The term "WebTV Viewer" can either refer to the original WebTV Viewer software (later renamed to MSN TV Viewer), or colloquially refer to any official simulator program for the WebTV/MSN TV line of products, including derivatives such as Microsoft TV.
The original WebTV/MSN TV Viewer software is an official simulator of the WebTV/MSN TV consumer device developed by WebTV Networks. The original intent of the program was to allow web developers to test their sites in a WebTV/MSN TV browser environment without requiring the user to buy a WebTV/MSN TV box and subscribe to the service. In its original, untouched form, the user can preview web sites and local HTML files, view notes about how a page renders in the browser, view the source code of a loaded page, print and save pages, and access a limited version of the TV Home section on the WebTV/MSN TV system. It had no intended ability to connect to the live WebTV/MSN TV service and it was essentially a stripped down WebTV Plus designed for debugging websites.
Microsoft TV Simulator
The Microsoft TV Simulator is another simulator developed by Microsoft, this time targeting the Microsoft TV platform. The purpose of this revision of the Viewer is assumed to be similar to the original WebTV Viewer software, but not much information is available to really draw a conclusion yet.
If it weren't for the hacking scene, then the WebTV/MSN TV Viewer's potential as a somewhat-proper WebTV/MSN TV emulator and hacking tool wouldn't have been realized in any fashion. Contrary to what WebTV Networks wanted people to believe, the Viewer did indeed have code to allow it to connect to the live WebTV/MSN TV service. It was just disabled by default and had to be enabled in some way. "Saladman" is credited for being able to first discover a method to connect the Viewer to the service, and eMac, "VirusOmega", and "NapHead" are credited for fleshing out the method once the previous ones were patched out, "NapHead" specifically devising a method for the Viewer to work with the MSN TV revision of the service. Details on how each method was achieved is for the time being, not public and remain in the clutches of those in the inner hacking circle who had been exposed to the information.
With the ability to hack the Viewer like this, hackers were able to discover new hacks and exploits for the WebTV/MSN TV service more easily, along with being able to learn how the service worked on a protocol level and developing proof-of-concept servers to better experiment with it. One of these servers have since been re-released two years ago for general usage and added support for actual WebTV/MSN TV hardware and the Dreamcast release of WebTV.
In regards to the availability of these hacked Viewers, up until recently these were also kept private, possibly due to the fear of increasing attacks on the WebTV/MSN TV network, which is ironic seeing as at least one of the "trusted" hackers with access to these tools did indeed use it to target the accounts of those they wanted to mess with, maliciously or otherwise. It wasn't until around 2019 that one of these versions of the WebTV Viewer were finally released to the public alongside several versions of the stock Viewers as a "Hackers Edition", the hacked version in question originally being version 2.5 of the stock Viewer. It is known that version 1.0 of the Viewer is possible to hack to allow connectivity to the WebTV/MSN TV service, but without clear instructions on how this was possible we may never be able to reproduce this or even extend upon it.
The Microsoft TV Simulator, funnily enough, doesn't need all these hoops to be able to have connectivity to the WebTV/MSN TV service, and only requires a few in-program steps to achieve this. Information on how this is possible will be added when time permits.
Usage of ROMs
The original iteration of the WebTV/MSN TV Viewer, despite labelling itself as a simulator, does seem to utilize emulator-like technology as it requires two ROM files to operate - "Flash.vwr" and "ROM.vwr". It's not exactly clear what the purpose of "ROM.vwr" is right now, but "Flash.vwr" appears to be a container file for the firmware flash ROM. These files out of the box are encrypted with the TEA (Tiny Encryption Algorithm) algorithm, using the key
0xFE0F8A5040388A7C1422847CBF52A450 to encrypt the ROM data. When decrypted, both files appear to contain data for numerous images, scripts, and HTML pages used by the Viewer. How it reads this data isn't known at the moment.