If you want to know how it began and what this is all about, do read part 1 of the post.
If you just want the instructions on how to root WebOS and add Samba support, read part 4.
———
I knew that my smart TV had Linux under the hood. At first, I needed to figure out how to get some kind of shell access to the TV. It turns out, LG does have an app called Developer Mode which offers shell access via SSH. I did try the app out and it did work but the shell access it offered was very limited.
All I had was access to an OpenSSH instance running as unprivileged user in a chroot-like jail.
To add Samba support, I needed root access to the TV’s OS. Since LG’s app did not offer any way of getting root, the only way was to try some kind of exploit, just like you do when rooting Android without custom recovery.
My first thought was to exploit CVE-2016-5195 (aka. the Dirty Cow bug) since it had source code available. So I’ve build the exploit and it out. And… it didn’t work. It turned out that my TVs firmware (version 05.30.01, released on October 31st, 2017) had a patched kernel which wasn’t vulnerable. Since I could not find any other public root exploits, I wasn’t able to root the TV with the firmware it had. The only thing I could think of is downgrading the TVs firmware to an earlier version (with a vulnerable kernel). Which isn’t straightforward, since WebOS normally only supports installing newer firmware versions, not older ones.
Fortunately, with the help of my skills and a tutorial available here: http://webos-forums.ru/post23624.html (in Russian, Google Translate link) I was able to downgrade the firmware to version 04.31.00.
I’ve also found a pre-packed exploit (based on the same Dirty Cow bug which I’ve tried to exploit before) for rooting WebOS with instructions here: http://webos-forums.ru/topic4650.html (again in Russian, Google Translate link). With it, I was able gain root access to WebOS.
That’s when the fun began. Read on to part 3.