Rooting the webOS TV

Search This thread

Applejackson

Member
Mar 26, 2010
20
2
Not that I'm willing to risk bricking my new OLED to do this, but would root access allow me to change the screen saver images? Just curious. It really pisses me off that LG doesn't allow this out of the box.
 

NiQ1

Member
Sep 17, 2013
24
8
Not that I'm willing to risk bricking my new OLED to do this, but would root access allow me to change the screen saver images? Just curious. It really pisses me off that LG doesn't allow this out of the box.

In theory yes, root access gives you complete and utter control over everything.
In practice, you will have to do a lot of research to figure out how to write a screen-saver for the platform, you will probably also need to replace system files (since it does not seem that the platform has support for 3rd party screen savers at all) which means high risk of bricking. I would never suggest trying that.
Currently efforts are focused on porting applications like Kodi. The root is also a jailbreak, i.e. it allows you to bypass the LG store and manually install apps (very similar to iPhone jailbreaking). You don't have to touch system files for that so you're relatively safe.
As you said - an OLED TV is a little bit more expensive than your average 50$ embedded something. Nobody wants to brick something like that. I'd recommend n00bs not to take a risk and root. Right now there aren't any working unofficial apps yet so the average user has nothing to gain. If you're worried about the future then you can opt not to upgrade the firmware so the root will work if and when you decide to go for it. Tech savvy users may want to perform the root but even they will be very careful with what they're doing with it, especially when it comes to system files.
 

straumli

Member
Jan 12, 2012
45
5
When I execute the exploit and it asks to install any app from the appstore, it stays stuck in the message loop "try install any app from market". I installed several different application but no success.
Also, when I run the exploit it showes a couple of errors (see below) Am I out of luck or is this fixable?

/media/developer $ /media/developer $ ./root
tar: .: Cannot utime: Operation not permitted
tar: Error exit delayed from previous errors
chmod: jail_app.conf: Operation not permitted
chmod: jail_app.conf.sig: Operation not permitted
chmod: log: Operation not permitted

first stage
second stage
third stage -
try install any app from market
wait...
try install any app from market
try install any app from market
try install any app from market
try install any app from market
try install any app from market
 

NiQ1

Member
Sep 17, 2013
24
8
When I execute the exploit and it asks to install any app from the appstore, it stays stuck in the message loop "try install any app from market". I installed several different application but no success.
Also, when I run the exploit it showes a couple of errors (see below) Am I out of luck or is this fixable?

/media/developer $ /media/developer $ ./root
tar: .: Cannot utime: Operation not permitted
tar: Error exit delayed from previous errors
chmod: jail_app.conf: Operation not permitted
chmod: jail_app.conf.sig: Operation not permitted
chmod: log: Operation not permitted

first stage
second stage
third stage -
try install any app from market
wait...
try install any app from market
try install any app from market
try install any app from market
try install any app from market
try install any app from market
I also got at least the tar error, not sure about the rest. You shouldn't have received the "try install any app from market" message unless the exploit worked, but maybe it's bugged somehow.
When you tried to install an app did it succeed? Installation should have failed.
 

ricky886

Senior Member
Mar 8, 2010
581
49
Look like difficult...
Anyone try to change the hosts to adblock with winscp?
I am using lg 55c6
 

garbb

Senior Member
Jun 25, 2009
50
36
I was able to downgrade my firmware to 04.31.20 using the instructions linked to here, however I want to mention to anyone that you should NOT ever upgrade to firmware 05.30.25 or later as it will NOT allow you to downgrade anymore. It gives an error message on the TV saying that it will not install the firmware because it is a lower version than the installed one. I tried changing the version number to a higher number in all of the files and filenames and it still did not work...so it must be reading the version number out of the FW file which is encrypted/signed...
This is mentioned in this russian post http://webos-forums.ru/post23656.html#p23656. It also says that supposedly there are some 5.40.x test firmware versions that you can upgrade to that will then allow you to downgrade again, however I have not been able to get any of these to work with my north-american TV. I always get a "update failed due to data decryption" error on the TV.

I have an OLED65B6P
FW 05.30.03 DID allow me to downgrade.
FW 05.30.25 DID NOT allow me to downgrade.
 
Last edited:

garbb

Senior Member
Jun 25, 2009
50
36
So, I was able to downgrade from 05.30.25 by first upgrading to test version from here
https://www.avforums.com/threads/lg...-thread-part-6.2109692/page-141#post-26604009

For those of you here stuck on 05.30.25 and wanting to downgrade:
I was able to install http://su.lge.com/GlobalSWDownloadC....k2l-4301-05.40.01-prodkey_nsu_V3_SECURED.epk onto my USA
B6 using this method and then downgrade back to 04.31.20 using the same method.

Let me know if that link dies and I can try to provide a mirror.

And once I was downgraded to 04.31.20, I was able to use the root method posted by teffd and it worked OK.

I was playing around to see what I could do with root. I was wondering if anyone else had done this and was able to figure anything out.
One thing I was messing with is the screensaver images. I found them in /old_root/usr/palm/applications/com.webos.app.photovideo/assets/samplePhoto/
I tried to copy some different images to this folder, unfortunately this partition seems to be mounted as read only and I can't figure out how to remount it as read/write.
Code:
/dev/mmcblk0p27 on /old_root type squashfs (ro,relatime)
I tried a bunch of commands to mount as RW, none of the commands generate any error but the partition is always still read-only
Code:
mount -o remount,rw /old_root
mount -o rw,remount /old_root /old_root
mount -o rw,remount /dev/mmcblk0p27 /old_root

Then I read somewhere that squashfs is always read only unless you unpack it and repack it or something? Anyone know anything about this?

Also, something else weird happened to me after downgrading; the audio quality from the internal speakers became terrible for some reason (like it sounded muffled or like the sound was coming out of tiny phone speaker). I tried re-upgrading and a factory reset and neither would fix it. Eventually I had to buy a service remote from ebay, press the ADJ button and enter password 0413 to get to the service menu, then goto tool menu 3, and change the audio amp setting from ntp7515 2amp -> ntp7515 1amp, then power cycle the TV. Hopefully this will help if someone else has a similar issue.

Also I have another question that maybe teffd or someone else knowledgeable can answer: once I have a persistant root on port 22 telnet working, is there any way to transfer files to/from the TV over the network with tftp or scp or anything like that?
 
Last edited:

Immick

Member
Dec 20, 2012
48
4
Hi there!

Guys, my firmware is
Code:
Linux LGwebOSTV 4.4.84-150.glacier.1 #1 SMP PREEMPT Mon Sep 17 02:32:39 UTC 2018 armv7l GNU/Linux
Is there a way to get root somehow for me?
I'm wondering you're talking about 04.31.20, 05.30.25 versions... Where did you find it? :)

Thank you!

P.S. My TV is 55C8.
 
Last edited:
  • Like
Reactions: twizt3d

Maroc-OS

Retired Recognized Developer
Mar 16, 2012
886
3,629
Casablanca
www.merruk.com
That would be a dream come true


Well, there was really lot of exploits that i discovered on my 52LB670V Model, directory traversal, replace existing system binaries, wrong permissions and that was even not needing special skills. some got patched and some not and i believe will never get patched because of the system requirement. but i think LG will act to limit the damage with some workarounds.


i will not burn all the exploits but i think i will use one that i believe exists on all models/versions (not tested on all webOS versions) i will need some logs from different webOS versions specially 3 and above to release the tool.


i may post some pictures later if there is good support from users.


LOL seems LG Got me back to XDA Devs after a very long time.
 

TheUndertaker21

Senior Member
Jul 11, 2011
3,319
550
Brooklyn
Xposed Modules
Well, there was really lot of exploits that i discovered on my 52LB670V Model, directory traversal, replace existing system binaries, wrong permissions and that was even not needing special skills. some got patched and some not and i believe will never get patched because of the system requirement. but i think LG will act to limit the damage with some workarounds.


i will not burn all the exploits but i think i will use one that i believe exists on all models/versions (not tested on all webOS versions) i will need some logs from different webOS versions specially 3 and above to release the tool.


i may post some pictures later if there is good support from users.


LOL seems LG Got me back to XDA Devs after a very long time.

I can provide logs and I'm sure many users would love to root their TV as well
 

Maroc-OS

Retired Recognized Developer
Mar 16, 2012
886
3,629
Casablanca
www.merruk.com
I can provide logs and I'm sure many users would love to root their TV as well


That's great need TV model and webOS version and some commands from the tv.


okay first of all create a dir named logs :



Code:
mkdir logs


TV Infos :



Code:
cat /var/run/nyx/device_info.json > logs/device_info.json
(delete your nduid serial number and mac addresses)


webOS Infos :



Code:
cat /var/run/nyx/os_info.json > logs/os_info.json


Code:
cat /proc/cpuinfo > logs/cpu.log


Code:
ls -arls /var/log/ > logs/logdir.log


Code:
ls -arls /usr/lib/ > logs/libsdir.log


Code:
ls -arls /proc/ > logs/procdir.log


Code:
ls -arls /dev/ > logs/devices.log




i think that's everything i need, upload the logs dir somewhere and put a link here.
 

TheUndertaker21

Senior Member
Jul 11, 2011
3,319
550
Brooklyn
Xposed Modules
That's great need TV model and webOS version and some commands from the tv.


okay first of all create a dir named logs :



Code:
mkdir logs


TV Infos :



Code:
cat /var/run/nyx/device_info.json > logs/device_info.json
(delete your nduid serial number and mac addresses)


webOS Infos :



Code:
cat /var/run/nyx/os_info.json > logs/os_info.json


Code:
cat /proc/cpuinfo > logs/cpu.log


Code:
ls -arls /var/log/ > logs/logdir.log


Code:
ls -arls /usr/lib/ > logs/libsdir.log


Code:
ls -arls /proc/ > logs/procdir.log


Code:
ls -arls /dev/ > logs/devices.log




i think that's everything i need, upload the logs dir somewhere and put a link here.

thanks but stupid question
how can i take logs from the tv ? lol

edit: i think i know how
 
Last edited:

Maroc-OS

Retired Recognized Developer
Mar 16, 2012
886
3,629
Casablanca
www.merruk.com
@Maroc-OS

I installed the dev app and set up everything
but i think your commands are wrong
i can't run any of them \
i think i need to run them as ares and idk how to
if you can show me how to get the logs that would be great




hello bro,


follow the first steps on this thread to connect to tv via ssh with key and port 9922, then run the commands.
 

giga80

Senior Member
May 24, 2013
238
61
Cairo
Hello guys
Is there anyone success installing Kodi on WebOs because also i can see that plex is really bad on it
 

Maroc-OS

Retired Recognized Developer
Mar 16, 2012
886
3,629
Casablanca
www.merruk.com
I've already root TV, but anyway - here it's mine logs:
https://dropmefiles.com/1gROq

Hello that's really helpful thank you, but i need new versions if ppl can help this will be really great.

The root is already done but those infos will help me to make a cross-compatible package manager for all LG TV's (Modified and fixed version of Preware 2), so you can add repo's and install packages from everyone else.
 

lullius

New member
Dec 29, 2018
1
0
Hello that's really helpful thank you, but i need new versions if ppl can help this will be really great.

The root is already done but those infos will help me to make a cross-compatible package manager for all LG TV's (Modified and fixed version of Preware 2), so you can add repo's and install packages from everyone else.

This is from my 55UJ630V-ZA with software version 04.70.40 and webOS TV version 3.7.0-57311 (dreadlocks2-drto)

dropbox DOT com/s/orss3f3xjb1lwmg/webos_info.zip?dl=0

Please excuse the link. I know I'm not allowed to post it yet, but I'm hoping it's alright as I'm only trying to help out with this.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    Root webOS

    I could use your help rooting my lg 65uf6450-ua if you would. Thank you

    1. You need to install Developer Mode App and export private ssh-key with CLI (webostv.developer.lge.com/develop/app-test)
    2. Convert private ssh-key with puttygen [import key <your private ssh-key>, then save private key]
    3. Download exploit (zalil.su/6937580), then connect with TV User: prisoner, [<ip-tv>:9922] + private-key with WinSCP (or other SCP-client), upload to /media/developer on TV and rename it to root.
    on linux
    Code:
    ssh -i <your private ssh-key> [email protected]<ip-tv> -p 9922 "/bin/sh -i"
    4.
    Code:
    chmod +x root
    Code:
    ./root
    5. After try install any app from market go to LG App Store and try to install any app.
    6. if third stage ok. the insert password 1111 as said.
    7.
    Code:
    busybox chroot /proc/1/root
    Code:
    Code:
    uid=0(root) gid=0(root)........

    I personally use Linux Subsystem on Windows 10 for all of this.

    To install .ipk app:
    Code:
    ApplicationInstallerUtility -c install -p /tmp/<any-name>.ipk -u 0 -l /media/developer -d
    Info about your linux kernel and TV firmware:
    Code:
    luna-send -n 1 -f luna://com.palm.systemservice/osInfo/query '{ "subscribe": false }'
    Launch app:
    Code:
    luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix"}'
    All apps ID you can find with
    Code:
    luna-send -n 1 "palm://com.palm.applicationManager/listLaunchPoints" "{}"
    or at a folder /media/cryptofs/apps/usr/palm/applications/<App ID>/appinfo.json


    For permanent root access through telnet:

    1)
    Code:
    [email protected]:/# mkdir -p /media/cryptofs/root/etc
    2)
    Code:
    [email protected]:/# cp -r /etc/* /media/cryptofs/root/etc
    3)
    Code:
    [email protected]:/# mount -o bind /media/cryptofs/root/etc /etc
    4)
    Code:
    [email protected]:/# passwd root
    Enter any new root password
    5)
    Code:
    cp /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh /tmp/start-devmode.sh
    6) Download with WinSCP start-devmode.sh and edit it locally.
    You need to add at the beginning
    Code:
    mount -o bind /media/cryptofs/root/etc /etc
    telnetd -l /sbin/sulogin &
    Plus you can add the line to launch any App at start, e.g:
    Code:
    luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix", "params":{}}'
    And comment Dev Mode online check.

    Here it's mine start-devmode.sh. It's for webOS 1.4. It can be different for other webOS versions:
    Code:
    #!/bin/sh
    mount -o bind /media/cryptofs/root/etc /etc
    telnetd -l /sbin/sulogin &
    
    #luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix", "params":{}}'
    
    # FIXME: disable this to turn off script echo
    set -x
    
    # FIXME: disable this to stop script from bailing on error
    # set -e
    
    # TODO: Check upstart daemon/process tracking (do we need to change /etc/init/devmode.conf? start sshd as daemon?)
    
    # set devmode ssh port here
    SSH_PORT="9922"
    
    # set arch:
    ARCH="armv71"
    grep -qs "qemux86" /etc/hostname && ARCH="i686"
    
    # set directories
    OPT_DEVMODE="/opt/devmode"
    OPT_SSH="/opt/openssh"
    DEVELOPER_HOME="/media/developer"
    DEVMODE_SERVICE_DIR="/media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service"
    CRYPTO_SSH="$DEVMODE_SERVICE_DIR/binaries-${ARCH}/opt/openssh"
    CRYPTO_OPT="$DEVMODE_SERVICE_DIR/binaries-${ARCH}/opt"
    
    if [ -s ${DEVMODE_SERVICE_DIR}/jail_app.conf ] ; then
       mv ${DEVMODE_SERVICE_DIR}/jail_app.conf ${DEVELOPER_HOME}
       mv ${DEVMODE_SERVICE_DIR}/jail_app.conf.sig ${DEVELOPER_HOME}
    fi
    
    if [ -r ${DEVMODE_SERVICE_DIR}/sessionToken ] ; then
       mv -f ${DEVMODE_SERVICE_DIR}/sessionToken /var/luna/preferences/devmode_enabled
    fi
    
    
    # Make sure the ssh binaries are executable (in service directory)
    if [ ! -x "${CRYPTO_SSH}/sbin/sshd" ] ; then
       chmod ugo+x ${CRYPTO_SSH}/sbin/sshd ${CRYPTO_SSH}/bin/ssh* ${CRYPTO_SSH}/bin/scp* || true
       chmod ugo+x ${CRYPTO_SSH}/bin/sftp ${CRYPTO_SSH}/lib/openssh/* || true
       chmod ugo+x ${CRYPTO_OPT}/devmode/usr/bin/* || true
    fi
    
    # TODO: (later) Look for "re-init" flag to re-generate ssh key if requested by app (via devkey service)
    # com.palm.service.devmode could have "resetKey" method to erase /var/lib/devmode/ssh/webos_rsa
    # Kind of dangerous though, since new key will need to be fetched on the desktop (after reboot)...
    # We could just require a hard-reset of the TV which should blow away /var/lib/devmode/ssh/...
    
    # Initialize the developer (client) SSH key pair, if it doesn't already exist
    if [ ! -e /var/lib/devmode/ssh/webos_rsa ] ; then
       mkdir -p /var/lib/devmode/ssh
       chmod 0700 /var/lib/devmode/ssh
       # get FIRST six (UPPER-CASE, hex) characters of 40-char nduid from nyx-cmd
       # NOTE: This MUST match passphrase as displayed in devmode app (main.js)!
            # PASSPHRASE="`/usr/bin/nyx-cmd DeviceInfo query nduid | head -c 6 | tr 'a-z' 'A-Z'`"
            # PASSPHRASE="`/usr/bin/nyx-cmd DeviceInfo query nduid | tail -n1 | head -c 6 | tr 'a-z' 'A-Z'`"
            PASSPHRASE="`tail /var/lib/secretagent/nduid -c 40 | head -c 6 | tr 'a-z' 'A-Z'`"
       ${CRYPTO_SSH}/bin/ssh-keygen -t rsa -C "[email protected]" -N "${PASSPHRASE}" -f /var/lib/devmode/ssh/webos_rsa
       # copy ssh key to /var/luna/preferences so the devmode service's KeyServer can read it and serve to ares-webos-cli tools
       cp -f /var/lib/devmode/ssh/webos_rsa /var/luna/preferences/webos_rsa
       chmod 0644 /var/luna/preferences/webos_rsa
       # if we generated a new ssh key, make sure we re-create the authorized_keys file
       rm -f ${DEVELOPER_HOME}/.ssh/authorized_keys
    fi
    
    # Make sure the /media/developer (and log) directories exists (as sam.conf erases it when devmode is off):
    mkdir -p ${DEVELOPER_HOME}/log
    chmod 777 ${DEVELOPER_HOME} ${DEVELOPER_HOME}/log
    
    # Install the SSH key into the authorized_keys file (if it doesn't already exist)
    if [ ! -e ${DEVELOPER_HOME}/.ssh/authorized_keys ] ; then
       mkdir -p ${DEVELOPER_HOME}/.ssh
       cp -f /var/lib/devmode/ssh/webos_rsa.pub ${DEVELOPER_HOME}/.ssh/authorized_keys || true
       # NOTE: authorized_keys MUST be world-readable else sshd can't read it inside the devmode jail
       # To keep sshd from complaining about that, we launch sshd with -o "StrictModes no" (below).
       chmod 755 ${DEVELOPER_HOME}/.ssh
       chmod 644 ${DEVELOPER_HOME}/.ssh/authorized_keys
       chown -R developer:developer ${DEVELOPER_HOME}/.ssh
    fi
    
    # FIXME: Can we move this to /var/run/devmode/sshd ?
    # Create PrivSep dir
    mkdir -p /var/run/sshd
    chmod 0755 /var/run/sshd
    
    # Create directory for host keys (rather than /opt/openssh/etc/ssh/)
    HOST_KEY_DIR="/var/lib/devmode/sshd"
    if [ ! -d "${HOST_KEY_DIR}" ] ; then
       mkdir -p ${HOST_KEY_DIR}
       chmod 0700 ${HOST_KEY_DIR}
    fi
    
    # Create initial keys if necessary
    if [ ! -f ${HOST_KEY_DIR}/ssh_host_rsa_key ]; then
       echo "  generating ssh RSA key..."
       ${CRYPTO_SSH}/bin/ssh-keygen -q -f ${HOST_KEY_DIR}/ssh_host_rsa_key -N '' -t rsa
    fi
    if [ ! -f ${HOST_KEY_DIR}/ssh_host_ecdsa_key ]; then
       echo "  generating ssh ECDSA key..."
       ${CRYPTO_SSH}/bin/ssh-keygen -q -f ${HOST_KEY_DIR}/ssh_host_ecdsa_key -N '' -t ecdsa
    fi
    if [ ! -f ${HOST_KEY_DIR}/ssh_host_dsa_key ]; then
       echo "  generating ssh DSA key..."
       ${CRYPTO_SSH}/bin/ssh-keygen -q -f ${HOST_KEY_DIR}/ssh_host_dsa_key -N '' -t dsa
    fi
    
    # Check config
    # NOTE: This should only be enabled for testing
    #${CRYPTO_SSH}/sbin/sshd -f ${CRYPTO_SSH}/etc/ssh/sshd_config -h ${HOST_KEY_DIR}/ssh_host_rsa_key -t
    
    # Set jailer command
    DEVMODE_JAIL="/usr/bin/jailer -t native_devmode -i com.palm.devmode.openssh -p ${DEVELOPER_HOME}/ -s /bin/sh"
    #DEVMODE_JAIL="echo"
    
    # Add for debugging, but this will cause sshd to exit after the first ssh login:
    # -ddd -e 
    
    # Make environment file for openssh
    DEVMODE_JAIL_CONF="/etc/jail_native_devmode.conf"
    DEVMODE_OPENSSH_ENV="${DEVELOPER_HOME}/.ssh/environment"
    if [ -f ${DEVMODE_JAIL_CONF} ]; then
       echo " generating environment file from jail_native_devmode.conf..."
       find ${DEVMODE_JAIL_CONF} | xargs awk '/setenv/{printf "%s=%sn", $2,$3}' > ${DEVMODE_OPENSSH_ENV}
       ${DEVMODE_JAIL} /usr/bin/env >> ${DEVMODE_OPENSSH_ENV}
    fi
    # Set path for devmode
    if [ -f ${DEVMODE_OPENSSH_ENV} ]; then
       echo "PATH=${PATH}:${OPT_DEVMODE}/usr/bin" >> ${DEVMODE_OPENSSH_ENV}
    fi
    
    sleep 5;
    for interface in $(ls /sys/class/net/ | grep -v -e lo -e sit);
    do
    if [ -r /sys/class/net/$interface/carrier ] ; then
      if [[ $(cat /sys/class/net/$interface/carrier) == 1 ]]; then OnLine=1; fi
    fi
    done
    #if [ $OnLine ]; then
    #   sessionToken=$(cat /var/luna/preferences/devmode_enabled);
    #   checkSession=$(curl --max-time 3 -s https://developer.lge.com/secure/CheckDevModeSession.dev?sessionToken=$sessionToken);
    
    #   if [ "$checkSession" != "" ] ; then
    #      result=$(node -pe 'JSON.parse(process.argv[1]).result' "$checkSession");
    #      if [ "$result" == "success" ] ; then
             rm -rf /var/luna/preferences/dc*;
    #         # create devSessionTime file to remain session time in devmode app
    #         remainTime=$(node -pe 'JSON.parse(process.argv[1]).errorMsg' "$checkSession");
    #         resultValidTimeCheck=$(echo "${remainTime}" | egrep "^([0-9]{1,4}(:[0-5][0-9]){2})$");
    #         if [ "$resultValidTimeCheck" != "" ] ; then
                echo '900:00:00' > ${DEVMODE_SERVICE_DIR}/devSessionTime;
                chgrp 5000 ${DEVMODE_SERVICE_DIR}/devSessionTime;
                chmod 664 ${DEVMODE_SERVICE_DIR}/devSessionTime;
    #         fi
    #      elif [ "$result" == "fail" ] ; then
    #         rm -rf /var/luna/preferences/devmode_enabled;
    #         rm -rf /var/luna/preferences/dc*;
    #         if [ -e ${DEVMODE_SERVICE_DIR}/devSessionTime ] ; then
    #            rm ${DEVMODE_SERVICE_DIR}/devSessionTime;
    #         fi
    #      fi
    #   fi
    #fi
    
    # Cache clear function added (except Local storage)
    if [ -e ${DEVMODE_SERVICE_DIR}/devCacheClear ] ; then
       rm -rf `ls | find /var/lib/webappmanager*/* -name "Local Storage" -o -name "localstorage" -prune -o -print`;
       rm ${DEVMODE_SERVICE_DIR}/devCacheClear;
    fi
    
    # Launch sshd
    ${DEVMODE_JAIL} ${OPT_SSH}/sbin/sshd 
      -o StrictModes=no 
      -f ${OPT_SSH}/etc/ssh/sshd_config 
      -h ${HOST_KEY_DIR}/ssh_host_rsa_key 
      -o PasswordAuthentication=no -o PermitRootLogin=no -o PermitUserEnvironment=yes 
      -D -p ${SSH_PORT}
    7) Upload new start-devmode.sh and rewrite the old one
    Code:
    cp /tmp/start-devmode.sh /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh
    8) Restart TV.
    Connect with telnet and type previously entered password.
    Code:
    telnet <ip-tv>
    Trying <ip-tv>...
    Connected to <ip-tv>].
    Escape character is '^]'.
    
    webOS TV 1.4.0 LGSmartTV
    
    
    Give root password for system maintenance
    (or type Control-D for normal startup):
    Entering System Maintenance Mode
    
    [email protected]:/#
    7
    Hello!
    I'm from webos-forums.ru. I've root on TV for a while and can help you with translation or testing on LG webOS 1.4.
    5
    pivotce.com informs that instructions have been published on gaining root access to a webOS TV. This is much harder than on the old phones and tablets. When this was done on legacy webOS, there was a wave of enhancements and tweaks made available to phone users from webOS Internals and other developers.

    The instructions can be found on the Russian webOS forums here: webos-forums.ru/topic4650.html (English Translation via Google).

    As the thread itself notes, this creates the possibility of fiddling with your TV in a way that may turn it into a large, thin brick and will almost certainly invalidate your warranty. The general user should stay well clear of this.

    pivotCE published this for information only and recommend leaving investigations to those who know what they are doing or who can afford to wreck expensive television sets. We will watch to see if anything interesting emerges from this development.

    +

    Detailed analysis of the root access method described above:
    forums.webosnation.com/lg-webos-tv/331754-pivotce-seems-webos-tv-has-been-rooted.html#post3450911
    4
    Tool Released here enjoy and you can always send logs there.
    3
    Hello,


    What about adding a new universal root tool for all models :) let me know if you're interested.