Çevrimdışı
hosbulduk
TFC Team
- 9 Kas 2018
- 3,721
#*Invalid Command or Parameter
here we go again for the newer mb2xx boards
- Konbuyu başlatan TommyData
- Başlangıç tarihi
Çevrimdışı
Çevrimdışı
teraspy
TFC Team
- 26 Kas 2018
- 21,320
- 64
İndirdim yarın bakarım hepsine
Çevrimdışı
arm8086
Yeni Üye
- 14 Kas 2023
- 1
- 27
Hey! About the way to run these commands using Javascript, that would be quite interesting to know actually, since I have a MB211 and applying a devprofile doesn't seem to do anything or open port 1986.Ok, so I've finally found the documents I was looking for.
I'm sure that by now MOST of you here are familiar with the now well known hack on older vestel TV's that's used to get a telnet or ftp running.
It's the hack that allows T TommyData 's toolbox to get you a linux command line, as root on your TV set.
If you don't know what I'm on about, then I'm on about this:
If you need help with that part, there are others on here that can explain it much better than I, such as @terraspy
What you MIGHT NOT be aware of however, is that the port used for the telnet hack, is actually for an altogether different purpose originally.
Many of vestel's TV displays are produced for the "digital signage" market, such as those big TV style menu displays in your favourite takeaway food shop, or timetables in the railway station.
The port used to enable these is the port that was exploited to get telnet, and which is now known to have that flaw fixed on the MB2xx series and higher.
That does not mean we cannot still use it though, originally it was discovered as being left open on some TV's and this report
Ziyaretçiler için gizlenmiş link,görmek için Giriş yap veya üye ol.
Was the first one to highlight the flaws.
one of the first commands I discovered was "GETVOLUME"
and there are many others too, most of the common ones are described in this user guide:
Ziyaretçiler için gizlenmiş link,görmek için Giriş yap veya üye ol.
Of course, if the port number 1986 is NOT open on your TV what can you do?
Well all might NOT be lost.
Some of the commands not listed in the guide I link above are called "PROFILE COMMANDS", the profile in the binary files you can get by putting "DownloadProfileMBxxx" files on a USB key and performing "usb operations" from the service menu.
When we do this service menu command, we only get 3 profile files, "hardware_profile", "software_profile" and "langauge_profile", but there is also a fourth one that our TV sets understand, called a "dev_profile" too.
These are the profile commands known on the port 1986
If you have the port 1986 open, and have connected to it using a terminal program such as putty as I have, you can issue a "PRINTDEVPROFILE" command, which should look something like the following:
The setting you need to be looking at is this one:
When "Testtool Socket" is enabled, then port 1986 becomes open, and you can issue remote commands to control your TV from your PC, the question is though how can you tell if it's enabled or not, if the port is not open (It's a chicken and egg scenario), what you need is a copy of the "Vestel Profile Composer"
This tool made by vestel is used to create the profiles for TV set's in the first place.
I have given a copy to @terraspy via email, so he can put it somewhere such as this forum, I can upload documents and pictures but EXE files I appear to be not allowed...
When you have the "Profile Composer" tool, you need to make a profile that looks like the following:
Then when you are finished, click the "build" button to build your profile
If you have done this properly, then you should have a new profile file in your disk like so:
If you have a different name, it has to be named "mbxxx_devprofile.bin" replacing xxx with the board name you get from your 4725 service menu.
You then place that on a blank usb key on it's own, with only other profiles and NO "download...." files, then perform a USB operations from your service menu as you would for any other profile update.
Hard power cycle the TV by the wall plug, and then if all has success when you power your TV back on and look at the network ports on it, the port 1986 should show as open.
After this, you can open the port 1986 in raw mode using putty:
and start sending commands to your TV set.
if you have NOT had this port open before, and have an older board in the MB1xx range, then opening this port may also allow you to use the tommy data app to get telnet and ftp so you can steal all the files from your TV.
Finally, I do know of another way to run these commands, but it involves writing a web page file with javascript, so I'll add those instructions another day.
