Dominik Meyer

Personal Page

Unsmart

You have the feeling that an internet connection for your smart tv is not necessary, but when you unplug some features are not longer accessible (e.g. playing recordings from the attached harddrive). Then unsmart is for you. Disconnecting the tv but faking a working internet connection.

Translations: de

I own a Samsung UE40F6400 "smart" tv and I did use it for quite some time connected to the internet. But at some point I did realize, that I didn't really use all the builtin apps and features, that would require a internet connection (since the browser is pretty much unusable anyways). So I decided to disconnect the tv.

After a while I wanted to watch a video file from the attached harddisk and to my surprise this wasn't possible anymore. Wait? You have to be connected to the internet in order to watch a file from local storage? You got to be kidding me!

This is unaceptable to me and therefore I dived into reverse engineering what is sent over the network and what prevents me from watching my local video files.

As I had a raspberry pi idling on the local network anyways, I did use this to sniff some of the local network traffic sent fto and from the tv set. This is done quite easily and does not even require you to connect a monitor to the raspberry pi.

First on the raspberry, enable ip forwarding (ip4 only, you really thought this product is using ip6 ...) via

$ sudo sysctl -w net.ipv4.ip_forward=1

Then via NAT the traffic from the tv can be redirected through the raspberry. Just use the raspberry pi's IP as the gateway address.

$ sudo iptables -t nat -F
$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ sudo iptables -A FORWARD -i eth0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A FORWARD -i eth0 -o eth0 -j ACCEPT

Then remotely sniffing all traffic passing trough the raspberry can be done via wireshark

$ ssh <raspberry pi> "sudo tcpdump -U -s0 -w - 'not port 22'" | wireshark -k -i -

If you look into the traffic, all kind of things are going on. Some encrypted requests and even some unecrypted data requests are made. Apparently, to check, whether the internet connection works, the TV makes a request to samsung.com and retrieves an xml file (it is to be determined, if all users cannot watch local movies once the samsung site ist down ...). This file seems to contain US stockticker data, but has some very strange 3 bytes in the beginning, without them the connectivity is not confirmed.

So to retreive the file, clock follow TCP stream for the according packet of the xml file in wireshark and save the bytes of this request to a file.

Then a small dnsmasq server can be set up on the raspberry pi to redirect all requests from the TV to the local raspberry address. In the code repository there is a very simple server, that just sends out this captured xml file on any request. That seems to be enough to satisfy the online check. If you wish to use other services and apps on the TV, then obviously some other domains for those services have to be whitelisted by configuring the dnsmasq server accordingly.

All the configurations and how to use them can be found in the Github repository Unsmart.