Couple typos around logging

[raydog153]

On the branch 'H_J_series_TVs' I found a couple typo's as follows, do not have permissions to fix so here are the changes:

File samsungctl/remote_encrypted.py:99, '$s' interpolation argument is incorrect, changed to '%s':

logger.debug('pairing step %s: %s', self.pairing_step, url)

File samsungctl/pySmartCrypto/crypto.py:68, errors on method 'hex', change to:

    logger.debug('crypto: aes encrypted: %s', encrypted)

Not sure how to print hex, code above prints garbage but was failing to find method hex which was why I changed it. If you note the interpolation argument was also missing and I noticed many more debug logs like this that need to be fixed.

File samsungctl/pySmartCrypto/crypto.py:115, user was spelled incorrect, change to:

logger.debug('crypto: user id: ', user_id)

[kdschlosser]

I have not fully implemented the smart crypto portion of the library as of yet. it is still in development. I do not even know if it works or not.. LOL

[raydog153]

Noted. Answer for me so far is it does not work....lol, but I think more to do with my TV. I've tried all the POCs, prototypes, code snippets out there. I'm sure I could have bought 10 of these by now with the time I have wasted....but the programmer in me will not let it go, I feel I am so close.

My TV does not have ports 8000, 8001, 8002 open and any app that claims H series support always have models H52xx as an exception. Yet here I am still trying!

I have to use 'type=0' in the pairing URLs else I do not get the PIN popup on TV no matter what I do. I have not found any documentation on the different types and everyone always uses 'type=1', so that is different from everything else I have seen. The request_id does keep incrementing for me, as I said I feel I am close, but the fact that my other ports are closed is of a concern. I've added extra logging, this is how far I get:

TRACE: request GET URL(200): http://192.168.1.11:8080/ws/apps/CloudPINPage
TRACE: request CONTENT=<?xml version="1.0" encoding="UTF-8"?><service xmlns="urn:dial-multiscreen-org:schemas:dial" xmlns:atom="http://www.w3.org/2005/Atom"><name>CloudPINPage</name><options allowStop="true"/><state>stopped</state><atom:link rel="run" href="run"/></service>
is_pin_page_open regex=stopped
is_pin_page_open state=stopped
TRACE: request POST URL(201): http://192.168.1.11:8080/ws/apps/CloudPINPage
TRACE: request PAYLOAD: pin4
TRACE: request CONTENT=http://192.168.1.11:8080/ws/apps/CloudPINPage/run
pairing step 1: http://192.168.1.11:8080/ws/pairing?step=0&app_id=com.samsung.companion&device_id=2DCL6GDVYAKIC&type=0
TRACE: request GET URL(200): http://192.168.1.11:8080/ws/pairing?step=0&app_id=com.samsung.companion&device_id=2DCL6GDVYAKIC&type=0
TRACE: request CONTENT={"auth_data":""}

Enter Pin from TV:9219

crypto: pin hash: 60d5b6ace27718b45c22e46c3cf937ab29d118ce
crypto: aes: 60d5b6ace27718b45c22e46c3cf937ab

crypto: aes encrypted: 557f11a2cd9f5778a7d0297a5c62822d6615524e84e353c9b279133e172f4ade0ee3609b60373eafd8573cf862c2cdc972808ac2984d6d9a9e2d7c3d151f70656d8eb814578b4a3300b5bc459cc3ce1f57d27cc53ebd32847a978961dd3f76378d6276c20372ae4aa3d8c6cfb4007e93fed4123990c43981ecb68cc8973d6338

crypto: aes swapped: 4cd9296137dd11d8a4269a2c05ea812ac82a015b110daea05de74a71429d8d179644556d22f882014bc8edf372b2ab07f7db24aac0c0dfc19ac3e9cf271257bfa71133adf5903af12e42ae394e3053679f1c500822c3f4e483998ff0ccaf6c18335f267bd16997601c256f9a03f32e425c9ae13a4eb1fc348abc0ec228ed3887

crypto: data buffer: 0000000d3244434c3647445659414b49434cd9296137dd11d8a4269a2c05ea812ac82a015b110daea05de74a71429d8d179644556d22f882014bc8edf372b2ab07f7db24aac0c0dfc19ac3e9cf271257bfa71133adf5903af12e42ae394e3053679f1c500822c3f4e483998ff0ccaf6c18335f267bd16997601c256f9a03f32e425c9ae13a4eb1fc348abc0ec228ed3887

crypto: data hash: b2d42ad168fd3d3365a854cc0457492625427b99

server hello: 01020000000000000000910000000d3244434c3647445659414b49434cd9296137dd11d8a4269a2c05ea812ac82a015b110daea05de74a71429d8d179644556d22f882014bc8edf372b2ab07f7db24aac0c0dfc19ac3e9cf271257bfa71133adf5903af12e42ae394e3053679f1c500822c3f4e483998ff0ccaf6c18335f267bd16997601c256f9a03f32e425c9ae13a4eb1fc348abc0ec228ed38870000000000

data hash: b2d42ad168fd3d3365a854cc0457492625427b99

aes key: 60d5b6ace27718b45c22e46c3cf937ab
pairing step 2: http://192.168.1.11:8080/ws/pairing?step=1&app_id=com.samsung.companion&device_id=2DCL6GDVYAKIC
TRACE: request POST URL(200): http://192.168.1.11:8080/ws/pairing?step=1&app_id=com.samsung.companion&device_id=2DCL6GDVYAKIC
TRACE: request PAYLOAD: {"auth_Data": {"auth_type": "SPC", "GeneratorServerHello": "01020000000000000000910000000d3244434c3647445659414b49434cd9296137dd11d8a4269a2c05ea812ac82a015b110daea05de74a71429d8d179644556d22f882014bc8edf372b2ab07f7db24aac0c0dfc19ac3e9cf271257bfa71133adf5903af12e42ae394e3053679f1c500822c3f4e483998ff0ccaf6c18335f267bd16997601c256f9a03f32e425c9ae13a4eb1fc348abc0ec228ed38870000000000"}}
TRACE: request CONTENT={"auth_data":"{\"auth_type\":\"SPC\",\"request_id\":\"17\",\"GeneratorClientHello\":\"019A000000000000000000\"}"}

step 2 response: {"auth_data":"{\"auth_type\":\"SPC\",\"request_id\":\"17\",\"GeneratorClientHello\":\"019A000000000000000000\"}"}

client hello: 019A000000000000000000
request id: 1
crypto: client hello: 019a000000000000000000
crypto: client hello first_len: 0
Traceback (most recent call last):
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 163, in _run_module_as_main
    mod_name, _Error)
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 102, in _get_module_details
    loader = get_loader(mod_name)
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/pkgutil.py", line 462, in get_loader
    return find_loader(fullname)
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/pkgutil.py", line 472, in find_loader
    for importer in iter_importers(fullname):
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/pkgutil.py", line 428, in iter_importers
    __import__(pkg)
  File "test.py", line 15, in <module>
    with samsungctl.Remote(config) as remote:
  File "samsungctl/remote.py", line 19, in __init__
    self.remote = RemoteWebsocketEncrypted(config)
  File "samsungctl/remote_encrypted.py", line 74, in __init__
    self.open()
  File "samsungctl/remote_encrypted.py", line 158, in open
    self.pin = pin
  File "samsungctl/remote_encrypted.py", line 111, in pin
    self.run_forever()
  File "samsungctl/remote_encrypted.py", line 230, in run_forever
    self.config["id"]
  File "samsungctl/pySmartCrypto/crypto.py", line 101, in parse_client_hello
    user_id_len = struct.unpack(">I", data[11:15])[0]
struct.error: unpack requires a string argument of length 4

[raydog153]

Here is a UPNP log dump of my TV, not sure if helpful or not. Can you also merge master into branch 'H_J_series_TVs', thanks.

rboutotte@MacBook-Pro-2:~/samsungtv/UPNP_Device$ python -m test.py
SSDP: 192.168.1.11
M-SEARCH * HTTP/1.1
ST: upnp:rootdevice
MAN: "ssdp:discover"
HOST: 239.255.255.250:1900
MX: 1
Content-Length: 0

SSDP: 192.168.1.11 found LOCATION: http://192.168.1.11:7676/smp_21_
SSDP: 192.168.1.11 found ST: upnp:rootdevice
SSDP: 192.168.1.11 - > HTTP/1.1 200 OK
CACHE-CONTROL: max-age=1800
Date: Thu, 01 Jan 1970 00:30:02 GMT
EXT:
LOCATION: http://192.168.1.11:7676/smp_11_
SERVER: SHP, UPnP/1.0, Samsung UPnP SDK/1.0
ST: upnp:rootdevice
USN: uuid:0e4e1c01-00f0-1000-b0eb-84a46658d4ef::upnp:rootdevice
Content-Length: 0

SSDP: 192.168.1.11 found LOCATION: http://192.168.1.11:7676/smp_11_
SSDP: 192.168.1.11 found ST: upnp:rootdevice
SSDP: 192.168.1.11 - > HTTP/1.1 200 OK
CACHE-CONTROL: max-age=1800
Date: Thu, 01 Jan 1970 00:30:02 GMT
EXT:
LOCATION: http://192.168.1.11:7676/smp_3_
SERVER: SHP, UPnP/1.0, Samsung UPnP SDK/1.0
ST: upnp:rootdevice
USN: uuid:08f0d180-0096-1000-82d5-84a46658d4ef::upnp:rootdevice
Content-Length: 0

SSDP: 192.168.1.11 found LOCATION: http://192.168.1.11:7676/smp_3_
SSDP: 192.168.1.11 found ST: upnp:rootdevice
SSDP: 192.168.1.11 - > HTTP/1.1 200 OK
CACHE-CONTROL: max-age=1800
Date: Thu, 01 Jan 1970 00:30:02 GMT
EXT:
LOCATION: http://192.168.1.11:7676/smp_21_
SERVER: SHP, UPnP/1.0, Samsung UPnP SDK/1.0
ST: upnp:rootdevice
USN: uuid:08f0d181-0096-1000-82d5-84a46658d4ef::upnp:rootdevice
Content-Length: 0

SSDP: 192.168.1.11 creating UPNPObject instance
XML Paylod (http://192.168.1.11:7676/smp_21_): <?xml version="1.0"?>
<root xmlns='urn:schemas-upnp-org:device-1-0' xmlns:sec='http://www.sec.co.kr/dlna' xmlns:dlna='urn:schemas-dlna-org:device-1-0'>
 <specVersion>
  <major>1</major>
  <minor>0</minor>
 </specVersion>
 <device>
  <deviceType>urn:dial-multiscreen-org:device:dialreceiver:1</deviceType>
  <friendlyName>[TV] Bed room</friendlyName>
  <manufacturer>Samsung Electronics</manufacturer>
  <manufacturerURL>http://www.samsung.com/sec</manufacturerURL>
  <modelDescription>Samsung TV NS</modelDescription>
  <modelName>UN40H5203</modelName>
  <modelNumber>1.0</modelNumber>
  <modelURL>http://www.samsung.com/sec</modelURL>
  <serialNumber>20090804RCR</serialNumber>
  <UDN>uuid:08f0d181-0096-1000-82d5-84a46658d4ef</UDN>
  <sec:deviceID>2DCL6GDVYAKIC</sec:deviceID>
  <sec:ProductCap>Resolution:1280X720,Y2014</sec:ProductCap>
  <serviceList>
   <service>
    <serviceType>urn:dial-multiscreen-org:service:dial:1</serviceType>
    <serviceId>urn:dial-multiscreen-org:serviceId:dial</serviceId>
    <controlURL>/smp_23_</controlURL>
    <eventSubURL>/smp_24_</eventSubURL>
    <SCPDURL>/smp_22_</SCPDURL>
   </service>
  </serviceList>
  <sec:Capabilities>
   <sec:Capability name='samsung:multiscreen:1' port='8001' location='/ms/1.0/'></sec:Capability>
  </sec:Capabilities>
 </device>
</root>

XML Paylod (http://192.168.1.11:7676/smp_11_): <?xml version="1.0"?>
<root xmlns='urn:schemas-upnp-org:device-1-0' xmlns:pnpx='http://schemas.microsoft.com/windows/pnpx/2005/11' xmlns:df='http://schemas.microsoft.com/windows/2008/09/devicefoundation' xmlns:sec='http://www.sec.co.kr/dlna'>
 <specVersion>
  <major>1</major>
  <minor>0</minor>
 </specVersion>
 <device>
  <deviceType>urn:schemas-upnp-org:device:MediaRenderer:1</deviceType>
  <pnpx:X_compatibleId>MS_DigitalMediaDeviceClass_DMR_V001</pnpx:X_compatibleId>
  <df:X_deviceCategory>Display.TV.LCD Multimedia.DMR</df:X_deviceCategory>
  <dlna:X_DLNADOC xmlns:dlna='urn:schemas-dlna-org:device-1-0'>DMR-1.50</dlna:X_DLNADOC>
  <friendlyName>[TV] Bed room</friendlyName>
  <manufacturer>Samsung Electronics</manufacturer>
  <manufacturerURL>http://www.samsung.com/sec</manufacturerURL>
  <modelDescription>Samsung TV DMR</modelDescription>
  <modelName>UN40H5203</modelName>
  <modelNumber>AllShare1.0</modelNumber>
  <modelURL>http://www.samsung.com/sec</modelURL>
  <serialNumber>20110517DMR</serialNumber>
  <UDN>uuid:0e4e1c01-00f0-1000-b0eb-84a46658d4ef</UDN>
  <sec:deviceID>2DCL6GDVYAKIC</sec:deviceID>
  <iconList>
   <icon>
    <mimetype>image/jpeg</mimetype>
    <width>48</width>
    <height>48</height>
    <depth>24</depth>
    <url>/dmr/icon_SML.jpg</url>
   </icon>
   <icon>
    <mimetype>image/jpeg</mimetype>
    <width>120</width>
    <height>120</height>
    <depth>24</depth>
    <url>/dmr/icon_LRG.jpg</url>
   </icon>
   <icon>
    <mimetype>image/png</mimetype>
    <width>48</width>
    <height>48</height>
    <depth>24</depth>
    <url>/dmr/icon_SML.png</url>
   </icon>
   <icon>
    <mimetype>image/png</mimetype>
    <width>120</width>
    <height>120</height>
    <depth>24</depth>
    <url>/dmr/icon_LRG.png</url>
   </icon>
  </iconList>
  <serviceList>
   <service>
    <serviceType>urn:schemas-upnp-org:service:RenderingControl:1</serviceType>
    <serviceId>urn:upnp-org:serviceId:RenderingControl</serviceId>
    <controlURL>/smp_13_</controlURL>
    <eventSubURL>/smp_14_</eventSubURL>
    <SCPDURL>/smp_12_</SCPDURL>
   </service>
   <service>
    <serviceType>urn:schemas-upnp-org:service:ConnectionManager:1</serviceType>
    <serviceId>urn:upnp-org:serviceId:ConnectionManager</serviceId>
    <controlURL>/smp_16_</controlURL>
    <eventSubURL>/smp_17_</eventSubURL>
    <SCPDURL>/smp_15_</SCPDURL>
   </service>
   <service>
    <serviceType>urn:schemas-upnp-org:service:AVTransport:1</serviceType>
    <serviceId>urn:upnp-org:serviceId:AVTransport</serviceId>
    <controlURL>/smp_19_</controlURL>
    <eventSubURL>/smp_20_</eventSubURL>
    <SCPDURL>/smp_18_</SCPDURL>
   </service>
  </serviceList>
  <sec:ProductCap>Y2014,WebURIPlayable,SeekTRACK_NR,NavigateInPause</sec:ProductCap>
  <pnpx:X_hardwareId>VEN_0105&amp;DEV_VD0001</pnpx:X_hardwareId>
 </device>
</root>

XML Paylod (http://192.168.1.11:7676/smp_3_): <?xml version="1.0"?>
<root xmlns='urn:schemas-upnp-org:device-1-0' xmlns:sec='http://www.sec.co.kr/dlna' xmlns:dlna='urn:schemas-dlna-org:device-1-0'>
 <specVersion>
  <major>1</major>
  <minor>0</minor>
 </specVersion>
 <device>
  <deviceType>urn:samsung.com:device:RemoteControlReceiver:1</deviceType>
  <friendlyName>[TV] Bed room</friendlyName>
  <manufacturer>Samsung Electronics</manufacturer>
  <manufacturerURL>http://www.samsung.com/sec</manufacturerURL>
  <modelDescription>Samsung TV RCR</modelDescription>
  <modelName>UN40H5203</modelName>
  <modelNumber>1.0</modelNumber>
  <modelURL>http://www.samsung.com/sec</modelURL>
  <serialNumber>20090804RCR</serialNumber>
  <UDN>uuid:08f0d180-0096-1000-82d5-84a46658d4ef</UDN>
  <sec:deviceID>2DCL6GDVYAKIC</sec:deviceID>
  <sec:ProductCap>Resolution:1920X1080,ImageZoom,ImageRotate,Y2014,ENC</sec:ProductCap>
  <serviceList>
   <service>
    <serviceType>urn:samsung.com:service:MultiScreenService:1</serviceType>
    <serviceId>urn:samsung.com:serviceId:MultiScreenService</serviceId>
    <controlURL>/smp_5_</controlURL>
    <eventSubURL>/smp_6_</eventSubURL>
    <SCPDURL>/smp_4_</SCPDURL>
   </service>
  </serviceList>
  <sec:Capabilities>
   <sec:Capability name='samsung:multiscreen:1' port='8001' location='/ms/1.0/'></sec:Capability>
  </sec:Capabilities>
 </device>
</root>

UN40H5203
IP Address: 192.168.1.11
==============================================
Services:
    Service name: dial
    Service class: urn:dial-multiscreen-org:service:dial:1
    Access point: UPNPObject.dial
    ----------------------------------------------
    Methods:
        None
    Service name: AVTransport
    Service class: urn:schemas-upnp-org:service:AVTransport:1
    Access point: UPNPObject.AVTransport
    ----------------------------------------------
    Methods:
        None
    Service name: ConnectionManager
    Service class: urn:schemas-upnp-org:service:ConnectionManager:1
    Access point: UPNPObject.ConnectionManager
    ----------------------------------------------
    Methods:
        None
    Service name: MultiScreenService
    Service class: urn:samsung.com:service:MultiScreenService:1
    Access point: UPNPObject.MultiScreenService
    ----------------------------------------------
    Methods:
        None
    Service name: RenderingControl
    Service class: urn:schemas-upnp-org:service:RenderingControl:1
    Access point: UPNPObject.RenderingControl
    ----------------------------------------------
    Methods:
        None
Devices: None

Finished
rboutotte@MacBook-Pro-2:~/samsungtv/UPNP_Device$

[kdschlosser]

From my experience with Samsung TV's and from all of the various information I have read is that unless you can control your TV using the smart view application.. it is a no go as far as ever getting a remote control over IP working. There is a hitch to the smart view application. you will be able to mess about with streaming content and DLNA, play pause...... But you will not have "full" control of the TV

This is my assessment of the reasons as to why. anything below a 6000 (or it might be a 7000 I can't remember which) series TV I am pretty sure is not classified as a "Smart" TV. What that means is that the TV does not have the Smart Hub capability. Using applications and all that kind of crap. On TV's that are not "Smart" the network capabilities are for firmware updates and DLNA/UPNP. I am willing to bet your TV does not have a WiFi card. this is another indicator that the TV will not have remote IP control capabilities.

if port 8000 is not open on the TV then there is no way to connect to it. The H and J series TV's use a websocket connection. so no port to connect to.. not going to work.

I kind of hate to burst your bubble on this.

You may want to check the service menu and see if there is a setting to switch that functionality on or off... "Enter" button is the OK/Select button present in the center of Left/Right/Top/Bottom buttons. you have to press the buttons in rapid succession...

• (TV ON) Mute 1 1 9 Enter
• (TV OFF) Info Settings Mute Power
• (TV OFF) Mute 1 8 2 Power
• (TV OFF) Mute 1 1 9 Power
• (TV OFF) Display/Info Menu Mute Power
• (TV OFF) Display/Info P.STD Mute Power
• (TV OFF) P.STD Help Sleep Power
• (TV OFF) P.STD Menu Sleep Power
• (TV OFF) Sleep P.STD Mute Power

[kdschlosser]

ok another note.. this in your UPNP logs looks like you may have the ability..

<sec:Capabilities>
   <sec:Capability name='samsung:multiscreen:1' port='8001' location='/ms/1.0/'></sec:Capability>
</sec:Capabilities>

[raydog153]

So my TV has Wifi, so it has network functionality, not sure if it has wired network. When I turn it on, I get a big screen with the works 'Smart TV' on it....and in the menus I have Smart Hub feature as well. SmartView app use to work when I got the TV, but stupid me I always update things to latest software/firmware. I use to have more ports open at one point in time.

I have thought of trying to downgrade/upgrade my model in service menu to see if I could bypass whatever decides to disable those ports based on features.

Specs of TV: https://images-na.ssl-images-amazon.com/images/G/01/CAT500/H5203Specs._V352240693_.pdf

[raydog153]

Yes, I have seen that UPNP capability, hence my thought is that there has to be some way to turn on port 8001....perhaps after authentication or something in service menu. Or perhaps over my other open ports 4443/7011/7676/8080/8443? But until this is confirmed to work on other H series I'm not sure if I am doing something wrong, library, or tv is issue....

I have not found anything in service menu to date, have not tried extended service menu or changing model to 'spoof' the software to turn those ports on.

[kdschlosser]

H means the year of production

your TV is a 5000 series (model series) which is usually to low to have any "Smart" functionality. But even still you have all the components for the pin. so you might be ok...

I want you to replace a few lines of code in your test scripts

in the crypto.py file locate the following code

def parse_client_hello(client_hello, data_hash, aes_key, g_user_id):

    data = bytes(bytearray.fromhex(client_hello))
    logger.debug('crypto: client hello: ', data)

    first_len = struct.unpack(">I", data[7:11])[0]
    user_id_len = struct.unpack(">I", data[11:15])[0]

change it to this

def parse_client_hello(client_hello, data_hash, aes_key, g_user_id):
    data  = client_hello.decode('hex')
    logger.debug('crypto: client hello: ', data)

    first_len = struct.unpack(">I", data[7:11])[0]
    user_id_len = struct.unpack(">I", data[11:15])[0]

see if that works for ya..

if it dosn't try this

def parse_client_hello(client_hello, data_hash, aes_key, g_user_id):
    data  = client_hello.decode('hex')
    logger.debug('crypto: client hello: ', data)

    first_len = struct.unpack(">I", data[7:11])[0]
    user_id_len = data[11:15]
    user_id_len  = '\0' * (4 - len(user_id_len )) + user_id_len
    user_id_len = struct.unpack(">I", user_id_len )[0]

[raydog153]

I think I got a little farther, hard to tell without confirmation that this code paths are working, as I still feel somehow my TV is sending different responses and attributes like 'pEncWBGx' are blank. I have been able to mute/unmute my tv thru UPNP. I wonder how much HDMI CEC I can trigger/invoke. I also looked and I have a hard-wired network port too, I wonder if there is more open ports on that. From security perspective it makes sense since you need to physically connect up.

Here is the new call stack:

...
client hello: 019A000000000000000000
request id: 8
crypto: client hello: �
crypto: data_hash: :x�Dm�:����T��x��
crypto: dest: :x�Dm�:����T��x��
crypto: user id:
crypto: pEncWBGx:
crypto: pEncGx:
crypto: pGx:
Traceback (most recent call last):
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 163, in _run_module_as_main
    mod_name, _Error)
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/runpy.py", line 102, in _get_module_details
    loader = get_loader(mod_name)
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/pkgutil.py", line 462, in get_loader
    return find_loader(fullname)
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/pkgutil.py", line 472, in find_loader
    for importer in iter_importers(fullname):
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/pkgutil.py", line 428, in iter_importers
    __import__(pkg)
  File "test.py", line 15, in <module>
    with samsungctl.Remote(config) as remote:
  File "samsungctl/remote.py", line 19, in __init__
    self.remote = RemoteWebsocketEncrypted(config)
  File "samsungctl/remote_encrypted.py", line 74, in __init__
    self.open()
  File "samsungctl/remote_encrypted.py", line 156, in open
    self.pin = pin
  File "samsungctl/remote_encrypted.py", line 111, in pin
    self.run_forever()
  File "samsungctl/remote_encrypted.py", line 228, in run_forever
    self.config["id"]
  File "samsungctl/pySmartCrypto/crypto.py", line 144, in parse_client_hello
    secret =secret_hex.replace('L', '').decode('hex')
  File "/usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/encodings/hex_codec.py", line 42, in hex_decode
    output = binascii.a2b_hex(input)
TypeError: Odd-length string
rboutotte@MacBook-Pro-2:~/samsungtv/samsungctl$

[dcorsus]

From my own experience, the Client Hello info is too short. I can't decipher it but I know that when my J-Series refused it (while I was coding up my vb.net implementation), it was typically a shorter response with many zeros. Here is a wireshark trace of how it should look like. Note that GeneratorClientHello is much longer

GET /ws/apps/CloudPINPage HTTP/1.1 Host: 192.168.1.217:8080 Accept: / Accept-Language: en-us Connection: keep-alive Accept-Encoding: gzip, deflate User-Agent: Smart%20View/1.5.3.0 CFNetwork/758.2.8 Darwin/15.0.0

HTTP/1.1 200 OK API-Version: v1.00 Content-type: text/html Transfer-Encoding: chunked Date: Mon, 15 Feb 2016 23:44:19 GMT Server: WebServer

fb <?xml version="1.0" encoding="UTF-8"?>CloudPINPagestopped 0

POST /ws/apps/CloudPINPage HTTP/1.1 Host: 192.168.1.217:8080 Content-Type: application/x-www-form-urlencoded Connection: keep-alive Accept: / User-Agent: Smart%20View/1.5.3.0 CFNetwork/758.2.8 Darwin/15.0.0 Accept-Language: en-us Content-Length: 4 Accept-Encoding: gzip, deflate

pin4

HTTP/1.1 201 Created API-Version: v1.00 Content-type: text/html LOCATION: http:///ws/apps/CloudPINPage/run Transfer-Encoding: chunked Date: Mon, 15 Feb 2016 23:44:19 GMT Server: WebServer

20 http:///ws/apps/CloudPINPage/run 0

GET /ws/pairing?step=0&app_id=12345&device_id=5DCCC6FB-1312-47DF-8D2E-7BDFF875C70E&type=1 HTTP/1.1 Host: 192.168.1.217:8080 Accept: / Accept-Language: en-us Connection: keep-alive Accept-Encoding: gzip, deflate User-Agent: Smart%20View/1.5.3.0 CFNetwork/758.2.8 Darwin/15.0.0

HTTP/1.1 200 OK Content-Type: application/x-javascript; charset=utf-8 Content-Length: 18 Cache-Control: no-cache Secure-Mode: true Date: Mon, 15 Feb 2016 23:44:19 GMT Server: WebServer

{"auth_data":""}

POST /ws/pairing?step=1&app_id=12345&device_id=5DCCC6FB-1312-47DF-8D2E-7BDFF875C70E&type=1 HTTP/1.1 Host: 192.168.1.217:8080 Content-Type: application/json Connection: keep-alive Accept: / User-Agent: Smart%20View/1.5.3.0 CFNetwork/758.2.8 Darwin/15.0.0 Content-Length: 367 Accept-Language: en-us Accept-Encoding: gzip, deflate

""auth_Data":{"auth_type":"SPC","GeneratorServerHello":"010200000000000000008A0000000636353433323130069945AC9BA2130C2B8D8537B0BF119D5DF7EBDB968E0EB24355ACF7E3F4D68993F92FBB08E600EEBBAB5FBDDBDFF9EA1B3980EF278A0A5CEEF5FC3C2D765F911952D029DB8A01BF2B5B90FA4C1F3D348133D8C54D58ECCCE6A821973E66343AE9E8324C9D4AE76FAA63E37DC1276A8191CB4EA251F8310F79D6759D3E90A40000000000"}"

HTTP/1.1 200 OK Content-Type: application/x-javascript; charset=utf-8 Content-Length: 440 Cache-Control: no-cache Secure-Mode: true Date: Mon, 15 Feb 2016 23:44:22 GMT Server: WebServer

{"auth_data":"{\"auth_type\":\"SPC\",\"request_id\":\"2\",\"GeneratorClientHello\":\"010100000000000000009E000000063635343332315F5E9B60C8145F26F70C951B076D43A5BF75646876B43EEB6CE844A4EF5D61533C4BA934A334D2CCC21E0C1EB341CDDDCBB526295C08493E8A33A6299D6132193D7AB03E0849BE0E64D88C709F989A8A972D4AC400138C27D452E0F8F05DB932738D8BDEB731731B2344525A7B5EE86544AA7A227D8C51DA766F552D1E47A5FF8E2C2123B12783C1D75BC1558CAAEA656F1695FE0000000000\"}"}

POST /ws/pairing?step=2&app_id=12345&device_id=5DCCC6FB-1312-47DF-8D2E-7BDFF875C70E&type=1 HTTP/1.1 Host: 192.168.1.217:8080 Content-Type: application/json Connection: keep-alive Accept: / User-Agent: Smart%20View/1.5.3.0 CFNetwork/758.2.8 Darwin/15.0.0 Content-Length: 0 Accept-Language: en-us Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK Content-Type: application/x-javascript; charset=utf-8 Content-Length: 18 Cache-Control: no-cache Secure-Mode: true Date: Mon, 15 Feb 2016 23:44:22 GMT Server: WebServer

{"auth_data":""}

DELETE /ws/apps/CloudPINPage/run HTTP/1.1 Host: 192.168.1.217:8080 Connection: keep-alive Accept: / User-Agent: Smart%20View/1.5.3.0 CFNetwork/758.2.8 Darwin/15.0.0 Accept-Language: en-us Content-Length: 0 Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK API-Version: v1.00 Content-Length: 0 Date: Mon, 15 Feb 2016 23:44:22 GMT Server: WebServer

I made use of the smartview dlls in my implementation but I'm currently converting the posted Python implementation into VB.NET and see if I can be of assistance. Check your TV that you enabled remote control and that you haven't "denied" the request by mistake, you would need to delete the denied device.

@kdschlosser did anyone already confirm it working for H/J series? On a different topic. Seem to recall you use the ms.channel.unauthorized response to switch from non-ssl (port 8001) to ssl (port 8002). I noticed today, if someone, denied an authorization request (the TV will store that), you also get a response ms.channel.unauthorized. I implemented aget to http://:8001/api/v2/ and look for TokenAuthSupport=true to determine SSL or not. Not 100% that is correct as well but just wanted to share with you.

Dirk

[kdschlosser]

@dcorsus I have not had anyone tlel me whether or not this implementation for the H and J series TV's works or not. So I do not know if it does. I do know that the TV that @raydog153 has some pointers saying that it will not work because of the model of the TV but then again it does have some pointers saying it will. so I could not even begin to tell you if this would or would not work.

as far as the automatic switch from non ssl to ssl. again I do not know if that TokenAuthSupport shows up as a false on the TV's that do not use the sll websocket or not. there is a big ? there. I think the mechanism to try ssl if it fails is a good one because if the user denied a connection then it will still fail. even on ssl.

I set the library up the way it is mostly for the people that do not know if their TV uses ssl. and to also have it be almost seamless except for having to click the authorize on the TV for adding a new remote. which the user would think would be because of an update in the firmware and nothing more. and their current setup as far as samsungctl is concerned will continue to operate the way it is. Unless i have information telling me different I think this is the best mechanism to use.

[dcorsus]

@raydog153 Something to try .... set the DeviceID (UserId ) to "654321" instead of "2DCL6GDVYAKIC". A long time ago, I was struggling to get authentication going and vaguely remember playing with these values getting similar denials from the TV and decided to follow what SmatView did ie 654321, and I see that Eclair4151 (https://github.com/eclair4151/SmartCrypto/blob/master/PySmartCrypto/smartcrypto.py) does the same, and I tried his just a minute ago on m TV and that works.

[raydog153]

@dcorsus Thank you....that gets me 1 step closer as it now looks like a much more valid response I'm getting back. While still not working it is progress. I did try entering in valid and invalid PIN code and both gave me similar responses, was hoping that one could easily detect invalid PIN response but looks like needs to be decoded first.

UPDATE...so I was able to make further progress by fixing a few more issues. Not 100% sure the changes I made were correct, but was able to get thru all the pairing steps and get thru ServerAckMsg as well. Also invalid PINs are being detected from what I can tell, since it errors if my PIN is not correct, which helps to tell me things are being parsed correctly at least up to that point.

Here is current stack trace:

step 2 response: {"auth_data":"{\"auth_type\":\"SPC\",\"request_id\":\"3\",\"GeneratorClientHello\":\"010100000000000000009E00000006363534333231D54EEDF04392CC3982B84761C408410485F8C4F87E453960A4F3343C2C3C55EC3E27FF9047B90396B234E8B47EAF5D93D879D821FE2A04300802F82F5D45761396C9C1C978BCDCB99E57D014B23BC3CFB87311A94CA0D7E192572C68A14E978054B9A4B7DED455A6844E2AB63A74D850C45F2CD9FC53909C9606469A3F915D03012F39EAE491DE05F06656D6CC970704C87B78E20000000000\"}"}

client hello: 010100000000000000009E00000006363534333231D54EEDF04392CC3982B84761C408410485F8C4F87E453960A4F3343C2C3C55EC3E27FF9047B90396B234E8B47EAF5D93D879D821FE2A04300802F82F5D45761396C9C1C978BCDCB99E57D014B23BC3CFB87311A94CA0D7E192572C68A14E978054B9A4B7DED455A6844E2AB63A74D850C45F2CD9FC53909C9606469A3F915D03012F39EAE491DE05F06656D6CC970704C87B78E20000000000
request id: 3
crypto: client hello: 010100000000000000009e00000006363534333231d54eedf04392cc3982b84761c408410485f8c4f87e453960a4f3343c2c3c55ec3e27ff9047b90396b234e8b47eaf5d93d879d821fe2a04300802f82f5d45761396c9c1c978bcdcb99e57d014b23bc3cfb87311a94ca0d7e192572c68a14e978054b9a4b7ded455a6844e2ab63a74d850c45f2cd9fc53909c9606469a3f915d03012f39eae491de05f06656d6cc970704c87b78e20000000000
crypto: data_hash: 6066ccdad8dedac63ffd65c1705e5961c4ed25b0
crypto: dest: 00000006363534333231d54eedf04392cc3982b84761c408410485f8c4f87e453960a4f3343c2c3c55ec3e27ff9047b90396b234e8b47eaf5d93d879d821fe2a04300802f82f5d45761396c9c1c978bcdcb99e57d014b23bc3cfb87311a94ca0d7e192572c68a14e978054b9a4b7ded455a6844e2ab63a74d850c45f2cd9fc53909c9606469a3f915d036066ccdad8dedac63ffd65c1705e5961c4ed25b0
crypto: user id: 654321
crypto: pEncWBGx: d54eedf04392cc3982b84761c408410485f8c4f87e453960a4f3343c2c3c55ec3e27ff9047b90396b234e8b47eaf5d93d879d821fe2a04300802f82f5d45761396c9c1c978bcdcb99e57d014b23bc3cfb87311a94ca0d7e192572c68a14e978054b9a4b7ded455a6844e2ab63a74d850c45f2cd9fc53909c9606469a3f915d03
crypto: pEncGx: 7644ee6ad7b0ed26f8078f23e623f02682caea6c249f0a0a9d62e5129b28c5550d413ecfdea3bbe7228f25b556ec8bff38c26622ddcceff412a418558d5a145ce26badc20b7015d3b6dfcde2f024761e9c0bc4f018ca579b3fd6b2b301e19cf3f5688506ba1c769f45e24d61e41459e3e29073edfb4776d08ec6a3eef6344ec8
crypto: pGx: a22881c61f481ae91f7bb48648beb6dceb2414afde3b6fad9ef34e2bbb503eec3012a739c1ab59e86b46b0fd8790d5717259702d08c2f7973c5b2c5e9349c962ecb20115404c99203a461a6e013c56a1626318748c6eacabc42c659874f20c1549677e94a4349bb0d87fed5768aa16399571b364ddeca5cb26d17def46901539
crypto: secret: 49ac7cf8a5ff7370a6030106d07685178929cc492925491ad311ddd376ca91528ecedd5e577910c8d30ead4ed9d67b26c49d5fb101b1664440defb0ad75154b181f8689094ce178d758432d9f68b4d87e11ce7eaaa73c348ba0dfeead6331b3bb17b7f2cd2ac4e40d52a63f93dbac26aabdeedd51c816bf48a6991ae703e363a
crypto: data hash 2: 012f39eae491de05f06656d6cc970704c87b78e2
crypto: secret 2: 36353433323149ac7cf8a5ff7370a6030106d07685178929cc492925491ad311ddd376ca91528ecedd5e577910c8d30ead4ed9d67b26c49d5fb101b1664440defb0ad75154b181f8689094ce178d758432d9f68b4d87e11ce7eaaa73c348ba0dfeead6331b3bb17b7f2cd2ac4e40d52a63f93dbac26aabdeedd51c816bf48a6991ae703e363a
crypto: data hash 3: 012f39eae491de05f06656d6cc970704c87b78e2
crypto: dest hash: de5d8110b8b1b08b11bcd50a6d4972b5fe8b4005
crypto: sk prime: 055a7589127a3365a3a09c6ab00a1eb9f5682b35
crypto: sk prime hash: ada8e330ff36042166a2f90145306f84f3b06adf
crypto: ctx: [115][101][74][33][144][243][18][248][121][169][227][254][15][99][118][168]
ctx: [115][101][74][33][144][243][18][248][121][169][227][254][15][99][118][168]
sk prime: 055a7589127a3365a3a09c6ab00a1eb9f5682b35
ack message: 0103000000000000000014990DFB9C416F2159FF1C77777220B864C8BFB77B0000000000
pairing step 3: http://172.16.16.57:8080/ws/pairing?step=2&app_id=12345&device_id=654321
TRACE: request POST URL(200): http://172.16.16.57:8080/ws/pairing?step=2&app_id=12345&device_id=654321
TRACE: request PAYLOAD: {"auth_Data": {"auth_type": "SPC", "ServerAckMsg": "0103000000000000000014990DFB9C416F2159FF1C77777220B864C8BFB77B0000000000", "request_id": 3}}
TRACE: request CONTENT={"auth_data":"{\"auth_type\":\"SPC\",\"request_id\":\"3\",\"ClientAckMsg\":\"01040000000000000000149F7C075E14570C9F6A029DCA965565581858FEDA0000000000\",\"session_id\":\"6\"}"}

step 3 response: {"auth_data":"{\"auth_type\":\"SPC\",\"request_id\":\"3\",\"ClientAckMsg\":\"01040000000000000000149F7C075E14570C9F6A029DCA965565581858FEDA0000000000\",\"session_id\":\"6\"}"}

client ack: 01040000000000000000149F7C075E14570C9F6A029DCA965565581858FEDA0000000000
session id: 6
pairing step 4: http://172.16.16.57:8080/socket.io/1/?t=1547473608573
TRACE: request GET URL(403): http://172.16.16.57:8080/socket.io/1/?t=1547473608573
TRACE: request CONTENT=<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>403 - Forbidden</title>
 </head>
 <body>
  <h1>403 - Forbidden</h1>
 </body>
</html>

step 4 response: <?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>403 - Forbidden</title>
 </head>
 <body>
  <h1>403 - Forbidden</h1>
 </body>
</html>

websocket url: ws://172.16.16.57:8080/socket.io/1/websocket/<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http
TRACE: request DELETE URL(200): http://172.16.16.57:8080/ws/apps/CloudPINPage/run
TRACE: request CONTENT=
Opening websocket connection to 172.16.16.57:8080
Closing Websocket Connection.
Traceback (most recent call last):
  File "test.py", line 17, in <module>
    remote.command('KEY_VOLUP')
AttributeError: 'RemoteWebsocketEncrypted' object has no attribute 'command'

[kdschlosser]

@raydog153

can we close this?? is it working on your TV?

[raydog153]

This is not fixed for me. While I can get it to pair, only if I make code changes and set type=0, but have no open 800x ports. I do have 8443, and wondering if perhaps that port should be used instead of 8001/8002, but will not know until more bugs are worked out from others and until I have my TV fixed again (Board ordered, and found where to reset EEPROM so maybe this weekend).

In mean time let's close this, I think the issue in this bug is fixed and if not can submit fix when I hit them. Would be better to get this H branch merged into master.

[kdschlosser]

I want to start a separate branch specifically for testing with your TV. we can both do PR's against that branch. also do you have a slack account set up? if so message me on that we can pass code back and forth easier over that.