Difference between revisions of "How to enable Telnet on samsung TV's"


From SamyGO
Jump to: navigation, search
m
(moved "The Safe Way" to the top, and added Usage for SamyGO.py)
Line 4: Line 4:
  
 
Read below for a detailed HowTo of the steps taken :
 
Read below for a detailed HowTo of the steps taken :
 +
 +
 +
==The Safe Way==
 +
*Using SamyGO Telnet Enabler Samsung TV application, you can enable telnet of TV without changing firmware.
 +
Enabling telnet with this program is not dangerous '''but''' with wrong telnet commands, still you have a chance to brick your TV.
 +
Download this program to your USB Flash, then plug it into your TV. Using the Content Library from the Pup-Up menu, select USB, then under '''Game''' menu, select and start the SamyGO application once.
 +
The TV will go black and then returns to the menu. This will enable your TV's telnet for one session only. When you reboot your TV (switch off and back on) you need to reopen telnet via the menus.
 +
I advise you to use the Automated script if you plan to do some development on your TV. If you just want to have look how things work, the safe way is better.
 +
[http://download.samygo.tv/SamyGO%20Kernel%20Modules/SamyGO%20Applications Download SamyGO Telnet Enabler Program].
  
 
== Prerequisites ==  
 
== Prerequisites ==  
Line 81: Line 90:
 
*If you know what you are doing and are simply looking for a tool that will do all of the hacking for you, then you can use [http://forum.samygo.tv/viewtopic.php?f=5&t=13&p=22#p22 SamyGO script] (requires python installed on your system) to make all modifications to your firmware. This will produce an exe.img ready to [[#Flash to TV]].
 
*If you know what you are doing and are simply looking for a tool that will do all of the hacking for you, then you can use [http://forum.samygo.tv/viewtopic.php?f=5&t=13&p=22#p22 SamyGO script] (requires python installed on your system) to make all modifications to your firmware. This will produce an exe.img ready to [[#Flash to TV]].
  
==The Safe Way==
+
===Usage===
*Using SamyGO Telnet Enabler Samsung TV application, you can enable telnet of TV without changing firmware.
+
python ./SamyGO.py <path to extracted directory from firmware>
Enabling telnet with this program is not dangerous '''but''' with wrong telnet commands, still you have a chance to brick your TV.
+
example: python ./SamyGO.py ./T-CHL7DEUC/
Download this program to your USB Flash, then plug it into your TV. Using the Content Library from the Pup-Up menu, select USB, then under '''Game''' menu, select and start the SamyGO application once.
+
 
The TV will go black and then returns to the menu. This will enable your TV's telnet for one session only. When you reboot your TV (switch off and back on) you need to reopen telnet via the menus.
+
During the patching process you will be asked to use Enable Telnet or Advanced Mode.
I advise you to use the Automated script if you plan to do some development on your TV. If you just want to have look how things work, the safe way is better.
+
 
[http://download.samygo.tv/SamyGO%20Kernel%20Modules/SamyGO%20Applications Download SamyGO Telnet Enabler Program].
+
Enable Telnet or Advanced Mode on image( T/a )?
 +
 
 +
*If you simply wish to just enable telnet on startup select "T"
 +
*If you wish to automount shares and telnet then select "a"
 +
 
 +
Once the SamyGo Firmware Patcher has completed the patch please flash the new patched firmware to your TV.
 +
 
 +
===Advanced Mode===
 +
If you selected Advanced Mode you will need to create a file called /mtd_rwarea/SamyGO.sh and set the permissions to 755
 +
 
 +
Once you have flashed your TV you will need to use the [http://download.samygo.tv/SamyGO%20Kernel%20Modules/SamyGO%20Applications SamyGO Telnet Enabler Program], to enable telnet. This is a once off.
 +
 
 +
Once you have enabled telnet using [http://download.samygo.tv/SamyGO%20Kernel%20Modules/SamyGO%20Applications SamyGO Telnet Enabler], telnet to your tv and create /mtd_rwarea/SamyGO.sh
 +
 
 +
# vi /mtd_rwarea/SamyGO.sh
 +
 
 +
Add the following to SamyGO.sh
 +
#!/bin/sh
 +
 +
# Enable Telnetd
 +
if [ `cat /proc/mounts | grep -c "/dev/pts"` -lt "1" ] ; then
 +
        echo "telnetd Enabled"
 +
        mount -t devpts devpts /dev/pts
 +
        telnetd
 +
else
 +
        echo "/dev/pts is mounted"
 +
fi
 +
 +
# Open back-door for fixing boot-loop situations
 +
sleep 20            # Allow USB-stick to settle
 +
USB="/dtv/usb/sda1" # USB mount-point
 +
 +
if [ -f $USB/usb.sh ];then
 +
        echo "USB-File detected"
 +
        $USB/usb.sh
 +
else
 +
        echo "Running Normal SamyGO Startup"
 +
        /mtd_rwarea/SamyGO.sh # Run normal startup script
 +
fi
 +
exit
 +
Set the right permissions
 +
# chmod 755 /mtd_rwarea/SamyGO.sh
 +
 
 +
Now reboot your TV and you ready to rock and roll....

Revision as of 10:18, 6 December 2009

(by dynamic1969, edits and extensions by marcelr, erdem_ua, suggestions by olivluca, grajen)

If you are a novice, then I recommend you take some time to read and understand what you are doing first! THIS CAN BRICK YOUR DEIVCE !!

Read below for a detailed HowTo of the steps taken :


The Safe Way

  • Using SamyGO Telnet Enabler Samsung TV application, you can enable telnet of TV without changing firmware.

Enabling telnet with this program is not dangerous but with wrong telnet commands, still you have a chance to brick your TV. Download this program to your USB Flash, then plug it into your TV. Using the Content Library from the Pup-Up menu, select USB, then under Game menu, select and start the SamyGO application once. The TV will go black and then returns to the menu. This will enable your TV's telnet for one session only. When you reboot your TV (switch off and back on) you need to reopen telnet via the menus. I advise you to use the Automated script if you plan to do some development on your TV. If you just want to have look how things work, the safe way is better. Download SamyGO Telnet Enabler Program.

Prerequisites

(if you do not have ALL of these: Google is your friend, at least for the software):

  • a Samsung TV attached to your local network.
  • a hex editor.
    • Linux : okteta and many others
    • Windows: flexhex, neo, and many others.
    • Mac :
  • a crc32 checksum calculator.
    • Linux : okteta 0.3 or later, check, minicrc and many others
    • Windows: flexhex, be wary of little endian (byte-reversed) checksums, possibly others
    • Mac :
  • xor encryption/decryption software.
    • Linux : okteta 0.3 or later, crypt-xor, possibly others. I wrote my own ...
    • Windows: flexhex, possibly others
    • Mac :
  • a normal ASCII editor.
    • Linux : emacs, vi, gedit and and many more.
    • Windows: notepad (Or a word processor. Be careful to save in ascii mode, .txt format)
    • Mac :
  • a telnet client.

Hacking the Firmware

To acquire telnet access to your tv, do the following:

  • Download the firmware package for your tv from the Samsung website and unpack it. As an example in this HOWTO, the T-CHU7DEUC.exe file for a ue40b70xx is taken. This will also work on any other xor-encoded firmware. Just replace the T-CHU7DEUC in this howto with your firmware name. When working on a linux box, you can unpack it with wine or unrar.
  • Decrypt exe.img.enc in the T-CHU7DEUC/image directory using an xor decrypter with key "T-CHU7DEUC" (the firmware root directory name) and name it exe.img
  • Check the CRC32 checksum of your decrypted file (exe.img). It should match the checksum (8-digit hexadecimal number), <xxxxxxxx> given in validinfo.txt _exactly_:
*007_exe.img_xxxxxxxx*011_appdata.img_126fb41f

If the checksums don't match, check the following: Is the downloaded file not corrupted? Is your decryption flawless?

  • Using a hex-editor, make the following changes to the contents of rc.local in the decrypted exe.img file: locate the lines:
export KF_LOG=/dev/null #Remove engine logging.
cd /mtd_exe/

./exeDSP

and replace just the text element marked bold, as shown below: 

export KF_LOG=/dev/null;/etc/telnetd_start.sh&
cd /mtd_exe/

./exeDSP

-> For safety reasons it is recommended that you don't miss the "&" at the end ( this is not yet considered in the SamyGo Script YET! )

Make sure you do not change the length of the image file. To be on the safe side, replace any unprintable characters on the changed line with spaces, but _keep_ the linefeed (0x0a)

And remember: Think before you type.

  • Re-calculate the CRC32 checksum for the updated image.
  • Using a normal ASCII editor, update validinfo.txt in the T-CHU7DEUC/image directory with the new CRC information: Replace xxxxxxxx in this line with the newly calculated checksum (8 hexadecimal digits, be aware of leading zeros):
*007_exe.img_xxxxxxxx*011_appdata.img_126fb41f
  • Encrypt exe.img again, using xor encryption with key "T-CHU7DEUC" and copy it into the T-CHU7DEUC/image directory. Name it "exe.img.enc"

Flash to TV

  • Move the T-CHU7DEUC directory and all of its contents to an otherwise empty USB drive, plugin the USB drive into your TV and manually start the upgrade via the appropriate menu entry on your TV

Result

  • After upgrade, open a shell and start a telnet session on your tv:
$ telnet aaa.bbb.ccc.ddd

with aaa.bbb.ccc.ddd your tv's IP-address. when prompted, log in as <root> This is what you'll see, when connected: 

$ telnet aaa.bbb.ccc.ddd
Trying aaa.bbb.ccc.ddd...
Connected to aaa.bbb.ccc.ddd.
Escape character is '^]'.

localhost login: root
-sh: id: not found
#

You can now start typing commands. For available commands visit the normal places: /bin, /sbin, /usr/bin and /usr/sbin

Automated Way

  • If you know what you are doing and are simply looking for a tool that will do all of the hacking for you, then you can use SamyGO script (requires python installed on your system) to make all modifications to your firmware. This will produce an exe.img ready to #Flash to TV.

Usage

python ./SamyGO.py <path to extracted directory from firmware>
example: python ./SamyGO.py ./T-CHL7DEUC/

During the patching process you will be asked to use Enable Telnet or Advanced Mode. 

Enable Telnet or Advanced Mode on image( T/a )?
  • If you simply wish to just enable telnet on startup select "T"
  • If you wish to automount shares and telnet then select "a"

Once the SamyGo Firmware Patcher has completed the patch please flash the new patched firmware to your TV.

Advanced Mode

If you selected Advanced Mode you will need to create a file called /mtd_rwarea/SamyGO.sh and set the permissions to 755

Once you have flashed your TV you will need to use the SamyGO Telnet Enabler Program, to enable telnet. This is a once off.

Once you have enabled telnet using SamyGO Telnet Enabler, telnet to your tv and create /mtd_rwarea/SamyGO.sh 

# vi /mtd_rwarea/SamyGO.sh

Add the following to SamyGO.sh 

#!/bin/sh

# Enable Telnetd
if [ `cat /proc/mounts | grep -c "/dev/pts"` -lt "1" ] ; then
        echo "telnetd Enabled"
        mount -t devpts devpts /dev/pts
        telnetd
else
        echo "/dev/pts is mounted"
fi

# Open back-door for fixing boot-loop situations
sleep 20            # Allow USB-stick to settle
USB="/dtv/usb/sda1" # USB mount-point

if [ -f $USB/usb.sh ];then
        echo "USB-File detected"
        $USB/usb.sh
else
        echo "Running Normal SamyGO Startup"
        /mtd_rwarea/SamyGO.sh # Run normal startup script
fi
exit

Set the right permissions 

# chmod 755 /mtd_rwarea/SamyGO.sh

Now reboot your TV and you ready to rock and roll....

Retrieved from "http://wiki.samygo.tv/index.php?title=How_to_enable_Telnet_on_samsung_TV%27s&oldid=232"