SamyGO

Hi All,

I'm not sure if there's much life in these forums, but wanted to try reaching out anyway. I've got a Q80R (2019) TV. The firmware packages that it uses are marked "MSDU11" which appears to be the next version after MSDU10 discussed here: viewtopic.php?t=6262.

The new header format is more-or-less the same as what robert documented 8 years ago. I've attached "format.txt" which revises his work to reflect the updated format.

The big difference seems to be that the entire payload is bundled up as a single OpenSSL-encrypted block. The header still enumerates a number of subsections, but none of them are visible.

That's where I've run into a brick wall. I'm unable to decrypt using any of the keys found in earlier SamyGo extractors. Not really surprising; why wouldn't Samsung change the key knowing that earlier ones are out there?

If anyone has the key for this firmware, would be great to receive via PM. Alternately, a clean copy of a Q80R firmware dump would be helpful as a start for RE. I'm pretty hardware-savvy but tearing up this TV would not make me popular with the family, so extracting/modifying flash contents is way out. Maybe if there's a smaller, cheaper model with the same key...?

Thanks,
Allen

This Nov 19th 2021 release from Synacktiv re: Rooting the Q60T appears highly relevant, too. Looks like they're going to release additional info at some point. https://www.synacktiv.com/sites/default ... art_TV.pdf

The original exploit appears to be patched, but... still good info.

And while I'm sure it's here somewhere, wanted to get this stuff together in a single place:

https://labs.f-secure.com/blog/samsung- ... -smart-tv/

Synacktiv is worth investigating, but yeah useless to everybody who doesn't block updates Regarding f-secure it's mostly old stuff, they did some good research but it's not in this pdf