I was starting to analyze the device to find a way, but I don't eant to reinvent the wheel. In the forums I don't see anyone trying even.. so nobody to talk to..
As of now I just found a curious thing or two but I don't wanto to just talk in a generic forum.. I prefer a more "hacking oriented" one.
There's not a ton of interest because there simply isn't a large demand. Not to discount those that do want/need root, but they're a minority.
Furthermore, rootable Chromecast 2012s are few and far between, and based on the number of people asking to return to stock, dwindling.
And most importantly, Google showed, intentionally or not, that unlike on phones, root on Chromecast (and probably dedicated media players in general) is transient.
Original root exploit lasted a few months.
It then took over a year for someone to discover the Hubcap exploit, which was also patched in a subsequent firmware release.
If you haven't already read
how fail0verflow's Hubcap exploit was discovered and works, it's a great read.
For the passer-by who wonders why root on Chromecast is so difficult compared to phones and tablets
- The bootloader is locked
- There is no interactivity with the device other than the app-based setup and reset button
I'm not sure the computer-based setup still works, I think Google moved exclusively to the Google Home (formerly Chromecast app) for setup
- You can't mount storage
Yes, it supports USB OTG, but on a stock device only the bootloader recovery uses it, and the image needs to have a Google Signature
- You can't load your own apps
Chromecast loads apps dynamically from the web via its whitelist. The whitelist is on an HTTPS connection to Google servers, so an MITM attack doesn't work.