Not working devices/versions

milkpirate commented 5 months ago

webOS 7.3.1-42 03.33.80 (43UQ80009LB)

Is it possible to update to a specific version? I.e. 7.3.1-43? Would not want to let my TV do it on its own...

illixion commented 5 months ago

This version seems to be compatible, what issue are you experiencing? If you want to update to the last compatible version, there is a way to do so using a USB stick: https://www.lg.com/us/support/help-library/lg-tv-how-to-update-an-lg-smart-tv--1430510575535 (click Manual update)

milkpirate commented 5 months ago

Timeout error on telnet check. Also tried to telnet manually: connection refused. 03.33.85 does not seem to be available anymore for my device (only >= 03.33.95) 😭

illixion commented 5 months ago

If you can see "Served mp3 payload" in the logs, then that would imply that the telnet daemon couldn't be started for some reason. If you have the LG developer app set up, there is an alternative way to start it by calling it through busybox directly, but you'll need to manually upload the .lrc and .mp3 files to /media/developer/temp and then run the packaged version of the script. Let me know if you encounter any issues.

rootmytv-alt.zip

Regarding firmware, you could potentially reach out to LG Germany and ask them for a link to that specific version, I don't think this is an unusual request as businesses usually stick to one firmware version for their fleets.

milkpirate commented 5 months ago

The logs look like so:

$ python rootmytv.py
Enter the TV's IP address: 192.168.xx.xx
Server has started.
Connecting, make sure to allow the connection using the TV remote
Connected to the TV
Exploit message sent, checking if Telnet is up...

Error: telnet server timed out after 15s. Your webOS version may be incompatible.

Could there be issues with IPv6 (I have a dual stack running).

I guess I did not have set up the developer app, will try that, could you guide me a little more?
Will also try to reach out to LG

illixion commented 5 months ago

It is possible that LAN IP detection of your PC didn't succeed, would explain why the TV didn't download anything, you can modify line 26 of the script to use a static IP address instead (HOST_IP = "192.168.1.2" for example)

illixion commented 5 months ago

Also, make sure you don't have a firewall that's blocking incoming connections

milkpirate commented 5 months ago

Setting the host IP did the trick!! ❤️

$ python rootmytv.py
Enter the TV's IP address: 192.168.xx.xx
Server has started.
Connecting, make sure to allow the connection using the TV remote
Connected to the TV
Served mp3 payload
Served lrc payload
Exploit message sent, checking if Telnet is up...

Telnet is up! Connect to it using IP 192.168.xx.xx and port 23.
To install the Homebrew channel, follow the instructions here: https://github.com/webosbrew/webos-homebrew-channel?tab=readme-ov-file#installation

$ telnet 192.168.xx.xx
Trying 192.168.xx.xx...
Connected to 192.168.xx.xx.
Escape character is '^]'.

webOS TV 7.3.1 LGwebOSTV

/ # whoami
root
/ #

illixion commented 5 months ago

Glad to hear! I'll see about updating the script to handle such cases better

SteadyStatus21 commented 5 months ago

It seems like they fixed this (or I did something wrong) in version 05.40.20, model 43UM6910PUA.

I checked, this version is patched. I will have to wait then.

Logs:

C:\Users\SteadyStatus21\Desktop\lgtemp>python rootmytv.py
Enter the TV's IP address: 192.168.4.171
Server has started.
Connecting, make sure to allow the connection using the TV remote
Connected to the TV
Task exception was never retrieved
future: <Task finished name='Task-4' coro=<main() done, defined at C:\Users\SteadyStatus21\Desktop\lgtemp\rootmytv.py:63> exception=PyLGTVCmdError({'type': 'error', 'id': 11, 'error': '500 Application error', 'payload': {'returnValue': False, 'errorText': 'Not allowed to call method specified in the uri: luna://com.webos.service.downloadmanager/download'}})>
Traceback (most recent call last):
  File "C:\Users\SteadyStatus21\Desktop\lgtemp\rootmytv.py", line 74, in main
    await client.luna_request(
  File "C:\Users\SteadyStatus21\AppData\Roaming\Python\Python312\site-packages\bscpylgtv\webos_client.py", line 1119, in luna_request
    ret = await self.request(ep.CREATE_ALERT, payload)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\SteadyStatus21\AppData\Roaming\Python\Python312\site-packages\bscpylgtv\webos_client.py", line 671, in request
    raise PyLGTVCmdError(response)
bscpylgtv.exceptions.PyLGTVCmdError: {'type': 'error', 'id': 11, 'error': '500 Application error', 'payload': {'returnValue': False, 'errorText': 'Not allowed to call method specified in the uri: luna://com.webos.service.downloadmanager/download'}}

Note: this was moved to this issue as the developer asked.

pierrickjr commented 5 months ago

It seems like they fixed this (or I did something wrong) in version 05.40.20, model 43UM6910PUA.

I checked, this version is patched. I will have to wait then.

Logs:

C:\Users\SteadyStatus21\Desktop\lgtemp>python rootmytv.py
Enter the TV's IP address: 192.168.4.171
Server has started.
Connecting, make sure to allow the connection using the TV remote
Connected to the TV
Task exception was never retrieved
future: <Task finished name='Task-4' coro=<main() done, defined at C:\Users\SteadyStatus21\Desktop\lgtemp\rootmytv.py:63> exception=PyLGTVCmdError({'type': 'error', 'id': 11, 'error': '500 Application error', 'payload': {'returnValue': False, 'errorText': 'Not allowed to call method specified in the uri: luna://com.webos.service.downloadmanager/download'}})>
Traceback (most recent call last):
  File "C:\Users\SteadyStatus21\Desktop\lgtemp\rootmytv.py", line 74, in main
    await client.luna_request(
  File "C:\Users\SteadyStatus21\AppData\Roaming\Python\Python312\site-packages\bscpylgtv\webos_client.py", line 1119, in luna_request
    ret = await self.request(ep.CREATE_ALERT, payload)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\SteadyStatus21\AppData\Roaming\Python\Python312\site-packages\bscpylgtv\webos_client.py", line 671, in request
    raise PyLGTVCmdError(response)
bscpylgtv.exceptions.PyLGTVCmdError: {'type': 'error', 'id': 11, 'error': '500 Application error', 'payload': {'returnValue': False, 'errorText': 'Not allowed to call method specified in the uri: luna://com.webos.service.downloadmanager/download'}}

Note: this was moved to this issue as the developer asked.

Same issue on LG C9 W19O on firmware 5.30.45

illixion commented 5 months ago

@pierrickjr please check common errors in the description, as well as compatible versions, this means that your TV is patched

MxMaster3 commented 5 months ago

I seem to have the above error on a C1 with OS 3.40.87

Seems there is a way to downgrade firmware using a developer account. Might have to try.

MxMaster3 commented 5 months ago

If you can see "Served mp3 payload" in the logs, then that would imply that the telnet daemon couldn't be started for some reason. If you have the LG developer app set up, there is an alternative way to start it by calling it through busybox directly, but you'll need to manually upload the .lrc and .mp3 files to /media/developer/temp and then run the packaged version of the script. Let me know if you encounter any issues.

rootmytv-alt.zip

Regarding firmware, you could potentially reach out to LG Germany and ask them for a link to that specific version, I don't think this is an unusual request as businesses usually stick to one firmware version for their fleets.

The South Korean LG website has them archived. https://www.lge.co.kr/support/product-manuals

slawus commented 5 months ago

@MxMaster3 did you managed to successfully downgrade the firmware? I have exactly the same OS version as you and wondering if this is possible.

MxMaster3 commented 5 months ago

@slawus I haven't tried yet but I will follow this guide over the weekend -

https://github.com/reprodev/LGTV-Firmware-Downgrade

Yoka106113 commented 5 months ago

It seems like they fixed this (or I did something wrong) in version 05.40.20, model 43UM6910PUA. I checked, this version is patched. I will have to wait then. Logs:

C:\Users\SteadyStatus21\Desktop\lgtemp>python rootmytv.py
Enter the TV's IP address: 192.168.4.171
Server has started.
Connecting, make sure to allow the connection using the TV remote
Connected to the TV
Task exception was never retrieved
future: <Task finished name='Task-4' coro=<main() done, defined at C:\Users\SteadyStatus21\Desktop\lgtemp\rootmytv.py:63> exception=PyLGTVCmdError({'type': 'error', 'id': 11, 'error': '500 Application error', 'payload': {'returnValue': False, 'errorText': 'Not allowed to call method specified in the uri: luna://com.webos.service.downloadmanager/download'}})>
Traceback (most recent call last):
  File "C:\Users\SteadyStatus21\Desktop\lgtemp\rootmytv.py", line 74, in main
    await client.luna_request(
  File "C:\Users\SteadyStatus21\AppData\Roaming\Python\Python312\site-packages\bscpylgtv\webos_client.py", line 1119, in luna_request
    ret = await self.request(ep.CREATE_ALERT, payload)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "C:\Users\SteadyStatus21\AppData\Roaming\Python\Python312\site-packages\bscpylgtv\webos_client.py", line 671, in request
    raise PyLGTVCmdError(response)
bscpylgtv.exceptions.PyLGTVCmdError: {'type': 'error', 'id': 11, 'error': '500 Application error', 'payload': {'returnValue': False, 'errorText': 'Not allowed to call method specified in the uri: luna://com.webos.service.downloadmanager/download'}}

Note: this was moved to this issue as the developer asked.

Same issue on LG C9 W19O on firmware 5.30.45

Same issue LG C1 OLED on firmware 03.40.85

josefwells commented 5 months ago

Not Working webOS 7.4.0-190708 (OLED77B2PUA)

bscpylgtv.exceptions.PyLGTVCmdError: {'type': 'error', 'id': 11, 'error': '500 Application error', 'payload': {'returnValue': False, 'errorText': 'Not allowed to call method specified in the uri: luna://com.webos.service.downloadmanager/download'}}

I've got developer-mode on.

I don't know how this would be patched already. I'm blocking these: snu.lge.com su.lge.com su-ssl.lge.com snu-dev.lge.com su-dev.lge.com nsu.lge.com

crapzDK commented 5 months ago

no luck on 06.10.30 OLED55b7v-Z Server has started. Connecting, make sure to allow the connection using the TV remote Connected to the TV, asking it to download our files... Task exception was never retrieved future: <Task finished name='Task-3' coro=<main() done, defined at /home/cjo/root-my-webos-tv/rootmytv.py:64> exception=PyLGTVServiceNotFoundError('404 no such service or method')> Traceback (most recent call last): File "/home/cjo/root-my-webos-tv/rootmytv.py", line 75, in main await client.luna_request( File "/home/cjo/.local/lib/python3.10/site-packages/bscpylgtv/webos_client.py", line 1124, in luna_request return await self.request(ep.CLOSE_ALERT, payload={"alertId": alertId}) File "/home/cjo/.local/lib/python3.10/site-packages/bscpylgtv/webos_client.py", line 669, in request raise PyLGTVServiceNotFoundError(error) bscpylgtv.exceptions.PyLGTVServiceNotFoundError: 404 no such service or method

MxMaster3 commented 5 months ago

There is a new option to root the webOS -

https://github.com/throwaway96/dejavuln-autoroot

uNbAs commented 4 months ago

Model 42LB652V-ZA Firmware version: 05.05.09 Version WebOS: 1.4.0-2536 (afro-ashley)

jockyw2001 commented 3 months ago

Not working on my tv: LG 50UM7600PTA (50 UM7600PTAg) Firmware version = 05.40.20 webOS 4.10.0 OTA ID = HE_DTV_W19P_AFADABAA OTAID = W19P SoC = k5lp

But with this it worked fine: https://github.com/throwaway96/dejavuln-autoroot

illixion / root-my-webos-tv

Not working devices/versions #1