D series rooting (arm cpu architecture only)

[ailiev]

How to install big yellow font ( subtitles) to my tv (ud40d6000) thanks. Im beginer noob user explain step by step please sorry for my english thanks all. t?rk?ede olur.

Its easy
1) Install SamyGo using the development account and sync with the SamyIP - use this guide from Wiki: http://wiki.samygo.tv/index.php5/Rootin ... cpu_models
2) Start Samy and then use any ftp client to login to your tv (i use flashfxp, but there are free like filezilla). to login use the ip of your tv for the ip address.
3) go to samygo dir ( i think its /mtd_down/widget/user/SamyGO/SamyGO/)
4) download the game.so with the yellow patch from the forum
5) replace the game.so file from the samy folder, with the one you just downloaded.

wait few minutes and restart tv and samy. thats all.

[juusso]

Steeps 2-5 are not needed. Only steep 1, you get all included.

[nobodyXXL]

Hello,

unfortunately there is not much information available in this topic about how this "hack" was actually archieved. For me as a new user reading [1] it looks like all you are doing is install a widget (or extention or whatever Samsung calls it) using a developer mode of the TV (which Samsung apparently supports). Neither does any of the newer topics [2] and [3] provide any useful technical description of what is going on and what assumptions or vulnerabilities are used to archieve the goals set (I'm specifically interested in being able to mount samba or NFS shares). What is confusing me as well is that if all you are doing is indeed only installing a widget, how does (in the technical sense) a firmware upgrade prevent using those widgets? Also, if you are using a widget and then some exploit, I would also like to know what Samsung changed to make it impossible to use.

So I would be very thankful if you could shed some light into this. Feel free to split this post off into a new topic if you think it is inappropriate here.

Thanks

[1] http://wiki.samygo.tv/index.php5/Rootin ... cpu_models#
[2] http://forum.samygo.tv/viewtopic.php?f=22&t=2785
[3] http://forum.samygo.tv/viewtopic.php?f=22&t=3155

[juusso]

You`re talking like you`re from Samsung...

It`s up to you to use SamyGO or not to use it.

I`m not going to explane every security gap what we`re using for this or another exploit. Why?
Because after publishing every detailed how-to, we`re getting it closed with upcoming (forced over otn or not) firmware upgrade.
You should understand why here isn`t so much details about hacks. Samsung is reading us.
If you need more detailed how to, start to reading forum and not those three topics you showed.

Especially if you just need NFS and Samba shares, look at SamyGO Extensions.
If you`re developer, then you can look at the SamyGO Extensions code and sure, related topics and wiki pages, whose links are referenced.

[nobodyXXL]

It`s up to you to use SamyGO or not to use it.

Of course it is. What I am trying to do here is improve this "reverse engineering community", but you will probably disagree that I am.

I`m not going to explane every security gap what we`re using for this or another exploit. Why?
Because after publishing every detailed how-to, we`re getting it closed with upcoming (forced over otn or not) firmware upgrade.
You should understand why here isn`t so much details about hacks. Samsung is reading us.

That seems like the "security by obscurity" approach to me. For me real reverse engineering is something different (e.g. http://events.ccc.de/congress/2010/Fahr ... 87.en.html, Slides, page 11+). Also, there is clearly no reason not to properly document vulnerabilities that have been already closed by Samsung. Yet I haven't seen anything like this on the wiki.

If you need more detailed how to, start to reading forum and not those three topics you showed.

That doesn't make any sense to me. If the information is there, it should be organised so people who want to contribute can contribute easily and have a clear starting point. The reason is simple: if the information is there, Samsung will find it anyway, but a single person who would like to contribute will likely not find it.

Especially if you just need NFS and Samba shares, look at SamyGO Extensions.
If you`re developer, then you can look at the SamyGO Extensions code and sure, related topics and wiki pages, whose links are referenced.

Of course I could do that, of course I could read code but then again I could probably even reverse engineer it myself (a bit) given enough time. The thing is ... some people would like to contribute to this project but do not have the time to reinvent all the wheels just to be able to contribute.

[arris69]

Hello,

unfortunately there is not much information available in this topic about how this "hack" was actually archieved. For me as a new user reading [1] it looks like all you are doing is install a widget (or extention or whatever Samsung calls it) using a developer mode of the TV (which Samsung apparently supports). Neither does any of the newer topics [2] and [3] provide any useful technical description of what is going on and what assumptions or vulnerabilities are used to archieve the goals set (I'm specifically interested in being able to mount samba or NFS shares). What is confusing me as well is that if all you are doing is indeed only installing a widget, how does (in the technical sense) a firmware upgrade prevent using those widgets? Also, if you are using a widget and then some exploit, I would also like to know what Samsung changed to make it impossible to use.

So I would be very thankful if you could shed some light into this. Feel free to split this post off into a new topic if you think it is inappropriate here.

Thanks

[1] http://wiki.samygo.tv/index.php5/Rootin ... cpu_models#
[2] http://forum.samygo.tv/viewtopic.php?f=22&t=2785
[3] http://forum.samygo.tv/viewtopic.php?f=22&t=3155

let me explain in a "SmartMinute", general no vulnerabilities are used here, samsung supports in the "SmartAppsEngine" a "SmartWay" to extend the engine with "SmartFunctions" from shared object files ("SmartLibraries", like dll's on windows). from the libraries you can execute on the system other "SmartCommands" (like start telnet, mount network shares etc...).
not so smart thing from samsung is the idea that just digital signed libraries can be loaded into the "SmartHubEngine" and also not so smart developer(s) forgot to check the signatures for some "SmartClasses" of libraries (mostly games).
on latest samsung "SmartFirmwareUpdate" this hole is closed (at least some "SmartManager" thinking this, because not so smart developer told that this is so).
for "SmartBugfixes" (like drm-disable) "SmartDeveloper", "SmartReverseEnineer" and "SmartAdmin" (none of them are working for samsung, then there are no "SmartPeople" in those organisation, they just make "SmartTV's") figured out what memory regions needs to be "SmartFixed" on the devices and made a "SmartWay" for people (smart or not, is not important) to install "SmartExtension" on the "SmartDevices" over a "SmartNetwork".

hope you're smarter now

[nobodyXXL]

let me explain in a "SmartMinute", general no vulnerabilities are used here, samsung supports in the "SmartAppsEngine" a "SmartWay" to extend the engine with "SmartFunctions" from shared object files ("SmartLibraries", like dll's on windows). from the libraries you can execute on the system other "SmartCommands" (like start telnet, mount network shares etc...).
not so smart thing from samsung is the idea that just digital signed libraries can be loaded into the "SmartHubEngine" and also not so smart developer(s) forgot to check the signatures for some "SmartClasses" of libraries (mostly games).

Oh okay, I think I understand. So they basically do the same vendor-lockin sh1t that Apple and others do with their devices. What I do not understand then is however: What's the point of giving everyone developer access to their TVs if they are not able to run their own software (because it needs to be digitally signed)? Is this really what they are doing?

hope you're smarter now

Yes, I am. Thanks a bunch.

[arris69]

...
Oh okay, I think I understand. So they basically do the same vendor-lockin sh1t that Apple and others do with their devices. What I do not understand then is however: What's the point of giving everyone developer access to their TVs if they are not able to run their own software (because it needs to be digitally signed)? Is this really what they are doing?

...
Yes, I am. Thanks a bunch.

you have dev-access but you just can use the provided javascript (braindead samsung-api) interface, if you like to use lua or "native" lib functions then you need to digital sign the shit.
i think if you are a conten-provider then you can get some develop devices from samsung to test your apps (i guess) / netflix developer(s) how samsung handle this /
but don't really ask me what is going in up in korean brains....

[ailiev]

Steeps 2-5 are not needed. Only steep 1, you get all included.

Samy widget is updated?? the main page for the hack does not say so

many assume u dont have those built-in already, because its not written anywhere...