There is a vulnerability/backdoor in webOS 5+ that allows you to easily run arbitrary commands as root during the boot process. The easiest way to exploit it simply involves putting a file on a USB drive and having it connected to your TV while it boots. There are two other methods that are more complex and require additional exploits.
See dejavuln-autoroot for a simpler exploit that works on webOS 3.5+ TVs (i.e., models from 2017 and later). It is unpatched as of 2024-04-21 and does not require Developer Mode or even a network connection—just a USB drive.
Otherwise:
- If you have a webOS 5–8 TV with old enough firmware, WTA (which does not require Dev Mode) will still work.
- If you have a webOS 4.x TV, you can also try CVE-2023-6319, which is unpatched on the latest (final?) firmware for webOS 4.0 (2018) models.
- While there will eventually be fully software-based exploits released for older models, they can currently be rooted via NVM.
What you do with this information is your own responsibility. If you brick your TV trying this, it's not my fault. You should probably have some electronics experience if you want to attempt this.
This is going to involve opening your TV and attaching wires to the pins of an integrated circuit. If you're not comfortable with that, this is not for you.
This document is a work in progress.
LG TVs since at least the era of NetCast and "Global Platform" (webOS predecessors) have had the notion of a debug level, generally called "debugstatus". There are three modes: DEBUG
, EVENT
, and RELEASE
. TVs normally operate in RELEASE
mode. DEBUG
mode enables a variety of logging and other debugging features in webOS, including access to the bootloader console and debug menus via serial. EVENT
is similar to DEBUG
, although it may not enable as much logging and has other relatively minor differences.
This is just a dump of some interesting undocumented features of webOS (3.8 specifically, on early 2018 4k LG TV) and other development-related tips.
- OpenVPN frontend (OpenVPN itself is easily buildable and runs on webOS TVs: https://discord.com/channels/407937994037919756/835489130967859251/906943542457401395)
- App autostart manager - dynamically update arbitrary app config and register it as input (see Registering an app as an input)
- webos-vncserver frontend with autostart option
- Package hyperiond into Piccap directly
- Quick Screenshot (expose HTTP port that just returns PNG of current screen contents)
- Custom IR remote codes editor/updater/blaster
/*------------------------get Twitter Ids on page --------------------- | |
| Find twitter IDs of people on page(intended for blocking multiple | |
users) bookmarklet inspired by @mariotaku 's wtb | |
| Author: Hong Lin <plantvsbird@gmail.com> | |
License: MIT | |
| See comments below for usage thx. |
import android.support.v4.app.Fragment; | |
import android.support.v4.app.FragmentManager; | |
import android.support.v4.app.FragmentStatePagerAdapter; | |
import android.support.v4.view.ViewPager; | |
/** | |
* Created by Chaojun Wang on 5/6/14. | |
*/ | |
public class ViewPagerUtils { | |
private ViewPagerUtils() {} |
// Just before switching jobs: | |
// Add one of these. | |
// Preferably into the same commit where you do a large merge. | |
// | |
// This started as a tweet with a joke of "C++ pro-tip: #define private public", | |
// and then it quickly escalated into more and more evil suggestions. | |
// I've tried to capture interesting suggestions here. | |
// | |
// Contributors: @r2d2rigo, @joeldevahl, @msinilo, @_Humus_, | |
// @YuriyODonnell, @rygorous, @cmuratori, @mike_acton, @grumpygiant, |
Consumer key: IQKbtAYlXLripLGPWd0HUA
Consumer secret: GgDYlkSvaPxGxC4X8liwpUoqKwwr3lCADbz8A7ADU
Consumer key: 3nVuSoBZnx6U4vzUxf5w
Consumer secret: Bcs59EFbbsdF6Sl9Ng71smgStWEGwXXKSjYvPVt7qys
Consumer key: CjulERsDeqhhjSme66ECg