Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: RootMy.TV (rootmy.tv)
361 points by Retr0id 6 days ago | hide | past | favorite | 119 comments





This looks really cool, but after I first learned about Automatic Content Recognition and all the ridiculous anti-privacy things these smart TVs do, I adopted a policy: A TV is a big dumb monitor, that's it, and it never ever gets internet access. So, for better or for worse, all of my TV needs go through an Apple TV, and I block Apple's 17.0.0.0/8 for that client just in case it wants to get a little too chatty about my habits with Apple. YouTube is AFAIK the only thing on there that's able to spy on me, mitigated to some extent I hope with pi hole, and 90% of the time I'm in plex or an IPTV client.

You might want to build a faraday cage for it too - one can also exploit TVs that are not connected to the internet at all, via DVB-T.

https://twitter.com/David3141593/status/1481993413843161092


I think the person you’re replying to is more concerned about privacy implications than a security exploit involving an exotic TV airwave signal attack.

It's great that more people have become security aware over the past five years. Hopefully in the next five years they'll learn about threat modelling.

I think the person you’re replying to is making a tongue-in-cheek comment.

Time to jam my soldering iron through the wireless chipset!

"Error 6942: Wireless chip authentication failed. Please visit an LG® Authorized Reseller™ to purchase a replacement Home Entertainment Destination."

Wow, I've been investigating Intel Management Engine lately, and this comment feels quite poignant.

There was a long history of "jailbreakme" sites where one would "slide to jailbreak" their Apple devices because of their long history of under-investment in security.

This site is a spoof of jailbreakme, so using Apple devices as a defense is an somewhat amusing choice.


privacy != security

Exactly, never ever connect a smart TV to internet. Instead, connect a Apple TV/FireStick/ChromeCast/Android TV/Raspberry Pi to do the "smart" things and if they break, they will be cheaper and easier to be replaced than a TV.

Why do you prefer sticks spying on you than TVs?

Not parent commenter, but it's a lot easier to swap out a stick spying on you for one that doesn't than it is do do the same with TVs. Likely an order of magnitude in price difference, too.

> it's a lot easier to swap out a stick spying on you for one that doesn't than it is do do the same with TVs

Serious question: Which sticks don't spy on you? My understanding is that all of them do, but I could be wrong.


Doesn't Plex report all your media content and metadata to their central servers? Why not use one of the XBMC forks?

At minimum they employ multiple dark patterns with the aim of getting you to fork over your email/agree to some fine print. Jellyfin is a great alternative

I sub users myself and give them the credentials. I use unique mail addresses for all users.

Aside from the newsletter which can be unchecked during registration, I’ve not seen any evidence they’ve on sold the mail accounts at all.

And apps have fine print, there’s a big difference between an EULA and Sony/Samsung scraping screenshots, adding dynamic advertising etc.

are you able to point to exactly which parts of the plex eula are bad?


Plex may share Collected Information as expressly set forth in this Privacy Policy, including the following limited situations: [...] With third parties to improve and deliver advertising to you on our behalf.

Plex may also use third-party advertising companies to serve ads, which may, directly or indirectly, collect or use information about user visits to websites and mobile app usage over time and across non-affiliated websites and mobile apps to display advertisements more tailored to users’ interests on this browser or device, and those browsers or devices associated with it.

You can see the laundry list of data they harvest and share with advertisers under the "Data We Collect" section, it's too long to quote here: https://www.plex.tv/about/privacy-legal/


No. The cloud portion of Plex.tv acts as a "directory" for sharing, but it doesn't know what media you have, or stream, or share[0].

[0]: https://www.reddit.com/r/PleX/comments/30j7ye/plex_media_bro...


Yeah, that is a guilty pleasure I expect. I've looked through their privacy policy, nothing objectionable leaps out but I'd rather keep everything to myself. I may have to look at Jellyfin at some point, I've just been running Plex for so long there's a certain inertia. And plexamp is like... amazing.

Plex is an XBMC fork!

I feel similarly about all modern TVs but I'm not willing to go to this much effort - I think next time I need to buy a TV I'll just get a projector instead.

Some manufacturers still make dumb signage displays which are also more rugged and durable than consumer TVs. They cost a lot though.

Also, Sceptre in the US and Swedx in the EU still make dumb TVs.

https://www.sceptre.com/

https://www.swedx.com/

If anyone knows of other brands making dumb consumer TVs, please let us know.


Samsung commercial signage displays.. QB55R models and similar. They're on Amazon in the US and not super expensive.

I gave my very nice SmartTV to a hiking buddy last year and bought a cheap dumb TV from Walmart for $190 that only has HDMI inputs. I bought the latest Apple iTV box, and I couldn’t be happier with this setup.

In addition to better privacy (don’t SmartTV manufacturers make 30% of the profit on a TV from your data?), the user experience is so much better, no comparison really.

My wife is not 100% happy with the screen quality so I might replace the TV with a studio monitor, but for my tastes what we have is close to perfect.


> don’t SmartTV manufacturers make 30% of the profit on a TV from your data?

I'm not sure about all manufacturers but in the case of Vizio, selling user data:

- accounts for 65% of their net profit

- is double the amount of money they make from selling actual TVs

- grew 134% year over year as of Q3 2021

https://www.theverge.com/2021/11/10/22773073/vizio-acr-adver...

https://investors.vizio.com/news/news-details/2021/VIZIO-HOL...


>I bought the latest Apple iTV box

Okay but...

>In addition to better privacy

I'd very much like a source on that. I filter and block everything (via whitelist) from my TV and streaming boxes. Apple hardware and services are by far the ones that makes the most connections in both amount of connections and amount of sources connecting to. A Xiaomi android box is on a far second-place.

IMO "Apple privacy" is a myth with no proof ever published unless you think Apple for some reason is a better data collector end-point. I don't believe they are and it is also beside the point. Data collected is staying collected forever which makes the collector irrelevant. They can always change their opinion - you cannot. Amount of privacy related info collected is the only thing that matters and since I cannot see the excact data collected there's only amount collected left. In that Apple is definitely #1.


Fair point. I consider the Apple TV box to be more privacy preserving than SmartTVs.

I understand the instinctual irk of having one's habits monitored by a corporation but I'm curious about practical implications.

What are some concrete harms to the individual viewer in anonymously sharing TV viewing data?


At least the same concrete harm as someone spying on their neighbor without getting caught.

I do think the more compelling reason not to connect it is because as a general rule the updates they put out make the user experience worse over time and it's better to have a connected device that's easier/cheaper to replace when the cumulative security/compatability updates cause a slow down (Without getting in to anti user features like devoting more screen space to ads each update).

Some hypothetical concrete harms that are technically possible when the data is being collected:

Targeted advertising outing someones behaviour because they watched a video related to that topic on the tv.

The TV reporting you for piracy for playing a home video of your kids dancing to copyrighted music.

Reported to the government for watching speeches from an oposition party.


I do the same, course I only have one Apple TV so for the time being I am using the smart TV features.

i seem to remember having issues with blocking 17.0.0.0/8 when i first tried it. don’t remember exactly, but probably with icloud and homekit at the very least. i wish we had better info on what services talk to which ip (plus port) ranges, and why.

I don't have iCloud or use HomeKit. Software updates stopped working and I can't download apps without suspending my rule, but I almost never do either of those things anyway. Everything I use works fine but yeah, I can see those 2 causing big issues.

Doesn't Apple TV need to access its network for the content?

I'm still using an ancient netcast based LG TV, which it's also possible to root with a few different methods. AFAIK there's no public information on how to do it, maybe I'll see about making it public too.

Please do! Fellow owner of a Netcast-based LG here.

Check #netcast of openlgtv discord, it's explained in there

It would be nice if there were proper open source distros for TVs. Hopefully the GPL lawsuit against Vizio will get source code and install info, so that distros can run on them, perhaps with Kodi as the UI. It also hopes to set the precedent that anyone can sue over GPL violations, not just the copyright holder, which could help increase the available TVs that can have an open source distros, through further lawsuits by other folks.

https://sfconservancy.org/copyleft-compliance/vizio.html


I guess this would make it possible to ransomware LG tv's by simply visiting a website.

Just used this to root my 65" LG OLED. Works great!

Looks like you can't change the root password (error writing /etc/shadow), but as the documentation says, you can load your authorized_keys and the password login is no longer allowed.

I was sort of hoping that the cpu would still be reachable from the (wired) network while in standby, but it does not seem to be.


WoL does work (ethernet and reportedly over wifi too), so it should be fairly simple to remote control when off if that's your plan.

Happy to have helped test this release. Bought a 43" just to mess with all of this on. Has been a fantastic experience. Devs are great and it has been fun seeing what all I can run.

What did you run?

RetroArch, a test VNC server, Space Cadet Pinball. Pretty much if it uses SDL2, it can be compiled and run.

Awesome project. You can already install third-party applications in LG webOS TVs after enabling the "Developer Mode" application, but you have to keep renewing your session every 50 hours or else your apps get deleted. Pretty annoying. Now we can circumvent that.

I'm wondering if we could use WireGuard on these TVs now. That would be sweet... Guessing the userland golang client would be trivial...


It’s cool that we can now root the latest firmwares, but the 50-hours limit for dev mode has an easy workaround. I’ve been meaning to blog about it, but basically use the webos sdk to ssh into the tv, get your tv session token stored in /var/luna/preferences/devmode_enabled and then have a cronjob somewhere that curl https://developer.lge.com/secure/ResetDevModeSession.dev?ses... every day or so.

This keep resetting the timeout - the dev mode app still shows the wrong countdown but apps will still open. Been using this for ad free YouTube for a few months.


Ah, I saw that trick on r/jellyfin this week and tried it, but noticed that the countdown wasn't reset and assumed the apps would get deleted. Well now I have root so it doesn't matter!

Ah, building wireguard-go is easy:

  $ export GOOS=linux GOARCH=arm GOARM=7
  $ make
Copy the binary to the TV over SSH and run it:

  # /tmp/wireguard-go wg0
  # ip l show dev wg0
  8: wg0: <POINTOPOINT,MULTICAST,NOARP> mtu 1420 qdisc noop state DOWN mode DEFAULT group default qlen 500
    link/none
Now I just need to cross-compile the wireguard-tools to get the wg command.

I have a 2017 LG 43" TV and I'm a bit disappointed.

Last year I think the back-light started breaking down - I see big square sections where the colors are less bright and purplish. The display seems to have a grid of 4x2 of these individual regions.

And the remote buttons are getting harder to press too (it's not the battery). I had remotes which worked for 12 years, this one is barely 5 years old.


The LED strips are replaceable (https://www.aliexpress.com/item/1005003706329242.html?spm=a2...)

I had my TV (similar to yours) fixed by replacing those bars, check with a TV repair shop in your area.


The LED strips are somewhat replaceable - you should be able to find them on either eBay, AliExpress or ShopJimmy.

I will warn you however that it's quite an involved process - I know a fair few people who have managed to crack their LCDs or rip ribbon cables in the process of trying to fix backlights.

Unfortunately it seems that backlight issues are becoming more and more common - especially as most sets have a "Dynamic" mode or similar which sets the backlights to full brightness and drastically shortens their lives.


At least a remote is easy to swap out, either just replace from Amazon or eBay or just use a universal. Even my old HTC M8 had an IR blaster.

Have already committed to trying to fix my ~2012 dumb Samsung myself when it eventually fails, was happily surprised to find one or two solid YouTube channels dedicated to this.

Aw, darn; I was hoping for a generic wiki of TVs and how to root them and (in my dream world) alternative firmware options. Not that rooting webOS isn't cool, just not what I expected based on the domain.

Yeah. Anyone know how to root a Sony Bravia TV ? It’s running Android TV. But it’s slow and lags and don’t know why.

Not really a solution to your specific case but if you're using an old version of android and the Linux kernel you can look at known vulnerabilities and build through them if you're skilled enough. I also remember some people had gained root access on Sony phones for getting drm keys before unlocking their bootloader - because of a known Linux kernel exploit - you can try searching on XDA for that. Though be careful, because worst case you have a very fancy paper/deskweight.

Thanks for the reply, although unfortunately my TV is pretty recent, bought it new about 3 years ago and has been updated less than a year ago. I’ve looked through guides but I honestly haven’t found any good websites that explain any know vulnerabilities to recent Android TVs.

Not rooting, but a standard android way to disable apps exists: https://www.reddit.com/r/bravia/comments/8v2s6i/guide_how_to...

your content to Google drive is no longer found. :-/

Hopefully, we can find this on Github mentioned in the part of the OP article that says “ I have compiled all you'll need here. “


Me too. Anyone know how to root an old Panasonic plasma?

exactly the same here :)

Can any website gain root access to your television simply by visiting/drive by download?


My understanding is that it pops up a confirmation dialog for connecting to the remote service.

What are the advantages of rooting a WebOS tv? I tried googling, but didn't find anything concrete.

Our "killer app" thus far, in terms of useful things that actually require root, is PicCap [1] - which enables low-latency framebuffer capture for DIY Ambilight systems.

In the just-for-fun department, you can replace the default screensaver animation with a bouncing DVD logo. [2]

You can see a list of currently available homebrew apps here: https://repo.webosbrew.org/apps/

You can also block telemetry, updates, etc. (without relying on something like a pihole).

[1] https://github.com/TBSniller/piccap

[2] https://github.com/webosbrew/custom-screensaver


How does one block telemetry? I rooted my TV with this and set up SSH but I don't see any telemetry blocking configuration.

I also want to install my own CA to the TV but the obvious location is read-only.


Some telemetry is blocked unconditionally during startup, although it is incomplete [1] (Perhaps I was a bit over-optimistic when I said a pihole was not required).

Custom CA certs are possible, which people on older models have been using to work around issues stemming from the X3 cert expiry [2].

[1] https://github.com/RootMyTV/RootMyTV.github.io/issues/19

[2] https://github.com/tf318/lg


I used to have everything blocked using PiHole but recently moved to a pfSense router, I guess I just need to block some hosts again.

Thanks for the links!


pfblocker-ng devel. Run the startup wizard to get a pretty safe ruleset running quickly.

I'm running pfBlockerNG already but not devel. Is that the key?

Devel is a lot better. It has a wizard to get you started that is excellent and loads of other stuff.

Disable the dynamic DNS options for DHCP on the DNS resolver to avoid problems with Python modules in the DNS resolver (unbound).

Untick the box for leaving config behind and uninstall pfb not devel. Install pfb devel.

Go to Firewall -> pfblockerng-devel and you will be presented with a wizard. Take the defaults but do indicate your WANS and LANS when they are asked for. You'll get a great basic PRI1 ruleset setup and DNS blocking too, out of the box. I recommend adding "TOR/Tor Project Bulk Exit List" - block inbound on WAN as soon as you work out how to do it.

There is a vast amount of built in rule set links. Give them a go.

If you want easy then go for block on inbound and/or outbound on all rules but if you need some flexibility then go for aliases and make your own rules.


Nice, I’d love to install software such as rpiplay [0] to mirror my iOS device, also would be nice to maybe gain some kind of low-latency wireless Linux-compatible screen share server.

[0] https://github.com/FD-/RPiPlay


> to mirror my iOS device

Note that recent WebOS software (not sure which version) supports airplay 2 mirroring, works pretty well in my experience.


This isn't available on my model. I think it's only 2019 and newer? The exploit seems to cover some older models as well.

Nice, I’ve heard of it but my model is older so I can’t install it as far as I know. I’ll try rooting it maybe in a few days.

Stupid things blocked by the default software on my webOS LG TV that would probably be single-line patches if I had access to the source code:

- Support for simultaneous audio output on both headphone port and internal speaker

- Support for arbitrary bluetooth headsets instead of only LG-approved headsets

... sometimes I just think StallmanWasRight.


You can add this to the list: - An update to ca-certificates due to Let's Encrypt's X3 certificate expiring.

That broke Plex on my LG TV.


If you’ve rooted it, you can fix the CA cert issue with this: https://github.com/tf318/lg

Installing the non-ad-crippled YouTube alternative client, for example

Can you please elaborate? I couldn't find anything on this

It's one of the (few) apps on the Homebrew repository that gets installed (the repo, not the app) by default after you root: https://repo.webosbrew.org/apps/

I tested it briefly yesterday evening, seems to work fine.


Just wait until someone release a PornHub application, 50% of LG TVs will rooted over night.

This is great, and makes me regret switching to Rokus. When I had an AndroidTV and could root, so much capability was unlocked, I really miss it.

I also loved WebOS since it's mobile days, will definitely consider getting an LG WebOS TV as my next.


I got WebOS TV solely because it's the only TV OS which you can use even if you don't accept TOS/EULA.

> When I had an AndroidTV and could root

I haven't rooted my Sony Android TV since it already lets me install apks and emulators.


I have a TCL Roku TV and would love to convert it to a dumb input selector. Not sure how you could flash the OS of it but I'd gladly contribute money or code to make it happen.

I'm with you on this. But just to be sure..

They do have a button. It's on the bottom direct center, tiny and slightly further back than you would expect. Press it and you can cycle through your inputs, and turn it off.

You may have already known this -- but it's pretty clear that they're not interested in making this a popularly known thing. Or I'm just the idiot :)


I don't have that on my remote, I think? I have back, mute, asterisk, backwards, play, forwards below the dpad.

It's a button under the bottom of the TV, right behind the logo. It's the only button physically on the TV usually for TCL.

You can SSH into your Roku which I believe runs Linux. I haven't looked into it for some years, but I was signed up for development for a while which gets you info on this.

My point is if you SSH in it's a good start to understanding more of just what it does and how it works.


How would a dumb input selector be different than removing the wifi password from the TV? (asking because I have a TCL Roku TV myself)

For me, faster to turn on, actually turns off (Roku goes to sleep for a bit it seems?), no home screen/channel UI.

That's funny, I have a WebOS OLED and specifically never set it up/use a Roku instead because it's so much cleaner.

How do you root and Android TV ? Please help, I have a Sony Bravia TV.

This is very cool. What I hate the most about my LG is the ad bar that shows up on the left side of the screen as well as automatic installation of new apps. Will this jail break kill it?

My LG has an option in settings to disable ads.

Which LG? I don't know if this is a consequence of GDPR but on my LG TV ads are an OPT-IN setting. Maybe you can opt-out?

Something I sometimes wondered but never really researched: are there any custom Roms like LineageOS etc. but for AndroidTVs?

Could I change functionality of buttons on remote with this? For example Amazon, Netflix or “Movies” with different app?

I’m aware of shortcut long press # keys, but that only works once TV is powered on…

Wow. This is amazing. I guess I have to buy LG tv's from now on.

I only have a problem with the ads or so called "Trending" section. I do not have a subscription for Amazon Prime, Disney+ or whatever. Can I use this exploit to block the "Trending" section? I just want to see the apps that I have installed when I press home and nothing else.

I saw a retro station icon on the home brew channel. Can you connect a 8bitdo/PlayStation/Xbox controller to the tv?

Yes. It won't work in normal apps but will work in RetroArch/Moonlight etc

It should be RootMyLG.TV

I can here for general TV rooting advice hoping I could sort out my rubbish Samsung. Anyone know anything about that?


Check out the SammyGo stuff - https://forum.samygo.tv/ - quite a trove of information relating to the Samsung firmwares.

I just got my hand on an early 2021 WebOS tv, very excited to try this tomorrow! I think it's a tragedy we can't even fully own tvs anymore without dirty tricks.

Does this remove LG’s annoying remote pointer thing? I use appleTV but I would do this just to get rid of that stupid thing.

The air mouse is the defining feature of WebOS... It's a slight side to side shake to enable it and then once you get used to the controls it is much better than navigating via arrow keys.

Is it possible to root and install locally via a local network or USB key so I don't have to connect my TV to the internet?

I now have another reason to buy a LG OLed. Upgradable and customizable smarts. Not mention WebOS

Interesting that they are using Enyo still. Had some fun using that back in the day.

While owning no TV since 1996 this makes me smile :-)

I wish this worked for Vizio Smartcast.

Unfortunately no longer works on latest webOS releases.

If you tested the latest release and it didn't work, please open a Github issue.

This was just updated when it was posted 3 hours ago. Pretty much any TV and OS can be exploited. Even up to date.

I just ran the update for my TV this morning, and this worked for me.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: