channel 5

[basedcel]

can someone sniff the SSL cert for channel5 (my5) from their samsung tv?

[pompok]

Is it actually possible? Data is send over secure http.

[darkw4v3]

What is downloading a publicly available cert going to do for you? Why do you think this needs to be done from a TV? What are you trying to accomplish?

[howboring]

What is downloading a publicly available cert going to do for you? Why do you think this needs to be done from a TV? What are you trying to accomplish?

Sounds like you don't know what a client SSL cert is, which is what he is referring to. Services that require a client SSL cert will not accept any API requests you make if you don't have that cert. See BBC IPlayer 4k content as an example.

[darkw4v3]

Sounds like you don't know what a client SSL cert is, which is what he is referring to.

lmao - swing and a miss, champ.

[A_n_g_e_l_a]

Sounds like you don't know what a client SSL cert is, which is what he is referring to.

lmao - swing and a miss, champ.

Hey don't go RajLinux on us! You may know what SSL certificates are, but read 'howboring' carefully; he explains it exactly as it is.

It's OK, even exciting, to not know something.
It gives us cause to learn and explore new ideas!

[T33V33]

Why do you think this needs to be done from a TV? What are you trying to accomplish?

I assume he is trying to accomplish the feat of getting HD content from My5.... They only supply HD to certain Samsung devices everything else is SD only. From what I gather everything on Samsung's is different... Different api? different mpd structure? Also Playready only from what I've seen.

[pompok]

Is I possible to sniff and decrypt packets from lg tv?

[basedcel]

Why do you think this needs to be done from a TV? What are you trying to accomplish?

I assume he is trying to accomplish the feat of getting HD content from My5.... They only supply HD to certain Samsung devices everything else is SD only. From what I gather everything on Samsung's is different... Different api? different mpd structure? Also Playready only from what I've seen.

Quite right.

> Is I possible to sniff and decrypt packets from lg tv?

dunno man, I have a samsung tizen tv and haven't been able to figure out how to even set a proxy. Wish I bought an android tv.

That said, anyways, if someone is able to, please let me know. Thank you.

[darkw4v3]

It's OK, even exciting, to not know something.
It gives us cause to learn and explore new ideas!

Of course I know what SSL certs are. It's kinda hard to do what we do and not comprehend that.

What I was getting at was the vagueness of the OP's request. Server cert? Client cert? - lets assume server cert!

le sigh. nobody gets my sense of humor around here.

[darkw4v3]

Getting back on topic, I have the older orsay based samsung. I never could find anything useful about getting into it.

It's probably possible with the tizen based tvs since it's linux based. However, unfortunately I can't help with setting up a proxy on it, as I don't have one to work with.

I am also curious if anyone ends up getting that working.

[A_n_g_e_l_a]

le sigh. nobody gets my sense of humor around here.

Have you considered you may not be very funny?

Getting back on topic, I have the older orsay based samsung. I never could find anything useful about getting into it.
It's probably possible with the tizen based tvs since it's linux based. However, unfortunately I can't help with setting up a proxy on it, as I don't have one to work with.
I am also curious if anyone ends up getting that working.

I've tried sniffing briefly with Wireshark. On a PC you can intercept the PC's traffic and although encrypted, it is possible to decrypt stuff travelling to and from the PC.
The problem comes when you try to sniff from the TV from a remote sniffer (your PC running Wireshark). Https was designed to stop exactly this - 'man-in-the-middle' attack - and it works. Additionally, Apps run on the TV specifying that 'certificate pinning is disallowed' . Even if you have the certificates the apps shut down and will not send data. If you could get Wirekshark to run on your TV with root privileges you may get somewhere.

[pompok]

Is it possible to root LG TV, I never saw topics about rooting TV?

[basedcel]

Is it possible to root LG TV, I never saw topics about rooting TV?

there have been quite some exploits before for android-based TVs, but never for custom OSes like Tizen or the likes of it. In general it is a bit harder to work with them too, because of them having their own unresearched ecosystem.
Not exactly the prime targets for exploitation I mean.

[pompok]

That's what I mean. The android based should be easy if you know the process and done it before, but some services put good stuff (high bitrate better quality) only on lg tv and samsung and apple TV.

Which only expert hackers can crack into it, not for normal humans aka us

[darkw4v3]

Have you considered you may not be very funny?

I reject your reality and substitute my own.

I've tried sniffing briefly with Wireshark. On a PC you can intercept the PC's traffic and although encrypted, it is possible to decrypt stuff travelling to and from the PC.
The problem comes when you try to sniff from the TV from a remote sniffer (your PC running Wireshark). Https was designed to stop exactly this - 'man-in-the-middle' attack - and it works. Additionally, Apps run on the TV specifying that 'certificate pinning is disallowed' . Even if you have the certificates the apps shut down and will not send data. If you could get Wirekshark to run on your TV with root privileges you may get somewhere.

It should work from an external secure proxy - if there's *not* cert pinning. Hackers do this all the time - the hard part is getting the target to trust their cert. So you still have to root the TV and trust the proxy's SSL cert. But if you have to do that, may as well do it all on the TV. But if there is cert pinning, I don't know how you would get around that regardless where the interception is being done.