[RELEASE] Chromecast with Google TV Bootloader Unlock

[npjohnson]

Introduction:

This is an exploit chain intended to allow one to run a custom OS/unsigned code on the Chromecast with Google TV (CCwGTV).

This uses a bootROM bug in the SoC by security researcher Frederic Basse (frederic).

Frederic also did a great amount of work to temporarily boot a custom OS from USB here.

Security researchers Jan Altensen (Stricted) and Nolen Johnson (npjohnson) took the vulnerability and provided tools and customized a u-boot image to take advantage of the provided secure-execution environment to fully bootloader unlock the device.

Disclaimer:

You are solely responsible for any potential damage(s) caused to your device by this exploit.

FAQ:

- Does unlocking the bootloader void my warranty on this device?
Probably, assume so. Or just flash stock and lock your bootloader before RMA. The exploit itself leaves no traces.

- Does unlocking the bootloader break DRM in any way?
Nope, just like unlocking a Pixel device officially.

- Can I OTA afterwards?
NO - It will re-lock your bootloader, and if you've made any modifications, brick you pretty hard. If you manage to do this, re-running the exploit won't be possible either, as a BootROM password is set on any update newer than

- Can I use stock?
Yes, but only if you flashed the newer patched factory image offered up in the script.

- Can I go back to stock after installing custom OS's?
Yeah, totally, here's a "Factory Image" I made in the style of Pixel Factory Images. The patch level of this build is 2020-06-05. The tool offers to put you on a newer firmware, it's highly recommended to do so.

- Can I re-lock the bootloader?
If you flashed the factory image above, sure, but you run the risk of not being able to unlock again.

- I've run the exploit 10 times and it isn't working yet!
Swap USB ports/cables, and keep trying, for some people it takes one attempt, for some it takes a lot of attempts.

Requirements:

• Chromecast With Google TV (sabrina) without USB password mitigation¹
• Either a USB A to C, or a C to C cable
• A PC running some flavor of 64-bit GNU Linux
• `libusb-dev` installed
• `fastboot` & `mke2fs` installed from the SDK Platform tools

¹: The USB password mitigation has been enabled on units manufactured in December 2020 and after. For units manufactured before, the mitigation was enabled by software update in February 2021. To discern this, look at the MFP date on the bar-code sticker on the bottom of your device's box. If you've powered it on and OTA'd, your firmware version needs to be below the February 2021 patch level. It's not possible to disable/change the password since it's burnt into the chip (efuses).

Instructions:

Follow the detailed and up-to-date instructions over at our Github repo, and maybe give the writeup a read/share on social media!

Post-unlock:

• The script asks if you want to flash LineageOS Recovery, or a Magisk patched boot image, so enjoy those!
• At the moment, there are no ROMs for the device, but Android builds in the form of LineageOS are coming soon™. Builds of that will be posted in this forum once ready, and I'll link them here.

Credits:

• Nolen Johnson (npjohnson): The writeup, helping debug/develop/theorize the unlock method
• Jan Altensen (Stricted): The initial concept, u-boot side unlock implementation, debugging/developing the unlock method, and being a wealth of information when it comes to Amlogic devices
• Frederic Basse (frederic): The initial exploit and the AES key tip

Special Thanks:

• Ryan Grachek (oscardagrach): Being an awesome mentor, teaching me a fair chunk of what I know about hardware security, and being a massive wealth of knowledge about most random things.
• Chris Dibona: Being an awesome advocate of OSS software and helping ensure that we got all the source-code pertinent to the device.
• Pierre-Hugues Husson (phh): For pointing me down the Amlogic road to begin with by letting me know Google had decided to make the ADT-3 bootloader unlockable.
• XDA users @p0werpl & @JJ2017, who both helped experiment and find a combination of images that allowed us to skip the forced OTA in SUW.

 

[elliwigy]

sweet! I know what im doing tonight lol.. of course I need to check mine once I get home to see if it can be unlocked but pretty sure it can.

 

[Logix]

wow im glad i left mine unplugged

 

[elliwigy]

unfortunately mines not able to be unlocked :-(.. its got feb security update.. exploit says its password protected

 

[Stricted]

unfortunately mines not able to be unlocked :-(.. its got feb security update.. exploit says its password protected

rip, there is no way around it unfortunately (for now atleast)

 

[elliwigy]

rip, there is no way around it unfortunately (for now atleast)

Yea, figured as much. I was looking for a way to unlock the bootloader but didnt spend much time on it as i use my nstv pro 2019 model mainly for all my streaming needs lol.

i just left best buy by my house and all the cc they had were mfg 5/2021 lol.. i mustve looked all over.. looked behind stuff tried to find a dusty one but nope lol

probably got a better chance at an old one from walmart

im curious what causes it to not boot with patched boot.img.. on the nstv it was odd for a while since patching boot.img would cause bootloop.. had noticed in the logs it was failing to boot because the verifiedbootstate was orange so made a script for magisk to resetprop ro.boot.verifiedbootstate green and it would boot right up wonder if its something similar.. either way, can only toss up ideas until i get my hands on a unlockable model lol

 

[npjohnson]

Yea, figured as much. I was looking for a way to unlock the bootloader but didnt spend much time on it as i use my nstv pro 2019 model mainly for all my streaming needs lol.

i just left best buy by my house and all the cc they had were mfg 5/2021 lol.. i mustve looked all over.. looked behind stuff tried to find a dusty one but nope lol

probably got a better chance at an old one from walmart

im curious what causes it to not boot with patched boot.img.. on the nstv it was odd for a while since patching boot.img would cause bootloop.. had noticed in the logs it was failing to boot because the verifiedbootstate was orange so made a script for magisk to resetprop ro.boot.verifiedbootstate green and it would boot right up wonder if its something similar.. either way, can only toss up ideas until i get my hands on a unlockable model lol

Nah, it isn't.

Think it's just Amlogic boot image format not linking the repack method.

I'll look into it at some point.

 

[Verhuel15]

Could this method work on mi box 3?Just asking !!!!

 

[npjohnson]

Could this method work on mi box 3?Just asking !!!!

You'd need u-boot source from your OEM - start by requesting that, then you can progress further if they give it to you (they legally have to, but a lot of them don't)

 

[96carboard]

Tell me more about this "usb password mitigation", since it appears that this exploit is not going to be all that useful until this issue is addressed.

 

[npjohnson]

Tell me more about this "usb password mitigation", since it appears that this exploit is not going to be all that useful until this issue is addressed.

It's not an "issue" we can overcome.

The BootROM mode we interact with the send the data for this exploit had a password slapped in the interface (to even be able to interact with it). It's a complex password based on a hash of something and a salt.

It's not something we could feasibly brute force, it's not something we can undo, it's not something we can work around.

The exploit was effectively patched in models manufactured after December 2020, and older units updated to February 2021.

 

[bydo]

If the February 2021 update added the password, wouldn't it be theoretically possible to reverse engineer that update to determine how the password is generated? Or do they encrypt these updates in a way that makes them impossible to disassemble or step through during execution before it burns the eFuses?

 

[npjohnson]

If the February 2021 update added the password, wouldn't it be theoretically possible to reverse engineer that update to determine how the password is generated? Or do they encrypt these updates in a way that makes them impossible to disassemble or step through during execution before it burns the eFuses?

We can totally (and have) dumped newer updates. You can look at the bootloader.img all you want, but it's AES encrypted, and the only way to get it decrypted is to dump the AES key from memory using the exploit those updates mitigate, so, no, not easy to analyze them.

But lets say we could, there's no way to extract the password that's even semi-feasible.

Brute force is more feasible, and that would take years.

 

[elliwigy]

I assume similar to Samsung bootloader revs Google has some form of rollback prevention so not possible to downgrade to an older firmware? do you know if theres anywhere that the ota.zip can be downloaded?

 

[96carboard]

Is there anything else we know about this password? Is it the same password for all units (i.e. pre-generated) or is it unique (in which case it would have to be generated on-device)?

 

[npjohnson]

I assume similar to Samsung bootloader revs Google has some form of rollback prevention so not possible to downgrade to an older firmware? do you know if theres anywhere that the ota.zip can be downloaded?

Yeah, dumped on dumps.tadiphone.dev. Rollback is enabled. There's no going back. U-boot enforces it on OS, and BL2 enforces it on BL33 (u-boot).

Is there anything else we know about this password? Is it the same password for all units (i.e. pre-generated) or is it unique (in which case it would have to be generated on-device)?

It is (as far as we currently understand) a global password.

 

[elliwigy]

Yeah, dumped on dumps.tadiphone.dev. Rollback is enabled. There's no going back. U-boot enforces it on OS, and BL2 enforces it on BL33 (u-boot).

It is (as far as we currently understand) a global password.

Is that site a private gitlab? i went there but my normal gitlab acct didnt work so i regustered with same email and it said it registered but my acct is blocked waiting for admin approval?

 

[elliwigy]

Is there anything else we know about this password? Is it the same password for all units (i.e. pre-generated) or is it unique (in which case it would have to be generated on-device)?

pretty sure its not generated on the device.. its likely a key that was already there just wasnt being used until recent update or it was implenented in the update.. this is of course assuming its a global key i.e. same password for all the devices.. sort of similar to how samsung does their firmware maybe, key burned into the device at the factory well hidden behind layers of security to never be seen again even when its used to verify stuff lol

 

[npjohnson]

Is that site a private gitlab? i went there but my normal gitlab acct didnt work so i regustered with same email and it said it registered but my acct is blocked waiting for admin approval?

dumps.tadiphone.dev/dumps

pretty sure its not generated on the device.. its likely a key that was already there just wasnt being used until recent update or it was implenented in the update.. this is of course assuming its a global key i.e. same password for all the devices.. sort of similar to how samsung does their firmware maybe, key burned into the device at the factory well hidden behind layers of security to never be seen again even when its used to verify stuff lol

It is burned into the device, yeah, no disabling it or intercepting it.

 

[elliwigy]

dumps.tadiphone.dev/dumps

It is burned into the device, yeah, no disabling it or intercepting it.

right after i posted i went to explore and saw the dumps. i noticed there was some userdebug builds early on.. pretty cool.. are these all official firmwares?

and yes makes sense.. its easier to fibd a zero day exploit these days then to waste time trying to get the hardware infused private keys :-/