sodnpoo.com - spoofing the samsung smart tv internet check

spoofing the samsung smart tv internet check 20 Apr 2014

So it looks like Samsung is offline this morning. This shouldn't bother me - I don't work for them and their network isn't my problem. However it turns out that my Samsung Smart TV thinks there's no internet if there's no www.samsung.com :( - using tcpdump I started looking at what the TV was trying to contact when I pressed the 'Retry' button in the the network settings; this is what the DNS requests/replies to/from the TV look like:

ethertype IPv4 (0x0800), length 75: 192.168.1.110.52284 > 192.168.1.252.53: 58569+ A? www.samsung.com. (33)
ethertype IPv4 (0x0800), length 79: 192.168.1.252.53 > 192.168.1.110.59998: 27816 ServFail 0/0/0 (37)

I was hoping it was just using a DNS ping, so I overrode the DNS and pointed it to 127.0.0.1 and tried again. That didn't work so I pointed it at one of my web servers, thinking that it might just be a tcp connect on port 80. That didn't work either - but now I had the HTTP headers, so now I had the file and path too:

	0x0000:  4500 0092 a9c2 4000 4006 0ce1 c0a8 016e  E.....@.@......n
	0x0010:  c0a8 0104 baf8 0050 12e0 4833 7964 7769  .......P..H3ydwi
	0x0020:  8018 01c9 b33f 0000 0101 080a 0000 e1f3  .....?..........
	0x0030:  a764 4edc 4745 5420 2f67 6c6f 6261 6c2f  .dN.GET./global/
	0x0040:  7072 6f64 7563 7473 2f74 762f 696e 666f  products/tv/info
	0x0050:  6c69 6e6b 2f75 732e 786d 6c20 4854 5450  link/us.xml.HTTP
	0x0060:  2f31 2e31 0d0a 486f 7374 3a20 7777 772e  /1.1..Host:.www.
	0x0070:  7361 6d73 756e 672e 636f 6d0d 0a43 6f6e  samsung.com..Con
	0x0080:  6e65 6374 696f 6e3a 2063 6c6f 7365 0d0a  nection:.close..
	0x0090:  0d0a                                     ..

I added a vhost for www.samsung.com, mkdir'd the "global/products/tv/infolink" path and touched "us.xml" and clicked retry again - still no dice :( . Concluding it needed a valid XML file I turned to Google, who had thankfully cached a copy - here it is again, in case you need it:

<?xml version="1.0" encoding="utf-8"?>
<urlinfo>
<icon>http://www.usatoday.com/repurposing/samsung/usat-logo-54x22.png</icon>
<weather>
<item>
<title>current</title>
<url>http://content.usatoday.com/repurposing/samsung/weather-data.ashx?type=c&amp;zip=</url>
</item>
<item>
<title>forecast</title>
<url>http://content.usatoday.com/repurposing/samsung/weather-data.ashx?type=f&amp;zip=</url>
</item>
</weather>
<news>
<item>
<title>News</title>
  <icon>http://www.usatoday.com/repurposing/samsung/news.png</icon>
<url>http://content.usatoday.com/repurposing/samsung/story-data.ashx?type=topnews</url>
</item>
<item>
<title>Money</title>
  <icon>http://www.usatoday.com/repurposing/samsung/money.png</icon>
<url>http://content.usatoday.com/repurposing/samsung/story-data.ashx?type=business</url>
</item>
<item>
<title>Politics</title>
  <icon>http://www.usatoday.com/repurposing/samsung/politics.png</icon>
<url>http://content.usatoday.com/repurposing/samsung/story-data.ashx?type=politics</url>
</item>
<item>
<title>Life</title>
  <icon>http://www.usatoday.com/repurposing/samsung/life.png</icon>
<url>http://content.usatoday.com/repurposing/samsung/story-data.ashx?type=entertainment</url>
</item>
<item>
<title>Sports</title>
  <icon>http://www.usatoday.com/repurposing/samsung/sports.png</icon>
<url>http://content.usatoday.com/repurposing/samsung/story-data.ashx?type=sports</url>
</item>
<item>
<title>World</title>
  <icon>http://www.usatoday.com/repurposing/samsung/world.png</icon>
<url>http://content.usatoday.com/repurposing/samsung/story-data.ashx?type=world</url>
</item>
</news>
<stock>
 <index>  
   <item>
     <title>Dow</title>
      <url>http://content.usatoday.com/repurposing/samsung/markets-data.ashx?type=index&amp;sym=I:DJI</url>
   </item>
   <item>
     <title>nasdaq</title>
      <url>http://content.usatoday.com/repurposing/samsung/markets-data.ashx?type=index&amp;sym=I:COMP</url>
   </item>
   <item>
     <title>s&amp;p</title>
      <url>http://content.usatoday.com/repurposing/samsung/markets-data.ashx?type=index&amp;sym=INX</url>
   </item>
 </index>	
 <market>   
  <item> 
   <title>NYSE</title>
   <url>http://content.usatoday.com/repurposing/samsung/markets-data.ashx?type=simple&amp;exch=NYSE&amp;range=a-z</url>
  </item>
  <item>
  <title>NASDAQ</title>
   <url>http://content.usatoday.com/repurposing/samsung/markets-data.ashx?type=simple&amp;exch=NASDAQ&amp;range=a-z</url>
  </item>
 </market>
 <code>
  <title>code</title>
  <url>http://content.usatoday.com/repurposing/samsung/markets-data.ashx?type=stock</url>
  </code>
 <marketindex>
  <item>
   <start>A</start>
   <end>B</end>
  </item>
  <item>
   <start>C</start>
   <end>E</end>
  </item>
  <item>
   <start>F</start>
   <end>H</end>
  </item>
  <item>
   <start>I</start>
   <end>K</end>
  </item>
  <item>
   <start>L</start>
   <end>N</end>
  </item>
  <item>
   <start>O</start>
   <end>Q</end>
  </item>
  <item>
   <start>R</start>
   <end>T</end>
  </item>
  <item>
   <start>U</start>
   <end>W</end>
  </item>
  <item>
   <start>X</start>
   <end>Z</end>
  </item>
 </marketindex>
 <cp>Interactive Data</cp>
 </stock>
 <stocknews>1</stocknews>
</urlinfo>

After poking that into us.xml the TV decided it could see the internet again. Most importantly Netflix works again ;)

reverse engineering|