so my goddamn chromecast pdated while i was flashing the new xploit...
well... its too late to save cammys chromecast, but i made a new image without update_engine. I'm working on the recovery, but its not an android boot image. I'll do my best on it, but not sure what it is exactly.
no idea if update_engine is vital to anything except updating. and im not entirely sure its vital to updating.
give me a hour or so and i'll post a couple of different images that kill updating in a few different ways.
I/logwrapper( 1473): /chrome/update_engine terminated by signal 15
I/update_engine( 1491): [0801/190057:INFO:main.cc(77)] Eureka Update Engine starting
I/update_engine( 1491): [0801/190057:INFO:update_check_scheduler.cc(64)] Next update check in 2700 seconds
I/update_engine( 1491): [0801/190057:INFO:string_based_ipc_server.cc(59)] Start IPC server: updater
I/update_engine( 1491): [0801/190057:INFO:unix_stream_server_socket.cc(59)] Unix server socket is created: updater
looking at the recovery, it appears to create a wifi network with the name eureka_recovery, and starts dnsmasq. there is also adb, but apparently it doesnt have a usb interface for it.
there is a flash_bootloader binary. I'm assuming it flashes the bootloader. so i guess if i remove it, it can't flash the bootloader.
edit: so this recovery seem to have a menu, just like any android recovery. if only we had input and stuff..
edit 2: my chromebooks battery is low, and its update_engine_client is informing me there is an update. I'm going to let it charge and relax for a bit. maybe I'll have more ideas when i get back on.
brw------- root root 31, 0 2009-02-13 17:31 mtdblock0
brw------- root root 31, 1 2009-02-13 17:31 mtdblock1
brw------- root root 31, 10 2009-02-13 17:31 mtdblock10
brw------- root root 31, 11 2009-02-13 17:31 mtdblock11
brw------- root root 31, 2 2009-02-13 17:31 mtdblock2
brw------- root root 31, 3 2009-02-13 17:31 mtdblock3
brw------- root root 31, 4 2009-02-13 17:31 mtdblock4
brw------- root root 31, 5 2009-02-13 17:31 mtdblock5
brw------- root root 31, 6 2009-02-13 17:31 mtdblock6
brw------- root root 31, 7 2009-02-13 17:31 mtdblock7
brw------- root root 31, 8 2009-02-13 17:31 mtdblock8
In the interim, is this still an effective way to keep it from updating? I unplugged mine this morning before I went to work and I'm heading home. Just trying to figure out a way to still be able to use it without it updating.Sucks Man :/
Every reflash, first thing I do is kill the update_engine service, delete /cache/temp-ota.zip, then edit /data/updater/prefs/preveous-version to say 12840. I think this is tricking it, because every time I do this, it does not create a new temp-ota.zip, which means it is no longer trying to update. We will see though.
In the interim, is this still an effective way to keep it from updating? I unplugged mine this morning before I went to work and I'm heading home. Just trying to figure out a way to still be able to use it without it updating.
In the interim, is this still an effective way to keep it from updating? I unplugged mine this morning before I went to work and I'm heading home. Just trying to figure out a way to still be able to use it without it updating.
Just checked again, it still trys to download an OTA.zip file so best thing is to either not use it, or keep an eye on it :/
i'll go ahead and upload the image thats lacking update_engine
later i'll upload a build with a modified recovery image. fiancee is missing me. I've spent too much time on this for now.
---------- Post added at 08:45 PM ---------- Previous post was at 08:11 PM ----------
https://dl.dropboxusercontent.com/u/19978192/gtvhacker-chromecast.bin.gz
this has update_engine replaced by a dummy script. this should kill ota updates, but it might not. again, provided as-is, no warranty, your problem if it breaks, yada yada.
I'll work on this crap more tomorrow.
I/update_engine( 1146): no updates for you!
$#@! Spent the last couple hours getting Linux running to make sure the image is written to the USB drive 100% properly. Now my Chromecast goes to the Updating splash screen, even if I'm holding down the recovery button. I'm not letting it run the update in hopes I can still get root access. It will be collecting dust until there is a solution. Grumble.
That's what I'm hoping for. Any idea how to get the OTA file out of the file system or get the recovery to read my USB instead of trying to apply that OTA?
If you can get it to boot normally and were already rooted, you can remove the update and let recovery just error out. If it's attempting to boot into recovery every time without allowing you to boot from usb, there isn't much we can do at this point. The recovery will flash a ota.zip from a USB drive, but only if there isn't one on /cache.
Btw, how big is /cache? And does anyone want to test to see if the eureka_recovery network shows up and if it is used for anything?
Sent from my Evo V 4G using Tapatalk 2
/ # df
Filesystem Size Used Free Blksize
/dev 4M 32K 3M 4096
/tmp 32M 32K 31M 4096
/dev/shm 32M 0K 32M 4096
/data 1G 9M 1G 4096
/system 68M 68M 0K 131072
/cache 300M 9M 290M 4096
/factory 16M 6M 9M 4096
So, first off sorry that we've been quiet - the entire GTVHacker team is at DEFCON - presenting today, 3PM local time @ the Penn and Teller theater on Google TV Secure Boot exploits, and some of this chromecast stuff.
However, the "I can't dd to /dev/mtd/mtdX" - The kernel forces it to mount RO. It's in arch/arm/mach-mv88de3100/somethongorother.c So either patch it out via memory, or lazy way - use our release, mount the USB drive, and swap out the squashfs that's on a vfat partition (just keep the same filename).
CJ
If you can get it to boot normally and were already rooted, you can remove the update and let recovery just error out. If it's attempting to boot into recovery every time without allowing you to boot from usb, there isn't much we can do at this point. The recovery will flash a ota.zip from a USB drive, but only if there isn't one on /cache.
[/COLOR]https://dl.dropboxusercontent.com/u/19978192/gtvhacker-chromecast.bin.gz
this has update_engine replaced by a dummy script. this should kill ota updates, but it might not. again, provided as-is, no warranty, your problem if it breaks, yada yada.
I'll work on this crap more tomorrow.
Let me make sure i have this right So this is the current OTA update with root and trial disable ability for future OTA?i'll go ahead and upload the image thats lacking update_engine
later i'll upload a build with a modified recovery image. fiancee is missing me. I've spent too much time on this for now.
---------- Post added at 08:45 PM ---------- Previous post was at 08:11 PM ----------
https://dl.dropboxusercontent.com/u/19978192/gtvhacker-chromecast.bin.gz
this has update_engine replaced by a dummy script. this should kill ota updates, but it might not. again, provided as-is, no warranty, your problem if it breaks, yada yada.
I'll work on this crap more tomorrow.
In the interim, is this still an effective way to keep it from updating? I unplugged mine this morning before I went to work and I'm heading home. Just trying to figure out a way to still be able to use it without it updating.
Just checked again, it still trys to download an OTA.zip file so best thing is to either not use it, or keep an eye on it :/
Thanks. That would be great. I managed to decompress the kernel but still couldn't find the RAM disk with your script. I also managed to compile the chromecast kernel from source. I may keep plugging away at figuring this out until you are able to get to it yourself.