Not that I'm willing to risk bricking my new OLED to do this, but would root access allow me to change the screen saver images? Just curious. It really pisses me off that LG doesn't allow this out of the box.
Rooting the webOS TV
- Thread starter Mazda77
- Start date
In theory yes, root access gives you complete and utter control over everything.
In practice, you will have to do a lot of research to figure out how to write a screen-saver for the platform, you will probably also need to replace system files (since it does not seem that the platform has support for 3rd party screen savers at all) which means high risk of bricking. I would never suggest trying that.
Currently efforts are focused on porting applications like Kodi. The root is also a jailbreak, i.e. it allows you to bypass the LG store and manually install apps (very similar to iPhone jailbreaking). You don't have to touch system files for that so you're relatively safe.
As you said - an OLED TV is a little bit more expensive than your average 50$ embedded something. Nobody wants to brick something like that. I'd recommend n00bs not to take a risk and root. Right now there aren't any working unofficial apps yet so the average user has nothing to gain. If you're worried about the future then you can opt not to upgrade the firmware so the root will work if and when you decide to go for it. Tech savvy users may want to perform the root but even they will be very careful with what they're doing with it, especially when it comes to system files.
When I execute the exploit and it asks to install any app from the appstore, it stays stuck in the message loop "try install any app from market". I installed several different application but no success.
Also, when I run the exploit it showes a couple of errors (see below) Am I out of luck or is this fixable?
/media/developer $ /media/developer $ ./root
tar: .: Cannot utime: Operation not permitted
tar: Error exit delayed from previous errors
chmod: jail_app.conf: Operation not permitted
chmod: jail_app.conf.sig: Operation not permitted
chmod: log: Operation not permitted
first stage
second stage
third stage -
try install any app from market
wait...
try install any app from market
try install any app from market
try install any app from market
try install any app from market
try install any app from market
Also, when I run the exploit it showes a couple of errors (see below) Am I out of luck or is this fixable?
/media/developer $ /media/developer $ ./root
tar: .: Cannot utime: Operation not permitted
tar: Error exit delayed from previous errors
chmod: jail_app.conf: Operation not permitted
chmod: jail_app.conf.sig: Operation not permitted
chmod: log: Operation not permitted
first stage
second stage
third stage -
try install any app from market
wait...
try install any app from market
try install any app from market
try install any app from market
try install any app from market
try install any app from market
I also got at least the tar error, not sure about the rest. You shouldn't have received the "try install any app from market" message unless the exploit worked, but maybe it's bugged somehow.
When you tried to install an app did it succeed? Installation should have failed.
I was able to downgrade my firmware to 04.31.20 using the instructions linked to here, however I want to mention to anyone that you should NOT ever upgrade to firmware 05.30.25 or later as it will NOT allow you to downgrade anymore. It gives an error message on the TV saying that it will not install the firmware because it is a lower version than the installed one. I tried changing the version number to a higher number in all of the files and filenames and it still did not work...so it must be reading the version number out of the FW file which is encrypted/signed...
This is mentioned in this russian post http://webos-forums.ru/post23656.html#p23656. It also says that supposedly there are some 5.40.x test firmware versions that you can upgrade to that will then allow you to downgrade again, however I have not been able to get any of these to work with my north-american TV. I always get a "update failed due to data decryption" error on the TV.
I have an OLED65B6P
FW 05.30.03 DID allow me to downgrade.
FW 05.30.25 DID NOT allow me to downgrade.
This is mentioned in this russian post http://webos-forums.ru/post23656.html#p23656. It also says that supposedly there are some 5.40.x test firmware versions that you can upgrade to that will then allow you to downgrade again, however I have not been able to get any of these to work with my north-american TV. I always get a "update failed due to data decryption" error on the TV.
I have an OLED65B6P
FW 05.30.03 DID allow me to downgrade.
FW 05.30.25 DID NOT allow me to downgrade.
Last edited:
So, I was able to downgrade from 05.30.25 by first upgrading to test version from here
https://www.avforums.com/threads/lg...-thread-part-6.2109692/page-141#post-26604009
And once I was downgraded to 04.31.20, I was able to use the root method posted by teffd and it worked OK.
I was playing around to see what I could do with root. I was wondering if anyone else had done this and was able to figure anything out.
One thing I was messing with is the screensaver images. I found them in /old_root/usr/palm/applications/com.webos.app.photovideo/assets/samplePhoto/
I tried to copy some different images to this folder, unfortunately this partition seems to be mounted as read only and I can't figure out how to remount it as read/write.
I tried a bunch of commands to mount as RW, none of the commands generate any error but the partition is always still read-only
Then I read somewhere that squashfs is always read only unless you unpack it and repack it or something? Anyone know anything about this?
Also, something else weird happened to me after downgrading; the audio quality from the internal speakers became terrible for some reason (like it sounded muffled or like the sound was coming out of tiny phone speaker). I tried re-upgrading and a factory reset and neither would fix it. Eventually I had to buy a service remote from ebay, press the ADJ button and enter password 0413 to get to the service menu, then goto tool menu 3, and change the audio amp setting from ntp7515 2amp -> ntp7515 1amp, then power cycle the TV. Hopefully this will help if someone else has a similar issue.
Also I have another question that maybe teffd or someone else knowledgeable can answer: once I have a persistant root on port 22 telnet working, is there any way to transfer files to/from the TV over the network with tftp or scp or anything like that?
https://www.avforums.com/threads/lg...-thread-part-6.2109692/page-141#post-26604009
And once I was downgraded to 04.31.20, I was able to use the root method posted by teffd and it worked OK.
I was playing around to see what I could do with root. I was wondering if anyone else had done this and was able to figure anything out.
One thing I was messing with is the screensaver images. I found them in /old_root/usr/palm/applications/com.webos.app.photovideo/assets/samplePhoto/
I tried to copy some different images to this folder, unfortunately this partition seems to be mounted as read only and I can't figure out how to remount it as read/write.
Code:
/dev/mmcblk0p27 on /old_root type squashfs (ro,relatime)
Code:
mount -o remount,rw /old_root
mount -o rw,remount /old_root /old_root
mount -o rw,remount /dev/mmcblk0p27 /old_rootThen I read somewhere that squashfs is always read only unless you unpack it and repack it or something? Anyone know anything about this?
Also, something else weird happened to me after downgrading; the audio quality from the internal speakers became terrible for some reason (like it sounded muffled or like the sound was coming out of tiny phone speaker). I tried re-upgrading and a factory reset and neither would fix it. Eventually I had to buy a service remote from ebay, press the ADJ button and enter password 0413 to get to the service menu, then goto tool menu 3, and change the audio amp setting from ntp7515 2amp -> ntp7515 1amp, then power cycle the TV. Hopefully this will help if someone else has a similar issue.
Also I have another question that maybe teffd or someone else knowledgeable can answer: once I have a persistant root on port 22 telnet working, is there any way to transfer files to/from the TV over the network with tftp or scp or anything like that?
Last edited:
Hi there!
Guys, my firmware is
Is there a way to get root somehow for me?
I'm wondering you're talking about 04.31.20, 05.30.25 versions... Where did you find it?
Thank you!
P.S. My TV is 55C8.
Guys, my firmware is
Code:
Linux LGwebOSTV 4.4.84-150.glacier.1 #1 SMP PREEMPT Mon Sep 17 02:32:39 UTC 2018 armv7l GNU/LinuxI'm wondering you're talking about 04.31.20, 05.30.25 versions... Where did you find it?
Thank you!
P.S. My TV is 55C8.
Last edited:
Hello,
What about adding a new universal root tool for all models let me know if you're interested.
What about adding a new universal root tool for all models
let me know if you're interested.Hello,
What about adding a new universal root tool for all models
That would be a dream come true
Well, there was really lot of exploits that i discovered on my 52LB670V Model, directory traversal, replace existing system binaries, wrong permissions and that was even not needing special skills. some got patched and some not and i believe will never get patched because of the system requirement. but i think LG will act to limit the damage with some workarounds.
i will not burn all the exploits but i think i will use one that i believe exists on all models/versions (not tested on all webOS versions) i will need some logs from different webOS versions specially 3 and above to release the tool.
i may post some pictures later if there is good support from users.
LOL seems LG Got me back to XDA Devs after a very long time.
That's great need TV model and webOS version and some commands from the tv.
okay first of all create a dir named logs :
Code:
mkdir logsTV Infos :
Code:
cat /var/run/nyx/device_info.json > logs/device_info.jsonwebOS Infos :
Code:
cat /var/run/nyx/os_info.json > logs/os_info.json
Code:
cat /proc/cpuinfo > logs/cpu.log
Code:
ls -arls /var/log/ > logs/logdir.log
Code:
ls -arls /usr/lib/ > logs/libsdir.log
Code:
ls -arls /proc/ > logs/procdir.log
Code:
ls -arls /dev/ > logs/devices.logi think that's everything i need, upload the logs dir somewhere and put a link here.
thanks but stupid question
how can i take logs from the tv ? lol
edit: i think i know how
Last edited:
hello bro,
follow the first steps on this thread to connect to tv via ssh with key and port 9922, then run the commands.
Hello that's really helpful thank you, but i need new versions if ppl can help this will be really great.
The root is already done but those infos will help me to make a cross-compatible package manager for all LG TV's (Modified and fixed version of Preware 2), so you can add repo's and install packages from everyone else.
This is from my 55UJ630V-ZA with software version 04.70.40 and webOS TV version 3.7.0-57311 (dreadlocks2-drto)
dropbox DOT com/s/orss3f3xjb1lwmg/webos_info.zip?dl=0
Please excuse the link. I know I'm not allowed to post it yet, but I'm hoping it's alright as I'm only trying to help out with this.
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
9Root webOS
1. You need to install Developer Mode App and export private ssh-key with CLI (webostv.developer.lge.com/develop/app-test)
2. Convert private ssh-key with puttygen [import key <your private ssh-key>, then save private key]
3. Download exploit (zalil.su/6937580), then connect with TV User: prisoner, [<ip-tv>:9922] + private-key with WinSCP (or other SCP-client), upload to /media/developer on TV and rename it to root.
on linux4.Code:ssh -i <your private ssh-key> [email protected]<ip-tv> -p 9922 "/bin/sh -i"Code:chmod +x root5. After try install any app from market go to LG App Store and try to install any app.Code:./root
6. if third stage ok. the insert password 1111 as said.
7.Code:busybox chroot /proc/1/rootCode:[email protected]:/# idCode:uid=0(root) gid=0(root)........
I personally use Linux Subsystem on Windows 10 for all of this.
To install .ipk app:Info about your linux kernel and TV firmware:Code:ApplicationInstallerUtility -c install -p /tmp/<any-name>.ipk -u 0 -l /media/developer -dLaunch app:Code:luna-send -n 1 -f luna://com.palm.systemservice/osInfo/query '{ "subscribe": false }'All apps ID you can find withCode:luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix"}'or at a folder /media/cryptofs/apps/usr/palm/applications/<App ID>/appinfo.jsonCode:luna-send -n 1 "palm://com.palm.applicationManager/listLaunchPoints" "{}"
For permanent root access through telnet:
1)2)Code:[email protected]:/# mkdir -p /media/cryptofs/root/etc3)Code:[email protected]:/# cp -r /etc/* /media/cryptofs/root/etc4)Code:[email protected]:/# mount -o bind /media/cryptofs/root/etc /etcEnter any new root passwordCode:[email protected]:/# passwd root
5)6) Download with WinSCP start-devmode.sh and edit it locally.Code:cp /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh /tmp/start-devmode.sh
You need to add at the beginningPlus you can add the line to launch any App at start, e.g:Code:mount -o bind /media/cryptofs/root/etc /etc telnetd -l /sbin/sulogin &And comment Dev Mode online check.Code:luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix", "params":{}}'
Here it's mine start-devmode.sh. It's for webOS 1.4. It can be different for other webOS versions:
7) Upload new start-devmode.sh and rewrite the old one8) Restart TV.Code:cp /tmp/start-devmode.sh /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh
Connect with telnet and type previously entered password.
Code:telnet <ip-tv> Trying <ip-tv>... Connected to <ip-tv>]. Escape character is '^]'. webOS TV 1.4.0 LGSmartTV Give root password for system maintenance (or type Control-D for normal startup): Entering System Maintenance Mode [email protected]:/#5pivotce.com informs that instructions have been published on gaining root access to a webOS TV. This is much harder than on the old phones and tablets. When this was done on legacy webOS, there was a wave of enhancements and tweaks made available to phone users from webOS Internals and other developers.
The instructions can be found on the Russian webOS forums here: webos-forums.ru/topic4650.html (English Translation via Google).
As the thread itself notes, this creates the possibility of fiddling with your TV in a way that may turn it into a large, thin brick and will almost certainly invalidate your warranty. The general user should stay well clear of this.
pivotCE published this for information only and recommend leaving investigations to those who know what they are doing or who can afford to wreck expensive television sets. We will watch to see if anything interesting emerges from this development.
+
Detailed analysis of the root access method described above:
forums.webosnation.com/lg-webos-tv/331754-pivotce-seems-webos-tv-has-been-rooted.html#post3450911
