Vault 7: Projects

This publication series is about specific projects related to the Vault 7 main publication.
1 Introduction
The EXTENDING tool is an implant designed for Samsung F Series Smart Televisions.
The implant is designed to record audio from the built-in microphone and egress or store
the data.
The implant is configured on a Linux PC, and then deployed onto the TV using a USB
stick. Audio files can then be extracted using a USB stick or setting up a Wi-Fi hotspot
with-in range of the TV. It is also possible to listen to audio exfiltration live, using the Live
Listen Tool, designed for use on a Windows OS.
The implant can be uninstalled by inserting a USB stick into the TV or configuring a Death
Date.
Known Issues can be found at the end of this Guide.
The EXTENDING system consists of the following components. These components can
be found or generated from the “EXTENDING Settings and Installer” CD
• An Installation Application, which installs the implant to the target TV
• An Implant Executable, which runs on the target TV and records audio. This is
installed by the Installation Application
• An Encrypted Settings File, which configures the implant
• A Linux application called encryptSettings which will encrypt an unencrypted
Settings file, and check that the XML contents are valid.
• A Linux application called rsakeygen to generate rsa keys.
The EXTENDING application is shipped as two folders.
The first folder “Support” contains the default unencrypted settings file, a tool to generate
rsa keys, and a tool to encrypt Settings files
The second folder “TV” contains the Application Installer. The application installer folder is
called “Update”. This should be loaded onto a USB stick that can then be used to deploy
the implant onto a target TV. The only modification that should be made to the installer is to
add the encrypted settings file for each deployment.
To support the EXTENDING deployment the following tools can be used. These tools can
be found on the “EXTENDING Tools” CD
• A Windows audio decrypt application, ECDLive.exe that can be used to decrypt
audio files and Live Listen to an audio stream.
• A wifiConnect folder that should be placed in the root directory of a Web server
intending to receive files from the EXTENDING implant.
• A windows web server called XAMPP, offline installer included.
• An Android web server called PAW Server, apk and pre-configured EXTENDING
folder “PAW2” included.
2