Hacking TVs was a favourite pasttime of mine. There's nothing quite like flashing a TV with AOSP such that it thinks it's 55" smartphone. Lock screen and all.
See if you can find a service manual for your TV. You'll want to get UART as soon as possible.
I have a Samsung smart tv which I’ve never accepted t&c and never connected to wifi.
I’d love to make it dumb or at least get rid of the nags to accept t&c or connect when someone accidentally hits the wrong button on the remote. Anything out there to do that?
I want that, so bad. Mine brings up the sign in screen every time you turn it on. I also want the ability to just change channels when you hit the channel button. My TV brings up a mini-guide when you hit the channel button, so that the down button goes up in station number and vice versa. Then once you select a channel, because it's not connected to the web, it blinks on and off for 5 seconds or so while it's trying to find program information from the internet connection it does not have. It's absolutely asinine. I miss the days when TV's were just screens to show whatever input I have connected to them.
Not an answer but a follow-up question: is there open firmware for TVs like Openwrt for routers? I have never heard of such a project, but it sounds like it would be useful.
That project has fallen victim to people losing interest. A section for 2011 model year TVs has WIP tags for the last 9 years. This might as well have a perpetual under construction shovelling man GIF.
Software on TV (and worst, set top boxes) is awful is due to the fact that it is an under power CPU and limited memory. The app you saw is either web app in Webkit Embedded or similar embedded, Android app (Android TV) or Roku brightscript app.
Whatever you do, don’t touch the capacitors, especially if it’s an old TV, even if it’s unplugged. Could kill you. Old TV caps pack a serious punch (even when unplugged)
The big risk in old TVs was the enormous voltages in the CRTs (which acted as a capacitor and stored energy even when off, and even pick up energy from background sources)
I think that's no longer true for modern flatscreen TVs. Older CRT TVs had caps charged to a dangerously high voltage, but all the caps on an LED/LCD TV should be a low enough voltage to be touch safe.
Mains will still kill you, even if its not 3.3kv or what was needed to run a CRT.
Its always best to work out where the mains PSU is, and either cover/isolate it so that you don't touch it by accident. Even if turned off, there is a non-insigificant risk that there is either mains power lying around or some other large charge/current ready to bite.
THe back of the inlet is also tends to be a hazard, so be really careful around there too.
Can't echo this enough. If you're working on anything that has been connected to residential mains... use a multimeter. They're cheap! Check the power supply for residual voltage from PSU caps. Discharge them safely before working on the equipment!
Some older flat panels use “cold-cathode fluorescent display backlights” and they’re driven by a high-voltage inverter, I believe - so it’s still a good idea to be wary.
Except for the switching power supply, where you have capacitors charged at (rectified) mains voltage so around 155 or 325 volts depending on where you are. They should discharge relatively quickly, but they might be dangerous for a few minutes.
That may have been true a long time ago in the age of CRT (picture tube) televisions but anything with a flat screen contains a bog-standard switching power supply with a bunch of 450V-or-so capacitors which will give you a nasty bite but not much more than that. In CRT sets it typically [1] wasn't the discrete capacitors which posed a problem but the CRT itself which was used as a smoothing capacitor for the HT power supply. The in- and outside of the back of the tube were (are) covered with a conducting paint (e.g. 'Aquadag' [2], a colloidal graphite coating) with the inside connected to the HT power supply and the outside connected to ground. That 'internal capacitor' can keep its charge for a long time. As to whether it 'can kill you' that seems to depend on a lot of factors ranging from the discharge path, physical condition of the subject and more. There are many reports on people getting zapped who describe it as 'a nasty jolt' but survivor bias means this is not what you should go by - just avoid getting zapped by discharging the tube.
[1] there are exceptions, e.g. older vacuum tube sets which used a mains-driven EHT circuit with discrete capacitors
This is probably obvious, but so important that I feel it's worth saying: do not connect it to the internet! The last thing you want right now is up-to-date software, and chances are very good that if it goes online it will update its software and install all the latest security patches.
You will need to connect it to a network in order to scan it for vulnerabilities, but make that a network that has no internet access.
I would start by doing some searching on the exact make and model, especially searching through the CVE database to see what may be out there. There. If your TV has been connected to the internet, it may have had its software updated to patch any cves, but if it has not been connected, then there's a good chance it is still vulnerable and you can exploit them to get root or further access.
You can also throw scans at it. I would start with nmap and scan all the ports, also do service recognition to try and figure out what exact service is running on the other side of the port. For something like a TV, I would not expect a high success rate with identifying, but it's easy to run. What you can identify, the most important part is typically the version number. You can take that version number and compare it with CVEs with a lot more precision to see if there are vulnerabilities.
You can also try any number of scanners on it, such as nessus or openvas. There are tons of scanners out there so it's definitely worth doing some searches. I would suggest looking at the Kali Linux list of scanning tools, and either running Kali on a machine you have laying around, or use it with docker. If one of these scanners actually crashes the TV, that is ironically a great sign for your purposes.
If the TV has been connected to the internet, and you aren't able to find any vulnerabilities, it might be worth keeping it off the internet for a while to give some time for new vulnerabilities to pop up. That does require a long-term commitment to this project, but it's not like you can't use the TV. I don't connect mine to the internet ever anyway, because I don't want it spying on me and I hate its ads and crappy built-in software. I just use it with a Chromecast with Google TV and good old HDMI.
Depending on what you want to do, it's also worth going thoroughly through the menu and looking for any sort of developer or debug options. Sometimes these menus are very hidden, requiring on occasion weird keyboard incantations in order to even appear as options, but once you get these enabled you can connect using tools like ADB or SSH, and get a shell on the machine.
All in all, good luck! It sounds like a very fun project. It's a shame we don't live near each other because this sounds like a fun weekend project :-)
Good luck. I learned an enormous amount about hardware design from a Philips plasma display I got for free some 20 years ago as it wouldn’t show an image for more than a few seconds and multiple repair people had said “buy a new one” to the business that gave it to me. £10,000 piece of kit, working.
Philips were actually enormously helpful. I just called them up (well, after going to a TV repair shop, picking the guy’s brains, and getting the number from him), got through to their technical service dept, got them to send me the full service engineer manual, schematics and all, and they were happy for me to quiz them on likely root causes - like, the guy I spoke to a few times seemed genuinely excited that someone was actually trying to repair a TV, and correctly pointed me in the direction of a group of oscillators, one of which had a blown cap. Fixed the thing.
Lived on the wall of our office for a decade until it fell off one day. On me. There’s karma.
I shit a brick when you said TV and thought you were talking about old CRTs.
If you're going to hack on an OLD TV or microwave, please don't unless you know what you're doing. If you're still going to continue, at least unplug it for over 24+ hours before cracking it open. Those capacitors may still be charged and will not tickle.
Hacking TVs was a favourite pasttime of mine. There's nothing quite like flashing a TV with AOSP such that it thinks it's 55" smartphone. Lock screen and all.
See if you can find a service manual for your TV. You'll want to get UART as soon as possible.
Just remember crashes are for chumps: https://gist.github.com/Benjamin-Dobell/bb13f6169aaa48625453...
PS. I think that may be my favourite piece of code I've ever written. Mostly because it's completely absurd but worked just fine.
I have a Samsung smart tv which I’ve never accepted t&c and never connected to wifi.
I’d love to make it dumb or at least get rid of the nags to accept t&c or connect when someone accidentally hits the wrong button on the remote. Anything out there to do that?
I want that, so bad. Mine brings up the sign in screen every time you turn it on. I also want the ability to just change channels when you hit the channel button. My TV brings up a mini-guide when you hit the channel button, so that the down button goes up in station number and vice versa. Then once you select a channel, because it's not connected to the web, it blinks on and off for 5 seconds or so while it's trying to find program information from the internet connection it does not have. It's absolutely asinine. I miss the days when TV's were just screens to show whatever input I have connected to them.
Same. I'd be happy to turn it on and not have a menu over half the screen every time.
Not an answer but a follow-up question: is there open firmware for TVs like Openwrt for routers? I have never heard of such a project, but it sounds like it would be useful.
There is this:
https://github.com/RootMyTV/RootMyTV.github.io
Perhaps Google TV(there is both an OS and a service by that name, the OS was once called Android TV)?
https://www.samygo.tv/
That project has fallen victim to people losing interest. A section for 2011 model year TVs has WIP tags for the last 9 years. This might as well have a perpetual under construction shovelling man GIF.
After I install it, then what?
Yes. I’d love this.
The software on tvs is awful. Plus many new tvs have ads baked in.
An open source OS would be a dream.
Software on TV (and worst, set top boxes) is awful is due to the fact that it is an under power CPU and limited memory. The app you saw is either web app in Webkit Embedded or similar embedded, Android app (Android TV) or Roku brightscript app.
SamyGO used to be the go-to place for Samsung OS hacking, not sure how active they still are though: https://www.samygo.tv/
Per https://stackoverflow.com/questions/57528450/adb-connection-... newer Samsungs (after 2015 per https://news.samsung.com/us/six-advantages-of-tizen-os-on-sa...) run Tizen https://www.tizen.org/
https://developer.samsung.com/smarttv/develop/tools/tv-exten...
Whatever you do, don’t touch the capacitors, especially if it’s an old TV, even if it’s unplugged. Could kill you. Old TV caps pack a serious punch (even when unplugged)
The UN24H4500 is an LED monitor.
The big risk in old TVs was the enormous voltages in the CRTs (which acted as a capacitor and stored energy even when off, and even pick up energy from background sources)
Aren't a lot of old TVs 'live chassis' as well as using very high voltages?
I think that's no longer true for modern flatscreen TVs. Older CRT TVs had caps charged to a dangerously high voltage, but all the caps on an LED/LCD TV should be a low enough voltage to be touch safe.
Mains will still kill you, even if its not 3.3kv or what was needed to run a CRT.
Its always best to work out where the mains PSU is, and either cover/isolate it so that you don't touch it by accident. Even if turned off, there is a non-insigificant risk that there is either mains power lying around or some other large charge/current ready to bite.
THe back of the inlet is also tends to be a hazard, so be really careful around there too.
Can't echo this enough. If you're working on anything that has been connected to residential mains... use a multimeter. They're cheap! Check the power supply for residual voltage from PSU caps. Discharge them safely before working on the equipment!
How do you discharge them safely?
The correct answer is "bleeder resistor."
The other answer is "pliers."
(Make a connection across the terminals that have a voltage difference)
Some older flat panels use “cold-cathode fluorescent display backlights” and they’re driven by a high-voltage inverter, I believe - so it’s still a good idea to be wary.
Except for the switching power supply, where you have capacitors charged at (rectified) mains voltage so around 155 or 325 volts depending on where you are. They should discharge relatively quickly, but they might be dangerous for a few minutes.
Touch safe, how about lick safe?
That’s what flyback transformers were for. If you licked them, you’d fly back.
TVs that old didn't need to be hacked.
That may have been true a long time ago in the age of CRT (picture tube) televisions but anything with a flat screen contains a bog-standard switching power supply with a bunch of 450V-or-so capacitors which will give you a nasty bite but not much more than that. In CRT sets it typically [1] wasn't the discrete capacitors which posed a problem but the CRT itself which was used as a smoothing capacitor for the HT power supply. The in- and outside of the back of the tube were (are) covered with a conducting paint (e.g. 'Aquadag' [2], a colloidal graphite coating) with the inside connected to the HT power supply and the outside connected to ground. That 'internal capacitor' can keep its charge for a long time. As to whether it 'can kill you' that seems to depend on a lot of factors ranging from the discharge path, physical condition of the subject and more. There are many reports on people getting zapped who describe it as 'a nasty jolt' but survivor bias means this is not what you should go by - just avoid getting zapped by discharging the tube.
[1] there are exceptions, e.g. older vacuum tube sets which used a mains-driven EHT circuit with discrete capacitors
[2] https://en.wikipedia.org/wiki/Aquadag
Thank you very much! I will keep that in mind.
Ya, i can relate.
Me too. I was about 8 when I took my TV apart and brushed my arm against that capacitor. Packed a wallop, and kept my arm in a ridged state for a bit.
you could try spamming/brute-forcing the IR spectrum with a IR diode in the hope of finding a debug access: https://hackaday.com/tag/smart-tv-hacks/
This is probably obvious, but so important that I feel it's worth saying: do not connect it to the internet! The last thing you want right now is up-to-date software, and chances are very good that if it goes online it will update its software and install all the latest security patches.
You will need to connect it to a network in order to scan it for vulnerabilities, but make that a network that has no internet access.
I would start by doing some searching on the exact make and model, especially searching through the CVE database to see what may be out there. There. If your TV has been connected to the internet, it may have had its software updated to patch any cves, but if it has not been connected, then there's a good chance it is still vulnerable and you can exploit them to get root or further access.
You can also throw scans at it. I would start with nmap and scan all the ports, also do service recognition to try and figure out what exact service is running on the other side of the port. For something like a TV, I would not expect a high success rate with identifying, but it's easy to run. What you can identify, the most important part is typically the version number. You can take that version number and compare it with CVEs with a lot more precision to see if there are vulnerabilities.
You can also try any number of scanners on it, such as nessus or openvas. There are tons of scanners out there so it's definitely worth doing some searches. I would suggest looking at the Kali Linux list of scanning tools, and either running Kali on a machine you have laying around, or use it with docker. If one of these scanners actually crashes the TV, that is ironically a great sign for your purposes.
If the TV has been connected to the internet, and you aren't able to find any vulnerabilities, it might be worth keeping it off the internet for a while to give some time for new vulnerabilities to pop up. That does require a long-term commitment to this project, but it's not like you can't use the TV. I don't connect mine to the internet ever anyway, because I don't want it spying on me and I hate its ads and crappy built-in software. I just use it with a Chromecast with Google TV and good old HDMI.
Depending on what you want to do, it's also worth going thoroughly through the menu and looking for any sort of developer or debug options. Sometimes these menus are very hidden, requiring on occasion weird keyboard incantations in order to even appear as options, but once you get these enabled you can connect using tools like ADB or SSH, and get a shell on the machine.
All in all, good luck! It sounds like a very fun project. It's a shame we don't live near each other because this sounds like a fun weekend project :-)
Prior work for LG televisions: https://github.com/RootMyTV/RootMyTV.github.io
Oh hey great! This might be really helpful. I've actually also got an LG TV upstairs, I'll have a peek at this, could be very helpful!
Rootmytv is Not working anymore if you are above a specific webos version. You can also try fiddling around with a USB to USB device and ADB shell.
Anyone know if there's anything for non-android Sony and Panasonic tv's?
Good luck. I learned an enormous amount about hardware design from a Philips plasma display I got for free some 20 years ago as it wouldn’t show an image for more than a few seconds and multiple repair people had said “buy a new one” to the business that gave it to me. £10,000 piece of kit, working.
Philips were actually enormously helpful. I just called them up (well, after going to a TV repair shop, picking the guy’s brains, and getting the number from him), got through to their technical service dept, got them to send me the full service engineer manual, schematics and all, and they were happy for me to quiz them on likely root causes - like, the guy I spoke to a few times seemed genuinely excited that someone was actually trying to repair a TV, and correctly pointed me in the direction of a group of oscillators, one of which had a blown cap. Fixed the thing.
Lived on the wall of our office for a decade until it fell off one day. On me. There’s karma.
I guess it's the kind of excitement one gets when someone else actively reads the documentation you painstakingly put together.
Must’ve been really nice for those cold days.
Plasmas are great on someone else’s power connection.
We had a great one that almost fully negated the need for a heater in the winter. Blackest blacks!
Still miss it, but probably miss the $5k I shelled out for it.
My 50" 2007 Pioneer Kuro Elite ($5,000 in 2007) still has the best picture I've ever seen. Almost 3D. No repairs/service ever.
Try xda forum.
I shit a brick when you said TV and thought you were talking about old CRTs.
If you're going to hack on an OLD TV or microwave, please don't unless you know what you're doing. If you're still going to continue, at least unplug it for over 24+ hours before cracking it open. Those capacitors may still be charged and will not tickle.