does not require Dev Mode) will still work.
- If you have a webOS 4.x TV, you can also try CVE-2023-6319, which is unpatched on the latest (final?) firmware for webOS 4.0 (2018) models.
- While there will eventually be fully software-based exploits released for older models, they can currently be rooted via NVM.