Playing MP4 Files on Samsung Smart TV

My First Attempt at Creating a Homemade Media Web App that Works on a Samsung Smart TV

I’ve been thinking about building a media web app for a while now and today was the first day I tested it on a Samsung Smart TV to see if it would work.

There are lots of ways you can do this but I’m trying to take the path of least resistance. For background, the MP4 file format now plays without plugins in most modern web browsers.

For my early “Alpha” tests, I just made a local web server with folders that could be browsed and put some media in there. This works for Chrome, Firefox etc. You can click and watch the video no problem.

Does the Samsung Smart TV Play MP4 Files?

The answer is a bit frustrating as it is Yes and No. WTF!

First, let’s deal with the No. The Samsung native web browser will not play a MP4 file if you link directly to it in my testing.

Next is the Yes. This happens when you add a USB Mass Storage Device to the TV. My Samsung Smart TV had 3 USB ports. I used one for a wireless Mouse / Keyboard combo device and one for a simple 10GB USB stick I had laying around for testing.

Once I added the USB Mass Storage Device to the Samsung TV USB port the Smart TV web browser would let me download the MP4 files to the USB stick then I would watch them by choosing the Mass Storage Device as the media data source.

I’m come back to add some screenshots soon.

If you found this, I hope it helped you solve your issue. 😉

~Cyber Abyss

Improve Your Developer Skills by Reading Bug Bounty Reports

I’m a professional software developer who likes to dabble in hacking.

I recently started spending time seeking out information security enthusiasts and hacking professionals who publish reports on their bug bounty work.

If you’re not familiar with bug bounties, the simplest explanation is someone putting up a prize or bounty for bugs found on a specific application / website.

Most of the time, bug bounties are official events where you register and are given guidelines in order to collect the bounty and that typically includes a good write up or report on how your discovered and exploited the bug and what type of bug it would be classifieds in to, like a “reflected XSS” cross-site scripting bug.

I’m going to use this bug discovery report from Vedant Tekale also known as “@Vegeta” on Twitter as an excellent bug bounty type of report where you can see the steps a hacker / attacker or bug bounty hunter would take to see if your website has a vulnerability that can be exploited.

As a software developer interested in creating secure applications for our users, we should always be aware of what tactics and techniques a bad actor might use against the products and features we are building.

Vedant’s write up is basically a step by step of what hackers would be looking for. First, look for bugs like XSS, open redirect, server-side request forgery (SSRF), Insecure direct object references (IDOR) but they found nothing.

With persistence, Vedant kept at it and found a bug in the password reset functionality where the password was reset feature was resetting the password to a brand new password on every forgot password attempt.

Also, rate limiting seemed to be missing as 88 password reset attempts went unchallenged so we guessing there was no rate limiting at all.

As a developer with a focus on security, I highly recommend adding reading bug bounty reports to your professional reading list. It will be a big eye opener for you if you’ve never tried hacking a web application before.

I’m on day 5 of chemo treatment for skin cancer and I think this is all I have in the tank tonight but I’m glad I got this blog post out before I have to put another round of chemo on my face for the night. It’s not pleasant. :-\

Hope this helps somebody. 😉
~CyberAbyss