Developer mode apps (those installed in /media/developer) are inspectable by default. Other apps (e.g., from the LG Content Store) are not inspectable by default, but you can add "inspectable": true to their appinfo.json to enable it. Debugging system apps (i.e., those in /usr/palm/applications) may require a special flag.
The developer mode app debugger listens on port 9998.
System service and system app debugging uses ports 5885 and 9999, respectively. However, debugging for these is not normally enabled.
Go to chrome://inspect in Chrome. Check "Discover network targets".
Click the "Configure..." button, add <TV IP>:9998, and click "Done". It will probably take a moment for Remote Targets to appear.
Homebrew Channel as a Remote Target.
Click the "inspect" link to launch a DevTools window. Select the "Console" tab in the drawer. If the drawer isn't open, you can press escape to toggle it.
Using newer versions of Chrome/Chromium to debug older webOS versions may not work. According to LG's documentation on App Debugging (archive), the best version of Chrome to use as a client for remote debugging is:
- webOS 1–3: Chrome 38
- webOS 4-5: Chrome 68
- webOS 6+: latest version
LG also has a list of the Chromium version built into each webOS major version on their Web API and Web Engine (archive) page. Once a webOS major version is released, LG never updates the version of Chromium it uses. (And don't bother trying to do so yourself unless you really know what you're getting yourself into.)
This snippet has been used to recover from Homebrew Channel becoming unelevated during an update. (You should install and elevate the Safe Updater app to make fixing such situations easier.) To use it, you need to launch Homebrew Channel on the TV, remotely inspect it as described above, and run this in the DevTools console.
webOS.service.request("luna://org.webosbrew.hbchannel.service", {
method: "exec",
parameters: { command: 'touch /var/log/crashd/"x;telnetd -l sh"', subscribe: false },
onSuccess: function (res) {
console.log("yay \ud83c\udf89", res);
},
onFailure: function (res) {
console.log("fail \ud83d\ude22", res);
},
});After executing this, you should be able to telnet to the TV and get a root shell. To re-elevate Homebrew Channel, run /media/developer/apps/usr/palm/services/org.webosbrew.hbchannel.service/elevate-service.
I recently came across an appinfo.json property that appears to allow an app to have a CORS whitelist. It's not listed in the LG webOS TV appinfo.json documentation (archive). I assume a CORS whitelist would only be useful for web apps.
The useCORSWhitelist property specifies the name of a JSON file containing the whitelist configuration (described below). It looks like a matching signature file (having the same name followed by .sig) is required. The signature is Base64-encoded, and decoding it yields 256 random-looking bytes. I haven't investigated what kind of signature it is or what checks it.
In the only case I've seen, the JSON configuration was named cors_whitelist.json, and the signature was in cors_whitelist.json.sig.
whitelistedDomains is an array of domains (with protocol). whitelistedTypes is an array of MIME types.
Example:
{
"whitelistedDomains": [
"https://www.example.com",
"https://www2.example.com"
],
"whitelistedTypes": [
"application/json",
"text/html",
"text/plain"
]
}