UE40ES5700 - crapware removal?

[dec0ding]

I implemented proxy approach in PHP
If somebody need it for tampering with infolink it will give some start

http://www.sendspace.com/file/jxt0kw

To make it working
1) setup your web server with PHP + curl extension enabled
2) Associate files with empty extension (*.) to PHP
3) Server must respond to Host: "infolink.pavv.co.kr" .
4) Put openapi folder to its root
5) in DNS redirect infolink.pavv.co.kr to IP of your server.
I use my computer as router and put to hosts : 192.168.2.1 infolink.pavv.co.kr.
To verify if it works run nslookup
server <dns_used_on_tv>
infolink.pavv.co.kr
Should point to your web server.
6) You must either disable HTTPS on TV or enable SSL for your web server and install valid cert.
I dont know how TV verifies the cert. May be a cert from well know CA will fit or a way to replace root CA cert on TV exists. I dont know.
I dumped exeDSP process memory. Looks like it reads some certs from /mtd_rwarea/security and use hardcoded certs if nothing found there.
But I'm not sure. Just looked for ------- RSA PRIVATE KEY ------ strings in the dump. Found 6 private keys there, all password protected
Anyway I just disabled https by changing

Code: Select all

 var WM_SECURE_PROTOCOL = "https://";
to
 var WM_SECURE_PROTOCOL = "http://";

in /mtd_rwcommon/widgets/manager/10120000000/SmartHome/SmartHomeDefine.js

How to decrypt cmk files is written here : viewtopic.php?f=48&t=4994

I'm on UE40EH5307

[dec0ding]

Infolink tampering is needed to prevent of crap reinstallation.
Remove crap right now is easy :

edit /mtd_rwcommon/common/WidgetMgr/info.xml / info2.xml
remove from there undesired widget description blocks such as :

Code: Select all

<widget id="111199000389" name="Yandex" lock="false" removable="true" installedDate="20130111100858341" ispBound="false">
	<icon type="normal">images/icon_95.png</icon>
	<icon type="focus">images/icon_106.png</icon>
	<icon type="icon1080"></icon>
</widget>

rm -rf /mtd_rwcommon/widgets/normal/<widget_id>

reboot tv. I just removed this way family story and some partners widget on the top. Crap is bad

[prairie]

I removed 7 apps this way and within a couple of minutes after starting smarthub it did a "service update" and reinstalled all of them.

[juusso]

what of make those files readonly?
I mean touch empty XML and chmood 0644?

[arris69]

I removed 7 apps this way and within a couple of minutes after starting smarthub it did a "service update" and reinstalled all of them.

you have to manipulate the server response in /openapi/service/widget/gallery and /openapi/service/widget/list. (delete parts of the xml)

smthg like:

Code: Select all

$xml = new SimpleXMLElement(<serverresponse_data_part>); /* or into DOM object */
<manipulate simplexml_object>;
/* send manipulated data with correct headers to tv */
header(<whatever>);
echo($xml->asXML()); /* if you use DOM -> echo($xml->saveXML());*/

regards
arris

[dec0ding]

what of make those files readonly?
I mean touch empty XML and chmood 0644?

Smarthub will request widget list and will try to get in sync with it - delete apps missed in the list but present on TV and install apps missed on TV but present in the list.
It will prompt you of required smart hub update. It will defenitely fail and will be re-requesting update from time to time.
You won't be able to install or uninstall anything.

[dec0ding]

I'm on last posted openapi proxy version and all seem to work good. There were some important fixes there.
I slightly changed my approach. I do not use hosts to spoof infolink anymore because in this case I would also change samsung apps - it also bound to infolink.
I changed infolink address in manager's SmartHomeDefine.js

Code: Select all

var WM_SECURE_PROTOCOL = "http://";
var WM_DEFAULT_OPERATION_SERVERURI = "infolink";

and put into hosts : 192.168.2.1 infolink
This way nothing prevents samsung apps from installing new apps.

How my php's work :

1) Proxy all known requests except openapi/service/widget/gallery and openapi/service/widget/list
2) Gallery return pre-composed responses.
3) List do proxy then tamper with widget list xml to remove some widget.
$remove = !$forced && ($partners || $preinstall);
forced, partners, presinstall refer to <featured system=...>


I tried to minimize modification to manager's code and put maximum logic outside the tv.
Another approach would be to modify manager's code directly without the need of extra web server.
It's also not too hard. But be cautious ! in case of error you can cut yourself from smarthub. Smarthub reset may be required in SM.
Also when sumsung update manager code it will take more effort to make changes in new version.

[dec0ding]

This is how my tv looks now :


Yes I changed default wallpaper. Took some effort in GIMP to recreate transparent square for TV and ADs.
(Now realize should not do it for ads
Anyway, I removed ads by blocking some DNS

Code: Select all

0.0.0.0 log.internetat.tv
0.0.0.0 sso.internetat.tv
0.0.0.0 ns11.whois.co.kr
0.0.0.0 www.samsungrm.net
0.0.0.0 vd.emp.prd.s3.amazonaws.com
0.0.0.0 auth.samsungosp.com
0.0.0.0 fkp.samsungcloudsolution.com
0.0.0.0 fkp.samsungcloudsolution.net
0.0.0.0 ad.samsungadhub.com
0.0.0.0 gld.samsungosp.com
0.0.0.0 openapi.samsung.com

[juusso]

Wow

[arris69]

...
Anyway, I removed ads by blocking some DNS

Code: Select all

...
0.0.0.0 sso.internetat.tv
...

just out of curiosity, can you use the develop widget install in smarthub?