SamyGO

So for me game was over when I got TV, because I got it with this FW

Regarding the auto-update process - surely it has to use the network to check for new firmwares. This means it can be intercepted at DNS level (and write a custom rule in dnsmasq (I assume most routers have the option of custom firmwares and give you the ability to change DNS responses), or at firewall level (drop all traffic to destination X).

The question would be - what's the destination that needs to be blocked? One way to do it would be to run packet capture on the router and catch the traffic that checks for a new firmware (I'm guessing if it finds it it also installs it, so that would be bad...)

I'm a noob with regard to this firmware, but, if you guys can get the latest firmware from samsung, can't you unpack it and get a list of strings that might point to an update URL (I'm guessing it's done over HTTP/HTTPS)?

If this information is located, then we can write some tutorials for users to block updates from DNS/Firewall instead.

What do you think?

sashita79 wrote:So for me game was over when I got TV, because I got it with this FW

Disable auto-update in normal menu. Who knows. Maybe now samsung respect users choice...

mad_ady wrote:Regarding the auto-update process - surely it has to use the network to check for new firmwares. This means it can be intercepted at DNS level (and write a custom rule in dnsmasq (I assume most routers have the option of custom firmwares and give you the ability to change DNS responses), or at firewall level (drop all traffic to destination X).

The question would be - what's the destination that needs to be blocked? One way to do it would be to run packet capture on the router and catch the traffic that checks for a new firmware (I'm guessing if it finds it it also installs it, so that would be bad...)

I'm a noob with regard to this firmware, but, if you guys can get the latest firmware from samsung, can't you unpack it and get a list of strings that might point to an update URL (I'm guessing it's done over HTTP/HTTPS)?

If this information is located, then we can write some tutorials for users to block updates from DNS/Firewall instead.

What do you think?

I was thinking in the same way, but unfortunately if TV did not reach the desire site, the smart functions are disabled.
I was discussing with friend of mine and according to him, TV is using ssl and trying to get a special certificate, so reaching the goal will be not so easy
Till now I did not have any time, but I going to sniff the traffic from TV.
But since two days my TV is not updating and still remaining with "old" 1033.1 with announce that there is new 1034 FW

sectroyer wrote: Disable auto-update in normal menu. Who knows. Maybe now samsung respect users choice...

Hopefully yes

Indeed, it will be trickier to spoof the result if the TV checks for a trusted certificate. I assume it would be difficult to add your own certificate as a trusted CA in your TV...

One more thing worth trying - maybe it checks for new firmwares only on startup and if you start with network unplugged it won't find a new firmware, but ***maybe*** when you plug networking back in, it skips checking for new firmwares... Just a hope...

mad_ady wrote:... maybe it checks for new firmwares only on startup and if you start with network unplugged it won't find a new firmware, but ***maybe*** when you plug networking back in, it skips checking for new firmwares... Just a hope...

No, I already check this, as soon as internet (no network) is ON, TV is checking for FW

Bummer...

mad_ady wrote:Regarding the auto-update process - surely it has to use the network to check for new firmwares. This means it can be intercepted at DNS level (and write a custom rule in dnsmasq (I assume most routers have the option of custom firmwares and give you the ability to change DNS responses), or at firewall level (drop all traffic to destination X).

I've already seen various requests going out to (probably hardcoded)
IPs without any corresponding DNS traffic before (and this was captured
over weeks so probably no TV internal cache has hit).

Build a real router using a real OS, run an intercepting squid and you
can filter quite comfortably using standard ACLs and bump/splice for
SSL. Speaking about SSL: I've found some sites to get their certs
checked (mostly the SmartHub shit which I don't use so no harm
is done). Fw updates themselves don't use SSL - last time I checked
it they wanted to do things like:

http://az43064.vo.msecnd.net/firmware/t ... Item_8.dat

But of course YOU CAN'T RELY on that it stays like this forever so
you're only on the safe side if you DENY EVERYTHING AS DEFAULT,
and only enable dests you can trust. As I said before this includes
disabling SSL or at least bumping it.

Hi , I have a UE60H7000 , but I didn't enter the service menu ?!?! How can I enter ?

vera wrote:Hi , I have a UE60H7000 , but I didn't enter the service menu ?!?! How can I enter ?

Yes. Disable OTN Support ASAP