[RELEASE] Chromecast with Google TV Bootloader Unlock

[npjohnson]

I have a friend with a Sabrina dongle. Completely unmodified, and running a pixel 2 xl, also completely unmodified. She's been having crazy trouble with casting and remote control for a few months. I honestly think that this stuff is pretty weakly implemented and unreliable.

Personally, I don't use cast OR remote, since I've decided to degoogle myself completely. GrapheneOS on Pixel 6 Pro is very nice. Best just to install your software on the TV dongle and be done with it. I also have a couple of ADT-3's that are supposed to be delivered today (although its a pretty serious snow storm here today, so might have to wait a bit longer) to replace my Sabrina dongles, since they're basically the same but unlocked from factory. Yes yes, no netcrax -- I don't like them anyway.

The big problem I see with this casting and remote stuff from gooble, is that they've decided to pull an apple and reinvent everything unnecessarily. There are standardized casting technologies that actually work reliably, and a phone can be programmed to be a USBHID device without needing to use undocumented network protocols to accomplish the exact same thing.

Where did you order ADT-3's? US store is out of stock.

 

[goapy]

.

 

[96carboard]

Where did you order ADT-3's? US store is out of stock.

Right here: https://store.askey.com/adt-3.html

 

[96carboard]

Tiny bit of information for anyone trying to flash the factory system images (or probably anything else) to an ADT-3... make sure that when you run flash-all.sh, you UNPLUG THE HDMI. I wasted about an hour trying to figure out why it stopped near the end and never finished. Unplug the HDMI and goes straight through on the first try.

 

[Kalentia]

I have a friend with a Sabrina dongle. Completely unmodified, and running a pixel 2 xl, also completely unmodified. She's been having crazy trouble with casting and remote control for a few months. I honestly think that this stuff is pretty weakly implemented and unreliable.

Personally, I don't use cast OR remote, since I've decided to degoogle myself completely. GrapheneOS on Pixel 6 Pro is very nice. Best just to install your software on the TV dongle and be done with it. I also have a couple of ADT-3's that are supposed to be delivered today (although its a pretty serious snow storm here today, so might have to wait a bit longer) to replace my Sabrina dongles, since they're basically the same but unlocked from factory. Yes yes, no netcrax -- I don't like them anyway.

The big problem I see with this casting and remote stuff from gooble, is that they've decided to pull an apple and reinvent everything unnecessarily. There are standardized casting technologies that actually work reliably, and a phone can be programmed to be a USBHID device without needing to use undocumented network protocols to accomplish the exact same thing.

Weirdly enough, my issues aren't with casting or remote control. I'm having issues just doing regular content playback from the apps on the Chromecast... Netflix says "This title is not available to watch instantly", and Prime/Hulu/etc give similar errors when attempting to play content. My media server and casting local files work fine, so I know it's not an issue with video playback at the core.

 

[96carboard]

Weirdly enough, my issues aren't with casting or remote control. I'm having issues just doing regular content playback from the apps on the Chromecast... Netflix says "This title is not available to watch instantly", and Prime/Hulu/etc give similar errors when attempting to play content. My media server and casting local files work fine, so I know it's not an issue with video playback at the core.

Well, nettards basically treat their customers like criminals, which really gets in the way of things working correctly. This is the main reason I don't buy their crappy service. Why pay somebody to treat you like a criminal? This is especially since the only point of paying for their service is so you DON'T feel like a criminal by finding the content for free on the internet.

 

[Kalentia]

Alright, I've gone through the process of factory resetting and reflashing the Chromecast using the script (but without the Magisk boot image this time). Still facing the same issues, I've eliminated the idea that it could be a local network issue by connecting to a hotspot and the problem persists. I wonder if it's a DRM issue, given that Google couldn't "authenticate" the Chromecast upon setup and I had to set it up with the TV instead of my phone. Or maybe it's related to the fact that the TV I'm using only supports SDR... if anyone has suggestions please let me know.

 

[goapy]

The explanation on github about this exploit mentions "flags that disable update mode" and "the config that forces it (burn mode)".

For a device that does not use secureboot, are these flags/config changeable in a normal non-secure environment? Or, can they only be changed via execution before the run_preboot_environment_command, as with this exploit?

I'm trying to enable v2 usbburning mode (update in the uboot menu) on a device that does not have it enabled, but does not use secureboot.

 

[npjohnson]

The explanation on github about this exploit mentions "flags that disable update mode" and "the config that forces it (burn mode)".

For a device that does not use secureboot, are these flags/config changeable in a normal non-secure environment? Or, can they only be changed via execution before the run_preboot_environment_command, as with this exploit?

I'm trying to enable v2 usbburning mode (update in the uboot menu) on a device that does not have it enabled, but does not use secureboot.

check the u-boot source linked in the exploit, it shows both of those flags being re-enabled.

 

[rezendes]

Can anyone confirm if this enables the software locked USB 3 speeds of the SoC for the Chromecast with Google TV?

 

[kennkanniff]

Alright, I've gone through the process of factory resetting and reflashing the Chromecast using the script (but without the Magisk boot image this time). Still facing the same issues, I've eliminated the idea that it could be a local network issue by connecting to a hotspot and the problem persists. I wonder if it's a DRM issue, given that Google couldn't "authenticate" the Chromecast upon setup and I had to set it up with the TV instead of my phone. Or maybe it's related to the fact that the TV I'm using only supports SDR... if anyone has suggestions please let me know.

I also have the same problem on two devices. Prime and ATV+ do not work. Casting works fine.

 

[kennkanniff]

After rerunning the script I bricked a device. It does not boot to fasboot but is stuck at androidtv logo.

EDIT: I bricked another, this one is stuck at G logo. In both cases I flashed lineage-19.1-20220421-recovery-sabrina.img just before running the script. It is stuck at:

Creating filesystem with 4096 4k blocks and 4096 inodes

Allocating group tables: done                        
Writing inode tables: done                        
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done

Sending 'metadata' (44 KB)                         OKAY [  0.006s]
Writing 'metadata'                                 OKAY [  0.005s]
Finished. Total time: 0.640s
Rebooting into fastboot                            OKAY [  0.000s]
< waiting for any device >

EDIT2: Is there any hope?

 

[npjohnson]

After rerunning the script I bricked a device. It does not boot to fasboot but is stuck at androidtv logo.

EDIT: I bricked another, this one is stuck at G logo. In both cases I flashed lineage-19.1-20220421-recovery-sabrina.img just before running the script. It is stuck at:

Creating filesystem with 4096 4k blocks and 4096 inodes

Allocating group tables: done                       
Writing inode tables: done                       
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done

Sending 'metadata' (44 KB)                         OKAY [  0.006s]
Writing 'metadata'                                 OKAY [  0.005s]
Finished. Total time: 0.640s
Rebooting into fastboot                            OKAY [  0.000s]
< waiting for any device >

EDIT2: Is there any hope?

not bricked, hold button to get into burn, run exploit, chose to flash functional image in script.

 

[kennkanniff]

not bricked, hold button to get into burn, run exploit, chose to flash functional image in script.

They dont boot into fastboot after the exploit. They are stuck at boot logo.