[working] root OLED C9 (possibly others too) with newest Firmware (05.30.10 - 9/28/2022)

[cowl0ver]

After trying basically everything on the web to downgrade & root my tv I finally found a working solution here (just translate with ur browser):

Original Guide Guide translated by pbatard (You will still need the Original Guide to get the .ipk files)

As we now know, the Guide should work with 2019/2020 and even older LG TV's. Thanks to @pbatard for translation and clarify.

[JIEgOKOJI]

it works!

[felixmxr]

i think it works. step 9 of the guide (Go to the Homebrew channel, the application will prompt you to reboot, press restart. That's all, the root is received;) didnt prompt me for a reboot. i have ssh and telnet access.

[aresbrutus]

I can't seem to download telnet via homebrew. Is there anyway you can provide me with the IPK?

[Rogerthis]

Thanks for that guide, it's working for me. Will this continue to work after the Dev timeout runs out? Is an LG update block needed after that, to stop it from breaking?

[pbatard]

[UPDATED 2022.12.01 to add the local touch /var/log/crashd/"x;telnetd -l sh" alternate method]

Confirmed that it worked for me on an OLED CX with firmware 04.40.20.

Here is a rewriting of the guide linked by @cowl0ver above, with some slight clarifications for items I had trouble with as well as an alternative local method to run the "crashd exploit":

1. Get developer mode by registering an account here.
   It is possible that you may have be forced to use a mail using a .com domain for registration to work (e.g. gmail.com). You will have to accept a bunch of agreements... which you won't read.

2. Install the ThinQ App on a mobile device, and log onto it using your developer account. This is needed because LG stupidly forces you to go through this step to accept extra licenses, before you can log on to developer account on the TV. Why they can't just produce the additional licenses on the TV, or with the initial registration, and make you accept them there is beyond me!

3. On the TV (for CX models), go to All Settings → General → Additional Settings and set Quick Start+ to disabled. This is needed to ensure that the TV goes through a complete reboot when requested.

4. Install the Developer Mode App from the LG Content Store on the TV and validate that you can log in to your developer account (if you didn't do step 2, you may find that it won't let you, so please do that). Take a note of the IP address and passphrase and, on the left handside, enable Dev Mode Status and Key Server as shown in the picture below, as Dev Manager won't be able to connect to the TV otherwise:

   

5. Install the latest Dev Manager on a PC and launch it.
   Click the Add Device button in Options and fill in the fields Host (with the IP address and Passphrase you got from the TV).

6. In Dev Manager, install the Homebrew Channel 0.5.1 application (that should be listed in the main window) onto the TV.

7. • METHOD 1 (Recommended, as this is the one from the official #rootmytv Discord channel):
     • Still in Dev Manager, click on "terminal"
     • Type the following command then press enter:
       touch /var/log/crashd/"x;telnetd -l sh"
   • METHOD 2 (If the above doesn't work. This requires running external code from a remote server, which is always a potential security risk):
     • On the TV, launch Homebrew Channel (which you will now see in the LG App bar).
     • Click the "Settings" gear icon and select Add repository. Enter https://repo.webosapp.club as a new repository.
     • Go back to the main Homebrew Channel, you should now see a Run telnet/root.telnet application in the list of apps proposed
     • Run root.telnet from the repository.

Either of the above will run the "crashd exploit" and start a telnet server with root access on the TV.

8. Connect to the TV via telnet (port 23) using the same IP address as the one you use previously and enter the following commands exactly (Don't worry if you see library warnings being reported when running the commands, the commands are still being executed fine):

   unset LD_PRELOAD
   /media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/elevate-service
   mkdir -p /var/lib/webosbrew/init.d
   cp /media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/startup.sh /var/lib/webosbrew/startup.sh
   rm -rf /var/luna/preferences/devmode_enabled && mkdir -p /var/luna/preferences/devmode_enabled

9. IMPORTANT: On the TV, delete the Developer Mode app. You must do this or else, as @Merri1 commented below, ssh will not work.

10. In telnet type reboot to reboot the TV.

11. Once the TV has rebooted, go to Homebrew channel again, and click the settings gear icon. You should see a greyed out Root status ok indicating that Homebrew channel has root access. Now you can enable the SSH Server by toggling its switch. Once you have done that, click the System reboot paragraph of text (bottom left) to reboot the TV.

12. From now on, an ssh server with root access will be enabled every time you start the TV. 😄
    You can SSH into your TV using the username root and password alpine on port 22 (default SSH port).

13. After this, you can turn on Quick Start+ again if you wish and set other Homebrew channel settings as needed.

[cambiass]

Very Good [pbatard]!

10. Connect to the TV via telnet (port 23)

Alternative? (ssh?) I'm using a mac with monterey and telnet is not working..

[AdamDempsey]

I installed telnet via homebrew and my tv is now rooted :)

Very Good [pbatard]!

10. Connect to the TV via telnet (port 23)

Alternative? (ssh?)

I'm using a mac with monterey and telnet is not working..

[DedaDev]

Super nice, finally managed to install homebrew on my old LG :)

[cambiass]

11. On the TV, delete the Developer Mode app. if I do this then it is removed homebrew channel after reboot!

p.s. in my case, to connect with telnet, I don't have to use any port. But simply write: telnet 192.168.1.124 (no 22, no 23 port) and everything works (except the problem in step 11)

[coolfizzin]

11. On the TV, delete the Developer Mode app. if I do this then it is removed homebrew channel after reboot!

p.s. in my case, to connect with telnet, I don't have to use any port. But simply write: telnet 192.168.1.124 (no 22, no 23 port) and everything works (except the problem in step 11)

The telnet port 23 is the default, so the telnet client is likely guessing the correct port when you connect. It wouldn't work without the correct port. It's just filling it in for you.

If deleting the Developer Mode all removes homebrew, then I believe the root isn't working correctly. Perhaps before you delete it you should go into the Homebrew app settings and check the box for disabling updates. I don't know if that will change anything, but it is something that I myself did before deleting Developer Mode.

[malloy139]

Worked on my C9 with firmware 05.30.11. Did not have to do step 2. Btw for Telnet on Windows you can use Putty.

[Michae11s]

Works on my 48A1 that was on latest firmware 03.33.11 webos 6.3.1

[apedance]

Working on OLED55C97LA Firmware: 05.30.11

[Bankysmithdev]

Hi, great tutorial but on start up I get a failsafe mode - a crash has occured duuring previous startup.

This happens everytime, am I missing something?

Cheers

[de-sascha]

Working on OLED65BX9LB WebOS TV Version: 05.4.1-903 Firmware: 4.40.18

[b1r0c]

Confirmed working on nano79655pc

[cowl0ver]

Hi, great tutorial but on start up I get a failsafe mode - a crash has occured duuring previous startup.

This happens everytime, am I missing something?

Cheers

same happens to me aswell! just activated quick start+ to avoid the error and the following 2nd boot. I will try to debug the error if I have some time... most likely not before christmas ;)

[apedance]

Another working device OLED65C11LB Firmware: 03.33.11 This is a 2021 model I guess. Listed on 29.04.2021

[EMP83]

Today I rooted my C2 using crashed method on firmware 03..21.30. I have root acces, but unfortunately ssh server is not working, only telnet. I rested my tv several times, but each time same problem. Does anyone else have the same problem?

[Merri1]

Today I rooted my C2 using crashed method on firmware 03..21.30. I have root acces, but unfortunately ssh server is not working, only telnet. I rested my tv several times, but each time same problem. Does anyone else have the same problem?

@EMP83 I had the same problem on my first attempt. Did you remove the developer mode app at step 9? I missed that the first time around and after repeating the guide with that step, SSH and root access are working fine.

[jkp1304]

Works perfect on my OLED77C26LD webOS TV-version 7.1.0-43 (mullet-maria) Softwareversion 03.10.43

I think that is the version I'm still on now. Will have to check when I'm back from work. I have the above from a pic. on my phone :)

[OlsonTC]

Working without issues with method no. 1 SM8600PLA F/w 5.30.15 WeboOS TV 4.9.7-12

[MeatyPB]

Didnt work,

LG CX OS 5.4.1-15 FW 40.40.20

Upon reboot the hbchannel root is greyed out says "unelevated". cant seem to re run the sequence. Neither terminal or telnet allow commands to be run. "Permission Denied"

"An error occured during installation: Unable to exec luna-send-pub: Error: connect ECONNREFUSED 127.0.0.1:9922"

Any help would be great, thanks.

[esbenab]

Works using method one. tv 65UQ91006LA UQ91006LA webos 7.2.0-43 (mullet-marine)

[Mazda77]

Firmware version on uq9100?

[LolekLiam]

i cannot connect to my tv and i did everything exactly heres what i got: also i am connected to wireless and not wired because we do not have wired network.

[bobslaede]

Worked for me. 75QNED826QB Firmware 3.11.51 After the deed was done, I upgraded the firmware to 3.20.## and it still worked - still root.

[de-sascha]

Working on OLED65BX9LB WebOS TV Version: 05.4.1-904 Firmware: 4.40.19

[mustafababil]

Thanks it worked on even after giving Failsafe mode error after rebooting in Step 11. FW: 03.11.35 Webos: 7.1.0-63 (mullet maria)

[viertel97]

After doing the steps above and enabling SSH, Telnet, "Block System Updates" and "Failsafe mode" i am not able to connect via Telnet or SSH. The Root status is "ok" and installing apps etc. works, but now i am not able to connect to it from my PC in any way. After disabling "Block system updates" again i was able to install the Developer Mode-App again but i am still not able to connect via Telnet. Even disabling, rebooting and enabling SSH and Telnet did not work. Does anybody know how this could work?

Model: OLED77C22LB webOS Version: 7.2.0-44 (mullet-marine) Software Version: 03.21.30

[ricardSiliuk]

Did not work on UJ6517, software version 06.10.45.

Even though homebrew reports that telnet is running I'm not able to connect.

EDIT: Also not sure if this means anything but "Key Server" switches to OFF after some time.

[rotdrop]

Working without issues with method no. 1

SM8500PLA 5.30.15 WeboOS TV 4.9.7-12

[Nalle65]

Working partially, with method 2.

LG QNED816QA FirmWare version 03.21.05 WebOS version 7.2.0

Homebrew channel Apps install/launch working, root status OK, telnet switch changeable and telnet working. SSH switch changeable but when try connecting says "ssh port 22 connection refused". Developer mode-app is uninstalled and tested also put private ssh key in file /home/root/.ssh/authorized_keys.

Any idea what should I try next?

[wodz69]

Everything works OK on LG C2 48 software version 03..21.30 apart from SSH server - once I enable it, homebrew starts in failsafe mode. I dug a bit deeper and it turns out that dropbear (the ssh server binary used by homebrew) needs libcrypt.so.1 library but the TV only has libcrypt.so.1.1 and libcrypt.so.2:

/media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/bin # ./dropbear
./dropbear: error while loading shared libraries: libcrypt.so.1: cannot open shared object file: No such file or directory

/media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service # ls /usr/lib/libcrypt
libcrypt.so.2            libcrypto.so.1.1         libcryptsetup.so.12.6.0
libcrypt.so.2.0.0        libcryptsetup.so.12

We probably need to wait for a new build of homebrew that supports newer libcrypt (or rebuild oneself)

[Nalle65]

Russian way to fix ssh issue...

http://webos-forums.ru/topic4650-1670.html

Possibly not safe?

ti 20. jouluk. 2022 klo 4.58 wodz69 @.***> kirjoitti:

Everything works OK on LG C2 48 software version 03..21.30 apart from SSH. I dug a bit deeper and it turns out that dropbear (the ssh server binary used by homebrew) needs libcrypt.so.1 library but the TV only has libcrypt.so.1.1 and libcrypt.so.2:

/media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/bin # ./dropbear ./dropbear: error while loading shared libraries: libcrypt.so.1: cannot open shared object file: No such file or directory

/media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service # ls /usr/lib/libcrypt libcrypt.so.2 libcrypto.so.1.1 libcryptsetup.so.12.6.0 libcrypt.so.2.0.0 libcryptsetup.so.12

— Reply to this email directly, view it on GitHub https://github.com/RootMyTV/RootMyTV.github.io/issues/85#issuecomment-1358771473, or unsubscribe https://github.com/notifications/unsubscribe-auth/A43HIQFILI4T3WWWSA4VYRLWOEOFFANCNFSM6AAAAAARL4P5TM . You are receiving this because you commented.Message ID: @.***>

[pbatard]

The following should be a better way to fix the ssh issue: https://discord.com/channels/407937994037919756/822443030761046017/1053855715606929519

For the record, if you have an issue with rooting your TV, the proper place to ask is on Discord at: https://discord.com/channels/407937994037919756/822443030761046017

[Mazda77]

After doing the steps above and enabling SSH, Telnet, "Block System Updates" and "Failsafe mode" i am not able to connect via Telnet or SSH. The Root status is "ok" and installing apps etc. works, but now i am not able to connect to it from my PC in any way. After disabling "Block system updates" again i was able to install the Developer Mode-App again but i am still not able to connect via Telnet. Even disabling, rebooting and enabling SSH and Telnet did not work. Does anybody know how this could work?

Model: OLED77C22LB webOS Version: 7.2.0-44 (mullet-marine) Software Version: 03.21.30

Try this solution http://webos-forums.ru/post159304.html#p159304

[wodz69]

The following should be a better way to fix the ssh issue: https://discord.com/channels/407937994037919756/822443030761046017/1053855715606929519

For the record, if you have an issue with rooting your TV, the proper place to ask is on Discord at: https://discord.com/channels/407937994037919756/822443030761046017

hmm it says "no text channels" when I follow those links, do I need to join/subscribe first?

[pbatard]

Yeah, that's the problem of Discord channels, you have to join to see the content. And of course, the content is not indexed by search engines either, which makes it incredibly difficult to locate useful information as well...

[wodz69]

Yeah, that's the problem of Discord channels, you have to join to see the content. And of course, the content is not indexed by search engines either, which makes it incredibly difficult to locate useful information as well...

How do I join then?

[pbatard]

Ah yeah, I forgot that Discord also needs some special bullshit link so that users can actually access the content.

See also https://github.com/RootMyTV/RootMyTV.github.io/blob/main/README.md#troubleshooting.

Note that I am not affiliated with RootMyTV or their Discord server. I am just a simple user like you, that merely tried to share some information after they struggled with it. If you want proper support, you should take a good look at https://github.com/RootMyTV/RootMyTV.github.io, i.e. the repository for this issue tracker, because it contains all the information you need

[wodz69]

OK thanks I got in, the solution seems very similar to the "Russian" one posted by others however the the missing library attached on discord may be a bit more trustworthy than the other one

[wodz69]

I didn't read the discord message in full, it actually contains patched dropbear and sftp-server binaries which is a cleaner solution. It's also easier to implant them to the TV via telnet - I downloaded both binaries via firefox on my laptop, clicked "copy download link" in ff downloads screen and then used wget on the tv via telnet in /media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/bin directory

I also had to do the following to set the permissions as they were on the original binaries:

/media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/bin # chmod 777 dropbear
/media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/bin # chmod 777 sftp-server
/media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/bin # chown 1001:121 dropbear
/media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/bin # chown 1001:121 sftp-server

So ssh server now works:

NEVER EVER OVERWRITE SYSTEM PARTITIONS LIKE KERNEL, ROOTFS, TVSERVICE.
Your TV will be bricked, guaranteed! See https://rootmy.tv/warning for more info.
root@LGwebOSTV:~#

but homebrew still ends up in failsafe mode. Any idea how to debug @pbatard ?

[wodz69]

OK I think I found the cause for failsafe flag showing up as enabled after reboot - the answer is that it takes about half a minute for the failsafe status to change to off as /var/lib/webosbrew/startup.sh script takes a while to get to the end, and then it sleeps for 10s before resetting the failsafe flag. So the answer is to wait a minute before checking the failsafe status...

[rotdrop]

OK I think I found the cause for failsafe flag showing up as enabled after reboot - the answer is that it takes about half a minute for the failsafe status to change to off as /var/lib/webosbrew/startup.sh script takes a while to get to the end, and then it sleeps for 10s before resetting the failsafe flag. So the answer is to wait a minute before checking the failsafe status...

Just a minute ago I stumbled over a related "not problem": things are just working fine for me but it takes a little time after reboot until the ssh and telnet (if enabled) services are up and running.

[Mazda77]

Russian way to fix ssh issue... http://webos-forums.ru/topic4650-1670.html Possibly not safe? ti 20. jouluk. 2022 klo 4.58 wodz69 @.> kirjoitti: … Everything works OK on LG C2 48 software version 03..21.30 apart from SSH. I dug a bit deeper and it turns out that dropbear (the ssh server binary used by homebrew) needs libcrypt.so.1 library but the TV only has libcrypt.so.1.1 and libcrypt.so.2: /media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/bin # ./dropbear ./dropbear: error while loading shared libraries: libcrypt.so.1: cannot open shared object file: No such file or directory /media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service # ls /usr/lib/libcrypt libcrypt.so.2 libcrypto.so.1.1 libcryptsetup.so.12.6.0 libcrypt.so.2.0.0 libcryptsetup.so.12 — Reply to this email directly, view it on GitHub <#85 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/A43HIQFILI4T3WWWSA4VYRLWOEOFFANCNFSM6AAAAAARL4P5TM . You are receiving this because you commented.Message ID: @.>

New easier method to get SSH working via dropbear replacement: http://webos-forums.ru/post161605.html#p161605 Also fix for non working WinSCP there.

[andrewfraley]

Here are some more streamlined instructions to fix the C2 SSH issues, taken from the Discord links above.

SSH into the TV and run the following, then reboot:

cd /media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/bin
mv dropbear dropbear.ORIG
mv sftp-server sftp-server.ORIG
wget https://cdn.discordapp.com/attachments/822443030761046017/1053855715002953858/dropbear
wget https://cdn.discordapp.com/attachments/822443030761046017/1053855715338506280/sftp-server
chmod +x dropbear
chmod +x sftp-server

# Note the "last four lines" have already been removed, as mentioned below by throwaway96

[m33x]

Worked perfectly on the latest 2022 OLED TV, too. TV: LG OLED 55 C2 9LD (OLED55C2, OLED55C29LD) Firmware Version: 03.21.45 (December 7, 2022) WebOS Version: 7.2.0-47 (mullet-marine)

uname -a
Linux LGwebOSTV 5.4.96-266.mlt4tv.1 #1 SMP PREEMPT Fri Nov 25 04:25:18 UTC 2022 aarch64 GNU/Linux

Jailbreak via METHOD 1 (thanks @pbatard): https://github.com/RootMyTV/RootMyTV.github.io/issues/85#issuecomment-1295058979

SSH Fix (thanks @andrewfraley) https://github.com/RootMyTV/RootMyTV.github.io/issues/85#issuecomment-1364765232

Also reported an unrelated bug with Device Manager for webOS on macOS Ventura.

[menotuu]

works! finally updateable again after a year

OLED65B97LA webos 4.9.7 Firmware 05.30.25 from 12/14/2022 using method 2 without ssh fix (needed to deactivate telnet, cant have activated both same time)

[malloy139]

Is it safe to update an already rooted OLED65C97LA to 05.30.25? Will it loose root?