hi,
i show you, how i rooted my Philips 65OLED873/12 with last firmware TPM171E_107.1.140.0. This method is absed on using Magisk manager (https://magisk.me/apk/).
1) 1.st what you need is:
- boot.img (if your device use ramdrive...it is my case of OLED873/12)
- or recovery.img (other devices which don´t use ramdrive...more info https://topjohnwu.github.io/Magisk/install.html)
- so, for this step you need original firmware from this site: https://toengel.net/philipsblog/firmware-download/, specifically for my OLED873 TPM171E_107.1.140.0 (this is last update from 8.12.2021) and rename this file "update.zip" ( this ZIP contain a "autorun.upg" file -> this is still ZIP package, inside are many files factory.img.zip, boot.img.zip, recovery.img.zip...etc., but these files are encrypted, not usable in this state for magisk patching).
Now the fun begins with decryption of these files...
I used a part of project Sebastian "Yath" Schmidt from https://github.com/yath/tpm171e, concrete part of "unpack firmware" https://github.com/yath/tpm171e/blob/master/unpack-firmware.
for this process i used - virtualized KALI linux in VM Ware (is possible use other linux distros). In Kali linux you need install a few tools:
- abootimg -> sudo apt install abootimg
- squashfs-tools -> sudo apt-get update && sudo apt-get install squashfs-tools ......or optional git clone https://github.com/plougher/squashfs-tools.git -> go to higher folder with cd /squshfs-tools/squashfs-tools/ and here build it with command "make"
- extfstools -> git clone https://github.com/nlitsme/extfstools.git -> get in the /extfstools and build it with command "make"
- maybe is better add extfstools and squasfs-tools add to PATH
2) extract "recovery-resource.dat" file from your TV (OLED873) device. This file is located here: /system/etc/recovery-resource.dat (for accessing this file is root permissions not required).
- copy this file from TV to computer with adb command: adb pull /system/etc/recovery-resource.dat
- extract this file (it is an ZIP archive with dat extension), or extract from this file only "keyfile.txt" (if you communicating with adb under Windows -> copy this keyfile.txt to Kali linux)
- now use this command to getting the correct and usable passfile.txt for decrypting original philips firmware file autorun.upg: dd if=keyfile.txt of=passfile.txt bs=127 count=1
3) use scipt file form https://raw.githubusercontent.com/yath/tpm171e/master/unpack-firmware, save this in to the file e.g. "decrypt.sh" in same location like passfile.txt and update.zip
- change file permissions with chmod +x decrypt.sh
4) now run script: sudo ./decrypt.sh update.zip
- after the script has finished running, you'll see a message (3rd. from bottom) : ext2rd is not installed, not unpacking system image -> it is ok
- now you have new folder named "UPDATE" with decypted files.
- if you'll hav a problems (no boot.img, recovery.img, etc in UPDATE folder), edit script file "decrypt.sh", go on line 106 and write the first character on the line # comment the line, it disabling rm command in script)
5) for my TV OLED873/12 i used decrypted "boot.img" -> install last Magisk Manager v 25.2 in TV:
adb install magisk.apk -> hasn't created an icon on my TV -> run app manually with command from: adb shell monkey -d com.topjohnwu.magisk 1
6) copy copy decrypted "boot.img" file it to the TV: adb push C:\Users\XXX\Downloads\boot.img /storage/sdcard0/Downloads
7) in Magisk app run on first line "install" (on the line with Zgysk no, Ramdisk yes)
- next step (next windows) i checked both check-boxes and click next button:
- now you select "boot.img" file from /Download folder in your TV and wait for patching of this file.
- now you have in new patched file named as "boot-patched_XXXX.img" (or something like that) in folder.
- now copy this patched file back to PC with commadn: adb pull /storage/sdcard0/Downloads/boot-patched_XXXX.img C:\Users\XXX\Downloads
8) now send adb command for rebooting to bootloader: adb reboot bootloader
- wait for the TV reboot into bootloader mode -> check it with fastboot command: fastboot devices
- now use fastboot command for flashing patched boot.img file: fastboot flash boot boot-patched_XXXX.img (or rename it in PC on shorter "boot.img")
- after this send last fastboot command: fastboot reboot
- after this wait for rebooting to system and enjoy rooted your Philips OLED873
- check it with adb commands:
adb shell
su (after this allow super user permissions in pop-up window on TV screen with remote controller)
...i mean, this decrypting method will probably work on all other (and newer) models of android tv Philips, which use the same salted encryption his own original firmware updates. I checked firmware TPM211EA_101.001.003.232 from Philips TV 2022 (OLED937, OLED907, OLED807, OLED837, OLED857, OLED887, OLED707, PML9507 (MiniLED), PUS8807, PUS8837, PUS8857, PUS8887, PUS8897, PUS8507, PUS8517) and at first sight the same encryption....
i show you, how i rooted my Philips 65OLED873/12 with last firmware TPM171E_107.1.140.0. This method is absed on using Magisk manager (https://magisk.me/apk/).
1) 1.st what you need is:
- boot.img (if your device use ramdrive...it is my case of OLED873/12)
- or recovery.img (other devices which don´t use ramdrive...more info https://topjohnwu.github.io/Magisk/install.html)
- so, for this step you need original firmware from this site: https://toengel.net/philipsblog/firmware-download/, specifically for my OLED873 TPM171E_107.1.140.0 (this is last update from 8.12.2021) and rename this file "update.zip" ( this ZIP contain a "autorun.upg" file -> this is still ZIP package, inside are many files factory.img.zip, boot.img.zip, recovery.img.zip...etc., but these files are encrypted, not usable in this state for magisk patching).
Now the fun begins with decryption of these files...
I used a part of project Sebastian "Yath" Schmidt from https://github.com/yath/tpm171e, concrete part of "unpack firmware" https://github.com/yath/tpm171e/blob/master/unpack-firmware.
for this process i used - virtualized KALI linux in VM Ware (is possible use other linux distros). In Kali linux you need install a few tools:
- abootimg -> sudo apt install abootimg
- squashfs-tools -> sudo apt-get update && sudo apt-get install squashfs-tools ......or optional git clone https://github.com/plougher/squashfs-tools.git -> go to higher folder with cd /squshfs-tools/squashfs-tools/ and here build it with command "make"
- extfstools -> git clone https://github.com/nlitsme/extfstools.git -> get in the /extfstools and build it with command "make"
- maybe is better add extfstools and squasfs-tools add to PATH
2) extract "recovery-resource.dat" file from your TV (OLED873) device. This file is located here: /system/etc/recovery-resource.dat (for accessing this file is root permissions not required).
- copy this file from TV to computer with adb command: adb pull /system/etc/recovery-resource.dat
- extract this file (it is an ZIP archive with dat extension), or extract from this file only "keyfile.txt" (if you communicating with adb under Windows -> copy this keyfile.txt to Kali linux)
- now use this command to getting the correct and usable passfile.txt for decrypting original philips firmware file autorun.upg: dd if=keyfile.txt of=passfile.txt bs=127 count=1
3) use scipt file form https://raw.githubusercontent.com/yath/tpm171e/master/unpack-firmware, save this in to the file e.g. "decrypt.sh" in same location like passfile.txt and update.zip
- change file permissions with chmod +x decrypt.sh
4) now run script: sudo ./decrypt.sh update.zip
- after the script has finished running, you'll see a message (3rd. from bottom) : ext2rd is not installed, not unpacking system image -> it is ok
- now you have new folder named "UPDATE" with decypted files.
- if you'll hav a problems (no boot.img, recovery.img, etc in UPDATE folder), edit script file "decrypt.sh", go on line 106 and write the first character on the line # comment the line, it disabling rm command in script)
5) for my TV OLED873/12 i used decrypted "boot.img" -> install last Magisk Manager v 25.2 in TV:
adb install magisk.apk -> hasn't created an icon on my TV -> run app manually with command from: adb shell monkey -d com.topjohnwu.magisk 1
6) copy copy decrypted "boot.img" file it to the TV: adb push C:\Users\XXX\Downloads\boot.img /storage/sdcard0/Downloads
7) in Magisk app run on first line "install" (on the line with Zgysk no, Ramdisk yes)
- next step (next windows) i checked both check-boxes and click next button:
- now you select "boot.img" file from /Download folder in your TV and wait for patching of this file.
- now you have in new patched file named as "boot-patched_XXXX.img" (or something like that) in folder.
- now copy this patched file back to PC with commadn: adb pull /storage/sdcard0/Downloads/boot-patched_XXXX.img C:\Users\XXX\Downloads
8) now send adb command for rebooting to bootloader: adb reboot bootloader
- wait for the TV reboot into bootloader mode -> check it with fastboot command: fastboot devices
- now use fastboot command for flashing patched boot.img file: fastboot flash boot boot-patched_XXXX.img (or rename it in PC on shorter "boot.img")
- after this send last fastboot command: fastboot reboot
- after this wait for rebooting to system and enjoy rooted your Philips OLED873
- check it with adb commands:
adb shell
su (after this allow super user permissions in pop-up window on TV screen with remote controller)
...i mean, this decrypting method will probably work on all other (and newer) models of android tv Philips, which use the same salted encryption his own original firmware updates. I checked firmware TPM211EA_101.001.003.232 from Philips TV 2022 (OLED937, OLED907, OLED807, OLED837, OLED857, OLED887, OLED707, PML9507 (MiniLED), PUS8807, PUS8837, PUS8857, PUS8887, PUS8897, PUS8507, PUS8517) and at first sight the same encryption....
Last edited:
)...on the first try, I got restart loop, but a few seconds befer restarting was activated adb (i was fast with command adb reboot bootloader...and that was still working...from bootloader i tryed flash new one boot.img and for the second time it has already worked).
