Samsung TV hacking & Snooping on WiFi Traffic in Windows 7

When working with a new software product/system, I am one of those guys who is not satisfied just knowing the external interface. I need to know what is going on “under the hood” as well.

Couple of months back, I bought a Samsung LED TV that has cool Internet features. With couple of fun TV app ideas in mind, I wanted to get down to do some coding during the weekends. So, I finally spent some time reading up the documentation and started coding.

In the meantime, I was playing around with some apps that come with TV. It has some nice apps like Skype, Google Maps, Twitter, Facebook etc. The functionality offered in twitter and facebook apps is so limited that one cannot even navigate to the links.  While there is no app store for Samsung India, there seem to be one for Samsung USA. It is so disappointing to see that there is lot more content and apps for USA customers and Samsung India has no clue when they will be made available here. Samsung India customer support is not even aware of an app store or tv apps – I had fun time talking to them though 🙂

I didn’t think that this logic of what apps to be made available is embedded in the firmware. It must be some pre-set region code or something like that set in the TV that the software  further uses to restrict or extend the features. Since the list of apps are not hard-wired into the TV, the software must be talking to some Samsung servers out there. So, I thought I will find out what is going on by looking into the traffic as I turn on the TV.

I had my TV connected to Internet via WiFi to the Linksys WiFi router. Since my windows laptop is also connected to the WiFi in the same network, I thought I could easily snoop on the traffic by firing up Wireshark in promiscuous mode. Apparently not so easy in windows. Unlike linux, it seems that Windows doesn’t allow or has limited support for promiscuous mode with WiFi adaptors. I learnt this hard way though.  Thanks to my former colleagues on LinkedIn Abhijit and MikeB, it seems that  this apparently works on linux and that there are some commercial solutions like AirPcap, I didn’t want to go that far. Plus, I didn’t have access to a linux machine readily.

But with some more time and help from google, I came to know that windows 7 has this cool feature called virtual WiFi adapter using which the windows laptop itself could act as an AccessPoint. That means, TV could now connect to the access point provided by laptop instead of the router. My laptop instead connected to the router via Ethernet.

With this setup, I was able to combine another of windows feature called ICS (Internet Connection Sharing) and configure internet sharing between Ethernet and virtual WiFi adapters. Now, I could snoop on the TV traffic by using promiscuous mode on the Ethernet adapter.  I also found that snooping works perfectly fine on virtual WiFi adapter too.

Next few hours was pure hacking delight looking at all the API calls the TV was making. TV is running on Linux. Luckily, only the initial authentication calls are on HTTPS. Once an auth token is retrieved, subsequent calls are made over HTTP itself.

  • authenticating to samsung servers in Korea
  • getting details of capabilities(like paid apps) to be exposed,
  • catalog calls to retrieve list of apps,
  • get list of installed apps,
  • retrieve service notifications etc.

Not sure if it is a serious privacy issue, TV also logs several user actions to the server including how many times an app is launched etc.

While doing this, I also came across a project on sourceforge called SamyGo. These guys have been hacking Samsung TVs for a while – including enabling telnet/ftp support, hidden PVR functionality and even modifying the firmware in some cases. Check it out here. While I haven’t rooted my TV yet, I was able to gain lot more insights using their tools.

Anyway, here are the instructions on how to snoop on WiFi traffic on windows, if you ever want to do. You can  use this approach to snoop on your mobile phone app traffic too.

  • Start a command window in administrative mode. You can do this by right-clicking on the “Command prompt” menu item in Start | All Programs | Accessories

  • Run the following two commands to setup a virtual WiFi adpater

c:>netsh wlan set hostednetwork mode=allow ssid=ssid1 key=password

This creates a virtual WiFi adapter acting as an AccessPoint. Replace ssid1 and password with your own. You can get more help on this command by running “netsh wlan set hostednetwork ?”

c:>netsh wlan start hostednetwork

This actually starts the access point. You may need to re-run this command if you reboot the laptop.

  • Enable internet connection sharing

Go to Control Panel | Network & Sharing Center | Change Adapter Settings and right-click on your Ethernet adapter (or any adapter with internet connection) and bring up properties. Change to “Sharing” tab and enable the check box “Allow other network users …”. In the combo box below, select the newly created virtual WiFi adapter.

  • Now, go back to the device (TV or mobile) and refresh WiFi access points. You should see the newly created access point ssid1 that the device can connect to.
  • That’s it. Have fun with the hacking.

PS: btw, there are some free tools like Vritual Router and Connectify that simplify the steps above into simple UI, but I had little success in snooping on WiFi traffic with them.

Advertisements

3 thoughts on “Samsung TV hacking & Snooping on WiFi Traffic in Windows 7

  1. Pingback: LED TV Philips Ambilight & The Dark Knight Blu-ray | 21 inch lcd tv | samsung 21 inch lcd tv | lg 21 inch lcd tv

  2. Pingback: Nintendo Wii USB Enabled Lan Adapter

  3. Never buy LED’s from Samsung without doing diligent analysis. You get only one year warranty on that and they start giving you problems after an year or so. Please ask the cost of replacement of LED panel when you are buying the TV so that you can make a wise decision. For example, My 46′ Samsung LED panel failed after 15 months and the company is asking Rs 35,000 for its replacement. The cost may go up as you go for a bigger TV. It’s you money spend wisely, go through all the forums and search for the model you want to buy, read the reviews and then decide!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s