search

webosbrew / webos-homebrew-channel

Unofficial webOS TV homebrew store and root-related tooling
MIT License
839 stars 44 forks source link

"Block system updates" not working; still seeing update notifications #96

Open menotuu opened 2 years ago

menotuu commented 2 years ago

In installed webos homebrew channel two weeks ago and since 2 days I am getting notes for firmware update to 05.20.15 for my tv on every normal tv start, after the started one time in failsafe mode.

webosbrew version 0.4.0 block system updates is activated since first day in webos and webosbrew. failsafe mode is deactivated.

"board_type": "M19_DVB",
"hardware_id": "HE_DTV_W19H_AFADABAA",
"product_id": "OLED65B97LA",
"core_os_release": "4.9.5-6",
"webos_manufacturing_version": "05.20.06",

why is it showing the "there is a new firmware update for your lg tv" on every tv start?

Informatic commented 2 years ago

Can you please connect over ssh/telnet and check result of this command:

find /mnt | grep -i 'epk$'
menotuu commented 2 years ago

hi, the result of this command is simply nothing. nothing

vpont commented 2 years ago

Same issue here but on 0.5.0.

This only happens after the TV gets turned off unexpectedly (i.e. cable pull or power outage) and once power is back the TV is in failsafe mode. Then it asks for a reboot and when accepting the "update is available" message pops up shortly before the TV reboots itself. After the "normal" reboot this message does not show anymore.

Could this be the TV downloaded the update while in failsafe mode? I umounted /tmp/rdxd /tmp/uploadd /var/spool/rdxd /var/spool/uploadd/pending /var/spool/uploadd/uploaded and checked their contents and no file with "epk" was found there either. Am I looking in the wrong places?

bugsbunny88 commented 2 years ago

vpont; can you describe the steps to umount to check those locations. is your TV crashing as well ?

I can echo the same stuff happening to me, I believe after a power failure or something

throwaway96 commented 7 months ago

Since LG patched RootMyTV (v1 and v2), our startup scripts do not run early enough to effectively block update checks. Currently, the only way around this is to block the relevant subdomains (e.g. on your router):

snu.lge.com
su.lge.com
su-ssl.lge.com
snu-dev.lge.com
su-dev.lge.com
nsu.lge.com

(Listed roughly in order of importance.)

If you are getting notifications about an already-downloaded update, delete the files under /mnt/lg/cmn_data/swupdate (in particular, Image_Update_Info.xml and Package_Update_Info.xml).

I suspect most of the previous reports in this issue (and #89) involved failsafe mode, though. Issue #104 is dedicated to that specifically.

ts95 commented 7 months ago

@throwaway96 I see that the domains you've listed are added to /etc/hosts automatically by the webosbrew setup script (diverting requests to 127.0.0.1). How come this doesn't work?

Unfortunately my router doesn't have any DNS blocking options, so I can't block those subdomains at the router level.

Shad0w80 commented 3 months ago

Since LG patched RootMyTV (v1 and v2), our startup scripts do not run early enough to effectively block update checks. Currently, the only way around this is to block the relevant subdomains (e.g. on your router):

snu.lge.com
su.lge.com
su-ssl.lge.com
snu-dev.lge.com
su-dev.lge.com
nsu.lge.com

(Listed roughly in order of importance.)

If you are getting notifications about an already-downloaded update, delete the files under /mnt/lg/cmn_data/swupdate (in particular, Image_Update_Info.xml and Package_Update_Info.xml).

I suspect most of the previous reports in this issue (and #89) involved failsafe mode, though. Issue #104 is dedicated to that specifically.

Hi, i'm getting the update notification at every tv start, how can i stop that? I searched for those two files (Image_Update_Info.xml and Package_Update_Info.xml) but i can't find them. Also i don't have the /mnt/lg/cmn_data/swupdate folder. I have a LG C9 Oled, can you help me please? Thanks

AndyHazz commented 3 months ago

Hi, i'm getting the update notification at every tv start, how can i stop that?

You'll need to block those listed lge.com subdomains in your router, or by using something like pihole.

Shad0w80 commented 3 months ago

Hi, i'm getting the update notification at every tv start, how can i stop that?

You'll need to block those listed lge.com subdomains in your router, or by using something like pihole.

Blocked trhough my router and the notification is gone. I thought the update had already been downloaded, but it hasn't. Thats why i cannot see those files and folder i guess. Thank you

frigorific commented 3 months ago

Adding to this, same problem. Pop-up every time I start TV. Installed via dejavuln autoroot (0.0.6) yesterday. I don't have router capable of blocking or pihole set up.

Block system updates is activated No files in swupdate folder Webosbrew 0.6.3 Had the pop-up before rooting

I might be able to hit cancel every time but kids might eventually hit ok and do the update. What would happen? TV brick or lost root and updated to 06.10.45? Thank you.

"board_type": "M16P_DVB", "hardware_id": "HE_DTV_W17H_AFADABAA", "product_id": "OLED55B7V-Z", "core_os_release": "3.9.2-6270908", "webos_manufacturing_version": "06.10.30"

The pop-up:

The latest version of the software is available for your TV. Do you want to update now? (Version: 06.10.45) NO YES

aboulfad commented 3 months ago

I have the same exact behaviour & config as @frigorific. Here's my TV info:

{ "product_id": "OLED65E7P-U", "firmwareVersion": "06.10.30", "webos_release": "3.9.2", "board_type": "M16P_DVB", "hardware_id": "HE_DTV_W17H_AFADATAA" }

FetchFast commented 3 months ago

I caught the TV bypassing DHCP server issued DNS settings and using its own DNS settings: Google's 8.8.8.8

I'm going to try blocking that and searching for an update file to delete.

I'd still like to know what would happen if I chose update. It's easy to accidentally hit update with the option preselected and shortly after turning the TV on when you're navigating menus...

Also, how much of a risk is an insecure TV and what can we do to mitigate that safely?

Finally, how much would a monitor this size and an external NPU size computer be instead of all this messing around?

piejanssens commented 3 months ago

If you are running AdGuard Home, go to Filters > Custom filtering rules, add these:

||snu.lge.com^
||su.lge.com^
||su-ssl.lge.com^
||snu-dev.lge.com^
||su-dev.lge.com^
||nsu.lge.com^
MiklerGM commented 1 month ago

I caught the TV bypassing DHCP server issued DNS settings and using its own DNS settings: Google's 8.8.8.8

I was scared by this comment, but I couldn't confirm this issue. Probably a device and firmware specific.

My setup: static IP address (manual input) on the TV, with custom DNS server address. For DNS server I've tried pi-hole. No changes on the router as DHCP server is not involved. There is a static DHCP lease to book the ip address just in case.

domain regex:

(snu|su|su-ssl|snu-dev|su-dev|nsu).lge.com

OLED65CX9LA 04.40.70

wes1993 commented 2 weeks ago

Dear all, I have the same problem... Both my TV 50NANO756PR still asking for update every time they boot... There are something we can do? Kill update check process? Block 8.8.8.8 inside the FW?

I have already blocked the update website using NextDNS but won't solve...

Best regards Stefano