Codex Hacked a Samsung TV

Posted by campuscodi 9 hours ago

Codex Hacked a Samsung TV(blog.calif.io)

175 points | 104 comments

alfanick 8 hours ago|

I had truly good “hacking” session with Codex. It’s not hacking, I wasn’t breaking anything, just jumping over the fences TP-Link put for me, owning the router, inside the network, knowing the admin password. But TP-Link really tried everything so you cannot access the router you own via API. They really tried to be smart with some very very broken and custom auth and encryption scheme. It took some half a day with Codex, but in the end I have a pretty Python API to access my router, tested, reliable, and exporting beautiful Prometheus metrics.

I’m sure there is some over eager product manager sitting in such companies, trying to splits markets into customer and enterprise sections, just by making APIs not useable by humans and adding 200% useless “security by obscurity”.

ropbear 7 hours ago||

Many eons ago I wrote a Python version of tmpcli for this exact reason. Made some minor improvements a few years ago but haven’t touched it since. Curious what methodology Codex came up with, I haven’t revisited it since models got really good.

The idea is that tmpServer listens on localhost, but dropbear allows port forwarding with admin creds (you’ll need to specify -N). That program has full device access and is the API the Tether app primarily uses to interact with the device.

https://github.com/ropbear/tmpcli

alfanick 7 hours ago||

Ha kudos! I went across this project - thanks for your work :) It didn't work on the specific model I own (Archer NX600).

My solution is really just using their pseudo-JWT over their obscured APIs (with reverse-engineered names of endpoints and params). Limitation is that there is still only one client allowed to be authenticated at one moment, so my daemon has priority and I need to stop it to actually access Admin panel.

mtud 6 hours ago|||

We’re splitting this across two threads, but if you give Codex access to jadx and the Archer android app you might be able to get something without that problem. The TPLink management protocol has a few different “transport” types - tmpcli uses SSH, but your device might only support one of the other transports.

ropbear 6 hours ago||||

Of course! Happy to contribute. As is the case with your device, there's a lot of weird TP-Link firmware variants (even an RTOS called TPOS based on VxWorks), so no guarantee it'll work all the time. Glad there's more research being done in the space!

baq 6 hours ago|||

Would be amazing if it worked with decos, these are locked down so much you don’t even get an admin interface inside your own network.

qingcharles 1 hour ago|||

I have one of these Smiirl flip counters. It runs a version of OpenWrt without the web UI, but has a uhttpd to serve an api. I'm hoping Mythos can help me find an exploit to get into it and enable ssh since they have now disabled the simple api switch that would let you turn it on.

https://www.smiirl.com/en/counter/facebook/5d/

0x_rs 7 hours ago|||

I've had good success doing something similar. Recording requests into an .har file using the web UI and providing it for analysis was a good starting point for me, orders of magnitude faster than it would be without an assistant.

_doctor_love 2 hours ago|||

If you're into it, you could always re-flash your TP-Link hardware with some open-source firmware that is more automation friendly. I used to be intimidated by it, but a friend showed me how to do it and it's remarkably simple and pain-free (provided it's a commonly supported router of course).

alfanick 2 hours ago||

ofc I could, but no project supports this specific hardware (Archer NX600) - I'm very happy with my solution :)

m463 2 hours ago||

I wonder what the effort would be to port openwrt to it? It might be easy if there are adjacent routers on the same chipset.

c420 1 hour ago||

Generally, if the device is compatible and not new to the market, openwrt has been ported or is in the process (though it may not be the latest version of openwrt). You can search for your device in the compatibility drop downs and get the current status. If it's not listed, searching the device on the openwrt forums may tell you why (which is almost always the chipset).

tclancy 8 hours ago|||

Would definitely be interested in this. Moved to TP Link at the start of the year and I am generally very happy with it, but would like to be able to interact with my router in something other than their phone app.

alfanick 7 hours ago|||

That was actually my first thought, to go through TP-Link cloud (ZERO DOCS), but it was too much effort :)

DANmode 1 hour ago|||

> Moved to TP Link at the start of the year

Can’t understand buying them or Netgear today.

srcreigh 8 hours ago|||

Any tips to share? I tried to do something similar but failed.

My router has a backup/restore feature with an encrypted export, I figured I could use that to control or at least inspect all of its state, but I/codex could not figure out the encryption.

alfanick 8 hours ago|||

It's on my long list of projects "to-opensource" (but I need to figure out licensing, for those things CC-BY-SA I think is the way to go), I don't want a random lawyer sitting on my ass though.

I started with a simple assumption: if I can access the router via web-browser, then I can also automate that. From that the proof-of-concept was headless Chrome in Docker and AI-directed code (code written via LLM, not using it all the time) that uses Selenium to navigate the code. This worked, but it internally hurt me to run 300MiB browser just to access like 200B of metrics every 10s or so. So from there we (me + codex) worked together towards reverse engineering their minimised JS and their funky encryption scheme, and it eventually worked (in the end it's just OpenSSL with some useless paddings here or there). Give it a shot, it's a fun day adventure. :)

Edit: that's the end result (kinda, I have whole infra around it, and another story with WiFi extender with another semi-broken different encryption scheme from the same provider) - https://imgur.com/a/VGbNmBp

JTbane 1 hour ago|||

Why not just use the GPL? It basically covers the same stuff Creative Commons Share-alike does.

alfanick 38 minutes ago||

I don't feel like I own the code itself (hey, GPT wrote 99.5% of it), I own the product and the thought process and everything that lead to it - do whatever you want, just don't forget my name somewhere in the process. Feels more like art project than coding project hence CC license.

TurkTurkleton 6 hours ago||||

For what it's worth, the Creative Commons organization recommends against using CC licenses on software: https://creativecommons.org/faq/#can-i-apply-a-creative-comm...

mtud 7 hours ago|||

You should give codex access to the mobile app :) The app, for a lot of routers, connects via an ssh tunnel to UDP/TCP sockets on the router. Would probably give you access to more data/control.

ropbear 6 hours ago||

Made a comment up above, but that's tdpServer and tmpServer (sometimes tdpd and tmpd) and it's what I use in my python implementation of tmpcli, the (somewhat broken) client binary on some TP-Link devices.

You're correct, it gives you access to everything the Tether app can do.

https://github.com/ropbear/tmpcli

mtud 6 hours ago||

I had been trying to find that again! It was instrumental in some RE/VR I did last year on tmp and the differences between the UDP socket (available without auth) and the TCP socket. Thanks for making that.

I can't remember the details of the scheme, but it also allows you to authenticate using your TPLink cloud credential. If my memory is correct, the username is md5(tplink_account_email) and the password is the cloud account password. If you care, I can find my notes on that to confirm.

seer 6 hours ago|||

I had fun “hacking” my router that turned out to be just unzipping the file with slight binary modifications, it was so simple in fact I just implemented it in a few lines of js, even works in the browser :-D

https://ivank.github.io/ddecryptor/

jack_pp 8 hours ago||

that could make a for a nice blog / gist

layer8 5 hours ago||

It’s important to note that Codex was given access to the source code. In another comment thread that is currently on the front page (https://news.ycombinator.com/item?id=47780456), the opinion is repeatedly voiced that being closed source doesn’t provide a material benefit in defending against vulnerabilities being discovered and exploited using AI. So it would be interesting to see how Codex would fare here without access to the source code.

qingcharles 1 hour ago|

There are two levels below having the source. One is having the binary of the firmware, which could be decompiled by the AI and understood. And then the worst-case is what I'm dealing with currently, which is where there is no access to the firmware binary and the firmware is stored on the PCB in such a way to prevent sticking a chip clip on it and forcibly extracting it, so you're totally blind. (Just as you would be with a completely remote attempt)

ssl-3 1 hour ago||

The timing here is amusing to me.

I have a fairly specialized bit of hardware here on my desk. It's a rackmount, pro audio DSP that runs embedded Linux. I want to poke at it (specifically, I want to know why it takes like 5 or 6 minutes to boot up since that is a problem for me).

The firmware is published and available, and it's just a tarball, but the juicy bits inside are encrypted. It has network connectivity for various things, including its own text-based control protocol over SSH. No shell access is exposed (or at least, not documented as being exposed).

So I pointed codex at that whole mess.

It seems to have deduced that the encryption was done with openssl, and is symmetric. It also seems to have deduced that it is running a version of sshd that is vulnerable to CVE-2024-6387, which allows remote code execution.

It has drawn up a plan to prove whether the vulnerability works. That's the next step.

If the vulnerability works, then it should be a hop, skip, and a jump to get in there, enable a path to a shell (it's almost certainly got busybox on there already), and find the key so that the firmware can be decrypted and analyzed offline.

---

If I weren't such a pussy, I'd have started that next step. But I really like this box, and right now it's a black box that I can't recover (I don't have a cleartext firmware image) if things go very wrong. It's not a particularly expensive machine on the used market, but things are tight right now.

And I'm not all that keen on learning how to extract flash memory in-situ in this instance, either.

So it waits. :)

qingcharles 24 minutes ago||

That's awesome. I had two of these devices I'm trying to break into. One has the ROM chip exposed, but I think it is cooked. The device doesn't boot because I think the previous owner used the wrong PSU, but I was hoping I could at least extract the code. The newer updated version of the device has an SoC with embedded ROM and almost all the access points on the PCB removed. I'm loathe, like you, to tamper too badly with a working thing that I myself might release the magic smoke from.

It's also scary where this is going. LLMs are getting fantastic at breaking into things. I sometimes have to dance around the topic with them because they start to get suspicious I'm trying to hack something that doesn't belong to me, which is not the case.

I had some ebooks I bought last year which I managed to pull down the encrypted PDFs for from the web site where you could read them. Claude looked at the PDF and all the data I could find (user ID etc) and it came up with "147 different ideas for a decryption algorithm" which it went through in turn until it found a combination of using parts of the userID value and parts of other data concatenated together which produced the key. Something I would never have figured out. Then recently the company changed the algo for their newer books so Claude took another look and determined they were modifying the binary data of the PDFs to make them non-standard, so it patched them back first.

petercooper 8 hours ago||

Not as cool as this, but I had a fun Claude Code experience when I asked it to look at my Bluetooth devices and do something "fun". It discovered a cheap set of RGB lights in my daughter's room (which I had no idea used Bluetooth for the remote - and not secured at all) and made them do a rainbow effect then documented the protocol so I could make my own remote control if needed.

qingcharles 1 hour ago||

Opus 4.7 finally figured out how to get my Logitech mouse paired with the receiver properly, which 4.6 and Gemini 3.1 could not do lol.

hypercube33 5 hours ago|||

I asked Claude Opus 4.5 to start trying to find undocumented API stuff for our endpoint management software so I could automate remediations and cut service desk calls and it found two I haven't seen before after trying for an hour. Since it's written in .net I'm fairly sure I could have told it to decompile it and find more fairly easily too.

ceejayoz 6 hours ago||

I am not sure "fun" is the right term here!

luxuryballs 6 hours ago||

of all the benign technical possibilities this is actually pretty fun

ceejayoz 6 hours ago||

I'm not sure I see "an AI can find insecure unknown bluetooth devices and compromise them" as entirely benign. I shiver to think how many such devices are probably in my house.

luxuryballs 2 hours ago||

with LLMs able to pump out surplus code for anyone I really think the future of a dystopian sci-fi where you carry a device that can hack random objects around you is starting to materialize

tracker1 1 hour ago||

If I could turn a Samsung Smart TV into a dumb TV, or even just a basic monitor with input selection and basic volume control, I'd definitely take it.

asdff 45 minutes ago||

Yup. Sony bravia smart TV has died recently. Can't run the OS without crashing on the home page. So much input lag feels like running ancient hardware in early 2000s. Crashes navigating picture settings and helpfully resets them back to default for you, so you can't really functionally change picture settings.

How I wish I could just strip this thing down into a monitor with a set of speakers... Screen itself is perfect condition of course but the OS turned it into ewaste.

SyneRyder 1 hour ago||

Pretty much the same with my newly acquired LG Smart TV. I thought I might like webOS, since it's technically a descendent of palmOS, but oh no. No no no.

I've opted just to not plug it in to the network and not provide a WiFi password.

asdff 41 minutes ago||

I picked up this used 4k sony bravia recently and the thing is such junk. AndroidOS, seemed promising, but it has hardcoded ads on the homepage from whatever movies were coming out in 2015 when they were selling this screen, so much input lag, crashes constantly, can't even change picture settings as it will crash and reset to default. Sometimes it will just boot loop and not turn on until hard reset. Useless device today. Probably cost a thousand dollars when it was new I'm guessing, now it is ewaste.

Meanwhile my ancient 1080p panel still works, and I noticed I can't actually see the pixels from my couch so, ehh, I guess...

reactordev 9 hours ago||

The trick here was providing the firmware source code so it could see your vulnerabilities.

petee 8 hours ago||

What would be the difficulty level for it to just read the machine code; are these models heavily relying on human language for clues?

wongarsu 8 hours ago|||

Reasoning on pure machine code or disassembly is still hit and miss. For better results you can run the binary through a disassembler, then ask an llm to turn that into an equivalent c program, then ask it to work on that. But some of the subtleties might get lost in translation

orwin 8 hours ago||

If you put codex in Xhigh and allow it access to tools, it will take an hour but it will eventually give you back quality recompiled code, with the same issues the original had (here quality means readable)

bryancoxwell 8 hours ago||

I had a bit of a pain of a time trying to get Claude to work with ghidra. What you’re describing seems like a better alternative, would you agree?

skywal_l 7 hours ago|||

You can tweak the current Ghidra MCP to work in headless mode. It makes things much easier.

ctoth 2 hours ago|||

I've had a lot of luck with pyghidra-mcp -- give it a try :)

cute_boi 1 hour ago||

Well i have tried and it only works for simple use-case.

dnautics 5 hours ago||||

I have had Claude read usbpcap to reverse engineer an industrial digital camera link. It was like pulling teeth but I got it done (I would not have been able to do it alone)

estimator7292 4 hours ago||||

I had Claude reverse some firmware. I gave it headless ghidra and it spat out documentation for the internal serial protocol I was interested in. With the right tools, it seems to do pretty well with this kind of task.

lynx97 8 hours ago|||

It will have to use a disassembler, or write one. I recently casually asked gpt-5.4 to translate the content of a MIDI file to a custom sound programming language. It just wrote a one-shot MIDI parser in Python, grabbed the data, and basically did a perfect translation at first try. Nice.

StilesCrisis 8 hours ago||

I've seen Claude do similar things for image files. Don't have PNG parsing utilities installed? No worries, it'll just synthesize a Python script to decode the image directly.

russdill 3 hours ago|||

It's not a far step from having the firmware binaries and doing analysis with ghidra, etc.

pjc50 9 hours ago||

That's a pretty big gimme!

1970-01-01 7 hours ago||

It hacked a weak TV OS with full source. Next-level, aka full access to the main controls (vol, input, tint, aspect, firmware, etc.) is still much too hard for LLMs to understand.

joenot443 2 hours ago||

> [1] Browser foothold: we already had code execution inside the browser application's own security context on the TV,

Does anyone know what the author meant by this? Are they talking about a web browser run on the TV?

red_admiral 6 hours ago||

Maybe we could get codex to strip the ads and the phone-home features out of smart TVs?

jditu 3 hours ago|

[dead]

endymion-light 9 hours ago|

While cool and slightly scary news - Samsung TV's have been incredibly hackable for the past decade, wouldn't be surprised if GPT2 with access to a browser could hack a Samsung!

valleyer 9 hours ago||

This is some serious revisionist history. GPT-2 wasn't instruction-following or even conversational.

endymion-light 6 hours ago|||

it's a joke about the quality of samsung tv's rather than a serious comment - i should have said a perceptron could hack a samsung tv

michaelcampbell 6 hours ago||||

And yet Dario in his OpenAI days was proclaiming it too scary to be released.

Now why does that sound familiar...?

patrickmcnamara 9 hours ago|||

Hyperbole.

jdiff 8 hours ago|||

It's really not. It was a fun toy but had very little utility. It could generate plausible looking text that collapsed immediately upon any amount of inspection or even just attention. Code generation wasn't even a twinkle in Altman's eye scanning orbs at that point.

kube-system 11 minutes ago|||

I think you misunderstand the comment you replied to. They are saying the above comment was a rhetorical exaggeration of GPT-2's capabilities as a commentary on how low quality Samsung TV software is. They don't actually think GPT-2 was very capable. It is a figure of speech, not a literal statement.

smoghat 7 hours ago||||

But like Mythos, it was too dangerous to release.

https://slate.com/technology/2019/02/openai-gpt2-text-genera...

wongarsu 7 hours ago||

And the "too dangerous to release" capability was writing somewhat plausible news articles based on a headline or handwritten beginning of an article. In the same style as what you had written

Today we call that "advanced autocomplete", but at the time OpenAI managed to generate a lot of hype about how this would lead to an unstoppable flood of disinformation if they allowed the wrong people access to this dangerous tool. Even the original gpt3 was still behind waitlists with manual approval

someguyiguess 4 hours ago||

And as it turns out, they were correct.

tomalbrc 8 hours ago|||

Talking about revisionist…

valleyer 7 hours ago|||

If so, I apologize.

huflungdung 8 hours ago||

[dead]

More comments...