how to block any samsung related network traffic

General forum talking area for T/QT series TVs.

supertommy
Posts: 5
Joined: Tue Jul 03, 2018 3:29 pm

how to block any samsung related network traffic

Post by supertommy »

hello i own a samsung q90 tv and i want to block every kind of internet traffic to samsung or from samsung servers
including ads and stuff like tath, there are solution for donors?

Can i use a dedicated modem/router to block dns? other ways?

Thanks
User avatar
notengo13
SamyGO Project Donor
Posts: 674
Joined: Mon Nov 30, 2015 12:31 pm
Location: SK --> P9

Re: how to block any samsung related network traffic

Post by notengo13 »

supertommy wrote: Wed Sep 22, 2021 5:05 pm hello i own a samsung q90 tv and i want to block every kind of internet traffic to samsung or from samsung servers
including ads and stuff like tath, there are solution for donors?

Can i use a dedicated modem/router to block dns? other ways?

Thanks
I use Asus rt-ac68u with firmware asuswrt-merlin and diversión (adblocker) you can add any url to blacklist including the ones which you need for block firmware updates.
UE48H6640 T-MST14DEUC 2781.0 root latestH --> 2130.0 skypeRoot-->0000-->2115.3 "Skype refueled" Root
QE55QN93A - - >firmware T-NKM2DEUC-1805.4 (backup 1590.0) - - >update CURL60 Error --> CURL28 Error
supertommy
Posts: 5
Joined: Tue Jul 03, 2018 3:29 pm

Re: how to block any samsung related network traffic

Post by supertommy »

i have the same router... can you tell me wich are the ip range to block to avoid tv->samsung servers traffic?

Thanks
sectroyer
Official SamyGO Developer
Posts: 6305
Joined: Wed May 04, 2011 5:10 pm

Re: how to block any samsung related network traffic

Post by sectroyer »

notengo13 wrote: Wed Sep 22, 2021 7:39 pm I use Asus rt-ac68u with firmware asuswrt-merlin and diversión (adblocker) you can add any url to blacklist including the ones which you need for block firmware updates.
This doesn't block a thing. You need to block by dns.
I do NOT support "latest fw" at ALL. If you have one you should block updates on router and wait for it to STOP being "latest":)
If you want me to help you please paste FULL log(s) to "spoiler"/"code" bbcodes or provide link(s) to pasted file(s) on https://pastebin.com Otherwise "NO HELP"!!!
If you want root DISABLE internet access to your device!!!!
DO NOT EVER INSTALL FIRMWARE UPGRADE !!!!
User avatar
notengo13
SamyGO Project Donor
Posts: 674
Joined: Mon Nov 30, 2015 12:31 pm
Location: SK --> P9

Re: how to block any samsung related network traffic

Post by notengo13 »

sectroyer wrote: Wed Sep 22, 2021 8:34 pm
notengo13 wrote: Wed Sep 22, 2021 7:39 pm I use Asus rt-ac68u with firmware asuswrt-merlin and diversión (adblocker) you can add any url to blacklist including the ones which you need for block firmware updates.
This doesn't block a thing. You need to block by dns.
Diversion block by dns.
https://diversion.ch/diversion/diversion.html
UE48H6640 T-MST14DEUC 2781.0 root latestH --> 2130.0 skypeRoot-->0000-->2115.3 "Skype refueled" Root
QE55QN93A - - >firmware T-NKM2DEUC-1805.4 (backup 1590.0) - - >update CURL60 Error --> CURL28 Error
User avatar
notengo13
SamyGO Project Donor
Posts: 674
Joined: Mon Nov 30, 2015 12:31 pm
Location: SK --> P9

Re: how to block any samsung related network traffic

Post by notengo13 »

In Deversion I block all this url

Code: Select all

 1:  msecnd.net # samsung fw update server
 2:  samsungotn.net # samsung fw update server
 3:  otn.samsungcloudcdn.com   # samsung fw update server
 4:  samsungcloudsolution.net # samsung fw update server
 5:  otn-prd-proxy.cloudapp.net # samsung fw update server
 6:  www.samsungotn.net # samsung fw update server
 7:  osb-apps.samsungqbe.com # samsung apps related server, delete root widget
 8:  az28248.vo.msecnd.net # samsung fw update server
 9:  az43064.vo.msecnd.net # samsung fw update server #(forced-entry)
 10:  osb-v2.samsungqbe.com # samsung fw update server
 11:  cdn.samsungcloudsolution.com # Samsung server (firmware)???
 12:  lcprd1.samsungcloudsolution.net # There is more similar. I will block it #(forced-entry)
 13:  gpm.samsungqbe.com # NFI but I blocked it
 14:  notice.samsungcloudsolution.com # some  notice from samsung
 15:  osb-apps-v2.samsungqbe.com # some apps server. in case you can't install apps just whitelist this entry.
 16:  osb-auth-eusvc-v2.samsungqbe.com # another shit for install apps, in you can't install whitelist this one too.
 17:  samsungiotcloud.com # NFI, but it looks to be blocked also, just in case. (i think is SmarThings related)
 18:  img-resize-cdn-prod.samsungnyc.com # it blocks pictures in smarthub apps. NOT necessary to block 
 19:  gld.push.samsungosp.com # NFI. let's block it. 
 20:  ocfconnect-shard-eu02-euwest1.samsungiotcloud.com # some EU Samsung server for spying that's need to be blocked. To be continued......
 21:  cloudfront.net # for now I don't know, maybe some update shit where tv downloads firmware is working at full speed ;)
 22: config.samsungads.com # ads related url 
feel free to update this list

when I try to update fw from New TV or Old TV always I get an error on TV that here is no update or curl60 error or error28
and here is what diversion block when I try to update from qn93A or h6640
I got this errors

Code: Select all

query[A] 
 osb-v2.samsungqbe.com from 192.168.1.56
Sep 22 22:00:12 dnsmasq[10671]: blocked by blacklist osb-v2.samsungqbe.com is 192.168.1.5
query[A] osb-v2.samsungqbe.com from 192.168.13.56
Sep 22 22:00:34 dnsmasq[10671]: blocked by blacklist osb-v2.samsungqbe.com is 192.168.1.5
Sep 22 22:00:34 dnsmasq[10671]: query[AAAA] osb-v2.samsungqbe.com from 192.168.1.56
Sep 22 22:00:34 dnsmasq[10671]: forwarded osb-v2.samsungqbe.com to 87.216.1.66
Sep 22 22:00:35 dnsmasq[10671]: query[A] lcstg1.samsungcloudsolution.net from 192.168.1.13
Sep 22 22:00:35 dnsmasq[10671]: forwarded lcstg1.samsungcloudsolution.net to 87.216.1.66
I have a fait it works, I will be sure when Samsung will launch upgrade via OTN for everybody, then I will see if it works 100%
Last edited by notengo13 on Wed Dec 21, 2022 8:35 pm, edited 5 times in total.
UE48H6640 T-MST14DEUC 2781.0 root latestH --> 2130.0 skypeRoot-->0000-->2115.3 "Skype refueled" Root
QE55QN93A - - >firmware T-NKM2DEUC-1805.4 (backup 1590.0) - - >update CURL60 Error --> CURL28 Error
supertommy
Posts: 5
Joined: Tue Jul 03, 2018 3:29 pm

Re: how to block any samsung related network traffic

Post by supertommy »

I m using skynet instead of diversion because diversion do not work in vpn tunnels or if It work cause DNS leak (not good for TV streaming services). Skynet works blocking ips... I m tryng to find out all Samsung related ip because i can still login in my Samsung account :roll:


EDIT:


the best solution is the one you indicated at the beginning: the diversion script! because it is much easier to block domains (especially using *. wildcards) than to block ip which can also change. After many tests I managed to get everything to work in a vpn tunnel (with some limitations).

Thanks for your help and your time!
supertommy
Posts: 5
Joined: Tue Jul 03, 2018 3:29 pm

Re: how to block any samsung related network traffic

Post by supertommy »

i have locked all thease domains :

*.msecnd.net
*.samsungotn.net
*.samsungcloudsolution.net
*.samsungcloudcdn.com
*.samsungqbe.com
*.cloudapp.net
*.samsungcloudsolution.com
*.samsungads.com
*.samsungacr.com
*.samsung.com

but now nothing works except netflix, all other apps are not staring (like disney and prime video)

do you know wich host is safe to unlock to have only streaming app working?
User avatar
notengo13
SamyGO Project Donor
Posts: 674
Joined: Mon Nov 30, 2015 12:31 pm
Location: SK --> P9

Re: how to block any samsung related network traffic

Post by notengo13 »

supertommy wrote: Fri Sep 24, 2021 2:26 pm i have locked all thease domains :

*.msecnd.net
*.samsungotn.net
*.samsungcloudsolution.net
*.samsungcloudcdn.com
*.samsungqbe.com
*.cloudapp.net
*.samsungcloudsolution.com
*.samsungads.com
*.samsungacr.com
*.samsung.com

but now nothing works except netflix, all other apps are not staring (like disney and prime video)

do you know wich host is safe to unlock to have only streaming app working?
I would try to disable cloudapp.net and maybe samsungacr.com
Try one by one. Compare to my blacklist. Maybe my black list need some more entries. But for now it's working for me.

Also you can check in follow dnsmasq.log which url is blocked when you try start any apps from your TV. And then just remove them from blacklist.
UE48H6640 T-MST14DEUC 2781.0 root latestH --> 2130.0 skypeRoot-->0000-->2115.3 "Skype refueled" Root
QE55QN93A - - >firmware T-NKM2DEUC-1805.4 (backup 1590.0) - - >update CURL60 Error --> CURL28 Error
supertommy
Posts: 5
Joined: Tue Jul 03, 2018 3:29 pm

Re: how to block any samsung related network traffic

Post by supertommy »

this is now my new wildcard blacklisted domains (all subdomains are also blocked)

1: cloudapp.net
2: msecnd.net
3: samsungotn.net
4: samsungqbe.com
5: samsung.com
6: samsungosp.com
7: samsungcloudsolution.net
8: samsungcloudcdn.com

for now all the apps seem to work perfectly, and the tv fails to update (error curl60) and not even to log into the samsung accoutn, so for now it seems to be the right list ... we'll see.

I read that if the dns requests are blocked the tv starts to query the google dns (but this is not our case we modify them) this is the source:
https://phyks.me/2017/12/stop-networkin ... ng-tv.html

EDIT/FIX:
for those like me who have a router that can do it (in my case asus ac86u) to prevent the tv or any other device from trying to autonomously query other dns servers, you can set up an iptables rule that redirects all udp requests on port 53 (therefore dns ) to the server we have decided, on the ac86u you can do it through web-ui, on other linux-based routers you can do it manually. This should prevent the tv from bypassing domain blocks if it makes a dns query directly to the dns server, bypassing the received dhcp settings


thanks very much to user notengo13 for showing me the right way
notengo13 wrote: Fri Sep 24, 2021 7:52 pm

Post Reply

Return to “[T/QT] General”