Tips for hacking a TV?

Question

I've got a spare television lying around (specifically, a Samsung UN24H4500), and I thought it'd be fun to take a crack at seeing what I can do with it. The only hitch is that I've never really done any hardware hacking before, so I don't really know where to start!Any tips and pointers would be much appreciated, in terms of common ways to search for and exploit vulnerabilities, or the exploitation of other televisions. Alternatively, if this is an absolute fool's errand, and the whole thing is locked down tighter than Fort Knox, a firm warning that this is not a good thing to dick around with over a weekend would also be appreciated.

Benjamin_Dobell · Accepted Answer

Hacking TVs was a favourite pasttime of mine. There's nothing quite like flashing a TV with AOSP such that it thinks it's 55" smartphone. Lock screen and all.
See if you can find a service manual for your TV. You'll want to get UART as soon as possible.
Just remember crashes are for chumps: https://gist.github.com/Benjamin-Dobell/bb13f6169aaa48625453...
PS. I think that may be my favourite piece of code I've ever written. Mostly because it's completely absurd but worked just fine.

robin_reala · Answer

SamyGO used to be the go-to place for Samsung OS hacking, not sure how active they still are though: https://www.samygo.tv/

pabs3 · Answer

First step would be to contact Samsung and ask for the Linux kernel and other open source code for your TV. Without it you won't be able to replace the original OS properly. Also mention to them that they have to allow you to update Linux on the TV or they have to stop using Linux on their TVs.https://sfconservancy.org/blog/2021/mar/25/install-gplv2/

madaxe_again · Answer

Good luck. I learned an enormous amount about hardware design from a Philips plasma display I got for free some 20 years ago as it wouldn’t show an image for more than a few seconds and multiple repair people had said “buy a new one” to the business that gave it to me. £10,000 piece of kit, working.
Philips were actually enormously helpful. I just called them up (well, after going to a TV repair shop, picking the guy’s brains, and getting the number from him), got through to their technical service dept, got them to send me the full service engineer manual, schematics and all, and they were happy for me to quiz them on likely root causes - like, the guy I spoke to a few times seemed genuinely excited that someone was actually trying to repair a TV, and correctly pointed me in the direction of a group of oscillators, one of which had a blown cap. Fixed the thing.
Lived on the wall of our office for a decade until it fell off one day. On me. There’s karma.

fph · Answer

Not an answer but a follow-up question: is there open firmware for TVs like Openwrt for routers? I have never heard of such a project, but it sounds like it would be useful.

purple-leafy · Answer

Whatever you do, don&rsquo;t touch the capacitors, especially if it&rsquo;s an old TV, even if it&rsquo;s unplugged. Could kill you. Old TV caps pack a serious punch (even when unplugged)

atoav · Answer

you could try spamming/brute-forcing the IR spectrum with a IR diode in the hope of finding a debug access: https://hackaday.com/tag/smart-tv-hacks/

pabs3 · Answer

I read Vizio TVs run Linux/systemd, after this lawsuit concludes, you should be able to get the source code and reinstall Linux at least.https://sfconservancy.org/copyleft-compliance/vizio.html

freedomben · Answer

This is probably obvious, but so important that I feel it's worth saying: do not connect it to the internet! The last thing you want right now is up-to-date software, and chances are very good that if it goes online it will update its software and install all the latest security patches.
You will need to connect it to a network in order to scan it for vulnerabilities, but make that a network that has no internet access.
I would start by doing some searching on the exact make and model, especially searching through the CVE database to see what may be out there. There. If your TV has been connected to the internet, it may have had its software updated to patch any cves, but if it has not been connected, then there's a good chance it is still vulnerable and you can exploit them to get root or further access.
You can also throw scans at it. I would start with nmap and scan all the ports, also do service recognition to try and figure out what exact service is running on the other side of the port. For something like a TV, I would not expect a high success rate with identifying, but it's easy to run. What you can identify, the most important part is typically the version number. You can take that version number and compare it with CVEs with a lot more precision to see if there are vulnerabilities.
You can also try any number of scanners on it, such as nessus or openvas. There are tons of scanners out there so it's definitely worth doing some searches. I would suggest looking at the Kali Linux list of scanning tools, and either running Kali on a machine you have laying around, or use it with docker. If one of these scanners actually crashes the TV, that is ironically a great sign for your purposes.
If the TV has been connected to the internet, and you aren't able to find any vulnerabilities, it might be worth keeping it off the internet for a while to give some time for new vulnerabilities to pop up. That does require a long-term commitment to this project, but it's not like you can't use the TV. I don't connect mine to the internet ever anyway, because I don't want it spying on me and I hate its ads and crappy built-in software. I just use it with a Chromecast with Google TV and good old HDMI.
Depending on what you want to do, it's also worth going thoroughly through the menu and looking for any sort of developer or debug options. Sometimes these menus are very hidden, requiring on occasion weird keyboard incantations in order to even appear as options, but once you get these enabled you can connect using tools like ADB or SSH, and get a shell on the machine.
All in all, good luck! It sounds like a very fun project. It's a shame we don't live near each other because this sounds like a fun weekend project :-)

walterbell · Answer

Prior work for LG televisions: https://github.com/RootMyTV/RootMyTV.github.io

memcg · Answer

Per https://stackoverflow.com/questions/57528450/adb-connection-... newer Samsungs (after 2015 per https://news.samsung.com/us/six-advantages-of-tizen-os-on-sa...) run Tizen https://www.tizen.org/

zhrvoj · Answer

It's fun reading all that posts about dangerous caps, dangerous flyback transformers... Those fears, and your findings I can read - were/are something normal in my world. I was paid to do that. But faked technology advance, ruined service techicians job. And now mices take over... So you have it. Deal with it. And be afraid - be very afraid :)

rgovostes · Answer

A decade ago my LG plasma TV had a serial port for using it as digital signage (I think). If I spammed the serial port during boot I could interrupt U-Boot but they had disabled echoing out. I never figured out if I could do something useful or not.

stoobs · Answer

Anyone know if there's anything for non-android Sony and Panasonic tv's?

beretguy · Answer

Get an axe.

laserstrahl · Answer

Try xda forum.

alfiedotwtf · Answer

I shit a brick when you said TV and thought you were talking about old CRTs.If you're going to hack on an OLD TV or microwave, please don't unless you know what you're doing. If you're still going to continue, at least unplug it for over 24+ hours before cracking it open. Those capacitors may still be charged and will not tickle.