SamyGO

[ptflinders]

Just bought a UE40D6530, I asked Samsung about availability of GPLed source code only to receive the reply that there wasn't any open source code in the TV!

Now I can well believe that Samsung "support" misunderstood (they gave me a truly bizarre suggestion when I pointed out that you can't even delete PVR content from an attached USB disk) or are bluffing but taken with the fact that the D Series don't seem to support USB drives formatted with ext2fs it's disconcerting.

Are we sure they're still using Linux on these TVs?

[zibri2]

I will be getting a UE46D7000 in a few days.
I'm 99% sure it's linux inside.
I will be more specific afterwards.

[jgrimme]

Hi All, I've just bought a ue32D5520 in the UK.

Very worried that Samsung may have ditched Linux. I'm a Linux sysadmin, so was *really* looking forward to hacking the TV...

The D5520 has the "Smart TV" interface, video on demand apps (youtube, iplayer, lovefilm etc..) and accesses the Samsung apps store.

BUT, I can't find a web browser, search box or option to install skype in the smart hub. This TV will not record to USB, though I didn't really expect this!

Presumably the D5520 has lower spec hardware to the D6xxx and D8xxx models? The only info I can find is that there is 1GB of flash for storing apps on the TV.

Incidentally, the Samsung iphone "TV remote" app works very well with this TV.

I'll run nmap tonight to see what network ports are open. I can't see a serial port on the back of the unit, there are a couple of 3.5mm sockets, but these are marked up for audio & video. Do Samsung still put serial ports on their TV's ?

Picture quality is fantastic, so I'm going to keep this !

Cheers

Jake

[prairie]

I have the D8000 U.S. model, skype and browser are included but no record to usb. Let me know if I can help with any testing.

cheers

[jgrimme]

Hi All,
nmap fingerprint scan thinks there is a Linux OS inside the D Series:

root# nmap -O v 192.168.1.68

Starting Nmap 5.51 ( http://nmap.org ) at 2011-05-05 21:25 IST
Failed to resolve given hostname/IP: v. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
Nmap scan report for 192.168.1.68
Host is up (0.0072s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
50000/tcp open ibm-db2
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.31
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.19 seconds

I tried to telnet in to port 50000, but the connection got dropped when I typed "?" or "help", I guess the iphone remote uses this port to control the TV, not sure how useful sniffing this is.

Looked at the 1007.2 software update USB files, there is a big fat file in the update (exe.img.sec) which starts off with "Salted__" so this is encrypted.
Has anyone made any progress on decrypting the system images? How were the Samsung A/B/C version keys obtained?

I can put the TV into service mode (TV off, hit INFO MENU MUTE POWER keys in this order.) And here it's possible to change the serial port (RS232) from UART to either logic or debug modes. Does anyone have any idea on how to physically access the serial port, as the 3.5mm jacks are labled up as audio & video?

It's also possible in the service mode to clone the TV to USB, switch to hotel mode and other stuff, which all looks similar to the earlier models.

Very much feel like I'm digging in the dark here, any ideas gratefully received!

Cheers

Jake

[juzis]

You could try to set rs232 to debug in service menu and make ExLink cable for C series. Connect to VGA port...

[jgrimme]

Hi Juriz,

Thanks for the tip, just found the info on serial over VGA:
https://sourceforge.net/apps/mediawiki/ ... r_C-Series

I've got a 3.3v TTL serial>USB cable kicking around, so I'll try soldering this to a VGA plug tomorrow. Not sure how far this will get us, but I'll report what I see.

Incidentally, a good source of pre-made 3.3v TTL serial>USB adaptors can be an old cell phone data cable. Google for this as they are very cheap on ebay, and you just need to cut off the mobile phone plug...

Cheers

Jake

[prairie]

Definitely is linux based, you can pull up the open source disclosures, including an email address to send for more info, in one of the general sub-menus. for rs-232 access just use the ext-link connection. What does it mean to clone to usb? thanks

[jgrimme]

Hi All,

Sorry for the delay - it took me longer than I expected to butcher a VGA cable and mate it to my serial adaptor.

The good news, is that I've managed to get debug output from the serial port - this PROVES we have Linux on board:

init started: VDLinux-BusyBox v1.14.3-VD Linux VDLinux.1.2.1.x (2011-01-18 11:04:20 KST)

mention is made of 512MB DRAM, Mips32_R2 CPU

to see the log, look at http://pastebin.com/6aDaawKW

Cheers

Jake

[zibri2]

Same here!
I connected the serial port to the VGA port.. (by the way I used a cheap CA-42 cable, connected to pins 4,5 and 11)

Once the port is set from UART to DEBUG, I see the debug log.

Problem: It seems it's DEAF.. and can't receive commands of any kind. Not even sending a number and sending [cr] makes it change channel or anything.

I also tried to decrypt the firmware "T-GAPDEUC" but no success.

I only need a shell on the serial port.
Can anyone help?