Rooting the ES-series
Due to the WIP status of this, we are working on a non-permanent rooting utility. The plan is to use a USB memory stick based rooting tool, that must be activated manually every time TV is started. Preferably it should be done by linking it to the useless "Family Story" button on the remote control.
This procedure does not work on T-ECPDEUC
Prepare the USB memory stick
Create the SMART-HUB developer account
1. Enter "SMART HUB" screen by pressing the smarthub button on the remote
2. Press the "TOOLS" button
3. Go to "Settings" entry in the Tools menu
3. Press "Create an account"
4. Enter the name: develop and any password (keep it simple this time)
5. EXIT "SMART HUB" and reboot TV
NB! If you can`t create account (option is greyed out)
Then go direct to Login (red or A) and enter:
user: develop password: 111111 (or any other six digits as password)
Installing SamyGO Hack
NB! All your previously installed widgets will be deleted!
1. Start SmartHub
2. Go to Login (red or "A")
3. Go to Settings (blue or "D") -> Development -> Setting Server IP
4. Enter this IP:
5. Press User Application Synchronization
Wait until TV installs widget (SamyGO Extensions)...
This could take a while, it depends on your internet speed. Wait until TV says "done".
6. Exit developer menu, exit SmartHub.
7. Remove any other USB devices connected to your TV. (You can connect them back later.)
8. Insert USB stick. When the automatic selection menu appears, just cancel by hitting [EXIT].
9. Return to SmartHub and you will find a new widget Test2. Execute it.
10. You will be greeted with a white screen that says "Press ENTER to continue", do so.
11. If your USB stick is made properly you will see:
Log: NumUSBs:1 VendorName: <something> ModelName =USB Flash Drive MountPatch=sda1 AvailSize = <something> TotalSize = <something> ---------------------------- Now run web browser to continue
12. Hit [EXIT].
13. Run your web browser two times! Hit [EXIT] after each time.
The second time it should take about 10 seconds before starting. This means that your hack is working.
How To Use
Remote shell of the current ES series is obtained through a reverse shell hack. Standard Telnet (telnetd) and SSH (sshd) daemon implementation have not yet been possible due to a crippled kernel FS, not allowing for proper handling of /dev/pty devices.
This poses some strong limitations on the interactiveness of the shell. Basically, normal ANSI control sequences are not available, which means that you cannot edit command lines at all. You just have to retype everything. In addition, you do not receive any error messages either.
To connect to the shell we use netcat (nc) or telnet from a PC on the local network.
nc <your_tv_ip> 1023 or telnet <your_tv_ip> 1023
nc 192.168.1.1 1023 shell>
We have root shell on ExLink, but shell entry is currently crippled by only allowing HEX characters...
Connect using any FTP client to your TV`s port 21.
user - not required, leave blank password - not required, leave blank