Whenever a device from a big name company gets released it’s only a matter of time before a person hacks into it. The release of Google’s Chromecast last week which is a media streamer proved to be quite popular due to its low selling price. Just like any other popular device it has already been rooted, thanks to the team over at GTV Hacker.
Google says that their Chromecast device runs on a stripped down ChromeOS. A careful analysis by GTV Hacker however proves that it’s more Android than ChromeOS. “We had a lot of internal discussion on this, and have concluded that it’s more Android than ChromeOS. To be specific, it’s actually a modified Google TV release, but with all of the Bionic / Dalvik stripped out and replaced with a single binary for Chromecast. “
Right now the exploit that gives root access isn’t recommended for the normal user yet. For developers though this is important as it gives them a way to test out their software on Chromecast.
So how does the exploit work? The device must be placed in USB Boot Mode. This can be accomplished by holding down the single button while powering on the device. A powered mini USB OTG cable must then be used which should contain the signed image at location 0×1000 on the USB drive of the USB drive. If the image is found it is then passed to the internal crypto hardware for verification. After this, the return code is not verified anymore which means any code can be executed at will.
While the device is more Android than ChromeOS it still won’t let you install Android apps on it however this hasn’t been ruled out.
This exploit may be working right now but a single system update from Google may patch this.
Procedure On How To Root Chromecast
What you need
- Blank USB Flash drive with at least 128 MB capacity
- GTV Hacker USB Image
- Google Chromecast
- Powered Mini USB OTG Cable
- Download .zip and extract the “gtvhacker-chromecast.bin” file.
- Install the USB image as a whole to your USB flash drive with dd
Syntax: dd if=gtvhacker-chromecast.bin of=/dev/sdX bs=1024
- Plug the flash drive into one female “A” end of the USB OTG cable
- Plug the other end into the Chromecast
- Hold down the button on the Chromecast while plugging in the power cord.
- Watch the screen, and any blinking light on the flash drive. The Chromecast will power up, execute the unsigned kernel, kick off to a script that replaces /system with a rooted one. It will then wipe /data, and reboot back to the normal system. This will take about one minute. Don’t unplug anything while it is installing.
- When it is complete, your box will reboot, a new splash screen will appear, and then the Setup screen. Re-set up your Chromecast, you can now telnet to get a root shell on your Chromecast on port 23