Decrypting AES...
Decrypting with XOR Key : T-ECPDEUC
Crypto package found, using fast XOR engine.
Calculated CRC : 0x109B6984
CRC Validation passedAfter running this tool, we now have the decrypted versions of the image files (exe.img
and rootfs.img):
$ ls -l T-ECPDEUC/image/
total 591372
-rw-r--r-- 1 apple apple 192794624 Dec 3 15:40 exe.img
-rw-r--r-- 1 apple apple 192794624 Dec 3 15:39 exe.img.enc
-rw-r--r-- 1 apple apple 192794916 Apr 29 2013 exe.img.sec
-rw-r--r-- 1 apple apple 132 Apr 29 2013 exe.img.sec.cmac
-rw-r--r-- 1 apple apple 256 Apr 29 2013 exe.img.sec.cs
-rw-r--r-- 1 apple apple 256 Apr 29 2013 exe.img.sec.vs
-rw-r--r-- 1 apple apple 3272000 Dec 3 15:39 Image
-rw-r--r-- 1 apple apple 3272000 Dec 3 15:39 Image.enc
-rw-r--r-- 1 apple apple 3272292 Apr 29 2013 Image.sec
-rw-r--r-- 1 apple apple 132 Apr 29 2013 Image.sec.cmac
-rw-r--r-- 1 apple apple 256 Apr 29 2013 Image.sec.cs
-rw-r--r-- 1 apple apple 256 Apr 29 2013 Image.sec.vs
-rw-r--r-- 1 apple apple 17 Apr 29 2013 info.txt
-rw-r--r-- 1 apple apple 7 Apr 29 2013 major_version
-rw-r--r-- 1 apple apple 6 Apr 29 2013 minor_version
-rw-r--r-- 1 apple apple 5763204 Dec 3 15:39 rootfs.img
-rw-r--r-- 1 apple apple 5763204 Dec 3 15:39 rootfs.img.enc
-rw-r--r-- 1 apple apple 5763492 Apr 29 2013 rootfs.img.sec
-rw-r--r-- 1 apple apple 132 Apr 29 2013 rootfs.img.sec.cmac
-rw-r--r-- 1 apple apple 256 Apr 29 2013 rootfs.img.sec.cs
-rw-r--r-- 1 apple apple 256 Apr 29 2013 rootfs.img.sec.vs
-rw-r--r-- 1 apple apple 65 Apr 29 2013 validinfo.txt
-rw-r--r-- 1 apple apple 48 Apr 29 2013 version_info.txtCursory Exploration of the Operating System
Now let’s examine the underlying platform supporting the popular Samsung Smart TVs.
We’ve already obtained and decrypted the firmware. Let’s access it and take a look at its con-
tents. This will allow us to understand how Smart TVs are architected. This understanding in
turn will help us comprehend existing attack vectors more deeply. In addition, this informa-
tion will help you should you decide to do further research of your own.
138 CHAPTER 5: THE IDIOT BOX—ATTACKING “SMART” TELEVISIONS