This is the first document you have to read


From SamyGO
Revision as of 10:47, 5 March 2012 by Latas (talk | contribs) (What is ExLink)
Jump to: navigation, search

This article is specially written for everyone who wants to hack their TV's.

Important things to take in care when you read this article.

  • Take in care the dates when the things are referenced.

The information changes and some of it written here today will become obsolet tomorrow. So let's begin.

Before to begin

What are TV's series?
I'm not talking about small films of duration splited in several chapters. I'm talking about the serial identification code of each Samsung TV.
Usually is composed by:

  • a international region code, it could be UE (for Europe), US for United States,
  • the TV size in inches, maybe 40, 46, 50, 55 and so on,
  • a code for the Serie, which usually is A, B, C, D,
  • and the code of your TV model inside that serie.

For example:
UE40C8000

You will find a lot of references about series on the SamyGO wiki. Take this information in care, because depending on this you will have to take one action or other, and some information could be valid for you or not.

Hack your TV can be a very easy procedure, or a very complicated procedure. What depends on?

Well, Samsung TV's, runs Linux based OS. So, this meas, as much knowledge you've got from Linux, more comfortable you feel when you proceed to hack your TV.

Does this mean if I don't know Linux, I can not hack my TV?

No. Following the instructions you will be able to hack it, but you will have to take care about what are you doing. And this is the important part, if you don't have linux knowledge you won't know what are you doing, just simply following a script as a film.
So, first thing we should know, if you've got doubts, DO NOT FOLLOW! Take your time, read the documentation, and if you need further info, ask.

What is the worst could happen?

You can brick your TV.

What means brick?

Basically you will have a TV with problems. Some part of its funcionality could be broken.

What functionalities of my TV are in risk if I decide to hack my TV?

March, 3, 2012.
There are several procedures to hack your TV defined in the SamyGO wiki. The concept of all of them is the same. Modify the internal system of your TV that mount your USB devices to do something more before to proceed to the mount step. Depending on your Firmware installed on your TV, you will be able to use one hack way or both.
So this means, the most important part in risk when you decide to hack your TV, is the USB system of your TV.
You should take a look to the firmware version of your TV, that you can check in the menu option of update firmware of your TV. With that information you can check the table in the SamyGO wiki to know what kind of hack you could use.

Is there an undo procedure if I break my TV?

Usually yes. But not as easy as undo. If you simply followed the hack steps, then there is an option to restore your TV. If you made a big disaster when you did login into the system, and you broke other things, then that will depend. I will explain later the "panic connection" to the TV.

Internet TV Hack

This hack consist of the installation of a Smart TV app, that will do some operations to proceed with the hack. The exploit used in this type of hack was fixed by Samsung in new firmware releases, so if you've got your TV updated to the latest firmware available you won't be able to use this. Forget it.

Hotel Hack

This hack consist of make an import of files from an USB memory stick in the Hotel mode of your TV.

What is Hotel Mode?

Samsung TV's, some models, many of them, has an option, to make the TV works when they're installed in hotels. This makes the TV to work in an isolated environment, that protects some functions from the modifications hotel guests want to do. Because there are usually many rooms in a hotel, the service menu of Hotel option, has the choice to make a configuration, and export it to an USB stick, and also import it from a USB stick. The goal of this, is get an easy way to replicate information to a lot of TV's. In your house, you won't use Hotel mode, but this feature, to export and import files, will be used, to inject some modificated files, to operate as we want to open a backdoor in the system, and then get access to it.
I'm not going to explain here, step by step, how to hack the TV by this way, but I will continue giving advices about the procedure.

"Panic connection" to the TV

I decided to name this, the Panic Connection, because usually everyone proceeds to hack their tv's without take this in care. If something goes wrong, and you loose some TV features, you get panic. And you will try to look for how to connect to your TV to fix what you've done, and you will get more panic.

So what to do to fix your panic?

It is ExLink.

What is ExLink

ExLink in some series ( Usually A, B ) consist of a cable ( Enable Serial Console on non CI+ Devices ), which has in one side a 3.5mm jack, like the audio ones, and on the other side an RS232 ( Serial ) DB9 connector. This cable will allow you to connect your PC computer to the TV, and enter in the Serial mode. It's the emergency door to your TV. To communicate with your TV using this port, you will have to use a Serial Communications Software, like Hyperterminal from Windows. Windows 7 removed Hyperterminal from the operating system, but you can download it from several websites. Just Google it.
If you feel more comfortable from other tools or Operating Systems like Linux, use others. If your TV is from this series, then you can buy the cable, or make your own one.

For C,D Series. There is no ExLink any more. I say this, because the serial communication exists, but the concept ExLink as cable not. So don't buy an ExLink cable for your C,D series, because you can not use it in this models. So the communication, we can say, is made with other methods, but the emergency door exists in this models aswell. So, for C, D series, the serial connection is made thru the VGA port of your TV. The explanation about this is in the wiki, but I will give a recommendation from here. Many of us are not comfortables making electronic circuits, and this operation requires it. We don't need a cable, we need a converter. The signal we get from an VGA port adapter, is in TTL convention. It means the power intensity we've got in circuits like that is around 3.3V. On the contrary a serial port, works at 10V more or less. So before we could connect the VGA port from the TV to a serial port in a PC, we need to adapt the power of both communciatios. Then we need a converter. The converter is called RS232 to TTL converter.

Rs232 to ttl big.jpg You can find it a Amazon for example.
Take in care, this not a RS232 to USB converter. That's a second step. So the first we need is, convert the TTL signal, into a RS232 signal. Then we can convert that signal to USB.
You can use a RS232 to USB converter. New models requires no drivers, and works even with Mac.
Rs232 to usb.jpg You can see here in Amazon too.

Ok and now what?

Jumper wires.jpg Well if you don't want to soldier anything you can use wires jumper to connect the converter and the TV. I will try to use cables like this.

If you took a look to the converter, you see there are several pines in one side of the converter. You will provide power in two of those pines and you will have to connect the pines for RX, and TX as explained in the wiki. I don't want to put here all the information because probably in the wiki there will be information that you should read. This is one of the main problems, because I decided to write this. Because if you follow one post of this forum only you're missing important information from other place and viceversa.
So you will need a power adapter that provides to you 5V. You can find one of this in a lot of phone power supplies, because usually they work at 5v. So you can probably get a USB cable that you don't need and cut on of the sides.With the help of a polymeter, you can identify which are the wires for +5V and -5V signals. Then you can use a jumper wire to connect to that wires and then finally plugin in the correct pin of the RS232 coverter. In that way you will be providing power to your converter. This will increase the power of the signal from 3.3V-5V to the 10V power needed. Using the same type of jumper wires you can connect the other pins as explained in the Wiki.
Finally connect the RS232 DB9 connector, to the RS232 - USB adapter, and the USB adapter plugged in your USB port of your computer. Then you can run hyperterminal, and open a serial connection with your TV. The procedure from here is read the emergency steps you have to do thru this serial comms, in the forum post of hacking your TV using Hotel method.

Well, if you've read until here, you now got more knowledge than before, isn't it?

So, what we've learned?

  • 1.- Hack is critical.
  • 2.- Our TV can be broken.
  • 3.- There is a method to make it alive again, but depends on the disaster you've done.
  • 4.- Always we should get ready to stablish the "Panic Connection", which requires specific hardware. Ex-Link or RS232-TTL Converter.



And now, you can stop here, or continue. My Last Message, if you're not experienced user, prepare your Ex-Link or RS232-TTL Converter before continue.
I consider myself an experienced user, and I've got my TV USB bricked :)



Road to the Hack

Well, you're here :)
It looks you're ready.
There is no much to say here, but I will do several advices.

March, 03, 2012
The binary image file referenced in the SamyGo wiki, to hack using this method (Hotel Hack), have been removed because of the bricks produced with it.
So you have to use the Hotel hack manual method.
But don't go away so fast from this page. Please continue reading this document, and you can go to other page when you finish it. It is for your safe.

To prepare the files you will need to upload to your TV, you will need Linux.
All the steps referenced in that installation procedure are made within a Linux system.
There are some steps not explained in that forum post, but if you read the SamyGO wiki hotel hack, you will be complementing the information you need.
Remember most of the information in that wiki page can not be used because the main file you need is not available anymore for safety reasons, but the most important part of the procedure you will have to do it using the Hotel Hack manual method, referenced here before.

In a very intelligent way, the guy who explained the hotel hack, included into the script, a way to auto remove the hack two minutes after installed.
It means it will be auto removed two minutes after you apply the hack.
Now you don't understand this, but please continue reading.

  • This is the script which contains this lines:
#!/bin/sh
sleep 120
echo killself >>/mtd_rwarea/cmd1
sh -x /dtv/usb/sda/run4.sh &
rm -rf /mtd_rwarea/usb_mount/usb_cmd
rm -rf /mtd_rwarea/usb_mount/usb_mount
rm -rf /mtd_rwarea/usb_mount/killself.sh
  • Listen, do not remove this by the way.

If you want, increase that time.
Instead 120 seconds, set that time for example at 3600 seconds. (One hour)
The goal of this is, during the first minutes, you will stablish contact with something completely new. The posiblities you break something are potentially high. If you changed the time to 3600, after one hour in the worst of cases your TV will to work as before. When you made all the modifications you want for your system, and everything is tested and working perfect, you can then remove that script, or upload the hack again without that lines in that file, as explained some posts later in that hotel hack topic.

After that hour your hack will be removed. But it will be easy to upload it again because you will have your USB stick, with all the files needed prepared from the last time. So the only thing you need to do, if you want, is remove or comment the lines that makes the hack autoremove by itself and upload it again to the TV in the same way as you did before.

Because this method consist of a modification in the moment of mounting the USB devices in the TV, one of the things that commonly happens is, you break this system and you can not mount any USB device anymore.

Is that a problem?

Sure it is.

  • Your situation will be:
You can not mount your hard disks, 
you miss the capability to reproduce films thru USB, 
you've lost any capability to run any command from your hacked system, 
you can not flash any firmware because you can't access to the USB, 
you can not apply again the hack because you can not upload files to your TV
  • so your TV lacks the choice to get information from the outside world, except from network port or serial comm.

So if you're in this case, as I am today, in the moment of writing this post, then you only got two options:

  • first one, if you're lucky samsung releases a new firmware that replace the partitions stored on your TV, and luckly you check today and you can update your TV thru Online option, and you fix the problem. This is low probably if you've got your tv updated to the latest firmware, as usual for most users.
  • You have to use the "Panic connection".

Can this be fixed with the Factory Reset?

No. It's true there is an option in the Service Menu, where you can make a Factory Reset. That options clear information about your TV setup, but does not remove files, at least the files that resides in the partition, where the new hacked files where copied.

Could I use other methods to send serial commands without the use of Ex-Link adapter or cable?

I see, some Samsung TV models, can be managed thru network against the serial comms, and use the phone as a remote control. Could I send the needed commands to the serial port from here, or using the German Application ruSamsung TV? I guess not. You have to enable the Serial Communication, and it looks it can not be done thru this communication. It is only able thru the Ex-Link connection or VGA Port connection.

It could be possible to remove the hack from a Widget developed in the internet TV?

Well it could be. I tried, but it didn't work because my TV is in a firmware release that has fixed the choice to get access to files on the Samsung TV operation system disk located outside of the Widget user folder. If your firmware release is old and in your case the Internet TV hack is a good option, then if you make some mistake and you've lost the ssh connection, and you've lost USB capabilities, then you could develop an small Widget App, with 4 lines of code, that could remove the files you copied in the hack. I will try to talk about this later and developing a sample. But I guess it won't be very useful, because once Samsung release new updated firmwares, the users, usually update their systems. So internet hack today, we could say is deprecated. Unless you decide to downgrade your firmware to get access to this hack, and then upgrade. But many users confirm that this hack stop working when you upgrade.
So at date of this post, the power is hotel hack for most users.

SamyGO Extensions. What are they?

Well, once you've installed your hack, you will do some important things. A lot of users usually want to do the same, which is, get SSH access, get FTP access, share Samba drives, or share NFS drivers. SamyGO Extensions, is a pack of utilities, prepared in a folder structure, to be run, from the USB device when you plugged in to your TV.

Because the hack you've done in your TV, has the ability to run an script called run.sh in the root folder of your USB device, if you copy SamyGO extensions, in your USB device, and then you modifiy the file run.sh to call the SamyGO startup script, then your system will load all you needs when your USB device connects to your TV.

Some people, ( as me :) ) thought why not to copy SamyGO extensions in the own Samsung TV flash disk ( the own memory of the TV ) to be loaded in the same way, but without the need to read it from the USB disk. WRONG!. Probably, as everything, it could be done, but forget to do that, and you will be far from brick your TV.

I will try to post a second detailed part of this post, when my restore TV process begins, I hope next week. By the way I'm waiting for the RS232-TTL adapter.

I also will try to complete all of this information with the links to the forum posts and SamyGO wiki as it is referenced in some parts of this post.