There is a vulnerability/backdoor in webOS 5+ that allows you to easily run arbitrary commands as root during the boot process. The easiest way to exploit it simply involves putting a file on a USB drive and having it connected to your TV while it boots. There are two other methods that are more complex and require additional exploits.
Vincent 0xBADEAFFE
throwaway96
/ setup-cert-overlay.sh
Last active
May 5, 2025 13:23
Script to add a certificate to various stores on webOS (probably 3.5+ only)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # by throwaway96 | |
| # licensed under AGPLv3+ | |
| # https://gist.github.com/throwaway96/bb31a17562eec4d8325020dee8c7e6b5 | |
| cert=/home/root/something.crt | |
| name=lol_hax | |
| file="${name}.pem" | |
| tmp="/tmp/tempcert.pem.${$}" |
This is a collection of a few of my smaller webOS scripts.
License: AGPL v3 or later
Developer mode apps (those installed in /media/developer) are inspectable by default. Other apps (e.g., from the LG Content Store) are not inspectable by default, but you can add "inspectable": true to their appinfo.json to enable it. Debugging system apps (i.e., those in /usr/palm/applications) may require a special flag.
The developer mode app debugger listens on port 9998.
System service and system app debugging uses ports 5885 and 9999, respectively. However, debugging for these is not normally enabled.
throwaway96
/ puttygen-webos.md
Last active
February 19, 2026 02:53
Creating an SSH key with PuTTYgen for use on webOS TVs
This is a guide aimed at Windows users who want to set up public key SSH authentication for their webOS TVs. It is assumed that your TV is rooted.
This guide does not cover the Developer Mode SSH server on port 9922, although much of it still applies to that.
The SSH key that will be created can be used in applications such as PuTTY, WinSCP, and Filezilla. You'll be able to connect to your TV without having to type a password. You can even set the username in advance for one-click connections.
On other platforms (e.g., Linux), you're probably going to want to use ssh-keygen.
I'm not going to be maintaining this document anymore. I'm leaving it as-is since much of the FAQ section is still accurate and has yet to be incorporated into other resources.
Use CanI.RootMy.TV to find an exploit for your TV.
throwaway96
/ notes.md
Last active
December 29, 2025 13:01
Enabling debug and getting root on LG webOS by modifying NVM
What you do with this information is your own responsibility. If you brick your TV trying this, it's not my fault. You should probably have some electronics experience if you want to attempt this.
This is going to involve opening your TV and attaching wires to the pins of an integrated circuit. If you're not comfortable with that, this is not for you.
This document is a work in progress.
LG TVs since at least the era of NetCast and "Global Platform" (webOS predecessors) have had the notion of a debug level, generally called "debugstatus". There are three modes: DEBUG, EVENT, and RELEASE. TVs normally operate in RELEASE mode. DEBUG mode enables a variety of logging and other debugging features in webOS, including access to the bootloader console and debug menus via serial. EVENT is similar to DEBUG, although it may not enable as much logging and has other relatively minor differences.
bipinkrish
/ filecrypt.py
Last active
February 8, 2026 14:40
Filecrypt Bypass - get direct links of filecrypt links
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from bs4 import BeautifulSoup | |
| import cloudscraper | |
| import requests | |
| import json | |
| url = input("enter filecrypt link like https://filecrypt.co/Container/73F6D9D43B.html or html filepath like 75C3806BBE.html: ") | |
| def getlinks(dlc): | |
| headers = { | |
| 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0', |
juancsr
/ mac-docker-withot-docker-destop.md
Last active
November 11, 2025 18:32
Use docker in mac without docker-
NOTE: I want disclaimer that this work is not complete mine. Most of the work here is comming from: https://dhwaneetbhatt.com/blog/run-docker-without-docker-desktop-on-macos
$ brew doctor
$ brew update
mbiemann
/ colima-docker-apple-silicon.md
Last active
January 23, 2026 07:22
Using colima and Docker Engine on Apple Silicon (M1 Chip)
NewerOlder